Runbook 错误故障排除Troubleshoot errors with runbooks

在 Azure 自动化中执行 Runbook 出现错误时,可使用以下步骤来诊断问题。When you have errors executing runbooks in Azure Automation, you can use the following steps to help diagnose the issues.

  1. 确保 Runbook 脚本在本地计算机上执行成功: 请参阅 PowerShell 文档Python 文档,了解语言参考和学习模块。Ensure your runbook script executes successfully on your local machine: Refer to the PowerShell Docs or Python Docs for language reference and learning modules.

    在本地执行脚本即可发现并解决常见错误,例如:Executing your script locally can discover and resolve common errors, such as:

    • 缺少模块Missing Modules
    • 语法错误Syntax Errors
    • 逻辑错误Logic Errors
  2. 调查特定消息的 runbook 错误流并将其与下面的错误进行比较。Investigate runbook error streams for specific messages and compare them to the errors below.

  3. 确保节点和自动化工作区具有所需的模块。Ensure your Nodes and Automation workspace have the required modules.

如果 Runbook 挂起或意外失败:If your Runbook is suspended or unexpectedly failed:

场景:运行 Login-AzureRMAccount 以登录Scenario: Run Login-AzureRMAccount to log in

问题Issue

执行 runbook 时收到以下错误:You receive the following error when executing a runbook:

Run Login-AzureRMAccount to login.

原因Cause

如果你使用的不是运行方式帐户或者运行方式帐户已过期,则可能会发生此错误。This error can occur when you are not using a RunAs account or the RunAs account has expired. 请参阅管理 Azure 自动化运行方式帐户See Manage Azure Automation RunAs accounts.

此错误有两个主要原因:This error has two primary causes:

  • AzureRM 模块版本不同。Different versions of AzureRM modules.
  • 你正在尝试访问不同订阅中的资源。You're trying to access resources in a separate subscription.

解决方法Resolution

如果在更新一个 AzureRM 模块后收到此错误,应将所有 AzureRM 模块更新为同一版本。If you receive this error after updating one AzureRM module, you should update all of your AzureRM modules to the same version.

如果你正在尝试访问另一订阅中的资源,可遵循以下步骤配置权限。If you're trying to access resources in another subscription, you can follow the steps below to configure permissions.

  1. 转到自动化运行方式帐户,复制应用程序 ID 和指纹。Go to the Automation Run As account and copy the Application ID and thumbprint. 复制应用程序 ID 和指纹Copy Application ID and Thumbprint

  2. 访问未托管自动化帐户的订阅的访问控制,并添加新的角色分配。Go to the subscription's Access Control where the Automation account is NOT hosted, and add a new role assignment. 访问控制Access control

  3. 添加在上一步骤中收集的应用程序 ID。Add the Application ID you collected in the previous step. 选择“参与者”权限。Select Contributor permissions. 添加角色分配Add role assignment

  4. 复制订阅名称,以便在下一步骤中使用。Copy the name of the subscription for the next step.

  5. 现在,可以使用以下 Runbook 代码来测试从自动化帐户访问其他订阅的权限。You can now use the following runbook code to test the permissions from your Automation account to the other subscription.

    将“<CertificateThumbprint >”替换为在步骤 #1 中复制的值,将“<SubscriptionName>”替换为在步骤 #4 中复制的值。Replace the "<CertificateThumbprint>" with the value you copied in step #1 and the "<SubscriptionName>" value you copied in step #4.

    $Conn = Get-AutomationConnection -Name AzureRunAsConnection
    Connect-AzureRmAccount -ServicePrincipal -Tenant $Conn.TenantID -ApplicationId $Conn.ApplicationID -CertificateThumbprint "<CertificateThumbprint>" -EnvironmentName AzureChinaCloud
    #Select the subscription you want to work with
    Select-AzureRmSubscription -SubscriptionName '<YourSubscriptionNameGoesHere>'
    
    #Test and get outputs of the subscriptions you granted access.
    $subscriptions = Get-AzureRmSubscription
    foreach($subscription in $subscriptions)
    {
        Set-AzureRmContext $subscription
        Write-Output $subscription.Name
    }
    

场景:无法找到 Azure 订阅Scenario: Unable to find the Azure subscription

问题Issue

使用 Select-AzureSubscriptionSelect-AzureRmSubscription cmdlet 时收到以下错误:You receive the following error when working with the Select-AzureSubscription or Select-AzureRmSubscription cmdlets:

The subscription named <subscription name> cannot be found.

错误Error

以下情况下可能发生此错误:This error may occur if:

  • 订阅名称无效The subscription name isn't valid

  • 尝试获取订阅详细信息的 Azure Active Directory 用户未配置为订阅的管理员。The Azure Active Directory user who is trying to get the subscription details isn't configured as an admin of the subscription.

