Robert Smit MVP Blog

Step By Step Troubleshooting Azure Arc-enabled servers with agent connection issues #Windows #WindowsServer #WinServ #Azure #AzureArc #Cloud

Azure Arc-enabled servers enables you to manage your Windows and Linux physical servers and virtual machines hosted outside of Azure, on your corporate network, or other cloud provider. This management experience is designed to be consistent with how you manage native Azure virtual machines. When a hybrid machine is connected to Azure, it becomes a connected machine and is treated as a resource in Azure. Each connected machine has a Resource ID enabling the machine to be included in a resource group. Now you can benefit from standard Azure constructs, such as Azure Policy and applying tags.

When running Azure Arc for some time and suddenly the response stopped you need to dig a bit deeper into the how things are working instead of just kicking off an MSI and the issue is still not fixed.

This is all test So it may look different in your site.just to say so.

Here I have my two servers managed by Arc

As you can see “Something went wrong while getting your resources. Please try again later.”

yes let me get more info about this as currently I know nothing about the error.

So It is all OK according to the Azure troubleshooter and still it doesn’t work

Let me click around and see if there is and error ( I could see the local event log of the server but that’s no fun Who uses this ? post some comments in the blog post) Eventlogs are extremely helpful on finding issues or hidden issue’s Often people for get to look at his and see the problem right there. and yes it needs to be fixed also.

Will that be the issue ? checking already running the latest version, so what is this error or did it go wrong when updating the agent, well I did skip patching for some time on these servers and upgraded these to Windows server 2022

Let me check the agent version, well the latest version for now..

How is this Azure arc be configured anyway, there is no console other than in azure and an MSI with an agent,

let me check the configuration of this and see if I can find something there.

C:\ProgramData\GuestConfig

Perfect lots of log files and a config let me check this all

time="2021-09-01T16:32:17+02:00" level=error msg="Could not acquire token from cert: FromAssertion(): http call(https://login.windows.net/-d391a79950b1/oauth2/v2.0/token)(POST) error: reply status code was 401:\n{\"error\":\"invalid_client\",\"error_description\":\"AADSTS700027: Client assertion contains an invalid signature. [Reason – The key used is expired., Thumbprint of key used by client: ‘C2FA453DD43C16E584868C1C762DC91EBEC63232’, Found key ‘Start=11/12/2019 15:45:00, End=02/10/2020 15:45:00’, Please visit the Azure Portal, Graph Explorer or directly use MS Graph to see configured keys for app Id ‘a16df9d0-f012-45ae-8a92-1d0ad72e045e’. Review the documentation at https://docs.microsoft.com/en-us/graph/deployments to determine the corresponding service endpoint and https://docs.microsoft.com/en-us/graph/api/application-get?view=graph-rest-1.0&tabs=http to build a query request URL, such as ‘https://graph.microsoft.com/beta/applications/].\\r\\nTrace ID: 932-2ba8-4098-813e-05a2900\\r\\nCorrelation ID: 66a070fe-6ae4-4a25-ad3f-\\r\\nTimestamp: 2021-09-01 14:32:07Z\",\"error_codes\":[700027],\"timestamp\":\"2021-09-01 14:32:07Z\",\"trace_id\":\"932e7194-2ba8-4098-813e-343df05a2900\",\"correlation_id\":\"-4a25-ad3f-160f98c9fd9e\",\"error_uri\":\"https://login.windows.net/error?code=700027\"}"

Seeing the Config and also see the issue here — Client assertion contains an invalid signature. [Reason – The key used is expired–

As I did not update the agent the certificate got expired make sense.

But the device has already the new agent So reconnect ? but how ?

Looking at the Config I see all the details how the agent is been registered and the resource group etc

C:\ProgramData\AzureConnectedMachineAgent\Config

agentconfig.json

{"subscriptionId":"f34","resourceGroup":"AzureBackupRG_westeurope_1","resourceName":"Hyperv1201","tenantId":"0b1","location":"westus2","vmId":"9659193c-f4d8-4a77-b8f9baad507ce9a9","certificateThumbprint":"c2fa453dd43c16e584868c1c762dc91ebec63232","clientId":"0-f012-45ae-8a92-1045e"}

Let me open powershell and maybe I got more details. and reactivate the Agent

With the azcmagent command you can get more details.

let me get all the logs

azcmagent logs

now we have all the logs in a zip file this could be handy for a next time.

As I reconfigure the agent with the following command

& "$env:ProgramFiles\AzureConnectedMachineAgent\azcmagent.exe" connect –resource-group "AzureBackupRG_westeurope_1" –tenant-id "your tenant id" –location "westus2" –subscription-id "errryh934" –verbose

With the reconnect we need to log in again and all goes well

But in the logging there is suddenly another error

When looking here I see there is an Azure Policy that demands a TAG and this is currently not available on the resource group So I Can’t onboard my Azure Arc server.

Thought this was about an Agent that has an expired Certificate.

