Posts Tagged ‘Azure’

PreReq’s

  • You need to have the HyperV Role installed on the server if you want to convert VHDX -> VHD , Azure only support VHD
  • You need to create a storage account in Azure : $storageaccount
  • You need to create a container in that storage account $containername
  • Azure Resource Group : $resourceGroup
  • VHD to VHDX should be stored at $localPath e.g. C:\Temp\VHD.VHD – this should be the C drive of the computer including System Reserve partition

 

  1. Connect to Azure

connect-azaccount

2. Select Azure Subscription

Select-AzureSubscription -Current -SubscriptionName $AzureSubscriptionName

3. 
# Upload the VHD
$urlOfUploadedImageVhd = (‘https://$storageaccount.blob.core.windows.net/’ + $containername + ‘/’ + $vhdName)
Add-AzVhd -ResourceGroupName $resourceGroup -Destination $urlOfUploadedImageVhd -LocalFilePath $localPath

This will try and convert the VHDX file to VHD

To be compatible with Azure, Add-AzVhd will automatically try to convert VHDX files to VHD, and resize VHD files to N * Mib using Hyper-V Platform, a Windows naitive virtualization product.
For more information visit https://aka.ms/usingAdd-AzVhd

MD5 hash is being calculated for the file \\XXXX\f$\TEMP\XXXX.VHD.
MD5 hash calculation is completed.
Elapsed time for the operation: 00:16:32
Creating new page blob of size 68719477248…
Detecting the empty data blocks in the local file.
Detecting the empty data blocks completed.
Elapsed time for upload: 00:32:37

LocalFilePath DestinationUri
————- ————–
\\vbr01\f$\TEMP\XXXX.VHD https://$storageaccount.blob.core.windows.net/$containername/XXXX.VHD

You will have the new Blob URL for the VHD, now you need to make a managed disk from it – https://aidanfinn.com/?p=20441

Once you have a managed disk you can then create a VM from that Managed Disk

GD Star Rating
loading...
GD Star Rating
loading...

Recently after creating a site with Virtual Machines sitting on a Vnet on the application Gateway , I could not add this subnet to be routable from the Virtual Network Gateway

The solution is to use Vnet peering to create a new subnet for the Virtual network gateways and peer this with the Application Gateway subnet 

You then need to enable Remote Gateways per below , so VPN clients can route to the Application Gateway Subnet via a route :

Connect two or more Azure Virtual Networks using one VPN Gateway – Apostolidis Cloud Corner (e-apostolidis.gr)

GD Star Rating
loading...
GD Star Rating
loading...

Recently we had moved some onpremise Server 2016 machines to Azure using ASR. When trying to activate them using the Microsoft steps

  • cscript c:\windows\system32\slmgr.vbs /dlv
  • cscript c:\windows\system32\slmgr.vbs /ipk WC2BQ-8NRM3-FDDYY-2BFGV-KHKQY
  • cscript c:\windows\system32\slmgr.vbs /ato

It did not work, we had to use Automatic Virtual Machine Activation (AVMA)

  1. slmgr /ipk C3RCX-M6NRP-6CXC9-TW2F2-4RHYD
    
GD Star Rating
loading...
GD Star Rating
loading...

I got deployment failed when trying to change a SQL servers License from Express to Developer.

I checked the Server and it had developer license installed on SQL

Looking at the JSON

{
    “status”: “Failed”,
    “error”: {
        “code”: “ResourceDeploymentFailure”,
        “message”: “The resource operation completed with terminal provisioning state ‘Failed’.”,
        “details”: [
            {
                “code”: “MismatchSqlVmSku”,
                “message”: “The SQL sku provided is ‘Developer’ which does not match the sku installed in the virtual machine ‘Express’. Make sure to provide the correct sku type.”
            }
        ]
    }
}
 
Its because there was an old version of SQL express installed , removing this fixed the issue
GD Star Rating
loading...
GD Star Rating
loading...

Login to Azure Active Directory. Locate Usage & insights , under Monitoring

Select “Users registerd for Multi-Factor Authentication”

 

 

Can also be done in powershell : https://dirteam.com/sander/2020/05/14/todo-optimize-the-azure-multi-factor-authentication-methods-used-throughout-your-organization/

Monitoring with PowerShell: Monitoring the used MFA type for O365/Azure.

GD Star Rating
loading...
GD Star Rating
loading...

Run Locally

Test and Download App

#Downloads the Docker File from Dock Hub

dock pull %dockerusername%/%dockername%:latest 

#Runs the Docker File on port 80 if the container is active on port 3000 ( Test go to http://localhost ) 

docker run -p 80:3000 %dockerusername%/%dockername%:latest

#List current dockers running

docker ps -a

#Stop the container by id ( found from above )

docker stop ad5b49ba5476

#Clear Stopped Containers

docker container prune

Upload App to Azure

**Create an Azure Container or reuse an existing one** 

**Run the below in Azure Shell**

#Show credentials for login and save username and password

az acr credential show --name %azurecontainer%

**Run on Docker PC**

#Login to Azure Docker

docker login %azurecontainer%.azurecr.io --username name %azurecontainer%

#Tag docker for upload

docker tag %dockerusername%/%dockername% name %azurecontainer%.azurecr.io/%dockername%:latest

#Push Docker to Azure

docker push name %azurecontainer%.azurecr.io/%dockerusername%/%dockername%:latest

Run in Azure

#Create Azure Service plan

az appservice plan create --name %serviceplanname% --resource-group %azureresourcegroup% --sku S1 --is-linux

#Add Docker App to Azure Service Plan

az webapp create --resource-group %azureresourcegroup% --plan %serviceplanname% --name %appname% --deployment-container-image-name %azurecontainer%.azurecr.io/%dockername%:latest

#Set the details to access the Docker

az webapp config container set --name %appname% --resource-group %azureresourcegroup% --docker-custom-image-name %azurecontainer%.azurecr.io/%dockername%:latest --docker-registry-server-url https://%azurecontainer%.azurecr.io --docker-registry-server-user %azurecontainer% --docker-registry-server-password %passwordfromshowcredential%

#Make the app live on its specific port e.g. 3000

az webapp config appsettings set --resource-group %azureresourcegroup% --name %appname% --settings WEBSITES_PORT=3000

Test the app

http://%appname%.azurewebsites.net/

 

GD Star Rating
loading...
GD Star Rating
loading...
  • Install a new NPS Server ( cannot be existing as MFA will take over existing requests such as Wifi! ) 
  • Installed Azure AD NPS Plugin and Enroll in Azure AD
  • Add a Radius Client to the NPS server of the IP ( VIP ) of the Netscaler 
  • Add the Radius server in Authentication – Set Timeout to 10Seconds , set Password to MsChapv2 Set NASID to MFA
  • NPS Server Policies

 

GD Star Rating
loading...
GD Star Rating
loading...