解决方法Resolution

执行以下步骤以确定是否已正确向 Azure 进行身份验证并有权访问尝试选择的订阅:Take the following steps to determine if you've authenticated to Azure and have access to the subscription you're trying to select:

  1. 在 Azure 自动化之外测试脚本,以确保它独立运行。To make sure it works stand-alone, test your script outside of Azure Automation.

  2. 请确保在运行 Select-AzureSubscription cmdlet 之前运行 Add-AzureAccount cmdlet。Make sure that you run the Add-AzureAccount cmdlet before running the Select-AzureSubscription cmdlet.

  3. Disable-AzureRmContextAutosave –Scope Process 添加到 runbook 的开头。Add Disable-AzureRmContextAutosave –Scope Process to the beginning of your runbook. 此 cmdlet 可以确保任何凭据都仅适用于当前 runbook 的执行。This cmdlet ensures that any credentials apply only to the execution of the current runbook.

  4. 如果仍然看到此错误消息,可通过在 Add-AzureAccount cmdlet 后添加 AzureRmContext 参数来修改代码,然后执行代码。If you still see this error message, modify your code by adding the AzureRmContext parameter following the Add-AzureAccount cmdlet and then execute the code.

    Disable-AzureRmContextAutosave –Scope Process
    
    $Conn = Get-AutomationConnection -Name AzureRunAsConnection
    Connect-AzureRmAccount -ServicePrincipal -Tenant $Conn.TenantID -ApplicationID $Conn.ApplicationID -CertificateThumbprint $Conn.CertificateThumbprint -EnvironmentName AzureChinaCloud
    
    $context = Get-AzureRmContext
    
    Get-AzureRmVM -ResourceGroupName myResourceGroup -AzureRmContext $context
    

场景:无法向 Azure 进行身份验证,因为已启用多重身份验证Scenario: Authentication to Azure failed because multi-factor authentication is enabled

问题Issue

使用 Azure 用户名和密码向 Azure 进行身份验证时收到以下错误:You receive the following error when authenticating to Azure with your Azure username and password:

Add-AzureAccount: AADSTS50079: Strong authentication enrollment (proof-up) is required

原因Cause

如果对 Azure 帐户设置了多重身份验证,则不能使用 Azure Active Directory 用户向 Azure 进行身份验证。If you have multi-factor authentication on your Azure account, you can't use an Azure Active Directory user to authenticate to Azure. 而只能使用证书或服务主体向 Azure 进行身份验证。Instead, you need to use a certificate or a service principal to authenticate to Azure.

解决方法Resolution

要将证书用于 Azure 经典部署模型 cmdlet,请参阅创建并添加管理 Azure 服务所需的证书To use a certificate with the Azure classic deployment model cmdlets, refer to creating and adding a certificate to manage Azure services. 若要将服务主体用于 Azure 资源管理器 cmdlet,请参阅使用 Azure 门户创建服务主体通过 Azure 资源管理器对服务主体进行身份验证To use a service principal with Azure Resource Manager cmdlets, refer to creating service principal using Azure portal and authenticating a service principal with Azure Resource Manager.

场景:作业流中出现了关于 get_SerializationSettings 方法的错误Scenario: You see an error in your job streams about the get_SerializationSettings Method

问题Issue

执行 runbook 时,runbook 无法管理 Azure 资源。When executing runbooks, the runbook fails to manage Azure resources.

原因Cause

Runbook 在运行时没有使用正确的上下文。The runbook isn't using the correct context when running.

解决方法Resolution

如果使用多个订阅,则调用 Runbook 时可能会丢失订阅上下文。When working with multiple subscriptions, the subscription context might be lost when invoking runbooks. 若要确保将订阅上下文传递给 Runbook,请将 AzureRmContext 参数添加到 cmdlet 并将上下文传递给它。To ensure that the subscription context is passed to the runbooks, add the AzureRmContext parameter to the cmdlet and pass the context to it. 还建议将 Disable-AzureRmContextAutosave cmdlet 与 Process 范围配合使用来确保你使用的凭据仅用于当前 runbook。It is also recommended to use the Disable-AzureRmContextAutosave cmdlet with the Process scope to ensure that the credentials you use are only used for the current runbook.

