Not able to create Point to Site connection with Virtual WAN - azure-vpn

I've following the steps in the article mentioned below, however, the section where it describes how to Create a P2S configuration can't be followed because I don't see an option for Add point-to-site config under the Virtual WAN architecture. Each service is listed as Registered. My VWANs previously existed prior to enabling the point to site configuration and I've even created a brand new VWAN but do not see the option to add a P2S configuration on any of them. Any ideas?
https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-point-to-site-portal
PS C:\WINDOWS\system32> Get-AzureRmProviderFeature -ProviderNamespace Microsoft.Network -FeatureName AllowP2SCortexAccess
FeatureName ProviderName RegistrationState
----------- ------------ -----------------
AllowP2SCortexAccess Microsoft.Network Registered
PS C:\WINDOWS\system32> Get-AzureRmProviderFeature -ProviderNamespace Microsoft.Network -FeatureName AllowVnetGatewayOpenVpnProtocol
FeatureName ProviderName RegistrationState
----------- ------------ -----------------
AllowVnetGatewayOpenVpnProtocol Microsoft.Network Registered
PS C:\WINDOWS\system32> Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Network
ProviderNamespace : Microsoft.Network
RegistrationState : Registered
ResourceTypes : {virtualNetworks, publicIPAddresses, networkInterfaces, interfaceEndpoints...}
Locations : {West US, East US, North Europe, West Europe...}

Currently, creating a point-to-site connection using Azure Virtual WAN is Preview version. You need to navigate to the Azure portal (Preview) and sign in with your Azure account. You will see it.
Besides, there is an important NOTE:
This public preview is provided without a service level agreement and
should not be used for production workloads. Certain features may not
be supported, may have constrained capabilities, or may not be
available in all Azure locations. See the Supplemental Terms of Use for Microsoft Azure Previews for details.

Related

Azure Recovery Vault backup configuration missing the Cross Region Restore option?

My recovery vault is in the West US 2 region, and I cannot see the option to enable a Cross region restore as seen in the Azure documentation here.
Screenshot from documentation shows this option:
My Azure UI:
Question: Why is this feature not available to be enabled for me? The documentation doesn't have any details about the eligibility for support.
Have you registered this feature?
Before you begin, you must register it through PowerShell. Also keep in mind it is a preview feature (have a look at this page).
Register-AzProviderFeature -FeatureName CrossRegionRestore -ProviderNamespace Microsoft.RecoveryServices
FeatureName ProviderName RegistrationState
----------- ------------ -----------------
CrossRegionRestore Microsoft.RecoveryServices Registering
It might take up to 48 hours, you can check status.
Get-AzProviderFeature -FeatureName CrossRegionRestore -ProviderNamespace Microsoft.RecoveryServices
FeatureName ProviderName RegistrationState
----------- ------------ -----------------
CrossRegionRestore Microsoft.RecoveryServices Registered

How to create Azure site specify resource group using azure-cli

With this reference, https://learn.microsoft.com/en-us/bot-framework/deploy-bot-local-git
I executed command as follows.
$ azure site create --git my-app-name
Then, an error message appeared.
info: Executing command site create
error: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.
error: Error information has been recorded to C:\Users\yokoyamt\.azure\azure.err
error: site create command failed
I've tried in another azure account, which I have "power-user", then
A new Resource group was created and the app service was deployed in it.
But in this time, I haven't enough role to create new resource group.
So I guessed If I had specify resource group when I create app via azure-cli.
Can anyone put some light on this?
> az account list --output table
Name CloudName SubscriptionId State IsDefault
-------- ----------- ------------------------------------ ------- -----------
従量課金 AzureCloud my-subscription-id Enabled True
azure site is a classic(asm) mode resource, azure web is a arm mode resource. You should give your account co-admin permission in classic Portal. New Portal does not work on it. Please refer to this question.
According to your description, you want to deploy a web app on Azure. You could use Azure CLI 2.0 to do this. Please refer to this link.

Is virtual network peering across azure tenants possible?