Seems there is a Azure policy that is blocking as the hyperv1201 has no tags set the mvpdc02 has only a tag set.

After a quick change I rerun the command line and it worked perfectly and it showed up in the console again.

& "$env:ProgramFiles\AzureConnectedMachineAgent\azcmagent.exe" connect –resource-group "MVPRSG-Azure-Arc" –tenant-id "3078684f-d143-440a-ae40-d391a79950b1" –location "West US 2" –subscription-id "df1e2f32-7adf-48f6-b969-f02376152934" –verbose

Starting client connection on: \\\\.\\pipe\\himds"
time="2021-09-01T17:12:53+02:00" level=debug msg="Awaiting status message from agent…"
time="2021-09-01T17:12:53+02:00" level=debug msg="Status Message received"

As I have a second machine with the same issue I removed the machine directly in the arc portal and rerun the registration as the agent was also already installed. (this would be the quick fix for this)

Perfect reconnecting and waiting for the Agent.

Now I can look at the Azure Arc Insights again.

Flickr Tags: Windows Server 2022,CloudOS

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

First hands-on Upgrading to Windows Server 2022 Domain Controller #Windows2022 #Windows2016 #winserv #CloudOS #WIMVP

Windows Server 2022 is built on the strong foundation of Windows Server 2019 and brings many innovations on three key themes: security, Azure hybrid integration and management, and application platform. Also, Windows Server 2022 Datacenter: Azure Edition helps you use the benefits of cloud to keep your VMs up to date while minimizing downtime.

https://docs.microsoft.com/en-us/windows-server/get-started/whats-new-in-windows-server-2022?WT.mc_id=AZ-MVP-4025011

As some of my Domain controllers are running on Server 2016 this is a great moment to upgrade them,Upgrading a domain controller is always tricky when you loos you AD, well I got a copy in Azure Winking smile

How ever Windows Server 2016 is supporting Rolling Upgrades Upgrading to Windows Server 2022 but this is only for a Cluster.

For other Servers you can upgrade your server or better reinstall. Bet you all choose for the Clean install. Well For a domain controller, it’s a quick process to redeploy but often there is ton’s of software on the DC that should not be there and makes it hard to loos the DC right ?

So my DC server 2016

Finding the FSMO roles

netdom query fsmo

You can’t upgrade the server when there is a FSMO role running on the server. Tested this and if failed So move the FSMO roles from your DC.

Yes I hear you you have only one DC well create a virtual second one and move the fsmo roles to that server upgrade and move the roles back and demote the Extra DC and you are back to a single DC.

my other DC is mvpdc22

I move the roles to my second DC

Quick and Smooth migration

Move-ADDirectoryServerOperationMasterRole -Identity “Your-DC” -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator

I mounted the ISO to the DC (virtual CD disk)

YEs I want to make the product better.

Use your Product key or if you are on hyber-v you can use the AVMA key https://docs.microsoft.com/en-us/windows-server/get-started-19/vm-activation-19?WT.mc_id=AZ-MVP-4025011

The following AVMA keys can be used for Windows Server 2022:

Datacenter
W3GNR-8DDXR-2TFRP-H8P33-DV9BG

Standard
YDFWN-MJ9JR-3DYRK-FXXRW-78VHK

I still love my gui So I install the desktop experience

Read the entire EULA and I agree.

My domain Controller desktop (remember this is my lab) Don’t use your DC for any other things than using it for a DC.

I want to keep My files

Yes Install

Let the Setup running

So in just 20 min my DC was upgraded to 2022 lot’s of new stuff is there but that’s all for a next blog post. Hope it was usefull and remember make sure you have a backup things my fail in your environment

https://docs.microsoft.com/en-us/windows-server/get-started/whats-new-in-windows-server-2022?WT.mc_id=AZ-MVP-4025011

Flickr Tags: Windows Server 2016,CloudOS

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Http://nl.linkedin.com/in/robertsmit

Azure Firewall and starting with Azure Firewall Manager step away from Classic #Azure #Firewall #classic #policy #security #AVD

In Azure there are multiple options to add a Firewall to your Azure landing zone. But the standard Azure firewall comes with an option Classic or firewall policy, and there is a good change that you already have an Azure firewall classic then you can migrate to a premium SKU see the link to get the process https://docs.microsoft.com/en-us/azure/firewall/premium-migrate?WT.mc_id=AZ-MVP-4025011

Azure Firewall pricing

https://azure.microsoft.com/en-us/pricing/details/azure-firewall?WT.mc_id=AZ-MVP-4025011

Azure Firewall Standard

Stateful firewall as a service
Built-in high availability with unrestricted cloud scalability
Centralized network and application level connectivity policy
Threat intelligence-based filtering
Support for hybrid connectivity through deployment behind VPN and ExpressRoute Gateways

Azure Firewall Premium (Public Preview)

Built-in TLS Inspection for customer’s selected encrypted applications
Ability to detect and block malicious traffic through advanced IDPS engine
Restrict access to Web content via built-in URL Filtering for both plain text and encrypted traffic
Web Categories provide enhanced content filtering capabilities
IDPS signatures and Web categories are fully managed and constantly updated

Initial I setup a Azure Firewall premium

Premium firewalls support additional capabilities, such as SSL termination and IDPS. Additional costs may apply. Migrating a Standard firewall to Premium will require some down-time.

