I referred to below link and succeeded to reset password on VM scale set with extension created
Reset password of a virtual machine scale set
Now, I want to reset the password again. However, if I perform the same as above, it will give me an error during Update-AzVmss
Update-AzVmss: On resource 'VMSS1', extension name 'VMAccessAgent' cannot be used for more than one extension.
ErrorCode: BadRequest
ErrorMessage: On resource 'VMSS1', extension name 'VMAccessAgent' cannot be used for more than one extension.
ErrorTarget:
StatusCode: 400
ReasonPhrase: Bad Request
OperationID : 53c2fea8-bf5a-47fe-a5e9-8e98eea1bb7b
How should I reset the password again? Does it mean I have to remove the extension and run the Powershell script again?
The error you are referring(On VM Scale Set 'VMSS1', extension name 'VMAccessAgent' cannot be used for more than one extension), I suspect this could be related to this one:"Multiple VMExtensions per handler not supported for OS type '{0}'. VMExtension '{1}' with handler '{2}' already added or specified in input."
Understand common error messages when you manage virtual machines in Azure
If the issue still persist, remove the extension and Process password update through script:
$vmss = ""
$vmssResourceGroup = ""
$publicConfig = #{"UserName" = ""}
$privateConfig = #{"Password" = ""}
$extName = "VMAccessAgent"
$publisher = "Microsoft.Compute"
$vmss = Get-AzVmss -ResourceGroupName $vmssResourceGroup
-VMScaleSetName $vmssName
$vmss = Add-AzVmssExtension -VirtualMachineScaleSet $vmss -Name
$extName -Publisher $publisher -Setting $publicConfig
-ProtectedSetting $privateConfig -Type $extName -TypeHandlerVersion "2.0" -AutoUpgradeMinorVersion $true
Update-AzVmss -ResourceGroupName $vmssResourceGroup -Name $vmssName
-VirtualMachineScaleSet $vmss
I was unable to remove the extension using any PowerShell commands. Ultimately I just deleted it in the portal and then was able to set the extension.
Related
we have a problem with a Microsoft bot hosted in Azure.
As long as we haven't resolved it, we want to periodically restart it.
We found 3 sets of powershell commands and spent the full day on it without making it work.
Solution 1:
we found the cmdlets : Get-AzCloudService Restart-AzCloudService.
We didn't understand from the documentation what module to install.
It returns : The term 'Restart-AzCloudService' is not recognized as the name of a cmdlet.
They talk about an obscure "extended support" to have access to it.
Solution 2:
We are able to list the cloud service using:
Connect-AzAccount
get-azresource -name $serviceName -resourcetype
"Microsoft.BotService/botServices"
But we do not find the cmdlet to restart the resource.
Solution 3:
Reset-AzureRoleInstance -serviceName $serviceName -Slot "production" -InstanceName $serviceName
Error : No default subscription has been designated. Use Select-AzureSubscription -Default
We are using MFA. Login-AzureRmAccount systematically fails , evenly saying that our account is disabled.
We did no manager to run the sequence:
Login-AzureRmAccount
Select-AzureSubscription -Default
Reset-AzureRoleInstance -serviceName $serviceName -Slot "production" -InstanceName $serviceName
The idea is to run this script twice a day, either from a VM or from an Azure Runbook.
We managed to run this code using an automation Account but we are still missing the last command that would restart the bot (that we consider a cloud service).
Param()
$automationAccount = "xxx"
$resourceGroup = "xxx"
$serviceName = "xxx"
$subscriptionname ="xxx"
$subscriptionid ="xxx"
# Ensures you do not inherit an AzContext in your runbook
Disable-AzContextAutosave -Scope Process | Out-Null
# Connect using a Managed Service Identity
try {
$AzureContext = (Connect-AzAccount -Identity).context
}
catch{
Write-Output "There is no system-assigned user identity. Aborting.";
exit
}
#Set-AzureSubscription -SubscriptionId $subscriptionid
$AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription `
-DefaultProfile $AzureContext
get-azresource -name $serviceName -resourcetype "Microsoft.BotService/botServices"
I have a linux Cent OS vm and am trying to add a custom script to it. If i do it manually from the portal i am able to install the custom script extension for linux. But i am not able to install the custom script via powershell code that i added below. Need some help on it. I am storing the custom script file in a storage account and calling it from there when installing the custom script extension on Linux.
Error i get is : Enable failed: processing file downloads failed: failed to download file[0]: failed to download file: unexpected status code: actual=404 expected=200
if($vmname.OSType -eq "Linux"){
$resourcegroup=$vmname.ResourceGroupName
$location=$vmname.Location
$vm=$vmname.Name
$TheURI = "https://storageaccount.blob.core.windows.net/container/cstmscript.sh"
$ScriptSettings = #{"fileUris" = #($TheURI); "commandToExecute" = "sh cstmscript.sh";}
Set-AzVMExtension -ResourceGroupName $resourcegroup -VMName $vm -Name "Custom Script" -Publisher "Microsoft.Azure.Extensions" -TypeHandlerVersion 2.0 -ExtensionType "CustomScript" -Location $location -Settings $ScriptSettings
}
Cant use Set-AzVMCustomScriptExtension as that's for only Windows VM's
Thanks Satya It did work Btw . I needed to add the access keys.
here is the code
if($vmname.OSType -eq "Linux"){
$resourcegroup=$vmname.ResourceGroupName
$location=$vmname.Location
$vm=$vmname.Name
$TheURI = "https://storage.blob.core.windows.net/container/cstmscript.sh"
$ScriptSettings = #{"fileUris" = #($TheURI); "commandToExecute" = " sh cstmscript.sh";}
$ProtectedSettings = #{"storageAccountName"="storage";"storageAccountKey" = ""};
Set-AzVMExtension -ResourceGroupName $resourcegroup -VMName $vm -Name "Custom Script" -Publisher "Microsoft.Azure.Extensions" -TypeHandlerVersion 2.0 -ExtensionType "CustomScript" -Location $location -Settings $ScriptSettings -ProtectedSettings $ProtectedSettings
}
I had tried hitting the above the url
https://storageaccount.blob.core.windows.net/container/cstmscript.sh
Which is more or less 404 error as encountered below :
Enable failed: processing file downloads failed: failed to download file[0]: failed to download file: unexpected status code: actual=404 expected=200
Looks like you re not able to access the cstmsscript.sh & encountering a 404 - you will have to host the file anonymously accessible or alternatively use means to grant access ( like SAS )
I am trying to add a SSL certificate secret to my Linux virtual machine in Azure. I am following this guide: https://learn.microsoft.com/en-us/powershell/module/az.compute/add-azvmsecret?view=azps-3.6.1
Now, according to the documentation, I need to perform this command from powershell:
Add-AzVMSecret -VM $VirtualMachine -SourceVaultId $SourceVaultId -CertificateStore $CertificateStore01 -CertificateUrl $CertificateUrl01
I have the following information:
$VirtualMachine
$SourceVaultId
$CertificateUrl01
However, I don't know the $CertificateStore01, which according to the documentation is the the 'name of a certificate store on the virtual machine.' I haven't been able to find this from my virtual machine, does anyone know how to get it?
I tried doing this as well:
$certURL=(Get-AzureKeyVaultSecret -VaultName $keyVaultName -Name $key).id
$vm=Get-AzureRmVM -ResourceGroupName $resourceGroup -Name $vmName
$vaultId=(Get-AzureRmKeyVault -ResourceGroupName $resourceGroup -VaultName $keyVaultName).ResourceId
$vm = Add-AzureRmVMSecret -VM $vm -SourceVaultId $vaultId -CertificateStore "/etc/ssl/certs" -CertificateUrl $certURL
Update-AzureRmVM -ResourceGroupName $resourceGroup -VM $vm
but ended up with this error:
Update-AzVM: Parameter 'certificateStore' is not allowed.
ErrorCode: InvalidParameter
ErrorMessage: Parameter 'certificateStore' is not allowed.
ErrorTarget: certificateStore
StatusCode: 400
ReasonPhrase: Bad Request
EDIT: According to the official doc, Certificate Store parameter is only required for Windows VMs:
Specifies the name of a certificate store on the virtual machine that
runs the Windows operating system. This cmdlet adds the certificate to
the store that this parameter specifies. You can only specify this
parameter for virtual machines that run the Windows operating system.
https://learn.microsoft.com/en-us/powershell/module/az.compute/add-azvmsecret?view=azps-3.6.1#parameters
i'm looking for a powershell way to disconnect a virtual machine from an OMS workspace.
I wrote a powershell script to move a VM to an other subscription. So i have to re-connect this VM from 'source workspace' to 'destination workspace'.
Just removing OMS extension show me the virtual machine as "Not connected" into Azure portal "Log Analytics workspace >Workspace Data Sources>Virtual machines".
This cmdlet should do the tricks (the doc is not really clear), but i always have the same message
remove-AzureRmOperationalInsightsDataSource -Workspace $OmsWkspceITS -Name CentosMove
Confirm
Are you sure you want to remove data source 'CentosMove' in workspace 'itsoms'?
[Y] Yes [N] No [S] Suspend [?] Help (default is "Yes"): yes
WARNING: DataSource 'CentosMove' does not exist in workspace 'itsoms'.
(CentosMove is my VM name).
Our ITSOMS workspace is used for years now with hundred of VM, many solutions, NSG logflows analytics,..
$OmsWkspceITS
Name : itsoms
ResourceGroupName : rg_its_exploit
ResourceId : /subscriptions/blablabla/resourcegroups/blabla/providers/microsoft.operationalinsights/workspaces/itsoms
Location : westeurope
Tags :
Sku : standalone
CustomerId : xx
PortalUrl : https://weu.mms.microsoft.com/Accou...
ProvisioningState : Succeeded
The only Datasources i can get with this cmdlet are those like this one
Get-AzureRmOperationalInsightsDataSource -WorkspaceName $OmsWkspceITS.Name -ResourceGroupName $OmsWkspceITS.ResourceGroupName -Name DataSource_LinuxSyslog_syslog
Name : DataSource_LinuxSyslog_syslog
ResourceGroupName : rg_its_exploit
WorkspaceName : itsoms
ResourceId : /subscriptions/xx/resourceGroups/rg_its_exploit/providers/Microsoft.OperationalInsights/workspaces/itsoms/datasources/DataSource_LinuxSyslog_syslog
Kind : LinuxSyslog
Properties : {"syslogName":"syslog".....}
I'm maybe not looking at the right cmdlet i think ...
Thanks for your help :)
To accomplish your requirement use cmdlets Remove-AzureRmVMExtension and Set-AzureRmVMExtension.
For illustration check below commands.
To disconnect Linux VM agent:
Remove-AzureRmVMExtension -ResourceGroupName RESOURCEGROUPNAME -VMName VMNAME -Name ‘OmsAgentForLinux’
To disconnect Windows VM agent:
Remove-AzureRmVMExtension -ResourceGroupName RESOURCEGROUPNAME -VMName VMNAME -Name ‘MicrosoftMonitoringAgent’
To connect Linux VM agent to a Log Analytics workspace:
$WorkspaceID = "xxxxxxxxxxxxxxxxxxxxxxxxx"
$WorkspaceKey = "xxxxxxxxxxxxxxxxxxxxxxxx"
Set-AzureRmVMExtension -ResourceGroupName RESOURCEGROUPNAME -VMName VMNAME -Name ‘OmsAgentForLinux’ -Publisher ‘Microsoft.EnterpriseCloud.Monitoring’ -ExtensionType ‘OmsAgentForLinux’ -TypeHandlerVersion ‘1.0’ -Location 'LOCATION' -SettingString "{‘workspaceId’: ‘$WorkspaceID’}" -ProtectedSettingString "{‘workspaceKey’: ‘$WorkspaceKey’}"
To connect Windows VM agent to a Log Analytics workspace:
$WorkspaceID = "xxxxxxxxxxxxxxxxxxxxxxxxx"
$WorkspaceKey = "xxxxxxxxxxxxxxxxxxxxxxxx"
Set-AzureRmVMExtension -ResourceGroupName RESOURCEGROUPNAME -VMName VMNAME -Name ‘MicrosoftMonitoringAgent’ -Publisher ‘Microsoft.EnterpriseCloud.Monitoring’ -ExtensionType ‘MicrosoftMonitoringAgent’ -TypeHandlerVersion ‘1.0’ -Location 'LOCATION' -SettingString "{‘workspaceId’: ‘$WorkspaceID’}" -ProtectedSettingString "{‘workspaceKey’: ‘$WorkspaceKey’}"
Hope this helps!! Cheers!! :)
Lightly related to How to add an SSL certificate to an azure website using powershell?
I am trying to add a certificate to an Azure RM website via Powershell.
I don't think there is a direct Azure Powershell command, and it will need to be done via New-AzureRmResource
In the latest release of Azure PowerShell v 1.1.0, there is a number of new commands to handle SSL certificates in Azure Web Apps
You can upload the certificate and bind it to hostname using
New-AzureRmWebAppSSLBinding -ResourceGroupName myresourcegroup -WebAppName mytestapp -CertificateFilePath PathToPfxFile -CertificatePassword PlainTextPwd -Name www.contoso.com
And then remove the binding but without removing the certificate, the app should be able to use it after you add a app setting referencing that cert (this should be done using the portal - the PowerShell command to do so will come soon - No ETA for now)
Remove-AzureRmWebAppSSLBinding -ResourceGroupName myresourcegroup -WebAppName mytestapp -Name www.contoso.com -DeleteCertificate $false
Looking through the ARM Template the "Microsoft.Web/certificates" template takes a pfxblob and a password.
It seems the easiest way of obtaining a pfxblob is via New-AzureRmApplicationGatewaySslCertificate (thanks to #vigneshaj for the pointer) reading the source, it seems that this is simply a local conversation cmdlet. So it doesn't matter that it is for an application gateway, all we need is the data it passes back.
$pfx = New-AzureRmApplicationGatewaySslCertificate -Name example `
-CertificateFile E:\PS\example.pfx `
-Password "bananas"
Once we have that data, we can simply plug it into New-AzureRmResource and it will create our certificate on Azure.
The small problem with this, is that if you're a cheapskate (like me) and you've obtained a free cert from that Chinese CA that gives sha256 certs, this process will strip off the certificate that signs pages with sha256, and so it falls back to TLS 1.2, which gives errors (on Chrome at least)
$ResourceLocation = "West Europe"
$ResourceName = "Newcertificate"
$PropertiesObject = #{
pfxBlob = $pfx.Data
password = $pfx.Password
}
New-AzureRmResource -Name $ResourceName -Location $ResourceLocation `
-PropertyObject $PropertiesObject `
-ResourceGroupName examplecomRG `
-ResourceType Microsoft.Web/certificates `
-ApiVersion 2015-08-01 -Force
The next job from there is configuring your Web App to use that cert. Because these properties are child objects of the hostNameSslStates array I created an inner hash table, and then attached that. I'm sure there's a more elegant way, but this worked!
$ResourceName = "ConfuseioWebapp"
$InnerPropertiesObject = #{
name = "www.example.com"
sslState = 1
thumbprint = "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"
}
$PropertiesObject = #{
"hostNameSslStates" = [Object[]]$InnerPropertiesObject
}
New-AzureRmResource -Name $ResourceName `
-Location $ResourceLocation `
-PropertyObject $PropertiesObject `
-ResourceGroupName examplecomRG `
-ResourceType Microsoft.Web/sites `
-ApiVersion 2015-08-01 -Force
And that is pretty much it.
I came across the below article, which configures SSL through powershell, by creating Azure Application Gateway
https://azure.microsoft.com/en-us/documentation/articles/application-gateway-ssl/