I'm trying to use the new Azure Virtual Network public preview of the peering feature to join two networks I have on two different subscriptions, i.e. different tenants. Is this possible, I've not seen anything to say otherwise, but when I try to peer them in PowerShell I get the following error.
The client has permission to perform action
'Microsoft.Network/virtualNetworks/peer/action' on scope
'/subscriptions/{Guid2}/resourceGroups/Default-Sydney/providers
/Microsoft.Network/virtualNetworks/SYDVN/virtualNetworkPeerings/LinkToSYDVN', however the linked subscription '{Guid1}'
is not in current tenant '{Guid3}'.
Full error and command
PS C:\Windows\system32> Add-AzureRmVirtualNetworkPeering -name LinkToSYDVN -VirtualNetwork $SYDVN -RemoteVirtualNetworkId "/subscriptions/{Guid1}/resourceGroups/Default-Sydney/providers/Microsoft.Network/virtualNetworks/SYDVN1" -BlockVirtualNetworkAccess
WARNING: The output object type of this cmdlet will be modified in a future release.
Add-AzureRmVirtualNetworkPeering : The client has permission to perform action 'Microsoft.Network/virtualNetworks/peer/action' on scope '/s
ubscriptions/{Guid2}/resourceGroups/Default-Sydney/providers/Microsoft.Network/virtualNetworks/SYDVN/virtualNe
tworkPeerings/LinkToSYDVN', however the linked subscription '{Guid1}' is not in current tenant
'{Guid3}'.
StatusCode: 403
ReasonPhrase: Forbidden
OperationID : '{Guid4}'
At line:1 char:1
+ Add-AzureRmVirtualNetworkPeering -name LinkToSYDVN -VirtualNetwork $S ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Add-AzureRmVirtualNetworkPeering], NetworkCloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Network.AddAzureVirtualNetworkPeeringCommand
Any help will be much appreciated.
UPDATE
From a MS tech Loydon
"VNet peering relies on ARM RBAC for authorization. However, ARM RBAC does not support cross tenant linked access checks. So Both subscriptions must belong to the same Azure Active Directory tenant. Therefore currently VNet peering is limited to customer’s subscriptions in the same Azure Active Directory domain. This gives them the same Tenant stamp which allows the peering to occur. We offer No support for linking VNETs across subscriptions in different AAD tenants."
https://social.msdn.microsoft.com/Forums/en-US/824aaf76-71df-4235-9190-5816976dbd30/is-virtual-network-peering-across-azure-tenants-possible?forum=WAVirtualMachinesVirtualNetwork
This is now supported; from the Azure virtual network peering documentation, requirements section:
The virtual networks can be in the same, or different subscriptions. When you peer virtual networks in different subscriptions, both subscriptions can be associated to the same or different Azure Active Directory tenant.
You cannot use the portal.
We have enabled this. VNet Peering and Global VNet Peering is supported across Azure active directory tenants.
https://learn.microsoft.com/en-us/azure/virtual-network/create-peering-different-subscriptions#portal
https://azure.microsoft.com/en-us/updates/cross-aad-vnet-peering/
VNet peering across different tenants is now supported: https://azure.microsoft.com/en-us/updates/cross-aad-vnet-peering/
-- Anavi [MSFT]

Unable to find "ServiceName" on Azure Free Trial

I'm currently on an Azure free trial and trying to setup a reverse DNS PTR record.
I've logged in via certificate, downloaded the file using: Get-AzurePublishSettingsFile. I've also imported the file using Import-AzurePublishSettingsFile C:certs<SubscriptionName>-credentials.publishsettings.
However, when I run Get-AzureService | fl ServiceName I don't get any services listed.
When I try and run Set-AzureService –ServiceName "my hostname" –Description "Reverse DNS" –ReverseDnsFqdn "mail.my domain."
I get The hosted Service name does not exist.
Is there a limitation on the free trial that doesn't allow this to be set?
After Import... add
Select-AzureSubscription -SubscriptionName "nameofyoursubscription"
Just importing your subscription publish settings file does not select the subscription you need.
UPD: i was not able to reproduce the issue. Please try to execute:
$subscr = "subscriptionid"
$csname = "mytestcloudservice14"
Select-AzureSubscription -SubscriptionId $subscr –Current
New-AzureService -ServiceName $csname -Location "Central US" -Label "mytestcloudservice"
Set-AzureService –ServiceName $csname –Description "Reverse DNS" –ReverseDnsFqdn "mytestcloudservice14.cloudapp.net."
Get-AzureService -ServiceName $csname
I just created the trial account and tested it.
As the description of Get-AzureService says, it returns an object with information about the cloud services for the current subscription, which means, it's an operation on Azure cloud service only, Set-AzureService as well.
So if you didn't deploy any cloud services, Get-AzureService will definitely list nothing and if your "my hostname" is not cloud service, it's no wonder you get the error message The hosted service does not exist..
In addition, Reverse DNS is not supported for Azure Websites. Reverse DNS is supported for Azure PaaS roles and IaaS virtual machines.