As you can see there is an option standard or premium and use the Firewall policy or the Classic. In premium there is no classic any more the only option is firewall policy.

Choosing the Premium and the option firewall management is gray out.

As I already have some Firewall policy’s I can already attach these to my new firewall, this is one of the great options, In the firewall manager you can create Firewall policy’s with out having a azure firewall running, you can already prepare the landing zone with all kind of rules .

Keep in mind that the firewall must be in the same resource group as your vnet.

Setting up a Azure Firewall with PowerShell is easy but you need to have the resources already in place

# Create the firewall
$Azfw = New-AzFirewall `
    -Name $FirewallName `
    -ResourceGroupName $rgNamevnet `
    -Location $Location `
    -VirtualNetworkName $VnetName `
    -PublicIpName $pip01 `
    -SkuTier Premium

Now that The Firewall I created We can see the policy’s attached in the Firewall manager.

Azure Firewall Manager is a security management service that provides central security policy and route management for cloud-based security perimeters.

Firewall Manager can provide security management for two network architecture types:

Secured virtual hub

An Azure Virtual WAN Hub is a Microsoft-managed resource that lets you easily create hub and spoke architectures. When security and routing policies are associated with such a hub, it is referred to as a secured virtual hub.

Hub virtual network

This is a standard Azure virtual network that you create and manage yourself. When security policies are associated with such a hub, it is referred to as a hub virtual network. At this time, only Azure Firewall Policy is supported. You can peer spoke virtual networks that contain your workload servers and services. You can also manage firewalls in standalone virtual networks that aren’t peered to any spoke.

Azure Firewall Premium Preview in the Azure portal | Microsoft Docs

So now that the firewall is in place and we already had an policy attached but you can change that real quick.

Go to the Firewall blade and her you can see the policy and change it directly

Or if you go to the firewall manager and select the virtual networks you can see a good overview of where and what is attached to the vnet

Remember the firewall need to be in the same resource group as your network, and there come’s also the hard part if you want to switch policy’s

Looking at the firewall policys from here you can add them to a hub or a vnet

here you see an overview of the firewall policy’s

When associate a policy to a vnet or multiple vnets we got a good overview on what is available and what not.

Adding the Policy to a network,

The firewall manager blade with all the rules and options

You can add rule collection groups and rule collections, In a rule collection group can hold multiple rule collections, I would advise you to build these collections as it is real handy if you want to change later some item or you want to export a collection and import them in a different collection group

Also new is the application rules here you can set web category’s that are allowed or denied.

using the application rules with the internet categories is still in preview but is a great addition for Azure virtual desktop #AVD

Setting up the web categories is easy selectable in the destination type. and then select one or multiple.

Remember the naming if you want to find this later in your rules, keep it clean and neat

Keep in mind that when you are selecting multiple categories the naming field is also corresponding to that

Removing the Firewall does not mean that you will loose the policy’s or removing the policy and loose the firewall unless…

Keep in mind when you remove a policy and you will set the little checkbox the firewall will be removed. If it is added to multiple vnets you may have a failure on the firewall deletion as there is still a policy attached

Overall the firewall manager is a great step to a modern security management in Azure, there a multiple items that I could wish for in the Firewall manager like management of all the NSG’s who nice would that be and traffic logging etc one thing is clear Azure is getting better and better and true the more options we get the more complex items we are building, and that’s fine keeps me off the streets and my work is never gets boring

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google : Robert Smit MVP profile

Altaro Webinar – Your 5 Most Critical M365 Vulnerabilities Revealed and How to Fix Them #Altaro #M365 #Webinar #security

Webinar – Your 5 Most Critical M365 Vulnerabilities Revealed and How to Fix Them

Microsoft 365 is an incredibly powerful software suite for businesses, but it is becoming increasingly targeted by people trying to steal your data. The good news is that there are plenty of ways admins can fight back and safeguard their Microsoft 365 infrastructure against attack.

This free upcoming webinar, on June 23 and produced by Hornetsecurity/Altaro, features two enterprise security experts from the leading security consultancy Treusec – Security Team Leader Fabio Viggiani and Principal Cyber Security Advisor Hasain Alshakarti. They will explain the 5 most critical vulnerabilities in your M365 environment and what you can do to mitigate the risks they pose. To help attendees fully understand the situation, a series of live demonstrations will be performed to reveal the threats and their solutions covering:

· O365 Credential Phishing

· Insufficient or Incorrectly Configured MFA Settings

· Malicious Application Registrations

· External Forwarding and Business Email Compromise Attacks

· Insecure AD Synchronization in Hybrid Environments

This is truly an unmissable event for all Microsoft 365 admins!

