Share this:

 

This World Backup Day, WIN with Altaro!

As World Backup Day approaches, we’re reminded of all the mishaps, backup scares, and near-catastrophes that we’ve experienced over the years – and how grateful we were to have backup during those times!

If you use Microsoft 365/Office 365, Hyper-V or VMware, celebrate with us. All you have to do is sign up for a 30-day free trial of either Altaro VM Backup or Altaro Office 365 Backup – it’s your choice!

What can you win?

• Receive a guaranteed €20 Amazon voucher when you sign up for and use the trial of Altaro Office 365 Backup or Altaro VM Backup
• Get a chance to WIN one of our Grand Prizes when you tell us about your funniest IT catastrophe!

What are you waiting for? Sign up now!

Share this:

There are multiple ways on how to use a VPN and how to connect and use this. In this blog I use an Azure Virtual WAN Hub with associated security and routing policies configured by Azure Firewall Manager.

When connecting to your Virtual Hub over the IKEv2 protocol, you can use certificate-based authentication or RADIUS authentication. However, when you use the OpenVPN protocol, you can also use Azure Active Directory authentication.

I will use the open VPN with Azure Active Directory authentication. Remember this is only supported on Windows 10 as you will need the Azure VPN client from the microsoft store.

For giving the vpn application the proper permissions, you need to register the application to your Azure AD first.

below is the default URL that can be used to trigger the registration, use the proper rights to create an enterprise App in you Azure AD

https://login.microsoftonline.com/common/oauth2/authorize?client_id=41b23e61-6c1e-4545-b367-cd054e0ed4b4&response_type=code&redirect_uri=https://portal.azure.com&nonce=1234&prompt=admin_consent

Sign in with the proper credentials

Using the wrong account will end up in

AADSTS50020: User account  from identity provider ‘live.com’ does not exist in tenant ‘Microsoft’ and cannot access the application ‘4b4′(Azure VPN) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

When Accepted the you will be redirected to the Azure portal.

In the Azure portal you can go to the Azure active directory and

Enterprise applications | All applications  and search for Azure VPN

Now that the basics are in place, we can configure our Site to Site VPN profile the following information is needed.

Go to your Virtual Wan and select the user VPN configuration

Create User VPN ##### I noticed during the writing of this blog post the screens may differ as the portal changed the layout#######

• Configuration name – Enter the name you want to call your User VPN Configuration.
• Tunnel type – Select OpenVPN.
• Authentication method – Select Azure Active Directory.
• Audience – Type in the Application ID of the Azure VPN Enterprise Application registered in your Azure AD tenant.
• Issuer – https://sts.windows.net/tenantID/
• AAD Tenant – https://login.microsoftonline.com/TenantID

Select open VPN

go to the Azure Active Directory <> properties and grab the Tenant ID

Set the switch to yes and new fields will open.

 

• Audience – Type in the Application ID of the Azure VPN Enterprise Application registered in your Azure AD tenant.
• Issuer – https://sts.windows.net/3078684f/   ## remember the /  this must be at the end
• AAD Tenant – https://login.microsoftonline.com/3078684f

#the number is your tenant ID

Now that the VPN user profile is created we can configure the HUB

Now that the user vpn profile is created we can create the P2S VPN.  Select your hub

Select the user VPN point to site VPN  select create

Creating a VPN gateway you need to select the just created User profile.  

Select a proper IP subnet and if needed a DNS server for the workload into that network

Updating a hub can take 30 minutes or more.

Download User VPN profile as we need this on the Windows 10 client later.

Use the VPN profile to configure your clients.

1. On the page for your Virtual WAN, click User VPN configurations.
2. At the top of the page, click Download user VPN config.
3. Once the file has finished creating, you can click the link to download it.
4. Use the profile file to configure the VPN clients.

To download the Azure VPN client on your windows 10 test device.

Use this link to download the Azure VPN Client.

Open the VPN Client you can add a new VPN or import a Connection

 

For Importing the Connection we need the just downloaded zip file and extract this in the AzureVPN folder there is a XML that holds the vpn configuration.

 

 

If any thing goes wron with the import it is 99% your pbk file,

 

go to the following folder and delete the files – this will probably also remove your other vpn connections it you had any.