# Ensures that any credentials apply only to the execution of this runbook
Disable-AzureRmContextAutosave –Scope Process

# Connect to Azure with Run As account
$ServicePrincipalConnection = Get-AutomationConnection -Name 'AzureRunAsConnection'

Add-AzureRmAccount `
    -ServicePrincipal `
    -TenantId $ServicePrincipalConnection.TenantId `
    -ApplicationId $ServicePrincipalConnection.ApplicationId `
    -CertificateThumbprint $ServicePrincipalConnection.CertificateThumbprint `
    -EnvironmentName AzureChinaCloud

$AzureContext = Select-AzureRmSubscription -SubscriptionId $ServicePrincipalConnection.SubscriptionID

$params = @{"VMName"="MyVM";"RepeatCount"=2;"Restart"=$true}

Start-AzureRmAutomationRunbook `
    –AutomationAccountName 'MyAutomationAccount' `
    –Name 'Test-ChildRunbook' `
    -ResourceGroupName 'LabRG' `
    -AzureRmContext $AzureContext `
    –Parameters $params –wait

有关详细信息,请参阅使用多个订阅For more information, see Working with multiple subscriptions.

场景:字词未识别为 cmdlet、函数、脚本的名称Scenario: Term not recognized as the name of a cmdlet, function, script

问题Issue

Runbook 失败并出现以下错误。Your runbook fails with the following error.

The job was tried three times but it failed

原因Cause

此错误是由以下问题之一造成的。This error occurs due to one of the following issues.

  • 内存限制。Memory Limit. 如果作业使用的内存超过 400 MB,则它可能会失败。A job might fail if it's using more than 400 MB of memory. 自动化服务限制中阐述了分配给沙盒的内存限制。The documented limits on memory allocated to a sandbox are found at Automation service limits.

  • 网络套接字。Network Sockets. Azure 沙盒限制为 1000 个并发网络套接字。Azure sandboxes are limited to 1000 concurrent network sockets. 请参阅自动化服务限制See Automation service limits.

  • 模块不兼容。Module Incompatible. 模块依赖关系可能不正确。Module dependencies might not be correct. 在这种情况下,Runbook 通常会返回“找不到命令”或“无法绑定参数”消息。In this case, your runbook typically returns a "Command not found" or "Cannot bind parameter" message.

  • 未为沙盒设置 Active Directory 身份验证。No Authentication with Active Directory for Sandbox. Runbook 尝试调用在 Azure 沙盒中运行的可执行文件或子过程。Your runbook attempted to call an executable or subprocess that runs in an Azure sandbox. 不支持将 Runbook 配置为使用 Azure Active Directory 身份验证库 (ADAL) 对 Azure AD 进行身份验证。Configuring runbooks to authenticate with Azure AD using the Azure Active Directory Authentication Library (ADAL) is not supported.

  • 异常数据过多。Too Much Exception Data. runbook 尝试向输出流写入太多异常数据。Your runbook attempted to write too much exception data to the output stream.

解决方法Resolution

  • 内存限制,网络套接字。Memory Limit, Network Sockets. 在内存限制内工作的建议方法是在多个 Runbook 之间拆分工作负荷,在内存中处理更少的数据,避免从 Runbook 写入不必要的输出,并考虑将多少个检查点写入 PowerShell 工作流 Runbook。Suggested ways to work within the memory limits are to split the workload among multiple runbooks, process less data in memory, avoid writing unnecessary output from your runbooks, and consider how many checkpoints are written into your PowerShell workflow runbooks. 可以使用 clear 方法(例如 $myVar.clear)清除变量并使用 [GC]::Collect 立即运行垃圾回收。Use the clear method, such as $myVar.clear, to clear out variables and use [GC]::Collect to run garbage collection immediately. 这将减少运行时期间 runbook 的内存占用情况。These actions reduce the memory footprint of your runbook during runtime.

  • 未为沙盒设置 ADAL 身份验证。No Authentication with ADAL for Sandbox. 使用 Runbook 对 Azure AD 进行身份验证时,请确保 Azure AD 模块在自动化帐户中可用。When authenticating to Azure AD with a runbook, ensure that the Azure AD module is available in your Automation account. 确保为运行方式帐户授予所需的权限,使其能够执行 Runbook 自动执行的任务。Be sure to grant the Run As account the necessary permissions to perform the tasks that the runbook automates.

    如果 Runbook 无法调用 Azure 沙盒中运行的可执行文件或子进程,请在混合 Runbook 辅助角色中使用 Runbook。If your runbook can't call an executable or subprocess running in an Azure sandbox, use the runbook on a Hybrid Runbook Worker. 混合辅助角色不受内存和网络限制,而 Azure 沙盒则受限于此限制。Hybrid workers aren't limited by the memory and network limits that Azure sandboxes have.