The webinar will be presented live twice on June 23 to enable as many people as possible to join the event live and ask questions directly to the expert panel of presenters. It will be presented at 2pm CEST/8am EDT/5am PDT and 7pm CEST/1pm EDT/10am PDT.

Don’t miss out – Save your seat now!

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google : Robert Smit MVP profile

Step by Step Create a User P2S VPN using Azure Secured Virtual Hub and Azure Active Directory #SDWAN #Azure #Secure

There are multiple ways on how to use a VPN and how to connect and use this. In this blog I use an Azure Virtual WAN Hub with associated security and routing policies configured by Azure Firewall Manager.

When connecting to your Virtual Hub over the IKEv2 protocol, you can use certificate-based authentication or RADIUS authentication. However, when you use the OpenVPN protocol, you can also use Azure Active Directory authentication.

I will use the open VPN with Azure Active Directory authentication. Remember this is only supported on Windows 10 as you will need the Azure VPN client from the microsoft store.

For giving the vpn application the proper permissions, you need to register the application to your Azure AD first.

below is the default URL that can be used to trigger the registration, use the proper rights to create an enterprise App in you Azure AD

https://login.microsoftonline.com/common/oauth2/authorize?client_id=41b23e61-6c1e-4545-b367-cd054e0ed4b4&response_type=code&redirect_uri=https://portal.azure.com&nonce=1234&prompt=admin_consent

Using the wrong account will end up in

AADSTS50020: User account from identity provider ‘live.com’ does not exist in tenant ‘Microsoft’ and cannot access the application ‘4b4′(Azure VPN) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

When Accepted the you will be redirected to the Azure portal.

In the Azure portal you can go to the Azure active directory and

Enterprise applications | All applications and search for Azure VPN

Now that the basics are in place, we can configure our Site to Site VPN profile the following information is needed.

Go to your Virtual Wan and select the user VPN configuration

Create User VPN ##### I noticed during the writing of this blog post the screens may differ as the portal changed the layout#######

Configuration name – Enter the name you want to call your User VPN Configuration.
Tunnel type – Select OpenVPN.
Authentication method – Select Azure Active Directory.
Audience – Type in the Application ID of the Azure VPN Enterprise Application registered in your Azure AD tenant.
Issuer – https://sts.windows.net/tenantID/
AAD Tenant – https://login.microsoftonline.com/TenantID

Select open VPN

go to the Azure Active Directory <> properties and grab the Tenant ID

Set the switch to yes and new fields will open.

Audience – Type in the Application ID of the Azure VPN Enterprise Application registered in your Azure AD tenant.
Issuer – https://sts.windows.net/3078684f/ ## remember the / this must be at the end
AAD Tenant – https://login.microsoftonline.com/3078684f

#the number is your tenant ID

Now that the VPN user profile is created we can configure the HUB

Now that the user vpn profile is created we can create the P2S VPN. Select your hub

Select the user VPN point to site VPN select create

Creating a VPN gateway you need to select the just created User profile.

Select a proper IP subnet and if needed a DNS server for the workload into that network

Updating a hub can take 30 minutes or more.

Download User VPN profile as we need this on the Windows 10 client later.

Use the VPN profile to configure your clients.

On the page for your Virtual WAN, click User VPN configurations.
At the top of the page, click Download user VPN config.
Once the file has finished creating, you can click the link to download it.
Use the profile file to configure the VPN clients.

To download the Azure VPN client on your windows 10 test device.

Use this link to download the Azure VPN Client.

Open the VPN Client you can add a new VPN or import a Connection

For Importing the Connection we need the just downloaded zip file and extract this in the AzureVPN folder there is a XML that holds the vpn configuration.

If any thing goes wron with the import it is 99% your pbk file,

go to the following folder and delete the files – this will probably also remove your other vpn connections it you had any.

%userprofile%\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk

C:\Users\admin\AppData\Local\Packages\Microsoft.AzureVpn_8wekyb3d8bbwe\LocalState

Now that the Import worked and you are ready to connect to the VPN in Azure.

Use your Azure AD credentials or your FIDO2 key

Now we are fully connected to the Secure Virtual WAN in Azure

It can take some time to see your connection in the portal

Showing the above it all is easy to setup this but I already see the questions yes but I need to do this on 5000 Windows 10 devices.

Microsoft Endpoint Management is your best friend.

Deploy VPN with Microsoft Endpoint Management

We create a Custom Template and do not select the VPN option as this is not for uploading the XML

In our Custom settings we add the Following settings

Name: Enter a name for the configuration.
Description: Optional description.
OMA-URI: ./User/Vendor/MSFT/VPNv2/demo01_hub-weu/azurevpnconfig.xml (this information can be found in the azurevpnconfig.xml file in the tag Name).
Data type: String (XML file).

