Category: Automation

Issues with Azure Active Directory and Login-AzureRmAccount

If you’re like me, you have probably banged your head against the wall a few times with the Login-AzureRmAccount cmdlet… I reached out to the Azure Development team and not only is this a known issue, but there is currently no solution at the time…. Hmm.

Here is a bit of the background story, followed with the problem and solution to the issue.

Background:

Using PowerShell to script an auto-login to Azure, and start (and shutdown) Virtual Machines (yes, OMS Automation could help/solve this, but in this scenario my customer is currently not on-board with OMS). At any rate, the script is designed to capture some data on a on-premises server, if the threshold breaks, then begin starting resources in Azure, likewise, if the threshold falls back then shutdown those same resources in Azure.

Problem:

Running the following code, I keep getting the a null entry for SubscriptionId and SubscriptionName. Even though the user I have created is a co-administrator and has access to all the resources necessary. Assuming the login did work and the data isn’t needed…when try to start my Azure VM I get an Azure subscription error. So, let me check the subscription details. Well, there we go, I get the following response, “WARNING: Unable to acquire token for tenant ‘Common’” ….. So what gives?

powershell-reply-1

powershell-reply-2

I check and confirm the test-user is in-fact an administrator in ARM (Azure Resource Manager):

arm-portal-1

Solution:

Turns out, the user account created, not only needs to be created and added to the resources with Azure Resource Manager (ARM), but also needs to be assigned as an Administrator within Azure Classic Portal.

classic-portal-1

classic-portal-2

classic-portal-3

Once the test-user was added within the Classic Portal Administrators and set as Co-administrator, I could then get SubscriptionId and SubscriptionName info populate, and Get-AzureRmSubscription with proper details. Yay! (Still get that tenant ‘Common’ warning however…)

powershell-reply-3

Now I can go ahead with my script!

I hope this helps you as much as it helped me.

Step-by-Step: Setup and Configure Azure Site Recovery (ASR) for On-Premises Virtual Machine with Azure Resource Manager (ARM)

This post is a series of blog posts for Azure Site Recovery (ASR).

Here is a step by step walk-through on how to go about setting up and configuring ASR (Azure Site Recovery) and backing up your On-Premises Virtual Machines (VMs) with Azure Resource Manager (ARM).

First things, first, Azure’s Recovery Service Vault is a unified vault/resource that allows you to manage your backup and data disaster recovery needs within Azure. For example, if you are hosting your VMs on-premises you can create a link between your on-prem site and Azure to allow your VMs to be backed-up into Azure. This is regardless of your hypervisor, it can be either ESX or Hyper-V, either will work. However for the interest of this blog post, I will be setting up ASR for VMs being hosted on your On-Premises environment on a Hyper-V 2012R2 environment.



Configuring Azure

Step 1: Create a Recovery Services Vault

Within Azure Resource Manager (ARM), if we select New, within the Marketplace, select Monitoring + management, then select Backup and Site Recovery (OMS) within the featured apps. Of course if this is no longer present, just search for it within the marketplace.

1

Next we will now need to create our vault.

Give it a meaningful name, and you can either create a new Resource Group, or use an existing. I opted with existing, as I will (another post) next setup a Site-to-Site ASR.

2

Give this a few seconds, maybe minutes to do its thing…

Great, now our Vault is up and ready to go!

3

Step 2: Choose your Protection Goal(s)

Click Settings > Site Recovery (Under Getting Stated) > Step 1: Prepare Infrastructure > Protection Goal > And specify the following > Click OK:

  • Replicating to: Azure
  • Machines Virtualized: Yes, with Hyper-V
  • Using SCVMM (Virtual Machine Manager): No

4

Step 3: Setup the Source Environment

Next, we will now need to give our Hyper-V site a name, “Ravi-OnPrem” makes sense here, but give it something meaningful.

5

6

Once validated, we can now go ahead with the Azure Backup Agent. Download the Azure Backup Agent, and also, download the Backup Credentials.

7

Download the Agent and Credentials to the server you will be backing up. In my example, I will be backing up a Windows Server 2016 (RTM).

Step 4: Microsoft Azure Recovery Site (MARS) Agent Install

The Microsoft Azure Recovery Site (MARS) Agent is a pretty simple install, but here is what I experienced when installing:

1

2

Since my environment is pretty open, ie. No Proxy, no changes required here.

3

Your call here..

4

All good with the MARS prerequisites… Hit Install!

5

All good, time to register our server to our Recovery Services Vault.

