I have followed this article and i didn't miss any step except the sharing config which i don't need. Like the article says, i have create a local user with the same name and password.On ‘Test Settings’ option ,‘Authentication’ passed (ignored the ‘Authorization’ error as mentioned )
I'm able to see the azure files in the content view of the virtual directory. But when i browse, it says
HTTP Error 500.19
"The requested page cannot be accessed because the related configuration data for the page is invalid."
Config Error Cannot read configuration file
It is actually looking for a config file at the UNC path \\staticcontent.file.core.windows.net\repo.
Here are the steps I had followed. Reach out to me at renash at microsofyt dot com if you have questions.
http://fabriccontroller.net/deploying-a-load-balanced-high-available-ftp-server-with-azure-files/
Step 1
configure an availability set for Windows virtual machines in the classic deployment model
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/classic/configure-availability
Step 2
$vm1name = 'cltkdemovm1'
$vm2name = 'cltkdemovm2'
$servicename= 'cltkdemodomain'
Login-AzureRmAccount
Select-AzureSubscription -SubscriptionName "Windows Azure Internal Consumption"
$vm = Get-AzureVM -Name $vm1name -ServiceName $servicename
.\Add-AzureFtpEndpoints.ps1 $vm 21 10000 10050
$vm = Get-AzureVM -Name $vm2name -ServiceName $servicename
.\Add-AzureFtpEndpoints.ps1 $vm 21 20000 20050
Step3
On vm1:
Install-FTP.bat cltkdemoftp <storageaccountname> <storageaccountkey> <sharename> 21 10000 10050 <VMIPAddress>
Example:
Install-FTP.bat cltkdemoftp cltkdemosa <storage account key>== ftp 21 10000 10050 40.76.29.172
On vm2:
Install-FTP.bat ctdemoftp cltkdemosa <storage account key>== ftp 21 20000 20050 <VMIPAddress>
Example:
Install-FTP.bat cltkdemoftp cltkdemosa <storage account key>== ftp 21 20000 20050 40.76.29.172
Step4
Added sa to IISUser Group
Add sa to Application Pool ->Poolname->advancedsetting->identiy
On VM2
Added sa to IISUser Group
Add sa to Application Pool ->Poolname->advancedsetting->identiy
Related
When following the tutorial https://learn.microsoft.com/en-us/azure/application-gateway/create-ssl-portal (using Free Trial as subcription) I always fail for the error
ErrorCode: AuthorizationFailed
ErrorMessage: The client '<mai e-mail address>' with object id'xxx' does not have authorization to perform action 'Microsoft.Compute/virtualMachines/extensions/write' over scope '/subscriptions/yyy/resourceGroups/myResourceGroupAG/providers/Microsoft.Compute/virtualMachines/myVM/extensions/IIS' or the scope is invalid. If access was recently granted, please refresh your credentials.
ErrorTarget:
StatusCode: 403
ReasonPhrase: Forbidden
OperationID : zzz
When runnig the command
Set-AzVMExtension `>> -ResourceGroupName myResourceGroupAG `
>> -ExtensionName IIS `
>> -VMName myVM `
>> -Publisher Microsoft.Compute `
>> -ExtensionType CustomScriptExtension `
>> -TypeHandlerVersion 1.4 `
>> -SettingString '{"commandToExecute":"powershell Add-WindowsFeature Web-Server; powershell Add-Content -Path \"C:\\inetpub\\wwwroot\\Default.htm\" -Value $($env:computername)"}' `
>> -Location 'West US 2'
According to the portal Access control I (JM in the picture) should have role Virtual machine Contributor, but it doesn't help.
I tried with same PowerShell script command it is perfectly working for me.
You can try to run Disconnect-AzAccount and Clear-AzContext as a solution, so that the context of all the user are deleted and after that you can again login to azure from powershell by Connect-Azaccount.
The Owner Access in Subscription level is sufficient to perform the operation that you are trying to perform so , Separately giving the Virtual Machine Contributor Role is not required.
OR
To workaround this issue you can manually install IIS server .
Step 1: Login to you VM.
Step 2 : Manage->Add role and feature
Step 3 : Select Webserver IIS -> Next->Install
I am trying to setup my first Azure point-to-site VPN. If I'm reading things correctly, the URL I get from this PowerShell code:
$profile = New-AzVpnClientConfiguration -ResourceGroupName $ResourceGroup -Name $GWName -AuthenticationMethod "EapTls"
$profile.VPNProfileSASUrl
should download an executable called VpnClientSetupAMD64.exe that will be in the WindowsAmd64 folder of the downloaded zip file. That executable should do the setup on the native Win 10 1909 client.