Now that this is done we can create some assign ments and test this on the pilot group

As you can see there are a few steps involved and are linked together

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google : Robert Smit MVP profile

Get the new PowerCLI: An Aspiring Automator’s Guide from #Altaro Get started on your path to automation greatness #Poswershell #vmware #Cli #vSphere

PowerCLI: An Aspiring Automator’s Guide

Getting into scripting can be daunting. It’s easier to just use existing scripts found online, but if you choose this route you’ll quickly run into limitations. If you take the time to learn how to create your scripts, trust me, you’ll never look back!

Automating vSphere is particularly useful for countless applications and the best way is through PowerCLI – a version of PowerShell developed specifically for VMware. Learn how to develop your own PowerCLI scripts with this free 100+ page eBook from Altaro, PowerCLI: The Aspiring Automator’s Guide.

Written by VMware vExpert Xavier Avrillier, this eBook presents a use-case approach to learning how to automate tasks in vSphere environments using PowerCLI. We start by covering the basics of installation, set up, and an overview of PowerCLI terms. From there we move into scripting logic and script building with step-by-step instructions of truly useful custom scripts, including how to retrieve data on vSphere objects; display VM performance metrics; how to build HTML reports and schedule them; the basics on building functions; and more!

Stop looking at scripts online in envy because you wish you could build your own scripts.

Get started on your path to automation greatness – Download the eBook now!

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google : Robert Smit MVP profile

Registration for The Microsoft Ability Summit is open! #Ability #Summit #AI #Office #Windows #Xbox

The Microsoft Ability Summit is a two-day, free digital event experience that brings together people with disabilities, allies, and accessibility professionals to Imagine, Build, Include, and Empower the future of disability inclusion and accessibility. We encourage all to join on May 5-6, 2021 and spread the word throughout your internal and external communities.

Registration is now open for Ability Summit on May 5-6th

Registration for Ability Summit is open!

Wednesday, May 5 from 9:00 AM – 12:30 PM, PT
Thursday, May 6 from 9:00 AM – 12:30 PM, PT

Microsoft Ability Summit 2021 will feature:

Keynotes from Microsoft executives and notable members of the disability community
Expert panels featuring exciting projects and innovations
Demos of the latest accessibility features in Office, Windows, Xbox, and more
All sessions will be recorded and available post-event so no matter what time zone you are in, you can access the content at a time that works for you!

Registration is now open for Ability Summit on May 5-6th

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google : Robert Smit MVP profile

Effective March 31, 2021, the Azure portal will no longer support Internet Explorer 11. Start using the new Microsoft Edge for speed, security and privacy

Well on every server or Windows device there is the Internet explorer and prepairing some server workloads you may need some browser and may need to connect to Azure. using an old browser is always an bad idea.

When setting up a new server what ever version it is I always remove the IE icon and install Msedge this works fine and gives me a more secure feeling.

Opening the Azure portal with IE you will see a warning about non supported browser.

With the option to download the Edge directly

The portal still opens in IE but using some functions are not working sample as anything that will use HTML5

Official Download links for Microsoft Edge Stable Enterprise

I’m not 100% sure it’s final but anyone who wishes/wants can test it.

Microsoft Edge Stable Enterprise

X64.msi
http://go.microsoft.com/fwlink/?LinkID=2093437

X86.msi
http://go.microsoft.com/fwlink/?LinkID=2093505

MicrosoftEdgePolicyTemplates.cab
http://go.microsoft.com/fwlink/?LinkID=2099616

MicrosoftEdgeIntunePolicyTemplate.cab
http://go.microsoft.com/fwlink/?LinkID=2099617

macOS.pkg
http://go.microsoft.com/fwlink/?LinkID=2093438

Blocker Toolkit to disable automatic delivery of Microsoft Edge
https://docs.microsoft.com/en-us/deployedge/microsoft-edge-blocker-toolkit

So when you want to auto mate this the following lines could be used to install quickly Microsoft Edge

#Create temp folder
New-Item -Path ‘C:\temp’ -ItemType Directory -Force | Out-Null

#Install Edge
Invoke-WebRequest -Uri "http://go.microsoft.com/fwlink/?LinkID=2093437" -OutFile ‘c:\temp\MicrosoftEdgeEnterpriseX64.msi’
Invoke-Expression -Command ‘C:\temp\MicrosoftEdgeEnterpriseX64.msi /quiet /norestart’

This will install Microsoft Edge and you can set this in a powershell script and in the GPO that way all new servers will get Microsoft Edge.

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google : Robert Smit MVP profile

World Backup Day :This World Backup Day, WIN with Altaro! #Altaro #Backup #Win #O365 #vmware

This World Backup Day, WIN with Altaro!

As World Backup Day approaches, we’re reminded of all the mishaps, backup scares, and near-catastrophes that we’ve experienced over the years – and how grateful we were to have backup during those times!