 

Step 5: Register Server to Azure Recovery Services Vault

6

Here is where we will need that VaultCrentials file.. I hope you downloaded it as mentioned earlier… As you can see, back in the first few steps, when we created our Vault, the settings are now automatically inputted.

7

Here, I decided to let the wizard generate the Passphrase. I then saved the key locally to the server.

 

8

Perfect! Now we can go ahead and with the Azure Back: Site Recovery/Backup Schedule, etc.

Step 6: Configuring Microsoft Azure Backup

Going back to our On-Prem server, which by the way is a Windows 2016 OS, let’s launch Microsoft Azure Backup

Click on Schedule Backup within the (Right) Actions Pane:

1

Since this is a basic server, I only allocated 1 drive for this example, once we hit Backup, I am presented with the available drives.

2

Now we can begin defining our Backup Schedule

Step 7: Specify Backup Schedule

3

For this example, I want to back up the following server with the following properties:

  • Backup once a week @ 4AM, every Monday

Retention Policy will be as follows, see below:

4

Once you are satisfied with the policy, go ahead and hit next. Since we want to back up to Azure, and not an offline backup, we will backup over the network.

5

Have a look over before we do the initial backup.

6

Step 7: Initiate Backup Now

Going back to the main console, within the right pane, within Actions, let’s initiate our Back Up Now.

7

If we now double click within the job, we can see the Backup has begun….

8

Step 8: Validate Backup

If we go back to Azure, and take a look at our Vault properties, we can see there is a Backup in progress.

9

If we drill down within the Backup, we can see our server being backed-up.

10

After a few minutes, we can go back to the server, and track its progress:

11

 

And likewise, if we go within to the Azure Resource Manager, and within the Vault Backup jobs, and take a look at the details, we can see data is being updated to Azure.

12

 

Perfect!

Step-by-Step: Setup and Configure Azure Site Recovery (ASR) Virtual Machines (VMs) in Azure with Azure Resource Manager (ARM)

This post is a series of blog posts for Azure Site Recovery (ASR).

  • ASR for VMs hosted On-Premises, coming soon…
  • ASR for Hyper-V hosted On-Premises, coming soon…
  • ASR for an ESXi hosted On-Premises, coming soon…

Here is a step by step walk-through on how to go about setting up and configuring ASR (Azure Site Recovery) and backing up your On-Premises Virtual Machines (VMs) with Azure Resource Manager (ARM).

First things, first, Azure’s Recovery Service Vault is a unified vault/resource that allows you to manage your backup and data disaster recovery needs within Azure. For example, if you are hosting your VMs on-premises you can create a link between your on-prem site and Azure to allow your VMs to be backed-up into Azure. This is regardless of your hypervisor, it can be either ESX or Hyper-V, either will work. However for the interest of this blog post, I will be setting up ASR for VMs hosted within Azure.


Configuring Azure

Step 1: Create a Recovery Services Vault

Within Azure Resource Manager (ARM), if we select New, within the Marketplace, select Monitoring + management, then select Backup and Site Recovery (OMS) within the featured apps. Of course if this is no longer present, just search for it within the marketplace.

1

Next we will now need to create our vault.

Give it a meaningful name, and you can either create a new Resource Group, or use an existing. I opted with existing, as I will (another post) next setup a Site-to-Site ASR.

2

Give this a few seconds, maybe minutes to do its thing…

Great, now our Vault is up and ready to go!

3

Step 2: Backup Goal/Target

Select +Backup, and let’s setup create a backup strategy:

4

5a

As mentioned, in this walk-through, we will be setting up ASR for our VMs within Azure. So, this workload will be running against our Azure environment, and we want to backup our VMs.

Step 3: Create a Backup Policy

Now we want to create a backup policy. You can chose the default, which I believe is a daily snap-shot and the retention is 30 days. This may be too aggressive, or too conservative. Nevertheless, let’s create our own.

6a

Give it a name “ASRBackup14Days“, for this example, I want to backup my VMs in the following manner:

  • Backup every day @ 2AM
  • Retain the daily backup of the VM for 2 weeks (14 days)
  • Retain the weekly backup of the VM for 2 weeks
  • Retain the monthly backup of the VM for 2 months (~60 days)
  • Also, begin this policy the first day of January 2016…

Of course these options are..optional, you only need to specify either the daily, weekly or monthly retention…

Once complete, we now need to select the VM(s) we would like to back-up.

7a

Select one, or select them all, but keep in mind, this could get costly $$$$, more VMs and more often the back-up frequency.

8

Step 4: Initial Backup

Great! Now, Enable backup. Now, if we go back to our ASR Vault, should see a job already in progress, as Azure already started the initial backup.

9

10

As you can see, the VM is being backed up now!

Step 5: On-Demand Backup

If you ever want to do an ad-hoc backup, just go back to the ASR Vault, within the Protected Items, select the VM(s) you are interested, and schedule an immediate backup.

11

Azure Automation PowerShell ISE Add-On

Not too long ago, Microsoft released a new PowerShell module add-on for Azure Automation. This is great as it allows us to work locally and connects directly to Azure, connecting us to our existing Runbooks, gather subscription and account information, etc. This is great for anyone that is interested in OMS Hybrid-Runbooks, DSC (Desired State Configuration) and the future! 🙂

Here’s a link to Microsoft’s blog post, HERE.

Cheers!

New Features in SCOM 2016 – Maintenance Schedules

One very common request I always get with my SCOM 2012 customers is, “how can I put machines into Maintenance Mode for a future date?”

My response is, well, with some PowerShell and the Windows Task Scheduler, you can achieve this.  But wait, looks like the System Center/SCOM 2016 team has listened and delivered! Introducing ‘Maintenance Schedules‘.

Now SCOM administrators can put a machine, or a group of machines, or a group into Maintenance Mode (MM) for a future date. Even better, it looks like a lot (if not all) of the functionality has been taken from good old Windows Task Scheduler. What that means is, you can put machines into MM, for that Friday night/Saturday morning Change Request, or even better MM for reoccurring schedule, like Patch Tuesday.

In the example below, I am going to do a quick walk-through for a group of machines for a typical patching schedule.


For this scenario, let’s assume the following:

  1. Machines are patched every 3rd Friday of the month,
  2. Blackout/maintenance window is 6 hours (360 minutes),
  3. Scheduled MM will start @11:00PM.

1

  • Right click either on Maintenance Schedules, or within the middle pane.

2

  • As a rule of thumb, always a good idea to select the second (default) option here, “selected objects and all their contained objects.

3

  • Search for the machine(s) or the group(s) you want to enter into Maintenance Mode

4

  • Once you’re happy, go ahead and hit next

5

  • Next we are presented with an array of options. As per our example, we will be putting our machines in MM every 3rd Friday of the month, starting at 11:00PM, for 6 hours.

6

  • Now we’re ready

7

  • Now we need to provide a name to our MM Schedule… By default, ‘Planned’ and ‘Enable Schedule’ are ticked off. Go ahead and hit finish!

8

  • Now we can see our new Scheduled Maintenance Mode schedule! 🙂

As you can see here, for a SCOM Administrator, you can see which user create this task and also to see if it is enabled at the current time

9

  • You can also Edit, Copy, or Disable the schedule. Looks like I just discovered a bug! Also, disabling is not provided here, but it is within the Action pane:

10

11

  • And that is it!

If the schedule was done correctly, you will see the Event ID 1215 within the SCOM Management Server.

12

I hope this helped!

Happy SCOM’ing 2016!!

Setting up a KMS Server – Windows Server 2012R2

What is a KMS? Microsoft’s KMS allows you to automate license activation for Windows servers and/or applications. In my case, I am using KMS for Windows 2012R2 license activation.  (Oh, KMS stands for Key Management Server) The setup is simple, it took me no more than 15 minutes. Below are the steps I took to set this up. Some pieces of information, I decided to dedicate a server for KMS. Also, when adding the Windows server key, double check and ensure you are using a valid Volume License key, and a KMS key — not MAK! (Yes, there is a difference)

For starters I am going to assume you already made note of the license key from your Microsoft Volume License Servicing Center portal.

As mentioned, I decided to stand up a server dedicated for KMS.

From the Windows Server Manager, install the “Volume Activation Services” role either via the GUI, or via PowerShell. If via PowerShell, here is that command, “Install-WindowsFeature -Name VolumeActivation -IncludeAllSubFeature

Once the role has been installed, launch the Volume Activation Tool console, and essentially next, next, finish!

  • Browse/Select the server that will be hosting the KMS (service):

1

  • Paste in your KMS Host/License Key:

2

3

  • Choose “Active online

4

5

Here, you have some options, how often would you like KMS to check-in, how often would like KMS to apply the key, etc. I left my settings at default, but (assuming) your environment is domain based, check mark Domain for KMS firewall exceptions. Also, by default, KMS listens on TCP port 1688.

6

 

And that is is! Now your existing/new Windows 2012R2 servers will have their licence automatically activated within 2 hours.

(more…)