The zip file I get doesn't have any executable in it and doesn't have that directory in it. I only get the XML and OVPN files with the config data for the VPN client.
I also tried using the Download VPN Client selection in the GUI Azure portal on the VnetGW/point-to-site page and I get the identical zip file - still no setup exe.
I looked for a way to either directly download the VpnClientSetupAMD64.exe file or to specify the azurevpnconfig.xml file that I do get as a parameter to setup the VPN client but I see nothing applicable.
I understand that I can manually configure the VPN client using the info I have but that doesn't scale.
Can someone give me any pointers?
I had the same issue trying to setup Azure P2S VPN today, the downloaded VPN client is just a configuration file.
Did a bit research and found the solution: https://learn.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-client
Open Windows store, and install a app "Azure VPN Client". Then you can run Azure VPN Client and import the configuration file.
Be default, the Tunnel type is OpenVPN(SSL) in the Point-to-site configuration UI. Before you generate files using PowerShell, you should select the VpnClientProtocol to SSTP and IKEv2, or one of them because they are used for Windows clients. So you will get the VpnClientSetupAMD64.exe file. You could get more details here.
You also could refer to create a VPN Gateway and add point-to-site configuration using PowerShell.
New-AzVirtualNetworkGateway -Name VNet1GW -ResourceGroupName TestRG1 `
-Location 'East US' -IpConfigurations $gwipconfig -GatewayType Vpn `
-VpnType RouteBased -GatewaySku VpnGw1 -VpnClientProtocol "IKEv2"
# Add the VPN client address pool
$Gateway = Get-AzVirtualNetworkGateway -ResourceGroupName $RG -Name $GWName
Set-AzVirtualNetworkGateway -VirtualNetworkGateway $Gateway -VpnClientAddressPool $VPNClientAddressPool
# Create a self-signed root certificate
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=P2SRootCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
# Export the root certificate to "C:\cert\P2SRootCert.cer"
# Upload the root certificate public key information
$P2SRootCertName = "P2SRootCert.cer"
$filePathForCert = "C:\cert\P2SRootCert.cer"
$cert = new-object System.Security.Cryptography.X509Certificates.X509Certificate2($filePathForCert)
$CertBase64 = [system.convert]::ToBase64String($cert.RawData)
$p2srootcert = New-AzVpnClientRootCertificate -Name $P2SRootCertName -PublicCertData $CertBase64
Add-AzVpnClientRootCertificate -VpnClientRootCertificateName $P2SRootCertName `
-VirtualNetworkGatewayname "VNet1GW" `
-ResourceGroupName "TestRG1" -PublicCertData $CertBase64
I being working with the Azure application gateway, and stuck at the following error.
Here, my Network Diagram
Here, the powershell script which I had configure
Poweshell Output
PS C:\Users\shabbir.akolawala> Get-AzureApplicationGateway sbr2appgateway
Name : sbr2appgateway
Description :
VnetName : Group Shabs-AppGateway2 sbag2vnet
Subnets : {sbag2subnet1}
InstanceCount : 2
GatewaySize : Small
State : Running
VirtualIPs : {104.41.159.238} <-- Note IP Here
DnsName : 01b9b0e4-4cd2-4437-b641-0b5dc4e3efe7.cloudapp.net
Here, public IP of the application gateway is 104.41.159.238
Now, if I hit for first time you hit the gateway, you get following output
Note, this website doesn't render correctly, as many request (css/images) fail with 502.
Now, when if I hit this second time, I straightway get the 502 error
But, when hit the cloud service IP, I get my website correctly
I had configure the Azure Gateway with following configuration XML
My Questions are,
1] Does one have an idea how how to access logs which are generated in Application Gateway (In theory, Application gateway runs on IIS 8.5 / ARR)
2] Any obvious error, I made in design or configuration?
It is because of timeout.
1, Probe has by default 30 seconds timeout. if you application needs authentication, you will have to set custom probe.
2, Application Gateway has default 30 seconds timeout as well. if your Application Gateway cannot get response from backend virtual machine. it will return HTTP 502. it can be changed via "RequestTimeout" configuration item.
PowerShell:
set-AzureApplicationGatewayConfig -Name <application gateway name> - Configfile "<path to file>"
Config file:
<BackendHttpSettings>
<Name>setting1</Name>
<Port>80</Port>
<Protocol>Http</Protocol>
<CookieBasedAffinity>Enabled</CookieBasedAffinity>
<RequestTimeout>120</RequestTimeout>
<Probe>Probe01</Probe>
For detail : https://azure.microsoft.com/en-us/documentation/articles/application-gateway-create-probe-classic-ps/
Just extending this #Lang's answer for people using the Resource Manager rather than Classic. The following Powershell script will update set a new requested timeout of 120 seconds for every BackendHttpSetting within the target app gateway.
# Variable setup
$agName = "my gateway name"
$rgName = "my resource group name"
$newRequestTimeout = 120
# Retrieve gateway obj
$appGW = Get-AzureRmApplicationGateway -Name $agName -ResourceGroupName $rgName
$allHttpBackendSettings = Get-AzureRmApplicationGatewayBackendHttpSettings `
-ApplicationGateway $appGW
foreach($s in $allHttpBackendSettings)
{
# Retreive existing probe
$probeName = $s.Probe.Id.Split("/") | Select-Object -Last 1;
$probe = Get-AzureRmApplicationGatewayProbeConfig -ApplicationGateway $appGW `
-Name $probeName
# Update http settings
$appGW = Set-AzureRmApplicationGatewayBackendHttpSettings -ApplicationGateway $appGW `
-Name $s.Name -RequestTimeout $newRequestTimeout -Port $s.Port -Protocol $s.Protocol `
-Probe $probe -CookieBasedAffinity Enabled -PickHostNameFromBackendAddress
}
# Persist changes to the App Gateway
Set-AzureRmApplicationGateway -ApplicationGateway $appGW
I created custom healthchecks, but never seen attempts in websever access-log.
So I just set route on backend to serve any domain including IP address and add htpasswd protection to real domains.
Azure application gateway check http://backend_ip:80/ and became happy gateway :)
I am trying to install the Microsoft Antimalware extension to an existing virtual machine.
Steps to reproduce the problem:
Using Visual Studio
1) Connect to Azure from VS
2) Select Server from Virtual Machines
3) Open Configuration properties.
4) Select Microsoft Antimalware from extensions and click Add.
5) Click Update. Outputs...
Updating virtual machine myVM...
Failed to update virtual machine. The probe setting for the endpoint group HTTP-80 is null. An external endpoint HTTP cannot specify a probe setting.
Using PowerShell
When following these MS instructions to install Antimalware using the Powershell , I get the error:
PS C:\> Update-AzureVM -Name $service -ServiceName $name -VM $vm.VM
Update-AzureVM : Could not find a deployment for 'myVM' in 'Production' slot.
At line:1 char:1
+ Update-AzureVM -Name $service -ServiceName $name -VM $vm.VM
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Update-AzureVM], ApplicationException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.UpdateAzureVMCommand
To install antimalware via the powershell:
Make sure you are using the latest Azure Powershell version (version 0.8.12)
Get-Module
Now create a configuration file on disk in json format:
$JsonString="{ 'AntimalwareEnabled': true }"
$JsonString |Out-File $home\downloads\AzureAntimalware.json
Then select and update your VM:
Get-AzureVM -Servicename "myService" -Name "myVM" | Set-AzureVMMicrosoftAntimalwareExtension -AntimalwareConfigFile $home\downloads\AzureAntimalware.json | Update-AzureVM
This will install System Center Endpoint Protection onto the virtual machine.
When you try and launch System Center Endpoint Protection from the start menu you may be presented with the following error message:
Your system administrator has restricted access to this app.
To fix this issue, open a command prompt on the VM and enter:
cd "c:/program files/microsoft security client"
configsecuritypolicy cleanuppolicy.xml
This will create the necessary config files and fix the problem.
You will now be able to launch System Center Endpoint Protection from the start menu and configure the program in the usual way.
I'm a little late replying so you've probably solved the issue.
This is how I resolved it using Powershell:
http://go.microsoft.com/fwlink/?LinkID=394789&clcid=0x409 – Download the VM agent and install on the virtual machine
Activate the VM agent with the following:
$vm = Get-AzureVM –serviceName $svc –Name $name
$vm.VM.ProvisionGuestAgent = $TRUE
Update-AzureVM –Name $name –VM $vm.VM –ServiceName $svc
You can check if it’s running by opening task manager and clicking the details tab – Look for WaAppAgent.exe, WindowsAzureGuestAgent.exe, WindowsAzureTelemetryService.exe
Once running you can install AntiMalware with the following:
$servicename = "<SERVICE NAME HERE>"
$name = "<NAME HERE>"
# Get the VM
$vm = Get-AzureVM –ServiceName $servicename –Name $name
# Add Microsoft Antimalware Agent to the Virtual Machine
Set-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -Version 1.* -VM $vm.VM
# Update the VM which will install the Antimalware Agent
Update-AzureVM -Name $servicename -ServiceName $name -VM $vm.VM
You can check it works by looking in services.msc for Microsoft Antimalware service
I am trying to add the Antimalware extension to a virtual machine for protection but when i try to add the extension in the Azure portal i get the following error:
Failed to add extension to virtual machine. The virtual machine request is invalid The specified source image is a user image. The image must be a platform image.
I have installed the VMAgent.
As extra information i have tried using powershell commands to install the extension by using the following commands and getting the respective responses:
$vm = Get-AzureVM –ServiceName "MyServiceName" –Name "MyVMName"
VERBOSE: ... - completed operation: Get Deployment*
Set-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -Version 1.* -VM $vm.VM
WARNING: The resource extension reference list is null or empty
AvailabilitySetName :
ConfigurationSets : {Microsoft.WindowsAzure.Commands.ServiceManagement.Model.NetworkConfigurationSet}
DataVirtualHardDisks : {"MyVMName"}
Label :
OSVirtualHardDisk : Microsoft.WindowsAzure.Commands.ServiceManagement.Model.OSVirtualHardDisk
RoleName : "MyVMName"
RoleSize : Large
RoleType : PersistentVMRole
WinRMCertificate :
X509Certificates :
NoExportPrivateKey : False
NoRDPEndpoint : False
NoSSHEndpoint : False
DefaultWinRmCertificateThumbprint : F4CF28C735C5E557C7B47742E4F16A08959272F1
ProvisionGuestAgent :
ResourceExtensionReferences : {IaaSAntimalware}
DataVirtualHardDisksToBeDeleted :
Update-AzureVM -Name "MyServiceName" -ServiceName "MyVMName" -VM $vm.VM
VERBOSE: 11:15:10 - Completed Operation: Get Deployment
VERBOSE: 11:15:10 - Begin Operation: Update-AzureVM
VERBOSE: 11:15:42 - Completed Operation: Update-AzureVM
OperationDescription OperationId OperationStatus
-------------------- ----------- ---------------
Update-AzureVM 387b77a2-c8fc-233a-913d-cd364c855429 Succeeded
After i run the commands i check and VMAgent is installed on the VM but no extension.
Does anyone have any ideas?
Thanks!!
The cause might be your first line
$vm = Get-AzureVM –ServiceName "MyServiceName" –Name "MyVMName"
When -servicename and -name are not specified, Get-AzureVM returns no VM object
Set-AzureVMextension only works with -VM input
Try this:
https://gist.github.com/andreaswasita/428fc5519b0ddac76b01
In my experience, this warning is due to the Azure Guest agent not being deployed on the VM, not running on the VM, or being out-of-date. If the VM doesn't have a healthy (and current) guest agent, you won't be able to deploy extensions.
You can check the guest agent status with:
$vm.GuestAgentStatus
You'd be looking for a "Status" of "Ready"; anything else and the extension is likely to fail. Extending Klaad's code then...
# Azure Cloud Service and Azure VM Name
$service= Read-Host -Prompt 'Azure Cloud Service:'
$name = Read-Host -Prompt 'Azure VM:'
# Get the Cloud Service and Azure VM
$vm = Get-AzureVM –ServiceName $service –Name $name
# Check for health of the agent
If ($vm.GuestAgentStatus.Status -ne "Ready") {
Write-Error "The VM agent appears to not be installed or is in an unhealthy state."
}
Else {
# Add Microsoft Antimalware Agent to the Azure VM
Set-AzureVMExtension -Publisher Microsoft.Azure.Security -ExtensionName IaaSAntimalware -Version 1.* -VM $vm.VM
# Update the Azure VM and install the Antimalware Agent
Update-AzureVM -Name $name -ServiceName $service -VM $vm.VM
}
To check if the agent is there, you can look for the following three processes on the server:
WaAppAgent.exe
WindowsAzureGuestAgent.exe
WindowsAzureTelemetryService.exe
You can download the agent from here (current version at time of edit is 2.6.1198.718).
Installation requires two steps (Source: Zach Millis):
Install the agent. This requires you to run PowerShell as an Administrator and execute the installer from within the PowerShell prompt. (Do not run directly)
Update Azure so it knows about the agent. This requires the following code to be executed:
Code:
# Azure Cloud Service and Azure VM Name
$service= Read-Host -Prompt 'Azure Cloud Service:'
$name = Read-Host -Prompt 'Azure VM:'
# Get the Cloud Service and Azure VM
$vm = Get-AzureVM –ServiceName $service –Name $name
# Provision the guest agent so Azure knows about it
$vm.VM.ProvisionGuestAgent = $TRUE
# Update the Azure VM and install the Antimalware Agent
$vm | Update-AzureVM
# Refresh the connection to the VM to get the new status
$vm = Get-AzureVM –ServiceName $service –Name $name
# Check status - should now be "Ready"
$vm.GuestAgentStatus
That should be it.