If you use Microsoft 365/Office 365, Hyper-V or VMware, celebrate with us. All you have to do is sign up for a 30-day free trial of either Altaro VM Backup or Altaro Office 365 Backup – it’s your choice!

What can you win?

Receive a guaranteed €20 Amazon voucher when you sign up for and use the trial of Altaro Office 365 Backup or Altaro VM Backup
Get a chance to WIN one of our Grand Prizes when you tell us about your funniest IT catastrophe!

What are you waiting for? Sign up now!

Step by Step Manage Windows Server in Azure with Windows Admin Center #servermgmt #winserv #MSIgnite #WindowsAdminCenter #Azure #AzOps

During Microsoft Ignite there was a lot on news about Windows Admin Center the latest build 2103 is now GA http://aka.ms/wacdownload

I’m a big fan of #WAC already wrote a couple of blog items about the product. and testing for some time now WAC in Azure, and now it is in public preview to test for us all.

Running this in your own Datacenter or on a VM in the cloud but the best part is there is also an add on in Azure, How handy is that.

Using Windows Admin Center can be done on a Windows 10 system or use a Server(core or Gui) or build this on a cluster See also my blog post about that item Deploy Windows Admin Center High Availability running on a Windows Server 2019 Cluster #winserv #WAC #WindowsAdminCenter #AzureArc #Azure #Hybrid | Robert Smit MVP Blog (wordpress.com)

Windows Admin Center, your favorite server management tool, is now available in preview in Azure. This new capability enables seamless and granular management of your Windows Server Azure IaaS virtual machines (VMs) from within the Azure portal.

Here is a short video highlighting some of the capabilities included with Windows Admin Center in the Azure portal.

Windows Admin Center in the Azure portal is available to all Windows Server customers on Azure running Windows Server 2016 or higher virtual machines in the public cloud. Create a new virtual machine today or deploy Windows Admin Center on your existing infrastructure. You can begin managing your virtual machines in Azure using Windows Admin Center by navigating to the “Windows Admin Center (preview)” blade under “Settings” in the Virtual Machine Azure portal UI. In my demo I used a Windows Server 2022 (insider build)

How does it work in Azure, Well currently only in new created VM’s the Extension will be there. When creating a fresh new VM (next next create) method the Windows admin center will be there.

Some things are clear if the VM is turned off you can’t use the WAC blade.

But keep in mind all your VM’s need a public IP and need a minimum of 3 GB memory so It won’t work for all your SKU’s

The configuration is easy the VM must be running and have an external IP to route the traffic make sure there are no open ends on the Internet with that IP address.

As you can see an NSG is placed around the VM to keep things secure. and the WAC port is been Added as inbound IP on port 6516

Now that Azure WAC is configured we can login with the VM credentials.

and If you like Bastion but think it is to expensive for you, here is the free version Azure RDP in your browser.

no other extra ports needed to have a fully web browser web RDP.

All the Windows server options are there and easy to handle like Windows update in the Azure porter / wac blade I go to the Update section and select the Updates that I want to deploy and start it and move to the next one if needed. without logging on into the server with RDP.

Want to know more about WAC here are some links to get you started.

Want to see more about Windows Admin Center and use this in Azure go Azurewac to get all the details.

https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/azure/manage-vm?WT.mc_id=AZ-MVP-4025011

https://robertsmit.wordpress.com/2020/09/01/make-windows-admin-center-high-available-running-on-a-windows-server-2019-cluster-winserv-runws2019-windowsadmincenter-windowsserver2019/

https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/overview

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google : Robert Smit MVP profile

First Impressions Windows Server 2022 #Bug found Unable to Sysprep Windows Server 2022 #WindowsServer #WindowsServer2022 #WindowsInsiders #WinServ

Building a new Lab around Windows server 2022 brings all the basics again , new vm’s new image of wim to vhd , sysprep what ever option you do to build a new lab. In this case I want to sysprep the VM this failed as Edge was not installed for all users. As it is a insider build this probably will be fixed in the next releases.

Running sysprep I got the Following Error.

SYSPRP Package Microsoft.MicrosoftEdge.Stable_86.0.622.38_neutral__8wekyb3d8bbwe was installed for a user, but not provisioned for all users. This package will not function properly in the sysprep image.
2021-03-01 14:21:06, Error                 SYSPRP Failed to remove apps for the current user: 0x80073cf2.
2021-03-01 14:21:06, Error                 SYSPRP Exit code of RemoveAllApps thread was 0x3cf2.
2021-03-01 14:21:06, Error                 SYSPRP ActionPlatform::LaunchModule: Failure occurred while executing ‘SysprepGeneralizeValidate’ from C:\Windows\System32\AppxSysprep.dll; dwRet = 0x3cf2
2021-03-01 14:21:06, Error                 SYSPRP SysprepSession::Validate: Error in validating actions from C:\Windows\System32\Sysprep\ActionFiles\Generalize.xml; dwRet = 0x3cf2
2021-03-01 14:21:06, Error                 SYSPRP RunPlatformActions:Failed while validating Sysprep session actions; dwRet = 0x3cf2

Uninstalling the MS Edge from the uninstall section

Microsoft.MicrosoftEdge.Stable_86.0.622.38_neutral__8wekyb3d8bbwe

It’s gone but the SysPrep still failed.

