After I received a windows update on my PC I cannot connect to my azure vm via RDP. How can I connect to Azure in order to install the update?
This is a known issue.
Root Cause Analysis
To resolve a vulnerability issue with Credential Security Support
Provider protocol (CredSSP), a monthly Windows update in May was
applied which does two things:
Correct how Credential Security Support Provider protocol (CredSSP) validates requests during the authentication process
Change the group policy Encryption Oracle Remediation default setting from Vulnerable to Mitigated.
Here is a blog written by Micah to give a solutions by editing Local Group Policy.
Hope this helps!
Related
I am trying to migrate a VM from VMWare to Azure portal. the VM appliance is configured . But the hosts are not recognized . What is the solution for this.
When you mention 'Hosts are not recognized', are you unable to discover them via the Portal? or do you receive any specific error message? Are you using agentless or agent-based migration? Please do more details on your scenario:
Couple of things you could try to isolate the issue:
Review the "Status" in the Azure Portal.
If this doesn't work and you're discovering VMware servers:
Verify that the vCenter account you specified has permissions set
correctly, with access to at least one VM.
Azure Migrate can't discovered VMware VMs if the vCenter account has
access granted at vCenter VM folder level. Learn more about scoping
discovery. Kindly review the requirement and common app discovery errors to tackle any errors you may be receiving.
I have on prem infra in which I have around 9 server. I want to use Azure Backup Server not the MARS agent as I want to create a copy on prem. I DON'T HAVE ACTIVE DIRECTORY. the question I have do I need AD on prem and domain join azure backup server. Since I don't have AD can I still use Azure Backup Server????
I haven't done it my self but as I know its not a problem since you will install software on your server and vault credentials.
From the link
The installation happens in phases. In the first phase the Microsoft Azure Recovery Services Agent is installed on the server.
The wizard also checks for Internet connectivity. If Internet
connectivity is available you can proceed with installation, if not,
you need to provide proxy details to connect to the Internet.
The next step is to configure the Microsoft Azure Recovery Services
Agent. As a part of the configuration, you will have to provide your
vault credentials to register the machine to the recovery services
vault. You will also provide a passphrase to encrypt/decrypt the data
sent between Azure and your premises. You can automatically generate a
passphrase or provide your own minimum 16-character passphrase.
Continue with the wizard until the agent has been configured.
You require a Domain Controller in the org and that is the requirement for deploying SC DPM or Azure Backup Server. Both requires DC. Though you can then protect domain joined machine or workgroup machine both
https://learn.microsoft.com/en-us/azure/backup/backup-support-matrix-mabs-dpm#management-support
https://learn.microsoft.com/en-us/system-center/dpm/prepare-environment-for-dpm?view=sc-dpm-1807#networking
I created a VPN gateway on azure and I was able to connect to it using windows 10. However it does not work on windows server 2012. I got this error.
The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error. (Error 812)
In azure the authenticate type is Azure certificate.
I have tried some solutions online, like running some commands and applying some windows updates, but nothing worked.
Like the comment mentioned, Azure VPN Gateway supports only TLS 1.2. To maintain support, see the updates to enable support for TLS1.2. and more details: Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows.
Also, Windows OS versions prior to Windows 10 are not supported with IKEv2 VPN and can only use SSTP or OpenVPNĀ® Protocol. See details here.
Check the above all. If you still have any question, you can contact the MS Azure support check if there is any update on the Azure side.
I decided to use openvpn as a tunel type and it worked.
Thanks for your help.
If someone comes across the same error ("The connection was prevented because of a policy configured on your RAS/VPN server.."), here's what helped in my case:
In the Windows search for "ncpa.cpl" or just go to Network Connections
Right click on your VPN connection and open properties
In the Security tab, tick checkboxes next to the "Challenge Handshake.." and/or "Microsoft CHAP.."
Since Oauth 2 support will only be here with SonarQube 5.4 I'm trying to make it work with Azure AD DS (preview)
The principle is Azure AD can have a emulation point for legacy AD domain services supporting ntlm kerberos ldap and so on (think of it as a domain controller basically)
I've configured the AAD DS part and updated the dns servers of my sonarqube machine.
The domain resolves properly from sonarqube VM. Then I installed the LDAP module and added this to the sonar config file.
But sonarqube doesn't work anymore when I try that (also tried variations of that)
Note that I'm running on Ubuntu (up to date) with sonarqube 5.3 and the machine is not "joined" to the domain.
Any idea how to make it work? I've found only little documentation about that.
Thanks
sonar.security.realm=LDAP
ldap.windows.compatibilityMode=true
sonar.forceAuthentication=true
ldap.url=ldap://10.0.0.5:10389
ldap.user.baseDn=cn=users,dc=baywetdev,dc=onmicrosoft,dc=com
sonarqube released support for AAD via Oauth on march the 8th.
This is now the recommended approach.
For more information see https://github.com/SonarQubeCommunity/sonar-auth-aad
Just installed azure connect on my localhost, but it won't connect. I see my machine dbates-HP as a active endpoint in my vistual network/connect section on my azure portal and organized it into a group.
I can see in the azure connect portal that the machine endpoint is active, and that it refreshes since the last connected updates.
My local connect client lists the following diagnostics messages:
Policy Check: There is no connectivity policy on this machine.
IPsec certificate check: No IPsec certificate was found.
Also tried with firewall turned off.
Duncan
In some scenarios getting Windows Azure connect to working becomes very complex. I have worked on multiple such scenarios and found most common issues are related with network settings. To start investigate you need to collect the Azure Connect logs first from your machine and try to figure the problem out by yourself. I have described some info about collecting log here:
http://blogs.msdn.com/b/avkashchauhan/archive/2011/05/17/collecting-diagnostics-information-for-windows-azure-connect-related-issues.aspx
To open a free Windows Azure support incident please use link below:
https://support.microsoft.com/oas/default.aspx?gprid=14928&st=1&wfxredirect=1&sd=gn
Have you "linked" your Azure role with the machine group you created? The message "There is no connectivity policy on this machine" suggests that you haven't defined (in portal) to whom this machine should connect to.