  • 异常数据过多。Too Much Exception Data. 作业输出流限制为 1MB。There is a 1MB limit on the job output stream. 确保 Runbook 在 try/catch 块中包含对可执行文件或子进程的调用。Ensure that your runbook encloses calls to an executable or subprocess in a try/catch block. 如果操作引发异常,请让代码将该异常中的消息写入自动化变量中。If the operations throw an exception, have the code write the message from the exception into an Automation variable. 此方法可防止将消息写入作业输出流中。This technique prevents the message from being written into the job output stream.

场景:登录 Azure 帐户失败Scenario: Sign-in to Azure Account failed

问题Issue

使用 Add-AzureAccountConnect-AzureRmAccount cmdlet 时收到以下错误之一:You receive one of the following errors when working with the Add-AzureAccount or Connect-AzureRmAccount cmdlets:

Unknown_user_type: Unknown User Type
No certificate was found in the certificate store with thumbprint

原因Cause

如果凭据资产名称无效,将发生此错误。This error occurs if the credential asset name isn't valid. 如果用于设置自动化凭据资产的用户名和密码无效,也可能会出现此错误。This error may also occur if the username and password that you used to set up the Automation credential asset aren't valid.

解决方法Resolution

要确定具体错误,请执行以下步骤:To determine what's wrong, take the following steps:

  1. 请确保没有包含任何特殊字符。Make sure that you don't have any special characters. 这些字符包括用于连接 Azure 的自动化凭据资产名称中的 @ 字符 。These characters include the @ character in the Automation credential asset name that you're using to connect to Azure.

  2. 查看你是否能够在本地 PowerShell ISE 编辑器中使用存储在 Azure 自动化凭据中的用户名和密码。Check that you can use the username and password that stored in the Azure Automation credential in your local PowerShell ISE editor. 可以通过在 PowerShell ISE 中运行以下 cmdlet 来检查用户名和密码是否正确:You can do check the username and password are correct by running the following cmdlets in the PowerShell ISE:

    $Cred = Get-Credential
    #Using Azure Service Management
    Add-AzureAccount -Environment AzureChinaCloud -Credential $Cred  
    #Using Azure Resource Manager
    Connect-AzureRmAccount -EnvironmentName AzureChinaCloud -Credential $Cred
    
  3. 如果无法在本地进行身份验证,则意味着你尚未设置好 Azure Active Directory 凭据。If your authentication fails locally, it means that you haven't set up your Azure Active Directory credentials properly. 请参阅 使用 Azure Active Directory 向 Azure 进行身份验证 博客文章,了解如何正确设置 Azure Active Directory 帐户。Refer to Authenticating to Azure using Azure Active Directory blog post to get the Azure Active Directory account set up correctly.

  4. 如果它看起来是暂时性错误,请尝试向身份验证例程添加重试逻辑,使身份验证更加可靠。If it looks like a transient error, try adding retry logic to your authentication routine to make authenticating more robust.

    # Get the connection "AzureRunAsConnection"
    $connectionName = "AzureRunAsConnection"
    $servicePrincipalConnection = Get-AutomationConnection -Name $connectionName
    
    $logonAttempt = 0
    $logonResult = $False
    
    while(!($connectionResult) -And ($logonAttempt -le 10))
    {
        $LogonAttempt++
        #Logging in to Azure...
        $connectionResult = Connect-AzureRmAccount `
                               -EnvironmentName AzureChinaCloud `
                               -ServicePrincipal `
                               -TenantId $servicePrincipalConnection.TenantId `
                               -ApplicationId $servicePrincipalConnection.ApplicationId `
                               -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
    
        Start-Sleep -Seconds 30
    }
    

场景:对象引用未设置为某个对象的实例Scenario: Object reference not set to an instance of an object

问题Issue

使用 -Wait 开关调用子 runbook 并且输出流包含对象时,会收到以下错误:You receive the following error when invoking a child runbook with the -Wait switch and the output stream contains an object:

Object reference not set to an instance of an object

原因Cause

有一个已知问题,如果 Start-AzureRmAutomationRunbook 包含对象,则它无法正确处理输出流。There is a known issue where Start-AzureRmAutomationRunbook does not handle the output stream correctly if it contains objects.

解决方法Resolution

要解决此问题,建议实现轮询逻辑并使用 Get-AzureRmAutomationJobOutput cmdlet 来检索输出。To resolve this issue, it is recommended that you implement a polling logic and use the Get-AzureRmAutomationJobOutput cmdlet to retrieve the output. 下面的示例中定义了此逻辑的示例。A sample of this logic is defined in the following example.

