How to Fix Azure Start and Stop VM using Runbook in Automation Account?

Question

Hi All, I have a requirement to auto startup and shutdown the Azure VM in Business hours(i.e 9 AM- 5 PM ) Mon-Fri. Have created a Automation Accounts, Configured Runbook and created a schedule. I'm unable to link a runbook to schedule as it got depreciated in sep2023. On Attempt-1, Throwing error as this.client.subscriptionId is null. However, have tried to hardcoded the subscription Id, still same error. In Below snippet, "Get Subscription" also throws the same error. ###################Attempt-1:##########################

$resourceGroupName = "XXX" $vmName = "YYY" 
try 
{
 "Logging in to Azure..." 
Connect-AzAccount -Identity 
} 
catch 
{ 
Write-Error -Message $.Exception throw $.Exception 
}
#Get subscription details
$subscriptions = Get-AzSubscription
#Output subscription details
$subscriptions | Select-Object SubscriptionName, SubscriptionId 
Write-Output ("Subscription"+$subscriptions) 
Stop-AzVM -ResourceGroupName "XXX" -Name $vmName -Force

Result: It gives error as Subscription is null.

---On Attempt-2, We have tried to authenticate the certificate by providing the tenant id, app_id unable to provide the thumbprint as I have no permissions to fetch. Still it throws the same error "Subscription is null." Used the authentication by Managed identity approach. #######################Attempt-2:#####################################

$resourceGroupName = "XXX" 
$vmName = "YYY" 

$Cert = Get-AzAutomationCertificate -ResourceGroupName "XXX" -AutomationAccountName "VM-AutoStartandStop" -Name "AzureRunAsCertificate" 

Write-Output ("Cert"+$Cert) 
try 
{
 "Logging in to Azure..." 
Connect-AzAccount -Identity 
}
 catch 
{
 Write-Error -Message $.Exception throw $.Exception 
}
Connect-AzAccount -ServicePrincipal -Tenant "

Answer 1

There is a simpler script with the command just to startup the vm, you can use the script below:

Param(
 [string]$VmName,
 [string]$ResourceGroupName,
 [ValidateSet("Startup", "Shutdown")]
 [string]$VmAction
)
$Conn = Get-AutomationConnection -Name AzureRunAsConnection
Add-AzureRMAccount -ServicePrincipal -Tenant $Conn.TenantID `
-ApplicationID $Conn.ApplicationID -CertificateThumbprint $Conn.CertificateThumbprint
Start-AzureRmVM -Name VMNAME -ResourceGroupName RGNAME

Put it in the schedule to turn on the VM And to shut down the vm you use the auto shutdown feature on Virtual Machine

Get in touch if you need more help with this issue. --please don't forget to "[Accept the answer]" if the reply is helpful--

Answer 2

Hi @Jackson Martins , When I try to create a runbook now, it throws error as -"Too many tags "and gives request Invalid.

Answer 3

Hi @Guzzu, Navya X To enable TAG parameters, first of all, you need to create identity permissions:

Then you need to create a schedule and, after that, you need to open the schedule and modify TAG Parameters

You can test using parameters

Answer 4

HI @Guzzu, Navya X You can try this:

Click Identity.

Click Azure role assignments to give the managed identity permissions to access subscription resources.

Click add and give permissions to the resource group where your vms are.

With the identity account created, within the automation resource, click on runbook.

Fill in the runbook information as shown in the following image:

Click in the field on the right and paste the command from above:

Param(
  [Parameter(Mandatory = $true)]
  [String]
  $TagName,
  [Parameter(Mandatory = $true)]
     
  [String]
  $TagValue,
  [Parameter(Mandatory = $true)]
  [Boolean]
  $Shutdown
)
# Autentication in Azure
## Ensures you do not inherit an AzContext in your runbook
Disable-AzContextAutosave -Scope Process
## Connect to Azure with System-assigned managed identity
$AzureContext = (Connect-AzAccount -Identity).context
#Write-Output -InputObject $AzureContext
## Set and store context
$AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription -DefaultProfile $AzureContext
#Write-Output -InputObject $AzureContext
## Start and Stop VMs
  $vms = Get-AzResource -TagName $TagName -TagValue $TagValue | Where-Object -FilterScript {
    $_.ResourceType -like 'Microsoft.Compute/virtualMachines' 
  }
  Foreach ($vm in $vms) 
  {
    if ($Shutdown -eq $true) 
    {
      Write-Output -InputObject "Stopping $($vm.Name)"        
      Stop-AzVM -Name $vm.Name -ResourceGroupName $vm.ResourceGroupName -Force
    }
    else 
    {
      Write-Output -InputObject "Starting $($vm.Name)"        
      Start-AzVM -Name $vm.Name -ResourceGroupName $vm.ResourceGroupName
    }
  }

It will look like this:

Publish Fill in according to the needs of your environment. Pay attention to the time zone. Click create.

he configuration will return to the previous screen. Now click on the settings parameters. Fill in according to the tags you configured on the VM, in shutdown put true if you want to turn off the VM and false if you want to turn it on.

Get in touch if you need more help with this issue. --please don't forget to "[Accept the answer]" if the reply is helpful--

Answer 5

Hi @Jackson Martins , Thanks for getting back on the above query and providing well defined steps to follow. For Identity-> Role assignment, Do I need to get the write permissions on subscription please correct me If I'm wrong. Is any other additional permissions to be assigned ? Below screenshot doesn't show any parameters in schedule.

In Above screenshot tried to create the parameters, unable to proceed further. Please suggest the next steps.