Ah it is a modern app So we need to remove this, listing all the Microsoft Apps.

Getting the Proper Package and remove this

Microsoft.MicrosoftEdge.Stable_86.0.622.38_neutral__8wekyb3d8bbwe

Powershell Command :

Remove-AppxPackage -Package Microsoft.MicrosoftEdge.Stable_86.0.622.38_neutral__8wekyb3d8bbwe

After This is removed I did a Reboot and Installed the MS Edge for all users and the sysprep Went fine.

Installing Edge.

#Create temp folder
New-Item -Path ‘C:\temp’ -ItemType Directory -Force | Out-Null

#Install Edge

Invoke-WebRequest -Uri "http://dl.delivery.mp.microsoft.com/filestreamingservice/files/c39f1d27-cd11-495a-b638-eac3775b469d/MicrosoftEdgeEnterpriseX64.msi" -OutFile ‘c:\temp\MicrosoftEdgeEnterpriseX64.msi’
Invoke-Expression -Command ‘C:\temp\MicrosoftEdgeEnterpriseX64.msi /quiet /norestart’

My syspreped Machine. with edge

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google : Robert Smit MVP profile

Journal, a Microsoft Garage project #Windows10 #Journal #Garage #Wimvp #WindowsInsiders @MSFTGarage

What is the Journal app ? it is a Windows 10 app helping people who love to journal to evolve their ideas and express themselves quickly with the power of their digital pen.

Description

Journal, a Microsoft Garage project, is an app for Windows that invites people who love to journal to pick up their digital pen, express themselves quickly, and evolve their ideas. Of all the different methods of device interaction, digital ink is unique in the speed and degree of natural expression and in aiding memory. With Journal, disparate ideas can be connected, drawings can be sketched, annotations can be freely inserted, information can be located with search, and you can easily connect your ink across other apps to grow your best ideas. Journal provides an ink-first solution that delivers new AI, intuitive gestures, and connected experiences for Microsoft 365 for work and school (subscription required, sold separately) . It’s designed for people who thrive when writing out their ideas, notes, and sketches. The Microsoft Garage is an outlet for experimental projects for you to try. Learn more at https://garage.microsoft.com

Download the Journal tool from the Store

There is a quick introduction play guide.

Features

An ink-first experience for those who write with a digital pen
A page-based canvas for easy scrolling, optimized for tablet and 2-in-1 devices
New intuitive Ink Gestures that don’t require mode switches
Drag and drop your content between pages, or to your favorite applications
Microsoft 365 Integration to access your Calendar for faster meeting notes (Subscription required, sold separately)
Import and markup PDF documents and images
Search using keywords or filters

What’s new in this version

Improved ability to open journals from Documents folders stored on networks – Fixed issue with sending email for M365 Work and School users – Improvements to Scratch Out – Improvements for signing in with Microsoft 365 Work or School account – General bug and performance tweaks with ink AI, undo, and opening/closing journals

Try it out https://aka.ms/TryJRNL
Learn more https://aka.ms/JRNLblog

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google : Robert Smit MVP profile

Distributed Application Runtime Dapr version 1.0 #Dapr #Azure #Kubernetes #DevOps #Developers #Microservices #AzOps

Dapr is an open source, portable, event-driven runtime that makes it easy for developers to build resilient, microservice stateless and stateful applications that run on the cloud and edge. Dapr embraces the diversity of all programming languages and developer frameworks and simplifies building applications.

Dapr building blocks

Service Invocation – Resilient service-to-service invocation enables method calls, including retries, on remote services wherever they are running in the supported hosting environment.
State management – With state management for key/value pairs, long running, highly available, stateful services can be easily written, alongside stateless services in the same application. The state store is pluggable and can include Azure Cosmos or Redis, with others such as AWS DynamoDB on the component roadmap.
Publish and subscribe messaging between services – Publishing events and subscribing to topics between services enables event-driven architectures to simplify horizontal scalability and make them resilient to failure.
Event driven resource bindings – Resource bindings and triggers build further on event-driven architectures for scale and resiliency by receiving and sending events to and from any external resources such as databases, queues, file systems, blob stores, webhooks, etc. For example, your code can be triggered by a message on an Azure EventHub service and write data to Azure CosmosDB.
Virtual actors – A pattern for stateless and stateful objects that make concurrency simple with method and state encapsulation. Dapr provides many capabilities in its virtual actor runtime including concurrency, state, life-cycle management for actor activation/deactivation and timers and reminders to wake up actors.
Distributed tracing between services – Easily diagnose and observe inter-service calls in production using the W3C Trace Context standard and push events to tracing and monitoring systems.