$automationAccountName = "ContosoAutomationAccount"
$runbookName = "ChildRunbookExample"
$resourceGroupName = "ContosoRG"

function IsJobTerminalState([string] $status) {
    return $status -eq "Completed" -or $status -eq "Failed" -or $status -eq "Stopped" -or $status -eq "Suspended"
}

$job = Start-AzureRmAutomationRunbook -AutomationAccountName $automationAccountName -Name $runbookName -ResourceGroupName $resourceGroupName
$pollingSeconds = 5
$maxTimeout = 10800
$waitTime = 0
while((IsJobTerminalState $job.Status) -eq $false -and $waitTime -lt $maxTimeout) {
   Start-Sleep -Seconds $pollingSeconds
   $waitTime += $pollingSeconds
   $job = $job | Get-AzureRmAutomationJob
}

$jobResults | Get-AzureRmAutomationJobOutput | Get-AzureRmAutomationJobOutputRecord | Select-Object -ExpandProperty Value

场景:Runbook 因反序列化的对象而失败Scenario: Runbook fails because of deserialized object

问题Issue

Runbook 失败并显示错误:Your runbook fails with the error:

Cannot bind parameter <ParameterName>.

Cannot convert the <ParameterType> value of type Deserialized <ParameterType> to type <ParameterType>.

原因Cause

如果 runbook 为 PowerShell 工作流,它会将复杂对象以反序列化格式进行存储,以便在工作流暂停的情况下保留 runbook 状态。If your runbook is a PowerShell Workflow, it stores complex objects in a deserialized format to persist your runbook state if the workflow is suspended.

解决方法Resolution

下述三种解决方案中的任何一种都可以解决此问题:Any of the following three solutions fix this problem:

  • 如果要将复杂对象从一个 cmdlet 传送到另一个 cmdlet,则可将这两个 cmdlet 包装在 InlineScript 中。If you're piping complex objects from one cmdlet to another, wrap these cmdlets in an InlineScript.
  • 传递复杂对象中你所需要的名称或值,不必传递整个对象。Pass the name or value that you need from the complex object instead of passing the entire object.
  • 使用 PowerShell Runbook,而不使用 PowerShell 工作流 Runbook。Use a PowerShell runbook instead of a PowerShell Workflow runbook.

场景:Runbook 作业因超过了分配的配额而失败Scenario: Runbook job fails because allocated quota exceeded

问题Issue

Runbook 作业失败并显示错误:Your runbook job fails with the error:

The quota for the monthly total job run time has been reached for this subscription

原因Cause

当作业执行时间超过你帐户的 500 分钟免费配额时,就会出现此错误。This error occurs when the job execution exceeds the 500-minute free quota for your account. 此配额适用于所有类型的作业执行任务。This quota applies to all types of job execution tasks. 其中一些任务可能是测试作业、从门户启动作业、使用 Webhook 执行作业,以及通过 Azure 门户或数据中心计划要执行的作业。Some of these tasks may be testing a job, starting a job from the portal, executing a job by using webhooks, or scheduling a job to execute by using either the Azure portal or in your datacenter. 若要详细了解自动化的定价,请参阅自动化定价To learn more about pricing for Automation, see Automation pricing.

解决方法Resolution

如果想要每月使用 500 分钟以上的处理时间,则需将订阅从免费层改为基本层。If you want to use more than 500 minutes of processing per month, you need to change your subscription from the Free tier to the Basic tier. 可以通过下述步骤升级到基本层:You can upgrade to the Basic tier by taking the following steps:

  1. 登录到 Azure 订阅。Sign in to your Azure subscription.
  2. 选择要升级的自动化帐户。Select the Automation account to upgrade.
  3. 依次单击“设置”、“定价”。 Click Settings, then Pricing.
  4. 单击页面底部的“启用” ,以将帐户升级到“基本” 层。Click Enable on page bottom to upgrade your account to the Basic tier.

场景:在执行 Runbook 时无法识别 cmdletScenario: Cmdlet not recognized when executing a runbook

问题Issue

Runbook 作业失败并显示错误:Your runbook job fails with the error:

<cmdlet name>: The term <cmdlet name> is not recognized as the name of a cmdlet, function, script file, or operable program.

原因Cause

当 PowerShell 引擎找不到要在 runbook 中使用的 cmdlet 时,则会导致此错误。This error is caused when the PowerShell engine can't find the cmdlet you're using in your runbook. 此错误可能是因为,帐户中缺少包含该 cmdlet 的模块、与 Runbook 名称冲突,或者该 cmdlet 也存在于其他模块中,而自动化无法解析该名称。This error could be because the module containing the cmdlet is missing from the account, there's a name conflict with a runbook name, or the cmdlet also exists in another module and Automation can't resolve the name.

