On EC2, you need to open port 5985, the default WinRM remoting port on your security group so that you can connect to the instance from your IP address.
On the instance in the cloud, do a:
winrm quickconfig -quiet
On your workstation:
set-item wsman:\localhost\Client\TrustedHosts -value "*" -force
Invoke-Command {Get-Service} -ComputerName <hostname> -Credential administrator
And that should get you going.
What I did to resolve this issue was to create a proxy function for Enter-PSSession that resolves the CNAME for me. This might not work in your case, depending on why you need to use the CNAME, but this works for me.
Details on proxy powershell functions: http://www.windowsitpro.com/blog/powershell-with-a-purpose-blog-36/windows-powershell/powershell-proxy-functions-141413
Full function:
function Enter-PSSession {
[CmdletBinding(DefaultParameterSetName='ComputerName')]
param(
[Parameter(ParameterSetName='ComputerName', Mandatory=$true, Position=0, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)]
[Alias('Cn')]
[ValidateNotNullOrEmpty()]
[string]
${ComputerName},
[Parameter(ParameterSetName='Session', Position=0, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)]
[ValidateNotNullOrEmpty()]
[System.Management.Automation.Runspaces.PSSession]
${Session},
[Parameter(ParameterSetName='Uri', Position=1, ValueFromPipelineByPropertyName=$true)]
[Alias('URI','CU')]
[ValidateNotNullOrEmpty()]
[uri]
${ConnectionUri},
[Parameter(ParameterSetName='InstanceId', ValueFromPipelineByPropertyName=$true)]
[ValidateNotNull()]
[guid]
${InstanceId},
[Parameter(ParameterSetName='Id', Position=0, ValueFromPipelineByPropertyName=$true)]
[ValidateNotNull()]
[int]
${Id},
[Parameter(ParameterSetName='Name', ValueFromPipelineByPropertyName=$true)]
[string]
${Name},
[Parameter(ParameterSetName='Uri')]
[Parameter(ParameterSetName='ComputerName')]
[switch]
${EnableNetworkAccess},
[Parameter(ParameterSetName='ComputerName', ValueFromPipelineByPropertyName=$true)]
[Parameter(ParameterSetName='Uri', ValueFromPipelineByPropertyName=$true)]
[system.management.automation.pscredential]
${Credential},
[Parameter(ParameterSetName='ComputerName')]
[ValidateRange(1, 65535)]
[int]
${Port},
[Parameter(ParameterSetName='ComputerName')]
[switch]
${UseSSL},
[Parameter(ParameterSetName='ComputerName', ValueFromPipelineByPropertyName=$true)]
[Parameter(ParameterSetName='Uri', ValueFromPipelineByPropertyName=$true)]
[string]
${ConfigurationName},
[Parameter(ParameterSetName='ComputerName', ValueFromPipelineByPropertyName=$true)]
[string]
${ApplicationName},
[Parameter(ParameterSetName='Uri')]
[switch]
${AllowRedirection},
[Parameter(ParameterSetName='Uri')]
[Parameter(ParameterSetName='ComputerName')]
[ValidateNotNull()]
[System.Management.Automation.Remoting.PSSessionOption]
${SessionOption},
[Parameter(ParameterSetName='Uri')]
[Parameter(ParameterSetName='ComputerName')]
[System.Management.Automation.Runspaces.AuthenticationMechanism]
${Authentication},
[Parameter(ParameterSetName='Uri')]
[Parameter(ParameterSetName='ComputerName')]
[string]
${CertificateThumbprint})
begin
{
try {
$outBuffer = $null
if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer))
{
$PSBoundParameters['OutBuffer'] = 1
}
$PSBoundParameters['ComputerName'] = ([System.Net.Dns]::GetHostByName($PSBoundParameters['ComputerName'])).HostName
$wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand('Microsoft.PowerShell.Core\Enter-PSSession', [System.Management.Automation.CommandTypes]::Cmdlet)
$scriptCmd = {& $wrappedCmd @PSBoundParameters }
$steppablePipeline = $scriptCmd.GetSteppablePipeline($myInvocation.CommandOrigin)
$steppablePipeline.Begin($PSCmdlet)
} catch {
throw
}
}
process
{
try {
$steppablePipeline.Process($_)
} catch {
throw
}
}
end
{
try {
$steppablePipeline.End()
} catch {
throw
}
}
<#
.ForwardHelpTargetName Enter-PSSession
.ForwardHelpCategory Cmdlet
#>
}
The only line I added was:
$PSBoundParameters['ComputerName'] = ([System.Net.Dns]::GetHostByName($PSBoundParameters['ComputerName'])).HostName
This simply resolves the CNAME to the FQDN in the proxy function before calling the native Enter-PSSession.
This allows me to set *.mydomain.local in my TrustedHosts via Group Policy, and I can still use "Enter-PSSession ShortName" or "Enter-PSSession CNAME" without having to mess with additional SPNs, etc.
Best Answer
You can exclude certain nics from NLA (Network Location Awareness). Very common to do this in VMware workstation scenarios since the VMware nics always end up as unidentified/public. Here's how:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
*NdisDeviceType
(it Case Sensitive!!). Double click on this value and in "Value Data" field put 1 as Decimal data(snipped from) http://www.petri.co.il/forums/showthread.php?t=45181