I am trying to connect to ServiceFabricCluster using "Connect-ServiceFabricCluster" but keep getting
Connect-ServiceFabricCluster : An error occurred during this operation. Please check the trace logs for more details
The command I am using is:
Connect-ServiceFabricCluster -ConnectionEndpoint $endpoint `
-X509Credential `
-ServerCertThumbprint $serverThumbprint `
-FindType FindByThumbprint -FindValue $serverThumbprint `
-StoreLocation CurrentUser -StoreName My
for the value $serverThumbprint I am using the thumbprint on the Azure portal for the cert in question (see below)
I have also downloaded the .cer from Azure and installed it on my machine.
For the endpoint, I am using the "Client connection endpoint" supplied in the overview blade of the cluster.
I have also downloaded the .cer from Azure and installed it on my
machine.
That's the point, instead of .cer you had to download .PFX containing both private and public key, and then install it to both Personal and Trusted Root directories of the Current User.
Then, in the publish profile of your app you need to specify the following section:
<ClusterConnectionParameters
ConnectionEndpoint="XXX.westeurope.cloudapp.azure.com:19000"
X509Credential="true"
FindType="FindByThumbprint"
FindValue="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
ServerCertThumbprint="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
StoreLocation="CurrentUser"
StoreName="My" />
FindValue and ServerCertThumbprint are the same.
Related
I am creating azure function connecting to to execute PnP commands. I have created certificate as mentioned in the docs. I am always getting Cannot find certificate with this thumbprint in the certificate store.Exception :Type
Why this error is happening? Any settings need to be modified?
Regarding the issue, please refer to the following steps
Create the self signed certificate
New-PnPAzureCertificate -OutPfx pnp.pfx -OutCert pnp.cer
Create Azure AD application
Configure permissions
Office 365 SharePoint Online (Application Permission)
Sites.FullControl.All
TermStore.ReadWrite.All
User.ReadWriteAll
Upload your client certificate(cer file) to the AD application
Create Function
Upload your pfx file to Azure function
az webapp config ssl upload --certificate-file "e:\cert\pnp.pfx" --name "<function app name>" --resource-group "" --certificate-password "" --query thumbprint --output tsv
Configure Function to allow the function to read the certificate
az functionapp config appsettings set --name <app-name> --resource-group <resource-group-name> --settings WEBSITE_LOAD_CERTIFICATES=<comma-separated-certificate-thumbprints>
8 function code
Connect-PnPOnline -Tenant <>.onmicrosoft.com -ClientId <the appid of the ad application> -Thumbprint <comma-separated-certificate-thumbprints> -Url https://<>.sharepoint.com
I am trying to setup my first Azure point-to-site VPN. If I'm reading things correctly, the URL I get from this PowerShell code:
$profile = New-AzVpnClientConfiguration -ResourceGroupName $ResourceGroup -Name $GWName -AuthenticationMethod "EapTls"
$profile.VPNProfileSASUrl
should download an executable called VpnClientSetupAMD64.exe that will be in the WindowsAmd64 folder of the downloaded zip file. That executable should do the setup on the native Win 10 1909 client.
The zip file I get doesn't have any executable in it and doesn't have that directory in it. I only get the XML and OVPN files with the config data for the VPN client.
I also tried using the Download VPN Client selection in the GUI Azure portal on the VnetGW/point-to-site page and I get the identical zip file - still no setup exe.
I looked for a way to either directly download the VpnClientSetupAMD64.exe file or to specify the azurevpnconfig.xml file that I do get as a parameter to setup the VPN client but I see nothing applicable.
I understand that I can manually configure the VPN client using the info I have but that doesn't scale.
Can someone give me any pointers?
I had the same issue trying to setup Azure P2S VPN today, the downloaded VPN client is just a configuration file.
Did a bit research and found the solution: https://learn.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-client
Open Windows store, and install a app "Azure VPN Client". Then you can run Azure VPN Client and import the configuration file.
Be default, the Tunnel type is OpenVPN(SSL) in the Point-to-site configuration UI. Before you generate files using PowerShell, you should select the VpnClientProtocol to SSTP and IKEv2, or one of them because they are used for Windows clients. So you will get the VpnClientSetupAMD64.exe file. You could get more details here.
You also could refer to create a VPN Gateway and add point-to-site configuration using PowerShell.