解决方法Resolution

下述解决方案中的任何一种都可以解决此问题:Any of the following solutions fix the problem:

  • 检查输入的 cmdlet 名称是否正确。Check that you've entered the cmdlet name correctly.
  • 确保 cmdlet 存在于自动化帐户中,且没有冲突。Make sure the cmdlet exists in your Automation account and that there are no conflicts. 要验证 cmdlet 是否存在,请在编辑模式下打开 Runbook,并搜索希望在库中找到的 cmdlet,或者运行 Get-Command <CommandName>To verify if the cmdlet is present, open a runbook in edit mode and search for the cmdlet you want to find in the library or run Get-Command <CommandName>. 验证该 cmdlet 可供帐户使用且与其他 cmdlet 或 runbook 不存在名称冲突以后,可将其添加到画布上,并确保使用的是 runbook 中的有效参数集。Once you've validated that the cmdlet is available to the account, and that there are no name conflicts with other cmdlets or runbooks, add it to the canvas and make sure that you're using a valid parameter set in your runbook.
  • 如果存在名称冲突且 cmdlet 可在两个不同的模块中使用,则可使用 cmdlet 的完全限定名称来解决此问题。If you do have a name conflict and the cmdlet is available in two different modules, you can resolve this issue by using the fully qualified name for the cmdlet. 例如,可以使用 ModuleName\CmdletName 。For example, you can use ModuleName\CmdletName.
  • 如果是在本地执行混合辅助角色组中的 runbook,则请确保模块和 cmdlet 已安装在托管混合辅助角色的计算机上。If you're executing the runbook on-premises in a hybrid worker group, then make sure that the module and cmdlet is installed on the machine that hosts the hybrid worker.

场景:长时间运行的 Runbook 无法完成Scenario: A long-running runbook fails to complete

问题Issue

运行 3 小时后,runbook 将显示处于“已停止”状态 。Your runbook shows in a Stopped state after running for 3 hours. 可能还会收到错误:You may also receive the error:

The job was evicted and subsequently reached a Stopped state. The job cannot continue running

此行为是 Azure 沙盒的设计使然,因为 Azure 自动化中会对进程进行公平份额监视。This behavior is by design in Azure sandboxes because of the fair share monitoring of processes within Azure Automation. “公平份额”会自动停止执行时间超过 3 小时的 Runbook。If it executes longer than three hours, fair share automatically stops a runbook. 超过公平份额时间限制的 runbook 的状态因 runbook 类型而异。The status of a runbook that goes past the fair share time limit differs by runbook type. PowerShell 和 Python runbook 设置为“已停止”状态 。PowerShell and Python runbooks are set to a Stopped status. PowerShell 工作流 runbook 设置为“失败” 。PowerShell Workflow runbooks are set to Failed.

原因Cause

Runbook 运行时间超出了 Azure 沙盒中公平份额允许的 3 小时限制。The runbook ran over the 3-hour limit allowed by fair share in an Azure sandbox.

解决方法Resolution

建议的解决方案是在混合 Runbook 辅助角色上运行 runbook。One recommended solution is to run the runbook on a Hybrid Runbook Worker.

混合辅助角色不受 Azure 沙盒的 3 小时公平份额 runbook 限制。Hybrid Workers aren't limited by the 3-hour fair share runbook limit that Azure sandboxes have. 应开发在混合 Runbook 辅助角色上运行的 Runbook,以便在出现意外的本地基础结构问题时支持重启行为。Runbooks run on Hybrid Runbook Workers should be developed to support restart behaviors if there are unexpected local infrastructure issues.

另一种选择是通过创建子 runbook 来优化 runbook。Another option is to optimize the runbook by creating child runbooks. 如果 runbook 在多个资源上遍历同一函数,例如在多个数据库上执行某个数据库操作,则可将该函数移到子 runbook。If your runbook loops through the same function on several resources, such as a database operation on several databases, you can move that function to a child runbook. 各个子 runbook 是在单独的进程中并行执行的。Each of these child runbooks executes in parallel in separate processes. 此行为降低了完成父 runbook 所需的时间总量。This behavior decreases the total amount of time for the parent runbook to complete.

启用子 runbook 方案的 PowerShell cmdlet 是:The PowerShell cmdlets that enable the child runbook scenario are:

Start-AzureRMAutomationRunbook - 此 cmdlet 用于启动 runbook 并向其传递参数Start-AzureRMAutomationRunbook - This cmdlet allows you to start a runbook and pass parameters to the runbook

Get-AzureRmAutomationJob - 在子 runbook 完成后,如果需要执行操作,可使用此 cmdlet 检查每个子 runbook 的作业状态。Get-AzureRmAutomationJob - If there are operations that need to be performed after the child runbook completes, this cmdlet allows you to check the job status for each child.