Azure Virtual Machine Cannot Add Extensions

I have the latest version of the Azure Powershell installed (0.9.7). I have a new virtual machine that was created via the Preview Portal. It was created with the new Resource Group model.
I am trying to install a few extensions but I cannot figure out the correct Powershell commands. Most instructions say to use Get-AzureVM. This does not return my VMs. If I use Switch-AzureMode to AzureResourceManager, I can use Get-AzureVM to list my VM (v2 I assume).
It seems none of the Extension scripts are setup for Resource Manager mode. Most of the sample scripts say to use:
Get-AzureVM -ServiceName 'CLFeb19WS12R2A' -Name 'CLFeb19WS12R2A' | Set-AzureVMBGInfoExtension -Disable -ReferenceName 'BGInfo' | Update-AzureVM
I have tried all kinds of ways. The AzureVMBGInfoExtension cmdlet is not available in Resource Manager mode.
Any suggestions?
Create a VM
I created a new VM so that I could help you. I used portal.azure.com > New > Compute > Marketplace > Windows Server > Windows Server 2008 R2 SP1 and chose the Resource Manager deployment model.
Create an Active Directory User
Since we're using the Azure Resource Manager, I needed to create a new Active Directory user so that I could authenticate with Azure PowerShell. That is the only way that I could authenticate.
You can create one using the following steps.
Login to the Azure Portal, and select Active Directory.
If no directory exists, select Create your directory and provide the requested information.
Select your directory and add a new user. This new user is a work or school account.
During the creation of the user, you will be supplied with both an e-mail address for the user and a temporary password. Save this information as it is needed later.
From the Azure portal, select Settings and then select Administrators. Select Add, and add the new user as a co-administrator. This allows the work or school account to manage your Azure subscription.
Finally, log out of the Azure portal and then log back in using the new work or school account. If this is the first time logging in with this account, you will be prompted to change the password.
Make sure you see your subscriptions when you log in as the work or school account.
Oddly enough, Azure Resource Manager seems to work best (or only to work) with if we authenticate with one of those types of accounts.
Install the Most Recent Azure PowerShell Module
Since we need access to the Extension related commandlets, I installed the most recent version of Azure PowerShell. The link shows how to install it via the Web Platform Installer. Once done, you can find out whether you have the correct one by running this:
> (Get-Module azureresourcemanager).Version
Major Minor Build Revision
----- ----- ----- --------
0 9 7 -1
When we run the following, look at all the Extension related commandlets. Hooray!
> Switch-AzureMode -Name AzureResourceManager
> Get-Command *extension* -Module AzureResourceManager
Get-AzureVMAccessExtension
Get-AzureVMCustomScriptExtension
Get-AzureVMDiagnosticsExtension
Get-AzureVMDscExtension
Get-AzureVMExtension
Get-AzureVMExtensionImage
Get-AzureVMExtensionImageType
Remove-AzureVMAccessExtension
Remove-AzureVMCustomScriptExtension
Remove-AzureVMDiagnosticsExtension
Remove-AzureVMDscExtension
Remove-AzureVMExtension
Set-AzureVMAccessExtension
Set-AzureVMCustomScriptExtension
Set-AzureVMDiagnosticsExtension
Set-AzureVMDscExtension
Set-AzureVMExtension
We have access to these while being in Resource Manager mode. To learn how to use each of them, run Get-Help Set-AzureVMAccessExtension -example on each one that is of interest. Then play around with the example.
Authenticate Azure PowerShell & Set the Extensions for Your VM
When authenticating via Add-AzureAccount, use the Active Directory user that we created. Then you can query your virtual machines.
> Add-AzureAccount
> Get-AzureResource -ResourceType Microsoft.Compute/virtualMachines
Once you know the details of your VM, you can add an extensions. Here is one example that worked for me.
> Set-AzureVMAccessExtension -ResourceGroupName "mvp1" -Location "West US" -VMName "mvp1" -Name "mvp1test" -TypeHandlerVersion "2.0" -UserName "shaunluttin" -Password "Password
EndTime : 9/1/2015 9:35:57 PM -07:00
Error :
Output :
StartTime : 9/1/2015 9:35:20 PM -07:00
Status : Succeeded
TrackingOperationId : f03210e0-e67e-40d7-aad7-d9acef64bebe
RequestId : 95f42767-edcf-443a-8977-4c9f6d0eafef
StatusCode : OK
Best of luck with that. Let me know if you have any questions.

Resources