New-AzVirtualNetworkGateway -Name VNet1GW -ResourceGroupName TestRG1 `
-Location 'East US' -IpConfigurations $gwipconfig -GatewayType Vpn `
-VpnType RouteBased -GatewaySku VpnGw1 -VpnClientProtocol "IKEv2"
# Add the VPN client address pool
$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName $RG -Name $GWName
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -VpnClientAddressPool $VPNClientAddressPool
# Create a self-signed root certificate
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=P2SRootCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
# Export the root certificate to "C:\cert\P2SRootCert.cer"
# Upload the root certificate public key information
$P2SRootCertName = "P2SRootCert.cer"
$filePathForCert = "C:\cert\P2SRootCert.cer"
$cert = new-object System.Security.Cryptography.X509Certificates.X509Certificate2($filePathForCert)
$CertBase64 = [system.convert]::ToBase64String($cert.RawData)
$p2srootcert = New-AzVpnClientRootCertificate -Name $P2SRootCertName -PublicCertData $CertBase64
Add-AzVpnClientRootCertificate -VpnClientRootCertificateName $P2SRootCertName `
-VirtualNetworkGatewayname "VNet1GW" `
-ResourceGroupName "TestRG1" -PublicCertData $CertBase64
My AD application certificate expired and I have put a new one in and deleted all the old expired ones, however when I go to the application it still shows it as expired
You could follow the steps below to create a new certificate credential for your AD App.
1.Run the PowerShell command in local, change the -FilePath to what you want.
$cert=New-SelfSignedCertificate -Subject "CN=TodoListDaemonWithCert" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature
Export-Certificate -Cert $cert -FilePath C:\Users\joyw\Desktop\user1234.cer
2.Navigate to the Azure Active Directory in the portal -> your AD App -> Certificates & secrets -> Upload certificate.
Or if you don't want to upload the certificate manually, you could use the powrshell script as below, after running the script, refresh the portal, you will find it works fine. Make sure you install the Az module.
Connect-AzAccount
$cert=New-SelfSignedCertificate -Subject "CN=TodoListDaemonWithCert" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature
$binCert = $cert.GetRawCertData()
$credValue = [System.Convert]::ToBase64String($binCert)
New-AzADAppCredential -ApplicationId <application-id of the AD App> -CertValue $credValue -StartDate $cert.NotBefore -EndDate $cert.NotAfter
I'm trying to register Windows client machine to a Azure Recovery Services Vault with a powershell script.
I'm having this error:
WARNING: Vault credentials validation failed.
Start-OBRegistration : Vault credentials file provided has expired. We recommend you download a new vault credentials file from the portal and use it within 2 days.
These are my commands:
$cert = New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname aly20-srv.xxx.onmicrosoft.com -NotAfter (Get-Date).AddHours(8)
$certificate =[System.Convert]::ToBase64String($cert.RawData)
$Vault1 = Get-AzRecoveryServicesVault –Name "rsvault-staging"
$CredsPath = "C:\temp"
$CredsFilename = Get-AzRecoveryServicesVaultSettingsFile -Backup -Vault $Vault1 -Path $CredsPath -Certificate $certificate
Import-Module -Name 'C:\Program Files\Microsoft Azure Recovery Services Agent\bin\Modules\MSOnlineBackup'
Start-OBRegistration -VaultCredentials $CredsFilename.FilePath -Confirm:$false
It seems that the vault credentials file created in "C:\temp" is not valid.
If I try to get it directly from azure portal and run "Start-OBRegistration" command it works.
What's the problem? How can I solve?
Thank you.
It looks like you are using "-NotAfter (Get-Date).AddHours(8)"
This will make your certificate expire after 8 hours, the default is 1 year.
I am following this tutorial to deploy node.js application from my machine to windows azure:
https://www.windowsazure.com/en-us/develop/nodejs/tutorials/getting-started/
my command is as below:
Publish-AzureServiceProject -ServiceName socketlistener -Location "East US" -Launch
but I am getting the following error
Publishing to Windows Azure. This may take several minutes...
1:32:36 PM - Preparing runtime deployment for service 'socketlistener'
1:32:38 PM - Preparing deployment for socketlistener with Subscription ID: ***...
1:32:40 PM - Verifying storage account 'socketlistener'...
Publish-AzureService : Path for package doesn't exist in D:\dev\node\socketlistener\cloud_package.cspkg.
At line:1 char:21
Publish-AzureService <<<<
CategoryInfo : CloseError: (:) [Publish-AzureService], FileNotFoundException
What I am suspecting is that there is some issue with your application configuration (Service Definition or Service Configuration) which is causing problem in package creation. The error message also suggests the same problem. Based on Publish-AzureServiceProject command execution the next step is to create the package after verifying the storage account. And after the package creation, the next step is to connect service endpoint which you can verify in the same link above you are following in tutorial.
To verify that there is no issue with your machine or connection to Windows Azure application, try creating a new Node.js application, add new web/worker role and do not make any changes in configuration then try deploying. This will verify if there is any issue with your machine configuration (if any) or other issue:
New-AzureServiceProject your_node_project
Add-AzureNodeWebRole
Publish-AzureServiceProject -ServiceName socketlistener -Location "East US" -Launch