场景:状态:调用 Webhook 时显示 400 错误请求Scenario: Status: 400 Bad Request when calling a webhook

问题Issue

在尝试调用 Azure 自动化 Runbook 的 Webhook 时,收到以下错误:When you try invoke a webhook for an Azure Automation runbook, you receive the following error:

400 Bad Request : This webhook has expired or is disabled

原因Cause

尝试调用的 Webhook 已禁用,或者已过期。The webhook that you're trying to call is either disabled or is expired.

解决方法Resolution

如果 Webhook 处于禁用状态,可以通过 Azure 门户重新启用 Webhook。If the webhook is disabled, you can re-enable the webhook through the Azure portal. 如果 Webhook 已过期,需要删除并重新创建 Webhook。when a webhook is expired, the webhook needs to be deleted and recreated. 如果尚未过期,只能续订 WebhookYou can only renew a webhook if it hasn't already expired.

场景:429:当前的请求速率过大...Scenario: 429: The request rate is currently too large...

问题Issue

在运行 Get-AzureRmAutomationJobOutput cmdlet 时收到以下错误消息:You receive the following error message when running the Get-AzureRmAutomationJobOutput cmdlet:

429: The request rate is currently too large. Please try again

原因Cause

从具有多个详细流的 Runbook 中检索作业输出时,可能发生此错误。This error may occur when retrieving job output from a runbook that has many verbose streams.

解决方法Resolution

可通过两种方法来解决此错误:There are two ways to resolve this error:

  • 编辑 Runbook,并减少它发出的作业流数量。Edit the runbook, and reduce the number of job streams that it emits.
  • 减少运行 cmdlet 时要检索的流数量。Reduce the number of streams to be retrieved when running the cmdlet. 若要遵循此行为,可以为 Get-AzureRmAutomationJobOutput cmdlet 指定 -Stream Output 参数以仅检索输出流。To follow this behavior, you can specify the -Stream Output parameter to the Get-AzureRmAutomationJobOutput cmdlet to retrieve only output streams.

场景:PowerShell 作业失败,出现错误:无法调用方法Scenario: PowerShell job fails with error: Cannot invoke method

问题Issue

在 Runbook(在 Azure 中运行)中启动 PowerShell 作业时,收到以下错误消息:You receive the following error message when starting a PowerShell Job in a runbook running in Azure:

Exception was thrown - Cannot invoke method. Method invocation is supported only on core types in this language mode.

原因Cause

在 Azure 中运行的 Runbook 中启动 PowerShell 作业时,可能会发生此错误。This error may occur when you start a PowerShell job in a runbook that runs in Azure. 出现此行为可能是因为在 Azure 沙盒中运行的 Runbook 可能未在完整语言模式下运行。This behavior may occur because runbooks run in an Azure sandbox may not run in the Full language mode.

解决方法Resolution

可通过两种方法来解决此错误:There are two ways to resolve this error:

  • 使用 Start-AzureRmAutomationRunbook 而不是 Start-Job 来启动 RunbookInstead of using Start-Job, use Start-AzureRmAutomationRunbook to start a runbook
  • 如果 Runbook 出现此错误消息,请在混合 Runbook 辅助角色上运行它If your runbook has this error message, run it on a Hybrid Runbook Worker

若要详细了解 Azure 自动化 Runbook 的此行为和其他行为,请参阅 Runbook 行为To learn more about this behavior and other behaviors of Azure Automation Runbooks, see Runbook behavior.

方案:Linux 混合 Runbook 辅助角色在为 Runbook 签名时收到密码提示Scenario: Linux Hybrid Runbook Worker receives a prompt for a password when signing a runbook

问题Issue

针对 Linux 混合 Runbook 辅助角色运行 sudo 命令时检索到意外的密码提示。Running the sudo command for a Linux Hybrid Runbook Worker retrieves an unexpected prompt for a password.

原因Cause

未在 sudoers 文件中正确配置适用于 Linux 的 Log Analytics 代理的 nxautomationuser 帐户。The nxautomationuser account for the Log Analytics agent for Linux is not correctly configured in the sudoers file. 需要为混合 Runbook 辅助角色适当配置帐户权限和其他数据,才能让它为 Linux Runbook 辅助角色中的 Runbook 签名。The Hybrid Runbook Worker needs the appropriate configuration of account permissions and other data so that it can sign runbooks on the Linux Runbook Worker.

解决方法Resolution

方案:对 Azure 自动化中的 PnP PowerShell Runbook 运行 Cmdlet 失败Scenario: Cmdlet failing in PnP PowerShell runbook on Azure Automation

问题Issue

当 Runbook 直接将 PnP PowerShell 生成的对象写入 Azure 自动化输出时,cmdlet 输出无法流式传输到自动化。When a runbook writes a PnP PowerShell-generated object to the Azure Automation output directly, cmdlet output can't stream back to Automation.

