AzureDiagnostics | where ResourceProvider == “MICROSOFT.NETWORK” and Category == “ApplicationGatewayFirewallLog” | summarize count() by ruleId_s, bin(TimeGenerated, 1m),requestUri_s | sort by TimeGenerated desc
Posts Tagged ‘Azure’
I got deployment failed when trying to change a SQL servers License from Express to Developer.
I checked the Server and it had developer license installed on SQL
Looking at the JSON
{
“status”: “Failed”,
“error”: {
“code”: “ResourceDeploymentFailure”,
“message”: “The resource operation completed with terminal provisioning state ‘Failed’.”,
“details”: [
{
“code”: “MismatchSqlVmSku”,
“message”: “The SQL sku provided is ‘Developer’ which does not match the sku installed in the virtual machine ‘Express’. Make sure to provide the correct sku type.”
}
]
}
}
Its because there was an old version of SQL express installed , removing this fixed the issue
Login to Azure Active Directory. Locate Usage & insights , under Monitoring
Select “Users registerd for Multi-Factor Authentication”
Can also be done in powershell : https://dirteam.com/sander/2020/05/14/todo-optimize-the-azure-multi-factor-authentication-methods-used-throughout-your-organization/
Monitoring with PowerShell: Monitoring the used MFA type for O365/Azure.
Run Locally
Test and Download App
#Downloads the Docker File from Dock Hub
dock pull %dockerusername%/%dockername%:latest
#Runs the Docker File on port 80 if the container is active on port 3000 ( Test go to http://localhost )
docker run -p 80:3000 %dockerusername%/%dockername%:latest
#List current dockers running
docker ps -a
#Stop the container by id ( found from above )
docker stop ad5b49ba5476
#Clear Stopped Containers
docker container prune
Upload App to Azure
**Create an Azure Container or reuse an existing one**
**Run the below in Azure Shell**
#Show credentials for login and save username and password
az acr credential show --name %azurecontainer%
**Run on Docker PC**
#Login to Azure Docker
docker login %azurecontainer%.azurecr.io --username name %azurecontainer%
#Tag docker for upload
docker tag %dockerusername%/%dockername% name %azurecontainer%.azurecr.io/%dockername%:latest
#Push Docker to Azure
docker push name %azurecontainer%.azurecr.io/%dockerusername%/%dockername%:latest
Run in Azure
#Create Azure Service plan
az appservice plan create --name %serviceplanname% --resource-group %azureresourcegroup% --sku S1 --is-linux
#Add Docker App to Azure Service Plan
az webapp create --resource-group %azureresourcegroup% --plan %serviceplanname% --name %appname% --deployment-container-image-name %azurecontainer%.azurecr.io/%dockername%:latest
#Set the details to access the Docker
az webapp config container set --name %appname% --resource-group %azureresourcegroup% --docker-custom-image-name %azurecontainer%.azurecr.io/%dockername%:latest --docker-registry-server-url https://%azurecontainer%.azurecr.io --docker-registry-server-user %azurecontainer% --docker-registry-server-password %passwordfromshowcredential%
#Make the app live on its specific port e.g. 3000
az webapp config appsettings set --resource-group %azureresourcegroup% --name %appname% --settings WEBSITES_PORT=3000
Test the app
http://%appname%.azurewebsites.net/
- Install a new NPS Server ( cannot be existing as MFA will take over existing requests such as Wifi! )
- Installed Azure AD NPS Plugin and Enroll in Azure AD
- Add a Radius Client to the NPS server of the IP ( VIP ) of the Netscaler
- Add the Radius server in Authentication – Set Timeout to 10Seconds , set Password to MsChapv2 Set NASID to MFA
- NPS Server Policies
VERBOSE: PowerShell meta provider initialization failed.
VERBOSE: PowerShell meta provider initialization failed.
PackageManagement\Import-PackageProvider : No match was found for the specified search criteria and provider name
‘NuGet’. Try ‘Get-PackageProvider -ListAvailable’ to see if the provider exists on the system.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7302 char:25
+ … $null = PackageManagement\Import-PackageProvider -Name $script:Nu …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (NuGet:String) [Import-PackageProvider], Exception
+ FullyQualifiedErrorId : NoMatchFoundForCriteria,Microsoft.PowerShell.PackageManagement.Cmdlets.ImportPackageProv
ider
Run this before
To enabled TLS 1.2, you may need to run this before
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Trying to diagnose an issue of a reason why an NPS server would not let a user in and come back with Access-Reject produces the following Reason in the event log
An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request.
I recommend
Disable NPS MFA Extension
- Stop the Network Policy Server Service
- Create a backup of the key ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AuthSrv\Parameters’
- Remove the values inside this key (DO NOT Remove the Parameters key itself)
- Start the Network Policy Server Service
To Re-Enable the NPS MFA Extension
- Stop the Network Policy Server Service
- Import the backup of the key ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AuthSrv\Parameters’
- Start the Network Policy Server Service
You can always uninstall NPS Extension for Azure MFA Plugin
Retrying the access which should give you some better reason in the event log e.g. The RADIUS request did not match any configured connection request policy (CRP).
Once this is fixed you can reinstall the Plugin and re-authenticate it
If you host your Azure MFA User Portal outside of your MFA Server e.g. in a DMZ , the User portal server has to speak to this MFA server via SSL using the SDK and also via a certificate. Make sure the SSL of you MFA server is valid. It might be self signed internally on that server ( cannot be from the domain as the DMZ server can’t speak to your domain ) so you need to create a new one and transfer it securely to the User portal and install it on the Trusted Root Authority
System.Security.Authentication
This certificate cannot be verified up to a trusted certification
MFA Server
Login to your MFA server and change the below to Succeed Authentication from Failed
In Azure Cloud
Login to Office 365 Portal
Choose Azure Active Directory
Choose MFA
Add One Time Bypass
Azure Single Sign-On
Identifier (Entity ID): https://imanage.domain.com
Reply URL (Assertion Consumer Service URL): https://imanage.domain.com/api/v1/session/saml-login
Download Certificate file (.cer) and store on iManage server e.g. C:\SSL\
HIVE: HKLM\SOFTWARE\Interwoven\WorkSite\imDmsSvc
SAML Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
SAML Endpoint: https://myapps.microsoft.com/signin/iManage%20SAML/xxxxxxx-xxxxxx-xxxx
SAML Key File: C:\SSL\iManageSAML.cer
SAML Logout Endpoint: https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0
SAML Web RP: https://imanage.domain.com
- 1
- 2