%userprofile%\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk

C:\Users\admin\AppData\Local\Packages\Microsoft.AzureVpn_8wekyb3d8bbwe\LocalState

Now that the Import worked and you are ready to connect to the VPN in Azure.

  Use your Azure AD credentials or your FIDO2 key

 

  Now we are fully connected to the Secure Virtual WAN in Azure

It can take some time to see your connection in the portal

Showing the above it all is easy to setup this but I already see the questions yes but I need to do this on 5000 Windows 10 devices.  

Microsoft Endpoint Management is your best friend.

Deploy VPN with Microsoft Endpoint Management 

We create a Custom Template and do not select the VPN option as this is not for uploading the XML

In our Custom settings we add the Following settings

• Name: Enter a name for the configuration.
• Description: Optional description.
• OMA-URI: ./User/Vendor/MSFT/VPNv2/demo01_hub-weu/azurevpnconfig.xml (this information can be found in the azurevpnconfig.xml file in the tag Name).
• Data type: String (XML file).

Now that this is done we can create some assign ments and test this on the pilot group

 

As you can see there are a few steps involved and are linked together

 

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Share this:

During Microsoft Ignite there was a lot on news about Windows Admin Center the latest build 2103 is now GA  http://aka.ms/wacdownload

I’m a big fan of #WAC already wrote a couple of blog items about the product. and testing for some time now WAC in Azure, and now it is in public preview to test for us all.

Running this in your own Datacenter or on a VM in the cloud but the best part is there is also an add on in Azure, How handy is that.

Using Windows Admin Center can be done on a Windows 10 system or use a Server(core or Gui) or build this on a cluster See also my blog post about that item Deploy Windows Admin Center High Availability running on a Windows Server 2019 Cluster #winserv #WAC #WindowsAdminCenter #AzureArc #Azure #Hybrid | Robert Smit MVP Blog (wordpress.com)

Windows Admin Center, your favorite server management tool, is now available in preview in Azure. This new capability enables seamless and granular management of your Windows Server Azure IaaS virtual machines (VMs) from within the Azure portal.

Here is a short video highlighting some of the capabilities included with Windows Admin Center in the Azure portal.

Windows Admin Center in the Azure portal is available to all Windows Server customers on Azure running Windows Server 2016 or higher virtual machines in the public cloud. Create a new virtual machine today or deploy Windows Admin Center on your existing infrastructure. You can begin managing your virtual machines in Azure using Windows Admin Center by navigating to the “Windows Admin Center (preview)” blade under “Settings” in the Virtual Machine Azure portal UI. In my demo I used a Windows Server 2022 (insider build)

How does it work in Azure, Well currently only in new created VM’s the Extension will be there.  When creating a fresh new VM (next next create) method the Windows admin center will be there.

Some things are clear if the VM is turned off you can’t use the WAC blade.

But keep in mind all your VM’s need a public IP and need a minimum of 3 GB memory so It won’t work for all your SKU’s

 

The configuration is easy the VM must be running and have an external IP to route the traffic make sure there are no open ends on the Internet with that IP address.

As you can see an NSG is placed around the VM to keep things secure. and the WAC port is been Added as inbound IP  on port 6516

Now that Azure WAC is configured we can login with the VM credentials.

and If you like Bastion but think it is to expensive for you, here is the free version Azure RDP in your browser.

no other extra ports needed to have a fully web browser web RDP.

All the Windows server options are there and easy to handle like Windows update in the Azure porter / wac blade I go to the Update section and select the Updates that I want to deploy and start it and move to the next one if needed. without logging on into the server with RDP.

 

Want to know more about WAC here are some links to get you started.

 

Want to see more about Windows Admin Center and use this in Azure go Azurewac to get all the details.

https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-vm?WT.mc_id=AZ-MVP-4025011

https://robertsmit.wordpress.com/2020/09/01/make-windows-admin-center-high-available-running-on-a-windows-server-2019-cluster-winserv-runws2019-windowsadmincenter-windowsserver2019/

https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/overview

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Share this:

Building a new Lab around Windows server 2022 brings all the basics again , new vm’s new image of wim to vhd , sysprep what ever option you do to build a new lab. In this case I want to sysprep the VM this failed as Edge was not installed for all users. As it is a insider build this probably will be fixed in the next releases.

Running sysprep I got the Following Error.

SYSPRP Package Microsoft.MicrosoftEdge.Stable_86.0.622.38_neutral__8wekyb3d8bbwe was installed for a user, but not provisioned for all users. This package will not function properly in the sysprep image.