You can read more about Dapr at http://dapr.io, get started with code and samples at https://github.com/dapr/dapr and reach out on gitter.im/Dapr or Twitter @daprdev.

Getting started with Dapr is easy and you can start with a few steps described below

How to get up and running with Dapr in minutes

The following steps in this guide are:

Install the Dapr CLI
Initialize Dapr
Use the Dapr API
Configure a component
Explore Dapr quickstarts

powershell -Command "iwr -useb https://raw.githubusercontent.com/dapr/cli/master/install/install.ps1 | iex"

Important is to close the powershell window and reopen this. Else the module won’t be active

type dapr

Open Powershell

type dapr

dapr

         __
    ____/ /___ _____ _____
   / __ / __ ‘/ __ \/ ___/
/ /_/ / /_/ / /_/ / /
\__,_/\__,_/ .___/_/
              /_/

======================================================
A serverless runtime for hyperscale, distributed systems

Usage:
dapr [command]

Available Commands:
completion     Generates shell completion scripts
components     List all Dapr components
configurations List all Dapr configurations
dashboard      Start Dapr dashboard
help           Help about any command
init           Setup dapr in Kubernetes or Standalone modes
invoke         Invokes a Dapr app with an optional payload (deprecated, use invokePost)
invokeGet      Issue HTTP GET to Dapr app
invokePost     Issue HTTP POST to Dapr app with an optional payload
list           List all Dapr instances
logs           Gets Dapr sidecar logs for an app in Kubernetes
mtls           Check if mTLS is enabled in a Kubernetes cluster
publish        Publish an event to multiple consumers
run            Launches Dapr and (optionally) your app side by side
status         Shows the Dapr system services (control plane) health status.
stop           Stops multiple running Dapr instances and their associated apps
uninstall      Removes a Dapr installation

Flags:
-h, –help help for dapr
–version version for dapr

Use “dapr [command] –help” for more information about a command.
subcommand is required

dapr init

PS C:\Windows\system32> dapr init
Making the jump to hyperspace…
Downloading binaries and setting up components…
Unable to find image ‘openzipkin/zipkin:latest’ locally
latest: Pulling from openzipkin/zipkin
docker: no matching manifest for windows/amd64 10.0.17763 in the manifest list entries.
See ‘docker run –help’.

Quickstarts and Samples

See the quickstarts repository for code examples that can help you get started with Dapr.
Explore additional samples in the Dapr samples repository.

You can try out the Dapr quickstarts right here to begin your own personal journey into Microservices on Azure.

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google : Robert Smit MVP profile

Windows Virtual Desktop metadata now available in West Europe #WVD #Azop #Azure #VDI #CloudComputing #metadata

When Creating a new windows virtual desktop I noticed that the meta locations are also available in europe.

When creating a new WVD host pool you can select the Metadata location. this is a great option as many customers ask me why is this in a non europe location, and can this be changed.

Well there are now 2 europe locations

Creating a new Host pool

An overview from the Host pools and now also one in europe

Metadata will be stored in Azure geography associated with (Europe) West Europe

How ever not everything is updated yet

Source : Azure Products by Region | Microsoft Azure

Changing the Host pool location with the Update-azwvdhostpool is not possible

The –location option is not a valid option.

It is nice to see the meta data is stored in europe and with this Windows virtual desktop is getting better and better all the time.

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google : Robert Smit MVP profile

The Backup Bible Complete Edition #Backup #Altaro #DR #Free #E-Book

Sure, it’s not the most exciting aspect of an IT administrator’s job but having a reliable and secure backup and disaster recovery strategy could be the most important thing you do. I’m sure you’ve heard many data loss horror stories that have crippled organizations costing thousands, if not millions, of dollars. This free eBook from Altaro will make sure you’re not the next horror story victim.

The Backup Bible Complete Edition, written by backup expert and Microsoft MVP Eric Siron, is comprised of 200+ pages of actionable content divided into 3 core parts, including 11 customizable templates enabling you to create your own personalized backup strategy.

Part 1 and 2 are updated versions of previously released eBooks (Creating a Backup & Disaster Recovery Strategy and Backup Best Practices in Action) but Part 3 is a brand-new section on disaster recovery (Disaster Recovery & Business Continuity Blueprint) that includes tons of valuable insights into the process of gathering organizational information required to build a DR plan and how to carry it out in practical terms.

One of the most useful features of The Backup Bible is the customizable templates and lists that enable the reader to put the theory into practice. These are found in the appendix but are linked in the text at the end of each relevant chapter. If you are going to read this book cover to cover it would be a good idea to fill out the templates and lists as you go through it, so by the time you’ve finished reading you’ll have a fully personalized backup action plan ready for you to carry out!

The Backup Bible Complete Edition also works as a great reference guide for all IT admins and anyone with an interest in protecting organizational data. And the best thing of all: it’s free!