原因Cause

此问题的最常见原因是 Azure 自动化在未捕获返回对象的情况下处理调用 PnP PowerShell cmdlet(例如 add-pnplistitem)的 Runbook。This issue is most commonly caused when Azure Automation processes runbooks that invoke PnP PowerShell cmdlets, for example, add-pnplistitem, without catching the return objects.

解决方法Resolution

编辑脚本以将任何返回值分配到变量,使 cmdlet 不会尝试将整个对象写入标准输出。Edit your scripts to assign any return values to variables so that the cmdlets do not attempt to write whole objects to the standard output. 脚本可将输出流重定向到 cmdlet,如下所示。A script can redirect the output stream to a cmdlet as shown below.

  $null = add-pnplistitem

如果脚本分析 cmdlet 输出,该脚本必须将输出存储在某个变量中,然后操控变量,而不是仅流式传输输出。If your script parses cmdlet output, the script must store the output in a variable and manipulate the variable instead of simply streaming the output.

$SomeVariable = add-pnplistitem ....
if ($SomeVariable.someproperty -eq ....

上面未列出我的问题My problem isn't listed above

为帮助你解决问题,以下部分列出了支持文档中未列出的其他常见错误。The sections below list other common errors in addition to supporting documentation to help you resolve your issue.

混合 runbook 辅助角色不运行作业,或者没有响应Hybrid runbook worker doesn't run jobs or isn't responding

如果你使用混合辅助角色来运行作业,而不是在 Azure 自动化中运行作业,则可能需要排查混合辅助角色本身的问题If you are running jobs using a hybrid worker instead of in Azure Automation, you might need to troubleshoot the hybrid worker itself.

Runbook 由于“无权限”或某个变动而失败Runbook fails with "No permission" or some variation

运行方式帐户对 Azure 资源的权限可能与当前帐户的权限不同。Run As accounts might not have the same permissions against Azure resources as your current account. 确保运行方式帐户有权访问脚本中使用的任何资源。Ensure that your Run As account has permissions to access any resources used in your script.

Runbook 在工作时突然停止Runbooks were working, but suddenly stopped

  • 如果 Runbook 之前在执行但突然停止,请确保运行方式帐户未过期。If runbooks were previously executing but stopped, ensure that the Run As account has not expired.
  • 如果使用 Webhook 来启动 Runbook,请确保 Webhook 未过期。If you are using webhooks to start runbooks, ensure that a webhook has not expired.

将参数传递到 Webhook 时出现问题Issues passing parameters into webhooks

如果在将参数传递到 Webhook 时需要帮助,请参阅从 Webhook 启动 RunbookFor help with passing parameters into webhooks, see Start a runbook from a webhook.

Runbook 中的行为不一致Inconsistent behavior in runbooks

Runbook 执行中的指导操作,避免并发作业出现问题、资源被创建多次或 Runbook 中出现其他计时敏感逻辑。Follow the guidance in Runbook execution to avoid issues with concurrent jobs, resources getting created multiple times, or other timing-sensitive logic in runbooks.

Runbook 失败并出现错误“无权限”、“已禁止(403)”或其他错误Runbook fails with the error No permission, Forbidden (403), or some variation

运行方式帐户对 Azure 资源的权限可能与当前帐户的权限不同。Run As accounts might not have the same permissions against Azure resources as your current account. 确保运行方式帐户有权访问脚本中使用的任何资源。Ensure that your Run As account has permissions to access any resources used in your script.

Runbook 在工作时突然停止Runbooks were working, but suddenly stopped

  • 如果 Runbook 之前在执行但突然停止,请确保运行方式帐户未过期。If runbooks were previously executing but stopped, ensure that the Run As account has not expired. 请参阅认证续签See certification renewal.
  • 如果使用 Webhook 来启动 Runbook,请确保 Webhook 未过期If you are using webhooks to start runbooks, ensure that the webhook has not expired.

将参数传递到 webhookPassing parameters into webhooks

如果在将参数传递到 Webhook 时需要帮助,请参阅从 Webhook 启动 RunbookFor help with passing parameters into webhooks, see Start a runbook from a webhook.

使用自签名证书Using self-signed certificates

若要使用自签名证书,请参阅创建新证书To use Self-Signed certificates, see Creating a new certificate.

后续步骤Next steps

如果你的问题未在本文中列出,或者无法解决问题,请访问以下渠道之一获取更多支持:If you didn't see your problem or are unable to solve your issue, visit one of the following channels for more support: