Creating "Microsoft SharePoint Foundation Subscription Service" in SharePoint 2016 Server by using Power-shell command but it stuck at below line and not responding.
$ServiceApplication = New-SPSubscriptionSettingsServiceApplication –ApplicationPool $AppPoolName –Name $ServiceAppName –DatabaseName $DatabaseName –DatabaseServer $DatabaseServer
When we check the status of Services in Central Admin > Manager Services its showing status "Starting".
While status showing as "Starting" we can see the Database is already created in DB server.
we are using SharePoint 2016 and want to create Apps for SharePoint. Next step is to configure App Management Service Application. Not sure if App Management and Subscription Services are depending on each other.
Can you try to delete the existing service application and create using below Powershell Script
In this please provide $accountName in the variable and share me the results
Powershell
===========================
$serviceTypeName = "Microsoft SharePoint Foundation Subscription Settings Service"
$accountName = "Account Name in the Format domain\user"
$appPool = "subs_pool"
$serviceName = "Subscription Settings Service"
$serviceDB = "Subscription_Settings_Service"
$service = Get-SPServiceInstance | where { $_.TypeName -eq $serviceTypeName }
Start-SPServiceInstance $service
Write-Host "Service instance started."
# Gets the name of the managed account and sets it to the variable $account for later use.
$account = Get-SPManagedAccount $accountName
$appPoolSubSvc = Get-SPServiceApplicationPool $appPool
if ($appPoolSubSvc -eq $null)
{
# Creates an application pool for the Subscription Settings service application.
# Uses a managed account as the security account for the application pool.
# Stores the application pool as a variable for later use.
$appPoolSubSvc = New-SPServiceApplicationPool -Name $appPool -Account $account
}
Write-Host "Have the application pool..."
# Creates the Subscription Settings service application, using the variable to associate it with the application pool that was created earlier.
# Stores the new service application as a variable for later use.
$appSubSvc = New-SPSubscriptionSettingsServiceApplication –ApplicationPool $appPoolSubSvc –Name $serviceName –DatabaseName $serviceDB
Write-Host "Service application created..."
# Creates a proxy for the Subscription Settings service application.
$proxySubSvc = New-SPSubscriptionSettingsServiceApplicationProxy –ServiceApplication $appSubSvc
Write-Host "Service application proxy created..."
Write-Host -ForegroundColor green "Done."
Related
I am able to get the complete list of appservice URLs like something.azurewebsites.net but nothing found on the web to list custom domains of all azure webapps. How can I get a list of custom domains for all azure webapps from Azure CLI?
To get the custom domains for all the web apps in the Subscription
$webApp = Get-AzWebApp
$hostName = $webApp.HostNames
# or get all enabled hostnames using $hostName = $webApp.enabledHostNames
Write-Host $hostName
To get the custom domains in the selected Resource Group
$webApp = Get-AzWebApp -ResourceGroupName YourResourceGroupName
$hostName = $webApp.HostNames
Write-Host $hostName
To get the custom domains for the selected web apps
$webApp = Get-AzWebApp -ResourceGroupName YourResourceGroupName -Name WebAppName
$hostName = $webApp.HostNames
Write-Host $hostName
I want to lock down access to the kudu tools e.g. https://.scm.azurewebsites.net/DebugConsole to a set of ip addresses that azure devops uses.
I have gone into AzureDevops -> Organisation settings -> Overview and see that my organisation's Azure Devops is held in e.g. West Europe
I have downloaded the list of ip addresses of azure data centers from here: https://www.microsoft.com/en-nz/download/details.aspx?id=41653
I have gone onto App Service -> Networking blade -> Configure Access restrictions and uploaded the list of ip addresses of e.g. West Europe for .scm.azurewebsites.net.
My understanding is that AzureDevops agents operate from the region specified in organisation settings so if I put in those IP addresses they should be able to acccess the kudu tools fine but instead I get the following error:
Failed to deploy web package to App Service.
Error Code: ERROR_COULD_NOT_CONNECT_TO_REMOTESVC
More Information: Could not connect to the remote computer ("<myappservice>.scm.azurewebsites.net") using the specified process ("Web Management Service") because the server did not respond. Make sure that the process ("Web Management Service") is started on the remote computer. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_COULD_NOT_CONNECT_TO_REMOTESVC.
Error: The remote server returned an error: (403) Forbidden.