 

 

SYSPRP Package Microsoft.MicrosoftEdge.Stable_86.0.622.38_neutral__8wekyb3d8bbwe was installed for a user, but not provisioned for all users. This package will not function properly in the sysprep image.
2021-03-01 14:21:06, Error                 SYSPRP Failed to remove apps for the current user: 0x80073cf2.
2021-03-01 14:21:06, Error                 SYSPRP Exit code of RemoveAllApps thread was 0x3cf2.
2021-03-01 14:21:06, Error                 SYSPRP ActionPlatform::LaunchModule: Failure occurred while executing ‘SysprepGeneralizeValidate’ from C:\Windows\System32\AppxSysprep.dll; dwRet = 0x3cf2
2021-03-01 14:21:06, Error                 SYSPRP SysprepSession::Validate: Error in validating actions from C:\Windows\System32\Sysprep\ActionFiles\Generalize.xml; dwRet = 0x3cf2
2021-03-01 14:21:06, Error                 SYSPRP RunPlatformActions:Failed while validating Sysprep session actions; dwRet = 0x3cf2

 

Uninstalling the MS Edge from the uninstall section

Microsoft.MicrosoftEdge.Stable_86.0.622.38_neutral__8wekyb3d8bbwe

 

It’s gone but the SysPrep still failed.

Ah it is a modern app  So we need to remove this, listing all the Microsoft Apps.

 

Getting the Proper Package and remove this

Microsoft.MicrosoftEdge.Stable_86.0.622.38_neutral__8wekyb3d8bbwe

 

Powershell Command :

Remove-AppxPackage -Package Microsoft.MicrosoftEdge.Stable_86.0.622.38_neutral__8wekyb3d8bbwe

After This is removed I did a Reboot and Installed the MS Edge for all users and the sysprep Went fine.

 

Installing Edge.

#Create temp folder
New-Item -Path ‘C:\temp’ -ItemType Directory -Force | Out-Null

#Install Edge

Invoke-WebRequest  -Uri "http://dl.delivery.mp.microsoft.com/filestreamingservice/files/c39f1d27-cd11-495a-b638-eac3775b469d/MicrosoftEdgeEnterpriseX64.msi" -OutFile ‘c:\temp\MicrosoftEdgeEnterpriseX64.msi’
Invoke-Expression -Command ‘C:\temp\MicrosoftEdgeEnterpriseX64.msi /quiet /norestart’

My syspreped Machine.  with edge

 

 

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Share this:

What is the Journal app ? it is a Windows  10 app helping people who love to journal to evolve their ideas and express themselves quickly with the power of their digital pen.

Description

Journal, a Microsoft Garage project, is an app for Windows that invites people who love to journal to pick up their digital pen, express themselves quickly, and evolve their ideas. Of all the different methods of device interaction, digital ink is unique in the speed and degree of natural expression and in aiding memory. With Journal, disparate ideas can be connected, drawings can be sketched, annotations can be freely inserted, information can be located with search, and you can easily connect your ink across other apps to grow your best ideas. Journal provides an ink-first solution that delivers new AI, intuitive gestures, and connected experiences for Microsoft 365 for work and school (subscription required, sold separately) . It’s designed for people who thrive when writing out their ideas, notes, and sketches. The Microsoft Garage is an outlet for experimental projects for you to try. Learn more at https://garage.microsoft.com

Download the Journal tool from the Store

There is a quick introduction play guide.

Features

• An ink-first experience for those who write with a digital pen
• A page-based canvas for easy scrolling, optimized for tablet and 2-in-1 devices
• New intuitive Ink Gestures that don’t require mode switches
• Drag and drop your content between pages, or to your favorite applications
• Microsoft 365 Integration to access your Calendar for faster meeting notes (Subscription required, sold separately)
• Import and markup PDF documents and images
• Search using keywords or filters

What’s new in this version

Improved ability to open journals from Documents folders stored on networks – Fixed issue with sending email for M365 Work and School users – Improvements to Scratch Out – Improvements for signing in with Microsoft 365 Work or School account – General bug and performance tweaks with ink AI, undo, and opening/closing journals

Try it out https://aka.ms/TryJRNL
Learn more https://aka.ms/JRNLblog

 

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile