Jump to content

proximagr

Moderators
 View Profile  See their activity

  • Posts

    2468

  • Joined

  • Last visited

  • Days Won

    12

 Content Type 

Blog Entries posted by proximagr

  1. proximagr
    SQL Failover Cluster with AlwaysOn Availability Groups
    Πάμε τώρα για το τελευταίο κομμάτι του lab, να προσθέσουμε AlwaysOn Availability Group στο υπάρχον SQL WSFC.
    Windows Server 2012 R2 Failover Cluster with FreeNAS 9.3 (Page 1, Page 2) Microsoft SQL 2012 on Failover Cluster (Page 1, Page 2, Page 3) Add AlwaysOn AG to SQL Failover Cluster Instance (Page 1, Page 2, Page 3)

    Add AlwaysOn AG to SQL Failover Cluster Instance (Page 1)
    Για αρχή πρέπει να ενεργοποιήσουμε το “AlwaysOn High Availability” setting και στα δύο Nodes του υπάρχοντος Cluster. Εδώ να τονίσουμε πως η επιλογή υπάρχει μόνο στη Enterprise έκδοση και όχι στην Standard. Ανοίγουμε λοιπόν το SQL Server Configuration Manager / SQL Server Services / SQL Server (NAME) , δεξί click Properties και στην καρτέλα “AlwaysOn High Availability” επιλέγουμε το “Enable AlwaysOn Availability Groups”. Με το που θα πατήσουμε Apply θα μας ενημερώσει ότι η αλλαγή θα περάσει στον SQL στο επόμενο restart.

    Δεν κάνουμε restart.
    Τώρα για να γίνει η αλλαγή στο δεύτερο Node πρέπει να κάνουμε manual failover για να σηκωθεί το service της SQL. Όπως είχαμε κάνει και στο τέλος του προηγούμενου Post, όταν εγκαταστήσαμε το δεύτερο SQL Node, από το Failover Cluster Manager κάνουμε move το SQL Server Role στο δεύτερο Node. Τώρα άμα ανοίξετε το SQL Server Configuration Manager θα δείτε ότι το SQL Server service έχει γίνει stop και το SQL Server service τρέχει στο δεύτερο Node με ενεργοποιημένο με το AlwaysOn. Τέλος ξανακάνουμε move το SQL Server Role στο πρώτο Node.
    Στη συνέχεια πάμε να βάλουμε τον τρίτο server στο υπάρχον Windows Failover Cluster. Ανοίγουμε το Failover Cluster Manager από το πρώτο Node (Win2012R201 στο lab) και πατάμε Nodes / Add Node…

    Ξεκινάει ο Wizard, πατάμε το πρώτο Next και στο Select Servers επιλέγουμε τον τρίτο server (Win2012R203 στο lab) και πατάμε Next.
    Για να περάσει το verification πρέπει ο server να έχει ήδη το Failover Cluster feature, κάτι που στο lab υπάρχει από το template.

    Μιας και αυτό το Node δεν θα είναι ουσιαστικά μέρος του Failover Cluster αλλά το θέλουμε μόνο για το AlwaysOn, επιλέγουμε να μην κάνει τα validation test και να μην βάλει storage.


    Τώρα πρέπει να σιγουρεύουμε ότι δεν θα προσπαθήσει το Cluster να σηκώσει την SQL στο τρίτο Node που θα είναι για το AlwaysOn.
    Αφού προστεθεί το Node στο Cluster πρέπει να πάμε πρώτα στο Failover Cluster Manager / WSFCcomputername (sqlclus.sqllab.int για το lab), επιλέγουμε από τα Cluster Core Resources στο Server Name το computer name του sql cluster (sqlclus για το lab) και δεξί click properties.

    Πηγαίνουμε στο Advanced Policies tab και απόεπιλέγουμε το τρίτο Node, όπως στην εικόνα

    Στην συνέχεια στον SQL Server Ρόλο, δεξί click properties και να επιλέξουμε preferred owners τα δύο πρώτα Nodes μόνο.

    Το ίδιο κάνουμε και για τα δύο Cluster Disks

    Τώρα κάνουμε μια τυπική εγκατάσταση SQL Server 2012 στο τρίτο Node, με τα ίδια settings που κάναμε και για το Cluster, με τη διαφορά ότι θα κάνουμε Stand Alone Setup και όχι Cluster και πρέπει να δώσουμε διαφορετικό instance name γιατί το Default instane (MSSQLSERVER) υπάρχει στο Cluster. Επίσης δίνουμε έναν δίσκο στο Server με ίδιο γράμμα με αυτό που έχουν οι servers στο Cluster για την SQL. Στο lab είναι F:.

    Αφού ολοκληρωθεί η εγκατάσταση ενεργοποιούμε το AlwaysOn κι εδώ από το SQL Server Configuration Manager και κάνουμε restart το SQL server service.
     

    Συνέχεια στην επόμενη σελίδα
     
    Πηγή http://www.e-apostolidis.gr/%ce%b5%ce%bb%ce%bb%ce%b7%ce%bd%ce%b9%ce%ba%ce%ac/add-alwayson-ag-to-sql-failover-cluster-instance/
  2. proximagr
    Azure VM CMD & PowerShell from the Portal
    Today I was trying to troubleshoot an Azure VM. This VM is behind a Network Virtual Appliance (NVA) and at the subnet it has User Defined Routes (UDR) that routes the traffic to the NVA. We was troubleshooting the NVA and it was not possible to connect with RDP to the VM. Serial Console
    This is an excellent scenario to use the Serial Console. From the Azure Portal, portal.azure.com, navigate to the Azure VMs blade, scroll down to the Support + Troubleshooting section and select “Serial Console”

    The Serial Console will initialise and after a while it will establish the connection and the prompt will be the SAC>. If you encounter any errors establishing the SAC link, please follow this link: https://aka.ms/serialconsolewindows
    At the SAC> prompt press help to list the available commands.

    Using the i command we can get the IP Address configuration of the VM
    Command Prompt
    To create a command prompt session, first enter “cmd”. This will create a session.

    To list the cmd sessions press “ch”

    to select & login to a cmd session press “ch -si #” where # is the channel number. At the below screen press Enter

    At the next screen enter the admin credentials

    and we have Command Prompt. At this command prompt we can use all cmd commands.

    Some examples:
    ping -t

    dir
    PowerShell
    at the command prompt enter “powershell” and press Enter to open a PowerShell Session

    PowerShell example, disable windows firewall:
    Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False

    and yes, its off

    of course, for the firewall we could disable it using CMD
    netsh advfirewall set allprofiles state off
    For more example commands follow this link: https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/serial-console-cmd-ps-commands
  3. proximagr
    <h1 class="entry-title h1">Global Azure Bootcamp 2018 – Athens</h1>
    <p>This year I am very excited of being part of the organizers team of Global Azure Bootcamp 2018, Athens.</p>
    <p>This is a photo at the end of the event with all the Organizers, Speakers and Volunteers:</p>
    <p><img src="https://azureheadsassets.blob.core.windows.net/assets/2018/04/gab-126-990x526.jpg"/></p>
    <p>The day before the vent, the organizers, Kostas Pantos, Paris Polyzos and me preparing;</p>
    <p id="UUmNlfx"><img class="alignnone size-full wp-image-2089 " src="https://www.e-apostolidis.gr/wp-content/uploads/2018/09/img_5b9259bff3db1.png"alt="" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2018/09/img_5b9259bff3db1.png 1296w, https://www.e-apostolidis.gr/wp-content/uploads/2018/09/img_5b9259bff3db1-300x173.png 300w, https://www.e-apostolidis.gr/wp-content/uploads/2018/09/img_5b9259bff3db1-768x444.png 768w, https://www.e-apostolidis.gr/wp-content/uploads/2018/09/img_5b9259bff3db1-1024x592.png 1024w, https://www.e-apostolidis.gr/wp-content/uploads/2018/09/img_5b9259bff3db1-600x347.png 600w" sizes="(max-width: 1296px) 100vw, 1296px" /></p>
    <p>Me and Paris Polizos, the two Azure MVPs of Greece:</p>
    <p id="mmabbEs"><img class="alignnone size-full wp-image-2088 " src="https://www.e-apostolidis.gr/wp-content/uploads/2018/09/img_5b92598f38ab2.png"alt="" srcset="https://www.e-apostolidis.gr/wp-content/uploads/2018/09/img_5b92598f38ab2.png 534w, https://www.e-apostolidis.gr/wp-content/uploads/2018/09/img_5b92598f38ab2-175x300.png 175w" sizes="(max-width: 534px) 100vw, 534px" /></p>
    <p>My presentation’s title was: <strong>Azure PaaS: Elasticity & Global Availability</strong></p>
    <p>And it is about how to have Resilient and Global Available apps using Microsoft Azure PaaS, that will keep alive even after a full Region failure.</p>
    <p>Feel free to download my presentation from here: <a href="https://aka.ms/GAB2018Presentation">https://aka.ms/GAB2018Presentation</a></p>
    <p>And the DEMO:</p>
    <p>Part1: <a href="https://aka.ms/GAB2018DEMOPart2">https://aka.ms/GAB2018DEMOPart2</a></p>
    <p>Part2: <a href="https://aka.ms/GAB2018DEMOPart01">https://aka.ms/GAB2018DEMOPart01</a></p>
    <p>More at the azureheads.gr blog: <a href="https://www.azureheads.gr/2018/04/global-azure-bootcamp-2018-athens-wrap-up/">https://www.azureheads.gr/2018/04/global-azure-bootcamp-2018-athens-wrap-up/</a></p>
    <p><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fgeneral%2Fglobal-azure-bootcamp-2018-athens%2F&linkname=Global%20Azure%20Bootcamp%202018%20%E2%80%93%20Athens"title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_print" href="https://www.addtoany.com/add_to/print?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fgeneral%2Fglobal-azure-bootcamp-2018-athens%2F&linkname=Global%20Azure%20Bootcamp%202018%20%E2%80%93%20Athens" title="Print" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share#url=https%3A%2F%2Fwww.e-apostolidis.gr%2Fgeneral%2Fglobal-azure-bootcamp-2018-athens%2F&title=Global%20Azure%20Bootcamp%202018%20%E2%80%93%20Athens" data-a2a-url="https://www.e-apostolidis.gr/general/global-azure-bootcamp-2018-athens/" data-a2a-title="Global Azure Bootcamp 2018 – Athens"><img src="https://static.addtoany.com/buttons/share_save_171_16.png" alt="Share"></a></p><p>The post <a rel="nofollow" href="https://www.e-apostolidis.gr/general/global-azure-bootcamp-2018-athens/">Global Azure Bootcamp 2018 – Athens</a> appeared first on <a rel="nofollow" href="https://www.e-apostolidis.gr">Apostolidis IT Corner</a>.</p>


    <a href="https://www.e-apostolidis.gr/general/global-azure-bootcamp-2018-athens/"class='bbc_url' rel='nofollow external'>Source</a>
  4. proximagr
    Create Azure File Shares at your ARM template using PowerShell
    Using Azure Resource Manage template deployment, you can create a Storage account but you cannot create File Shares. Azure File Shares can be created using the Azure Portal, the Azure PowerShell or the Azure Cli.
    Mainly, the idea is to run a PowerShell script that will create the File Shares. This script will be invoked inside the ARM Template. In order to use a PowerShell script from a template, the script must be called from a URL. A good way to provide this is using the Git repository. One major thing to consider is the Storage Account key must be provided to the PowerShell script securely, since the PowerShell script is at a public URL.
    The PowerShell script will run inside a Virtual Machine and we will use a CustomScriptExtension Extension to provide it. To use this, at the Virtual Machine Resource of the JSON file add a resources section.
    The Custom Script Exception is located at the Virtual Machine resource. Lets assume that the last part of the Virtual Machine resource is the “diagnosticsProfile” so after the closure of the “diagnosticsProfile” we can add the “resources”. Inside the “resources” add the “extensions” resource that will add the “CustomScriptExtension”, like below. The Template Part
    This will be the addition at the Virtual Machine resource:
     
     
     
    "diagnosticsProfile": {
    "bootDiagnostics": {
    "enabled": true,
    "storageUri": "[concat(reference(concat('Microsoft.Storage/storageAccounts/', variables('diagnosticStorageAccountName')), '2016-01-01').primaryEndpoints.blob)]"
    }
    }
    },
    "resources": [
    {
    "name": "AzureFileShares",
    "type": "extensions",
    "location": "[variables('location')]",
    "apiVersion": "2016-03-30",
    "dependsOn": [
    "[resourceId('Microsoft.Compute/virtualMachines', parameters('VMName'))]",
    "[variables('AzureFilesStorageId')]"
    ],
    "tags": {
    "displayName": "AzureFileShares"
    },
    "properties": {
    "publisher": "Microsoft.Compute",
    "type": "CustomScriptExtension",
    "typeHandlerVersion": "1.4",
    "autoUpgradeMinorVersion": true,
    "settings": {
    "fileUris": [
    "https://raw.githubusercontent.com/######/#####/master/azurefiles.ps1"
    ]
    },
    "protectedSettings": {
    "commandToExecute": "[concat('powershell -ExecutionPolicy Unrestricted -File ','azurefiles.ps1 -SAName ',parameters('AzureFilesStorageName'),' -SAKey ', listKeys(resourceId(variables('AzureFilesStorageAccountResourceGroup'),'Microsoft.Storage/storageAccounts', parameters('AzureFilesStorageName')), '2015-06-15').key1)]"
    }
    }
    }
    ]
    },
     
    The extension must be depended from the Virtual Machine that will run the script and the Storage Account that will bu used for the file shares.
    At the custom script properties add the public RAW url of the PowerShell script.
    Next lets see the Storage Account key and execution part. At the connandToExecute section, we will provide a variable that will pass the Storage Account key & Name inside the script for execution. The variable will get the Storage Account key from the Storage Account using the permissions of the Account running the Template Deployment.
    Of course to make the template more flexible I have added a variable for the Resource Group and a parameter for the AzureFilesStorageName, so the template will ask for the Storage Account name at the parameters. The PowerShell
    The PowerShell script is tested at Windows Server 2016 VM. You can find it below:
     
    Param (
    [Parameter()]
    [string]$SAKey,
    [string]$SAName
    )
    Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
    Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
    Install-Module Azure -Confirm:$False
    Import-Module Azure
    $storageContext = New-AzureStorageContext -StorageAccountName $SAName -StorageAccountKey $SourceSAKey
    $storageContext | New-AzureStorageShare -Name #####
     
    read
  5. proximagr
    Azure Update Management
    Have you checked the update management system for your Azure and On-Premises server that supports both Windows and Linux operating systems? And it is completely free! Please find the full list of supported operating systems and prerequisites here: https://docs.microsoft.com/en-us/azure/operations-management-suite/oms-solution-update-management#prerequisites.
    Lets get started. The easiest way is to start from an Azure VM. Go to the VMs blade and find “Update management”. You will see a notification that the solution is not enabled.

    Click the notification and the “Update Management” blade will open. The “Update Management” is an OMS solution, so you will need to create a “Log analytics” workspace, you can use the Free tier. If you don’t have a Log analytics workspace the wizard will create a default for you. Also it will create an automation account. Pressing enable will enable the “Update Management” solution.

    After about 15 minutes, at the “Update Management” section of the VM you will see the report of the VM’s updates.

    After that process the Automation Account is created and we can browse to the “Automation Accounts” service at the Azure Portal. There click the newly created Automation Account and scroll to the “Update Management” section. There we can see a full report of all VMs that we will add to the Update Management solution. To add more Azure VMs simply click the “Add Azure VM” button.

    The Virtual Machines blade will open and will list all Virtual Machines at the tenant. Select each VM and press Enable.

    After all required VMs are added to the Update Management solution click the “Schedule update deployment” button. There we will select the OS type of the deployment, the list of computers to update, what type of updates will deploy and the scheduler. More or less this is something familiar for anyone that has worked with WSUS.

    Press the “Computers to Update” to select the Azure VMs for this deployment from the list of all VMs enabled.

    Then select what types of updates will deploy.

    If you want to exclude any specific update you can add the KB number at the “Excluded updated” blade.

    And finally select the schedule that the update deployment will run.

    Back to the “Update Management” blade, as we already said, we have a complete update monitoring of all Virtual Machines that are part of the “Update Management” solution.

    You can also go to the “Log Analytics” workspase and open the “OMS Portal”

    There, among other, you will see the newly added “System Update Assessment” solution.

    and have a full monitoring and reporting of the updates of your whole environment.

    [/url]
    The post Azure Update Management appeared first on Apostolidis IT Corner.


    Source
  6. proximagr
    Azure Storage Advanced Thread Protection
    Azure Storage Advanced Threat Protection is a new security feature, currently in Preview. It monitors the Azure Blob Storage accounts. It detects anomalies and uncommon access to the Storage Account and notifies the admins through email.
    All the Azure Storage Advanced Threat Protection monitoring and logs are integrated to the Azure Security Center, including the well known ASC recommendations.
    It’s so easy to enable, just go to the Azure Portal, navigate to your storage account’s Advanced Threat Protection setting and switch it ON!

    After that you can view the alerts at the Security Center, under Threat Protection’s Security Alerts.


    First published at https://www.e-apostolidis.gr/microsoft/azure/azure-storage-advanced-thread-protection/
  7. proximagr
    Connect two or more Azure Virtual Networks using one VPN Gateway
    Peering is a feature that allows to connect two or more virtual networks and act as one bigger network. At this post we will see how we can connect two Azure Virtual Networks, using peering and access the whole network using one VPN Gateway. We can connect Virtual Networks despite if they are in the same Subscription or not.
    I have created a diagram to help understand the topology.

    We have a Virtual Network with Site-2-Site VPN wto On Premises. It can also have Point-2-Site connection configured. The VNET A. We have another Virtual Network at the Same Subscription that we want to connect each other. The VNET B. Also we can have a third Virtual Network at a different subscription. The VNET C.

    In sort we need those peerings with the specific settings:
    At the VNETA Peering VNETA to VNETB with “Allow Gateway transit” At the VNETA Peering VNETA to VNET At the VNETB Peering VNETB to VNETA with “Use Remote Gateway” At the VNETB Peering VNETB to VNETC At the VNETC Peering VNETC to VNETA with “Use Remote Gateway” At the VNETC Peering VNETC to VNETB

    In order to be able to connect all those networks and also access them using the VPN Connection there are four requirements:
    The account that will be used to create the peering must have the “Network Contributor” Role. The Address Space must be different on each other and not overlap. All other Virtual Networks, except the one that has the VPN Connection must NOT have a VPN Gateway deployed. Of course at the local VPN device (router) we need to add the address spaces of all the Virtual Networks that we need to access.
    Lets lab it:
    HQ 192.168.0.0/16 –> The on-premises network VNET A 10.1.0.0/16 –> The Virtual Network that has the VPN Gateway (At my lab is named “devvn”) VNET B 10.229.128.0/24 –> THe virtual network at a different subscription of the Gateway (At my lab is named “Network prtg-rsg-vnet”) VNET C 172.16.1.0/24 –> The virtual network at the same subscription as the Gateway Network (At my lab is named “provsevnet)

    The on-premises network is connected with Site-to-site (IPsec) VPN to the VNETA

    Now we need to connect VNETA and VNETB using Vnet Peering. in order to have a Peering connection we need to create a connection from VNETA to VNETB and one from VNETB to VNETA.
    Open the VNETA Virtual Network, go to the Peerings setting and press +ADD
    Select the VNETB and check the “Allow Gateway transit” to allow the peer virtual network to use your virtual network gateway


    Then go to the VNETB, go to the Peerings setting and click +ADD.
    Select the VNETA Virtual Network and check the “Use Remote Gateway” to use the peer’s virtual network gateway. This way the VNETB will use the VNETA’s Gateway.


    Now we can contact the VNETB network from our on-premises network
    a multi-ping screenshot:
    From 10.229.128.5 (VNETB) to 192.168.0.4 (on-premises) & the opposite From 10..1.2.4 (VNETA) to 10.229.128.5 (VNETB) & to 192.168.0.4 (on-premises)

    The next step is to create a cross-subscription peering VNETA with VNETC
    Open the VNETA and create a peering by selecting the VNETC from the other Subscription and check the “allow gateway transit”

    Then go to the VNETC and create a peer with the VNETA and check the “use remote gaeway”

    With the two above connections we have connectivity between the on-premises network and the VNETC.
    The final step, to enable the connectivity between VNETB & VNETC. To accomplish this just create one peer from the VNETB to VNETC and one from VNETC to VNETB.
    Ping inception:

    In order to have client VPN connectivity to the whole network, create a Point-2-Site VPN at the VNETA. You can follow this guide: Azure Start Point | Point-to-Site VPN
  8. proximagr
    Azure Start Point | Point-to-Site VPN
    In this post series we will go through some basic steps on how to start with Microsoft Azure. At this post we will see how we can create Point-to-Site VPN connection with Azure.
    If you don’t have an Azure Subscription, you can easily create a free trial by just going to https://azure.microsoft.com/en-us/free/
    Create typical a VIrtual Network

    In order to create Point-to-Site VPN connection it needs a Virtual Network Gateway. Go to the Virtual Network, Subnets and add a Gateway Subnet.

    FInally we can add the Virtual Network Gateway. From the portal, create a Virtual Network Gateway resource and add it to the previously created Virtual Network.

    The Virtual Network Gateway can take up to 45 minutes to be created.
    Once the Virtual Network Gateway is created we need one more step. To configure Point-to-site. Open the Virtual Network Gateway and press configure.

    We will need a root and a client self-signed certificate to complete the setup. Using a WIndows 10 or Windows Server 2016 machine we can make use of the New-SelfSignedCertificate cmdlet that makes the process easy. The whole process is described here: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
    For the root certificate run the below PowerShell using ISE:
    $cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `-Subject "CN=prodevrootcert" -KeyExportPolicy Exportable `-HashAlgorithm sha256 -KeyLength 2048 `-CertStoreLocation "Cert:CurrentUserMy" -KeyUsageProperty Sign -KeyUsage CertSign
    For the client certificate run the below PowerShell using ISE:
    $cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `-Subject "CN=prodevrootcert" -KeyExportPolicy Exportable `-HashAlgorithm sha256 -KeyLength 2048 `-CertStoreLocation "Cert:CurrentUserMy" -KeyUsageProperty Sign -KeyUsage CertSign
    Export the root certificate public key in cer format using MMC, open the Certificates snap-in and select “current user”. Find the root certificate under Personal –> Certificates and right click –> All Tasks export

    Select to “not export the private key” and use Base64 encoded.

    Export the client certificate by selecting “export the private key” , select the “include all certificates in the certification path” and the “enable certificate privacy”. Add a password and export it to pfx file.

    this pfx file must be installed to all the client computers that will use this Point-to-Site connection.
    Now lets go back to the Point-to-Site configuration page. Add an address pool that the VPN clients will use. This subnet must be different from the Virtual Network address space.

    Then open the root certificate, the cer file, using notepad, copy the text between the Begin and End marks.

    Paste the certificate text to the “Root certificated” –> Public certificate data” field and add a name to the “Name” field.

    Press Save and the “Download VPN Client” button will be enabled and we can download the VPN client.
    In order to establish the VPN connection we need to install the VPN Client and the Client “pfx” certificate to the workstation.
    [/url]
    The post Azure Start Point | Point-to-Site VPN appeared first on Apostolidis IT Corner.


    Source
  9. proximagr
    Save 40% on Windows Azure VM made easy
    creating a new Windows Azure VM you will notice a new selection at the Basics step. It is the Hybrid Use Benefit. Using this benefit you can save up to 40% on a Windows Azure VM cost using your own license with software assurance. You just need to have a Windows Server Standard or Datacenter license with Software Assurance, and it is not restricted to any specific licensing program, it is available to all licenses with Software Assurance.
    At the final step, the Summary, you will see a notification about the Hybrid Use Benefit, explaining the limitations of the benefit, saying:
    “Each Windows Server with Software Assurance (either via each 16-Core license or two-processor license) is entitled to two instances of up to 8 cores, or one instance of up to 16 cores. Please always refer to your Windows Server license count with Software Assurance, your Hybrid Use Benefit entitlements, and your Hybrid Use Benefit deployments to use this benefit while maintaining compliance.“


    once the Azure VM is ready and login you will notice that the Operating System is not activated

    so you need to press Activate Windows and add your key to activate the Azure VM

    for more details visit the official page at https://azure.microsoft.com/en-us/pricing/hybrid-use-benefit/
  10. proximagr
    Azure App Service, get data from on-premises databases securely
    There are many scenarios where we want to have the Web Application on the Cloud but on the other hand, due to various limitations, the database stays on-premises. Azure has a service, called Azure Hybrid Connections, that allows the Web App to connect to on-premises databases, using internal IP address or the database server host name, without a complex VPN setup.
    The Connection diagram

    I have tested the connection with Microsoft SQL, PostgreSQL, MySQL, mongodb and Oracle. The databse requirements is to have a static port. So the first step in case of a Microsoft SQL instance is to assign a static port. In my test environment I have a Microsoft SQL 2016 and I assigned the default port 1433, using the Sql Server Configuration Manager / SQL Server Network Configuration / Protocols for INSTANCENAME (MSSQLSERVER)

    All paid service plans supports hybrid connections. The limits are on how many hybrid connections can be used per plan, as the below table shows. Pricing plan Number of Hybrid Connections usable in the plan Basic 5 Standard 25 Premium 200 Isolated 200
    To start creating the Hybrid Connections, go to the App Service / Networking / Hybrid Connections and press the “Configure your hybrid connection endpoints”

    At the Hybrid connections blade there are two steps, the first is to “Add hybrid connection” and the second is to “Download the connection manager”.

    First click the “Add hybrid connection” and then press “Create new hybrid connection”

    The “Create new hybrid connection” blade will open. Add a Hybrid connection name, this must be at least 6 characters and it is the display name of the connection. At the Endpoint host add the hostname of the database server and at the Endpoint port, the port of the database. At my case I added 1433, as this is the port I assign to my SQL instance before.
    Finally you will need to specify a name for a Servicebus namespace. As you realize, the hybrid connection uses Azure Servicebus for the communication, and press OK.

    Once the connection is created it will be shown at the portal as “Not connected”

    Now we need to download and install the hybrid connection manager by clicking the “Download connection manager”. For this test I will install the hybrid connection manager at the same server as the SQL database, but for a production environment it is recommended to install the hybrid connection manager to a different server that will have access to the database servers only to the required ports. For the best security install it to a DMZ server and open only the required ports to the database servers.
    Run the downloaded msi and just click Install.

    Open the “Hybrid connection manager” UI and press “Add a new Hybrid Connection.

    Sign in to your Azure account

    Once logged in, choose your Subscription and the hybrid connection configured previously will appear. Select it and press Save.

    Now at the connection manager status it will show “Connnected”

    The same at the Azure Portal and your Hybrid connection is ready.

    Test, test, test and proof of concept. Open the Console, form the Wep App Blade, and tcpping the SQL server’s hostname atthe port 1433

    and also sqlcmd

  11. proximagr
    How to disconnect a mailbox & re-assign it to new user in a Hybrid Scenario
    Scenario objectives: We have an Exchange Hybrid setup between on-premises and Exchange Online (Office 365). All users are synced and the mailbox is located at Exchange Online.
    We need to separate an existing mailbox from its user account and re-connect this mailbox to a new user account. If the mailbox in this scenario was located at the on-premises Exchange it would be an easy process just using the Exchange Management Console. But in a Hybrid scenario, the process includes many steps since the mailbox is not directory conencted to the Active Directory user account but it is conected to the Azure AD Synced User Account.
    For the ease of the guide we will name the Existing User Account: OLDUSER and the New User Account: NEWUSER.
    We will disconnect the Exchange Online Mailbox from the OLDUSER and connect it to the NEWUSER.
    Step 1.
    At the on-premises Active Directory, at an OU that is not synced with Azure AD, create the new user account. The “NEWUSER”. Ensure that you do not enter nothing at the email field. Just a user account with no email attributes.
    Step 2.
    Move the “OLDUSER” to an OU that is not synced with Azure AD
    Step 3.
    Run a Delta Sync. Go to the server that the AD Connect is installed, open the PowerShell and run “Start-ADSyncSyncCycle”
    Step 4.
    We need to get the GUID of the NEWUSER. To do so login to a Domain Controller, open PowerShell and run:

     



    1



    [system.convert]::ToBase64String((Get-Aduser NEWUSER).objectGUid.ToByteArray())
     

    Copy the GUID to a Notepad
    Step 5.
    Open the Office 365 Admin Center and Restore the deleted user “OLDUSER”
    Go to Users –> Deleted Users –> Select the user “OLDUSER” –>Click Restore

    Step 6.
    Connect to Azure AD and set the GUID of the “NEWUSER” to the Office 365 “OLD USER”. Details for connecting to Azure AD “https://technet.microsoft.com/en-us/library/dn975125.aspx“

     



    1



    2



    3



    Connect-MsolService

    Set-MsolUser -UserPrincipalName [email protected] -ImmutableId vMZGJpW6CUGY09bduJ5dlw==
     

    Step 5.
    Open the Office 365 Admin Center and Delete the old user “OLDUSER”
    Go to Users –> Active users –> Select the “OLDUSER” –> click Delete user

    Step 6.
    Clean the on-premises Active Directory account of the old user “OLDUSER” from all attributes that will be added to the new user, like Proxy addresses, Target, address, Alias name, nickname etc.
    Step 7.
    Make the “NEWUSER” user account a Remote Mailbox object
    At the on-premises Exchange, open the Exchange Management Shell and run:

     



    1



    Enable-RemoteMailbox -Identity NEWUSER -DisplayName "NEW USER" -RemoteRoutingAddress [email protected] -Alias newuser [email protected]
     
    Step 8.
    Move the “NEWUSER” to an OU that is Synced with Azure AD and run a Delta Sync like Step 3.
    After that the “NEWUSER” active directory account will be connected with the “OLDUSER” Exchange Online mailbox and all attributes of the Exchange Online mailbox will be replaced with the “NEWUSER’s” values.
     
    I suppose there are other ways, maybe easier, to accomplish this task, but following this process you will have the desired result without problems.
     

    [/url]
    EmailPrint
  12. proximagr
    When we create a VM on Azure, at the same time we create a Cloud Service. Later we can create more VMs on the same cloud service. Each cloud service has a unique Public IP. For as long the Cloud Service has at least one VS running this Public IP remains the same. If all VMs of a Cloud Service are off then the Public IP is released and next time the VM is powered on it will take a new Public IP.
     
    Using PowerShell we can reserve a Public IP for as long as the Cloud Service exists, with or without VMs.
     
    First we need to create a Virtual Network from the portal. Go to “Networks” and create a new Virtual Network. We can use the “Quick Create”.
     
    Second we need the Azure PowerShell installed, it can be found here: http://azure.microsoft.com/en-us/documentation/articles/install-configure-powershell/ and we connect using the username/password method, the command is Add-AzureAccount

    #Create the Public IP Reservation:$reservedIP = "reserved ip name"$location = "West Europe"New-AzureReservedIP -ReservedIPName $reservedIP -Location $location #Collect the configuration settings for the new VM:$serviceName = "azure service name for VM"$adminUser = "VM admin user name"$password = "VM admin password"$location = "West Europe"$reservedIP = "reserved ip name"$vmName = "VM name" #Choose the size of the VM. Use this list: https://msdn.microsoft.com/en-us/library/dn168976%28v=nav.70%29.aspx#$vmSize = "Medium" #Provide the Operating System. Use this post to get a list of the available images: https://msdn.microsoft.com/en-us/library/azure/jj157191.aspx?f=255&MSPPError=-2147217396$imageFamily = "Windows Server 2012 R2 Datacenter"$imageName = Get-AzureVMImage | where { $_.ImageFamily -eq $imageFamily } | sort PublishedDate -Descending | select -ExpandProperty ImageName -First 1 #Add the configuration settings for the new VM to a variable:$vm1 = New-AzureVMConfig -Name $vmName -InstanceSize $vmSize -imagename $imagename | Add-AzureProvisioningConfig -Windows -AdminUsername $adminUser -Password $password | set-azuresubnet subnet-1 #Create the VM and the Cloud Service with the Reserved Public IPNew-AzureVM -Location $location -VMs $vm1 -vnetname testnet2 -servicename $servicename -reservedipname $reservedipname Δίνουμε την εντολή για να ξεκινήσει η δημιουργία.
  13. proximagr
    Καλησπέρα στην κοινότητα. Θέλω να μοιραστώ μαζί σας τα προβλήματα που αντιμετώπισα σήμερα σε ένα Hybrid Configuration με Exchange 2010 SP3 UR6. Δεν είναι κάτι τραγικό, ούτε κάτι που δεν έχουμε αντιμετωπίσει στο παρελθόν αλλά πιστεύω ότι όσο μοιραζόμαστε τόσο μαθαίνουμε.
     
    Παραλείπω τα αρχικά, Domain verification, DirSync, Certificate request, το Outlook Anywhere ενεργό, όλα τα virtual directories φαίνονται μια χαρά, telnet 443 μια χαρά, OWA μια χαρά, γενικώς καλά και φτάνω στο Hybrid Wizard. Δημιουργία και πρώτο τρέξιμο για να φτιαχτεί το private certificate όλα καλά. Πάμε τώρα στο update για να βάλουμε credentials, IP, FQDN κλπ. Ξεκίνησα και εγώ όλο χαρά να τελειώσω το Hybrid Wizard. Αμ δε.
     
    Έχουμε και λέμε, φυσικά έσκασε, και ο πρώτος λόγος ήταν «Execution of the Get-FederationInformation cmdlet had thrown an exception” ή αλλιώς «βγάλε άκρη».
     
    Πολλά άρθρα, πολύ ωραία και όμορφα, κυρίως κατέληγαν στο εξής απλο… κάνε όλα τα test στο connectivity analyzer ευχαριστούμε τη Microsoft πολλά χρόνια για αυτό το πολυεργαλείο
     
    Θυμήθηκα που έλεγε ο Admin τους ότι «εμείς χρησιμοποιούμε VPN για να βλέπουμε τα mail από το Outlook από το σπίτι" και ξεκινάω με Outlook Connectivity, έπρεπε να το ψυλλιαστώ....
     
    The HTTP authentication test failed.
    Additional Details
    An HTTP 500 response was returned from Unknown
     
    Το https://mail.MyDomain.com/rpc/rpcproxy.dllέφερνε το 500 άρι. Με τα πολλά καταλήγω να κάνω επανεγκατάσταση RPC over HTTP με τα εξής βήματα:
    1.Απενεργοποίησα το Outlook Anywhere
    2.Απεγκατέστησα το RPC proxy (Σε 2012 & R2 Uninstall-WindowsFeature rpc-over-http-proxy)
    3.Επανεκκίνηση (Φυσικά)
    4.Εγκατάσταση RPC Proxy (Install-WindowsFeature rpc-over-http-proxy)
    5.Ενεργοποίηση Outlook Anywhere
    6.Επανεκκίνηση του Microsoft Active Directory Topology service
     
    Φυσικά και δεν έλυσε το πρόβλημα…. Ευτυχώς βρήκα αυτό το άρθρο https://support.microsoft.com/en-us/kb/2015129και πήγα με το χέρι και πρόσθεσα το "runtimeVersionv2.0" στο Applicationhost.config. Γιατί το aspnet_regiis.exe δεν παίζει σε 2012 και δεν βρήκα κάτι καλύτερο. Ως δια μαγείας έπαιξε με τι μία !!!!!
     
    Τι ωραία, τι καλά , τραλαλά, τρέχω τον Hybrid Wizard και .... ακριβώς το ίδιο error!
     
    Πάμε πάλι στον connectivity analyzer, τώρα έτρεξα το autodiscover test. Μια χαρά… όλα καλά, τρέχω και EWS test όλα καλά. Με τα πολλά λέω να κάνω reset το autodiscover, το λέγαν διάφοροι με πρόβλημα στο get-federatedinformation. Με τα πολλά τα βήματα είναι αυτά:
     
    •Reset the Autodiscover Virtual Directory
    •Reset the WSSecurityAuthentication to $true
    •IIS reset, then the get-federatedinformation worked!
     
    Ωραία λέω, πάμε από GUI να κάνω reset το autodiscover virtual directory http://technet.microsoft.com/en-us/library/ff629372.aspx. ΧΑΧΑΧΑΧΑΧΑΧΑΧΑ, ο exchange γελούσε με την πάρτη μου. Με το που πατάς το “reset virtual directories” από το GUI σκάει το Exchange Management Console (Exchange 2010 SP3 UR6). Έτσι απλά. Οπότε η δουλειά έγινε με Powershell και όλα καλά, έτρεξα το παρακάτω γιατι ήταν όλα Default:
     
    Get-AutodiscoverVirtualDirectory | Remove-AutodiscoverVirtualDirectory
    New-AutodiscoverVirtualDirectory -Websitename "Default Web Site" -BasicAuthentication:$true -WindowsAuthentication:$true
     
    Μετά το IISreset τρέχω να τρέξω το Hybrid Wizard!!! Όλο χαρά και πάλι, και φυσικά έσκασε!!! Αλλά αυτήν την φορά με άλλο error, το περάσαμε το get-federatedinformation!!!!
    Το νέο μας error: Subtask ValidateConfiguration execution failed: Configure Mail Flow, Ok λέω, αυτό το έχουμε ξαναδεί, όταν έχεις wildcard certificate φτιάχνει τους connectors με default server address, mail.domain.com, στην περίπτωσή μου τους έφτιαξε mail.xxxxx.gr αντί για mailx.xxxxx.gr που ήθελα.
     
    Πάω να τους διορθώσω, και στο check στον Outbound του Office 365 (mail flow/connectors/Hybrid Mail Flow Outbound Connector ) με κόβει στο verify. 450 4.4.101 Proxy session setup failed on Frontend with ‘451 4.4.0 Primary target IP address responded with: “451 5.7.3 STARTTLS is required to send mail.
     
    Χμ, μιλάω με τον Administrator τους να δει αν το Firewall Κάνει ESMTP inspection και μου λέει, «ααααα ξέρεις, το mail flow περνάει από το Symantec gateway μέσα και έξω…» όμορφα και ωραία το κάναμε bypass και από exchange και από firewall και διόρθωσα τους connectors. Μια χαρά.
     
    Με τα πολλά έκανα move ένα test mailbox στο office 365 και πήγε μια χαρά! Μεγάλες χαρές, στέλνει mail, λαμβάνει mail, κυριλέ. Mail flow πάνω κάτω, δεξιά αριστερά μια χαρά. Μεταφέραμε και μερικά ακόμα και η ζωή συνεχίζεται....
  14. proximagr
    SQL Failover Cluster with AlwaysOn Availability Groups Αυτό είναι το δεύτερο Post της τριλογίας SQL Failover Cluster with AlwaysOn Availability Groups. Είναι η ώρα της SQL. Windows Server 2012 R2 Failover Cluster with FreeNAS 9.3 Microsoft SQL 2012 on Failover Cluster Add AlwaysOn AG to SQL Failover Cluster Instance Microsoft SQL 2012 on Failover Cluster Για […]
    The post Microsoft SQL 2012 on Failover Cluster appeared first on Proxima's IT Corner.


    Source
  15. proximagr
    <h1>Azure Security Center</h1>
    <h2>Remediate security recommendations in 1 click</h2>
    <p>Azure Security Center provides unified security management and advanced threat protection across hybrid cloud workloads. Using advanced analytics, it helps you detect potentially malicious activity across your hybrid cloud workloads, and recommends potential remediation steps, which you can then evaluate, and take the necessary action.</p>
    <p id="DLQOMZB"><img class="alignnone size-full wp-image-2857 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8ddac95fb1a.png"alt="" /></p>
    <p>One of the main features of Azure Security Center is that offers prioritized and actionable security recommendations so you can remediate security vulnerabilities before they can be exploited by attackers. To simplify remediation of security issues now allows you to remediate a recommendation on multiple resources with a single click.</p>
    <ul>
    <li>Quick access to 1-click fix<br />The 1-click fix label is shown next to the recommendations that offer this faster remediation tool.</li>
    <li>Logging for transparency<br />All remediation actions are logged in the activity log.</li>
    </ul>
    <p id="cYAerXE"><img class="alignnone size-full wp-image-2858 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8ddaf03f635.png"alt="" /></p>
    <h2>How to use 1-click remediation</h2>
    <p>Look for the “1-click Fix !” Label at the recommendations!</p>
    <p id="aBGvMLk"><img class="alignnone size-full wp-image-2859 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8ddb125f8f2.png"alt="" /></p>
    <p>Once you click the “1-click Fix !” Label, the recommendation information page will pen. Select the affected resources and click Remediate</p>
    <p id="ORTsWRv"><img class="alignnone size-full wp-image-2861 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8ddfea3fdaa.png"alt="" /></p>
    <p>A final window will open that will inform you about the action that will be performed and what will affect. Check the information and if you agree click the final “Remediation” button</p>
    <p id="NiZsHKi"><img class="alignnone size-full wp-image-2863 " src="https://www.e-apostolidis.gr/wp-content/uploads/2019/09/img_5d8de03500959.png"alt="" /></p>
    <h2>Current 1-click remediation availability</h2>
    <p>Remediation is available for the following recommendations in preview:</p>
    <ul>
    <li>Web Apps, Function Apps, and API Apps should only be accessible over HTTPS</li>
    <li>Remote debugging should be turned off for Function Apps, Web Apps, and API Apps</li>
    <li>CORS should not allow every resource to access your Function Apps, Web Apps, or API Apps</li>
    <li>Secure transfer to storage accounts should be enabled</li>
    <li>Transparent data encryption for Azure SQL Database should be enabled</li>
    <li>Monitoring agent should be installed on your virtual machines</li>
    <li>Diagnostic logs in Azure Key Vault and Azure Service Bus should be enabled</li>
    <li>Diagnostic logs in Service Bus should be enabled</li>
    <li>Vulnerability assessment should be enabled on your SQL servers</li>
    <li>Advanced data security should be enabled on your SQL servers</li>
    <li>Vulnerability assessment should be enabled on your SQL managed instances</li>
    <li>Advanced data security should be enabled on your SQL managed instances</li>
    </ul>
    <p>Single click remediation is part of Azure Security Center’s free tier.</p>
    <p>Read more at: <a href="https://azure.microsoft.com/en-gb/blog/azure-security-center-single-click-remediation-and-azure-firewall-jit-support/">AzureSecurity Center single click remediation</a></p>
    <p>Sources:</p>
    <p><a href="https://azure.microsoft.com/en-gb/blog/azure-security-center-single-click-remediation-and-azure-firewall-jit-support/">AzureSecurity Center single click remediation</a></p>
    <p><a class="breadcrumbs__link" href="https://azure.microsoft.com/en-us/updates/one-click-remediation-for-security-recommendations/"data-event="global-navigation-body-clicked-breadcrumb" data-bi-area="content" data-bi-id="global-navigation-body-clicked-breadcrumb">Azure Security Center—1-click remediation for security recommendations is now available</a></p>
    <p><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fasc-remediate-security-recommendations-in-1-click%2F&linkname=ASC%20%7C%20Remediate%20security%20recommendations%20in%201%20click"title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_print" href="https://www.addtoany.com/add_to/print?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fasc-remediate-security-recommendations-in-1-click%2F&linkname=ASC%20%7C%20Remediate%20security%20recommendations%20in%201%20click" title="Print" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share#url=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fasc-remediate-security-recommendations-in-1-click%2F&title=ASC%20%7C%20Remediate%20security%20recommendations%20in%201%20click" data-a2a-url="https://www.e-apostolidis.gr/microsoft/azure/asc-remediate-security-recommendations-in-1-click/" data-a2a-title="ASC | Remediate security recommendations in 1 click"><img src="https://static.addtoany.com/buttons/share_save_171_16.png" alt="Share"></a></p><p>The post <a rel="nofollow" href="https://www.e-apostolidis.gr/microsoft/azure/asc-remediate-security-recommendations-in-1-click/">ASC | Remediate security recommendations in 1 click</a> appeared first on <a rel="nofollow" href="https://www.e-apostolidis.gr">Apostolidis IT Corner</a>.</p>


    <a href="https://www.e-apostolidis.gr/microsoft/azure/asc-remediate-security-recommendations-in-1-click/"class='bbc_url' rel='nofollow external'>Source</a>
  16. proximagr
    SQL Failover Cluster with AlwaysOn Availability Groups
    Αυτό είναι το δεύτερο Post της τριλογίας SQL Failover Cluster with AlwaysOn Availability Groups. Είναι η ώρα της SQL.
    Windows Server 2012 R2 Failover Cluster with FreeNAS 9.3 (Page 1, Page 2) Microsoft SQL 2012 on Failover Cluster (Page 1, Page 2, Page 3) Add AlwaysOn AG to SQL Failover Cluster Instance (Page 1, Page 2, Page 3)

    Microsoft SQL 2012 on Failover Cluster (Page 1)
    Για το lab θα χρησιμοποιήσω τον Domain Administrator, αλλά δεν ενδείκνυται για παραγωγικό περιβάλλον!!!
    Βάζουμε το ISO της SQL 2012 SP2 και ξεκινάμε με “new SQL server failover cluster installation”

    Αφού περάσει τα checks δίνουμε key, για το lab φυσικά επέλεξα evaluation, και φτιάχνουμε στο install για να ξεκινήσουμε την εγκατάσταση.
    Αγνοούμε επιδεικτικά το MSDTC error (ήδη από τον 2008) και αν δεν έχουμε errors προχωράμε. Επιλέγουμε το SQL Feature installation και μετά επιλέγουμε μόνο Database Engine Services με τις υποκατηγορίες και το management tools

    Δίνουμε network name για το SQL Cluster και προχωράμε

    Δίνουμε όνομα για το cluster resource group ή αφήνουμε το default (όπως έκανα κι εγώ για το lab)

    Στο επόμενο βήμα μας ενημερώνει ότι δεν υπάρχει διαθέσιμος δίσκος για το SQL Cluster Disk, μιας και ο υπάρχον έγινε Cluster Quorum, οπότε πάμε να δώσουμε έναν ακόμη δίσκο στα Cluster Resources.
    Προσθέτουμε έναν ακόμα δίσκο στο FreeNAS μιας και ένας θα χρειαστεί για το Cluster Quorum και ο άλλος για SQL Cluster Disk. Αφού το δώσουμε στο VM πηγαίνουμε στο web interface του FreeNAS και πάμε στο Storage/Volume manager, διαλέγουμε τον δίσκο δίνουμε όνομα, έδωσα sql, και πατάμε add volume

    Μετά πάμε στο view volumes, επιλέγουμε το sql και πατάμε το create zvol κουμπί, όπως φαίνεται και στην εικόνα

    Δίνουμε όνομα και size και πατάμε Add zvol

    Μετά πάμε στο Sharing/ISCSI/extents και πατάμε add extent, δίνουμε όνομα, επιλέγουμε device το zvol που φτιάξαμε, διαλέγουμε Logical Block Size, για SQL DBs ενδείκνυται το 512, και πατάμε ok

    Τέλος πάμε στο associated targets, πατάμε add target/extent και προσθέτουμε τον extent που φτιάξαμε.
    Τώρα αν πάμε στους servers στο disk management και κάνουμε refresh τους δίσκους βλέπουμε τον νέο δίσκο και τον κάνουμε online, initiate και format, μόνο προσοχή να δώσετε allocation unit 512 για να συμβαδίζει με του FreeNAS αλλιώς η SQL θα γκρινιάξει.

    Ανοίγουμε το Failover Cluster Manager/Storage/Disks και πατάμε add Disk και προσθέτουμε τον νέο δίσκο.

     

    Συνέχεια στην επόμενη σελίδα
     
    Πηγή http://www.e-apostolidis.gr/%ce%b5%ce%bb%ce%bb%ce%b7%ce%bd%ce%b9%ce%ba%ce%ac/microsoft-sql-2012-on-failover-cluster/
  17. proximagr
    SQL Failover Cluster with AlwaysOn Availability Groups Πάμε τώρα για το τελευταίο κομμάτι του lab, να προσθέσουμε AlwaysOn Availability Group στο υπάρχον SQL WSFC. Windows Server 2012 R2 Failover Cluster with FreeNAS 9.3 Microsoft SQL 2012 on Failover Cluster Add AlwaysOn AG to SQL Failover Cluster Instance Add AlwaysOn AG to SQL Failover Cluster Instance […]
    The post Add AlwaysOn AG to SQL Failover Cluster Instance appeared first on Proxima's IT Corner.


    Source
  18. proximagr
    Microsoft offers for free it’s antimalware service. When you create a new VM you have the option to enable it. This will install the System Center Endpoint Protection client to the VM managed by Azure. If you have added this but now you want to remove it and add some other antivirus/antimalware solution you cannot do it by just uninstalling the client from the VM. The client will auto re-insalled by Azure. There are two ways to completely uninstall the program and remove it from Azure. One is using the new Portal and one using PowerShell.
     
    Using the Portal
    Go to https://portal.azure.com/ Browse the VM Go to the Configuration section and click on Extensions Click the Microsoft.Azure.Security extension You can delete it using he Delete button At any time you can re-add it, by clicking the Add button at the Extensions window


     
    Using PowerShell
     
    First connect PowerShell to your Azure subscription, as described to this post and then:
     
    # First check the Antimalware Service Status, you need to select the Azure VM and then get the status:
    $servicename = "myVMservice"
    $vmname = "myVMname"
    $vm = Get-AzureVM –ServiceName $servicename –Name $vmname
    Get-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -Version 1.* -VM $vm
     
    #First remove the service from Azure
    Remove-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -VM $vm
     
    # Then uninstall the Antimalware Client from the VM
    Get-AzureVM -ServiceName $servicename -Name $vmname | Set-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -Version 1.* -Uninstall | Update-AzureVM
     
    source: http://www.e-apostolidis.gr/microsoft/remove-microsoft-antimalware-service-from-a-vm/
  19. proximagr
    I was looking for a free solution to have an email notifications for Azure backup. After reading other blogs and technet site I end up to use PowerShell Send-MailMessage attached to the Azure Backup Logs. In short, when the Azure Backup log is created, the script lists the last 2 days events, creates an html file and mails the report with the html as attachment to you.
     
    First find the Azure backup Event Log, it under “Applications and Services Logs, CloudBackup, Operational” and select to attach a task to the log. This will trigger the task on every event created under this log. On the other hand you can attach the task to a specific event.
     
    Create a Task and attach the below PowerShell script. Here you will find the powershell.exe “C:\Windows\System32\WindowsPowerShell\v1.0″
     
    Crate a folder c:\IT and Copy the below script on a text file and name it “eventemail.ps1″. Finally change the required fields.
     
    $date = (Get-Date).AddDays(-2)
    $event = Get-WinEvent -FilterHashtable @{ LogName = "cloudbackup"; StartTime = $date; }
    $event | ConvertTo-Html message,timecreated | Set-Content c:\it\backup.html
     
    if ($event.EntryType -eq "Error")
    {
    $PCName = $env:COMPUTERNAME
    $EmailFrom = "FROM_EMAIL_HERE"
    $EmailTo = "YOUR_EMAIL_HERE"
    $EmailSubject = "Server $PCName Backup Failure report"
    $SMTPServer = "SMTP_SERVER_HERE"
    Write-host "Email Sent"
    Send-MailMessage -From $EmailFrom -To $EmailTo -Subject $EmailSubject -body "$($event.Message) $($event.TimeCreated)" -Attachments "c:\it\backup.html" -SmtpServer $SMTPServer
    }
    else
    {
    write-host "There is no error. Below the logs files."
    $event
    $PCName = $env:COMPUTERNAME
    $EmailFrom = "FROM_EMAIL_HERE"
    $EmailTo = "YOUR_EMAIL_HERE"
    $EmailSubject = "Server $PCName Backup Success report"
    $SMTPServer = "SMTP_SERVER_HERE"
    Write-host "Sending Email"
    Send-MailMessage -From $EmailFrom -To $EmailTo -Subject $EmailSubject -body "$($event.Message) $($event.TimeCreated)" -Attachments "c:\it\backup.html" -SmtpServer $SMTPServer
    }
     
    The “write-host ” lines can be removed. They are useful only for troubleshooting by running the script manually on powershell.
     
    source: http://www.e-apostolidis.gr/microsoft/azure-backup-email-notification/
  20. proximagr
    There are many reasons to have your Disks stored at separate Storage Accounts, per Cloud Service. One is that a Storage Account in Azure provides 20000 IOPS and every disk in Standard Tier 500 IOPS. Azure support suggests to don’t have more than 40 disks per Storage Account. Also you may want to have your disks lined (go to Azure, Cloud Services, selsect a Cloud Service and you can see the “Lined Resources” tab, there you can link storage accounts to the Cloud Service) to the same Cloud Services as their VMs. The problem is that if you have an Azure VM and you try to “attach an empty disk” you will realize that the disk will be created at the default Storage Account of the Subscription and there is no option to change this.
     
    Here is a PowerShell command that creates a VHD at a specified Storage Account, creates a Disk and attaches it to a VM:
     
    Get-AzureVM "servicename -Name "vmname" | Add-AzureDataDisk -CreateNew -DiskSizeInGB XXX -DiskLabel "diskname" -MediaLocation "https://storageaccountname.blob.core.windows.net/vhds/vhdname.vhd"-LUN X | Update-AzureVM
     
    Some more info on this command:
     
    First of all you need to connect to your Azure Subscription, you can follow this Post on how to do it.
    Then create a Storage Account using the GUI or PowerShell, here is the Microsoft’s link http://azure.microsoft.com/en-us/documentation/articles/storage-create-storage-account/
    Then you need to list the disks that are already connected to your VM in order to view the LUN number that you will use. The OS disk is not listed on this command. The first data disk consumes the LUN 0, the second the LUN 1 and so on. The command is:
     
    Get-AzureVM -ServiceName "servicename" -Name "vmname" | Get-AzureDataDisk
     
    source: http://www.e-apostolidis.gr/microsoft/create-a-disk-in-specific-storage-account-and-attach-it-to-a-vm-in-azure/
  21. proximagr
    Copy AZURE VHD to other storage account
     
    #Source storage account
    $context1 = new-azurestoragecontext -storageaccountname "name_source_account" -storageaccountkey "key_source_account"
     
    #Destination storage account
    $context2 = new-azurestoragecontext -storageaccountname "name_destination_account" -storageaccountkey "key_destination_account"
     
    #Initiate copy this might take a while
    Start-AzureStorageBlobCopy -SrcContainer "vhds" -SrcBlob "name_as_found_in_step_one.vhd" -SrcContext $context1 -DestContainer "vhds" -DestBlob "my_destination_name.vhd" -DestContext $context2
     
    Track Azure VHD copy process
     

    $context = new-azurestoragecontext -storageaccountname "name_destination_account" -storageaccountkey "key_destination_account"
     
    Get-AzureStorageBlobCopyState -Blob "file_name.vhd" -Container "vhds" -Context $context
     
    source: http://www.e-apostolidis.gr/microsoft/copy-azure-vhd-to-other-storage-account/
  22. proximagr
    First we need to install the Azure PowerShell module from http://go.microsoft.com/fwlink/p/?linkid=320376&clcid=0x409
     
    Then open PowerShell and follow the below commands:
     
    #Get your subscription file - The browser will open, you will need to login to the Azure Subscription and finally it will download the <subscriptonname>.publishsettings file
    Get-AzurePublishSettingsFile
     
    #Connect to your Subscription
    Import-AzurePublishSettingsFile -PublishSettingsFile "full path to downloaded file"
    Source: http://www.e-apostolidis.gr/microsoft/connect-powershell-to-azure/
  23. proximagr
    First of all, the VM must be within a virtual network to be able to add a static Private IP address
     
    There are two ways to set a static private IP. One is using the new Azure Portal "portal.azure.com" and one via PowerShell.
     
    Using the new Portal, browse a VM, select settings and then IP addresses. There at the Private IP address you can select "Static" and add the IP address.
     
    Using PowerShell, first connect to the Azure (details on this post), and use the following commands:
     
    #Test IP availability:
    Test-AzureStaticVNetIP -VNetName XXXXXXX -IPAddress
     
    #Set the VM that will take the static IP
    $static = Get-AzureVM -ServiceName xxxxx -Name xxxxxx
     
    #Set the static IP
    Set-AzureStaticVNetIP -VM $static -IPAddress xx.xx.xx.xx | Update-AzureVM
     
    #Check the static IP
    Get-AzureStaticVNetIP -VM $staticVM
     
    source: http://www.e-apostolidis.gr/microsoft/set-static-ip-to-azure-vm/
  24. proximagr
    To connect PowerShell to Exchange Online, open the PowerShell and run:

    $UserCredential = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/-Credential $UserCredential -Authentication Basic -AllowRedirection Import-PSSession $Session

    source: http://www.e-apostolidis.gr/microsoft/connect-to-exchange-online/
  25. proximagr
    This post is bout Exchange/Office 365 Hybrid Deployments, when for some reason we need to completely delete a user account and mailbox from Office 365 in order to re-sync it.
     
    First you need to exclude the user from DirSync
    Open the “Synchronization Service Manager” (cn be fount at “C:\Program Files\WindowsAzureActiveDirectorySync\SYNCBUS\Synchronization Service\UIShell\miisclient.exe”) Navigate to “Metaverse Search” and click on “Add Clause” Be sure that you choose Displayname as Attribute, and then configure your search Double click an entry, and open the tab connectors Activate the line with the “Active Directory Connector” Management Agent and click on “Disconnect… In the disconnect object accept question, choose “Disconnector (Default)” to remove the connector. Explicit Disconnector will lock the object to be a connector again.

    You can then rerun your search, and the specific account will not be shown anymore. And after a sync, the object will also be removed from the azure Directory
     
    Then you need to remove the user object from the Office 365 portal using the PowerShell
    Open PowerShell “Windows Azure Active Directory Module” $msolcred = get-credential connect-msolservice -credential $msolcred Get-MsolUser -ReturnDeletedUsers | FT UserP*,ObjectId Remove-MsolUser -ObjectId abc1234-12abc-123a-ab12-a12b3c4d5f6gah -RemoveFromRecycleBin -Force Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force

    Then at the next scheduled sync of te DirSync the user will be recreated. Also you can force the DirSync to creaate the user faster.
     

    soure: http://www.e-apostolidis.gr/microsoft/delete-user-from-office-365-with-dirsync/
×
×
  • Create New...