If I remove the ip addresses it deploys with no problems. How do I limit deployment access to Azure Devops
as the comment by Daniel Mann suggests - you should use Azure RBAC to limit what Azure Devops service principal can do in Azure. If you only allow it to manage specific App Service - it will be able to do only that.
https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
I found a workaround for this by simply having a pre-deploy step which disables the ip address restrictions for deployments to .scm.azurewebsites.net and then immediately enables them afterwards. Predeploy step:
Write-Host ("Removing IP Address restrictions from scm site")
$apiVersion = ((Get-AzureRmResourceProvider -ProviderNamespace Microsoft.Web).ResourceTypes | Where-Object ResourceTypeName -eq sites).apiVersions[0]
$webAppConfig = (Get-AzureRmResource -ResourceType Microsoft.Web/sites/config -ResourceName $webSiteName -ResourceGroupName $resourceGroupName -apiVersion $apiVersion)
$webAppConfig.Properties.scmIpSecurityRestrictions = #()
Set-AzureRmResource -ResourceId $webAppConfig.ResourceId -Properties $webAppConfig.Properties -apiVersion $apiVersion -Force
Write-Host ("Removed IP Address restrictions from scm site")
PostDeploy step:
Write-Host ("Cloudflare firewall enabled - Starting IP Address restrictions")
function AddRules($rulesToAdd) {
$rules = #()
foreach ($ruleToAdd in $rulesToAdd)
{
$rule = [PSCustomObject] #{
ipAddress = $ruleToAdd.ipAddress;
action = $ruleToAdd.action;
priority = $ruleToAdd.priority;
name = $ruleToAdd.name;
description = $ruleToAdd.description
}
$rules += $rule
}
return $rules
}
# Access to the main site should only be allowed through cloudflare
[PSCustomObject] $websiteRulesToAdd =
#{ipAddress="173.245.48.0/20";action="Allow";priority="100";name="CF01";description="CloudFlare Ip Address"},`
# etc
# Access to the development site should be locked down to developers (NB: These rules are temporarily disabled on deployment)
[PSCustomObject] $scmRulesToAdd =
#{ipAddress="X.X.X.X/32";action="Allow";priority="100";name="developer1";description="Developer IP Address"}
# etc
$apiVersion = ((Get-AzureRmResourceProvider -ProviderNamespace Microsoft.Web).ResourceTypes | Where-Object ResourceTypeName -eq sites).apiVersions[0]
$webAppConfig = (Get-AzureRmResource -ResourceType Microsoft.Web/sites/config -ResourceName $webSiteName -ResourceGroupName $resourceGroupName -apiVersion $apiVersion)
Write-Host ("Writing IP Address restrictions")
$webAppConfig.Properties.ipSecurityRestrictions = AddRules -rulesToAdd $websiteRulesToAdd
$webAppConfig.Properties.scmIpSecurityRestrictions = AddRules -rulesToAdd $scmRulesToAdd
Set-AzureRmResource -ResourceId $webAppConfig.ResourceId -Properties $webAppConfig.Properties -apiVersion $apiVersion -Force
Write-Host ("Completed IP Address restrictions")
This is run by AzureDevops as part of the deployment so access is controlled. I hope this is useful to someone
I need to stop all my vm's in azure portal when my balance is 0$ How can i do it? maybe some script?
Unfortunately you can't do that with script for now... The balance (or billing) is not exposed via the Azure REST API (or Azure PowerShell).
For shutdown, we use a RUNBOOK with the follow code inside.
We run this everyday at 8PM. (You could trigger this from another alert http://www.matthewjbailey.com/create-azure-billing-alert-email/)
workflow ShutDown-AllVMs {
param (
[parameter(Mandatory=$true)]
[String] $VMCredentialName = "ourcred#xyz.com"
)
$Credential = Get-AutomationPSCredential -Name $VMCredentialName
if ($Credential -eq $null) {
throw "Could not retrieve '$VMCredentialName' credential asset. Check that you created this asset in the Automation service."
}
Add-AzureAccount -Credential $Credential
Select-AzureSubscription BizSpark
InlineScript {
Get-azurevm | ? { $_.Status -ne "StoppedDeallocated"} | Stop-AzureVM -Force
}
}
For alerts
Setup the alert
http://www.matthewjbailey.com/create-azure-billing-alert-email/
Monitor the alert
http://blogs.technet.com/b/keithmayer/archive/2014/11/08/scripts-to-tools-automate-monitoring-alert-rules-in-microsoft-azure-with-powershell-and-the-azure-service-management-rest-api.aspx
I have not tried all this together, so you may have a 2+2=5 issue :) but have a read of the blogs and you may find that you get 4 :)
When I add an endpoint to Traffic Manager only websites and cloud services are available to choose. Can I combine API Management services with Traffic Manager?
Yes, external endpoints can be added to an Azure Traffic Manager profile, beyond Azure Websites and Azure Cloud Services. You will need to use the Azure PowerShell module to set the custom endpoints.
Install the Azure PowerShell module: https://github.com/azure/azure-powershell/releases
Run the script below (replace $Username variable with your own account name)
https://azure.microsoft.com/en-us/documentation/articles/traffic-manager-overview/
### Authenticate to Azure from PowerShell
$Username = 'posh#trevorsullivan.net';
$AzureCredential = Get-Credential -Credential $Username;
Add-AzureAccount -Credential $AzureCredential;
### Select the appropriate Azure subscription, if you have multiple
Select-AzureSubscription -SubscriptionName 'Visual Studio Ultimate with MSDN';
### Retrieve the Traffic Manager profile (if already created)
$TrafficManagerProfile = Get-AzureTrafficManagerProfile -Name trevor;
### Add custom endpoints to the Traffic Manager Profile
Add-AzureTrafficManagerEndpoint -TrafficManagerProfile $TrafficManagerProfile -DomainName www.microsoft.com -Type Any -Status Enabled;
Add-AzureTrafficManagerEndpoint -TrafficManagerProfile $TrafficManagerProfile -DomainName trevorsullivan.net -Type Any -Status Enabled;
### Commit the changes to your Azure Traffic Manager Profile
Set-AzureTrafficManagerProfile -TrafficManagerProfile $TrafficManagerProfile;
It doesn't quite match the code above, but here's a screenshot of what my Traffic Manger profile named "Trevor" looks like, along with its two endpoints.
I have a PaaS VM role that need to be restart using Azure Management libraries. I tried following codes but failed with "BadRequest: The operation is not supported on a role of type MyPaaSVmName". But I successfully restarted IaaS VM using below Method1.
Is it possible to restart a PaaS VM role using Azure Management Libraries?
if not, is there any other way to achieve it using c#.
1.
ComputeManagementClient client = new ComputeManagementClient(cloudCredentials);
client.VirtualMachines.Restart(hostedServiceName, deploymentName, vmName);
2.
ComputeManagementClient client = new ComputeManagementClient(cloudCredentials);
VirtualMachineOperationsExtensions.Restart(client.VirtualMachines, hostserviceName, deploymentName, vmName);
Thank you.
Found the issue,
Method1 should be like this as I am restarting a Role Instance. Method2 is wrong.
client.Deployments.RebootRoleInstanceByDeploymentName(hostserviceName, deploymentName, roleName);
Here's how you can do it using Azure Powershell:
ReSet-AzureRoleInstance -ServiceName "MySvc1" -Slot Staging -InstanceName "MyWebRole_IN_0" –reboot
https://msdn.microsoft.com/en-us/library/azure/dn495202.aspx
And here's a snippet from an Azure Automation Runbook which can reboot all cloud service's instances, per update domain (so you have no downtime):
https://gallery.technet.microsoft.com/Reboot-Cloud-Service-PaaS-b337a06d
$roleInstances = Get-AzureRole -ServiceName $cloudServiceName -Slot Production -InstanceDetails
Write-Output "Retrieved all role instances for cloud service: $cloudServiceName. Number of instances: " + $roleInstances.Count
# Group instances per update domain
$roleInstanceGroups = $roleInstances | Group-Object -AsHashTable -AsString -Property InstanceUpgradeDomain
Write-Output "Number of update domains found: " + $roleInstanceGroups.Keys.Count
# Visit each update domain
foreach ($key in $roleInstanceGroups.Keys)
{
$count = $perDomainInstances.Count;
Write-Output "Rebooting $count instances in domain $key"
$perDomainInstances = $roleInstanceGroups.Get_Item($key)
foreach -parallel($instance in $perDomainInstances)
{
$instanceName = $instance.InstanceName
Write-Output "Rebooting instance $instanceName"
Reset-AzureRoleInstance -ServiceName $cloudServiceName -Slot Production -InstanceName $instanceName -Reboot -ErrorAction Stop
}
}