From my local Windows command prompt, I can copy files to local Windows machines, and run commands on the local Windows machines with psexec. (For example, launching .bat files). I can also start/stop and query services on the Windows machines, for example with sc \machineIP query (servicename).
I am learning to be able to do the same thing with a stock Windows machine hosted in Azure.
Having created a stock Windows Server VM in Azure from the command line, what more must I do? Currently on the Azure VM, for testing, I have:
Turned off the Firewall
Disabled simple file sharing wizard
Shared C, with permissions for 'everyone'
Started 'remote registry' service
Added registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy with value of 1 (hex)
I am able to RDP to the machine without a problem, with the given public IP address, username, and password.
I note that I cannot access: \publicIP\c$
And psexec returns 'The network path was not found. Make sure the default admin$ share is enabled on (publicIP)' when running the command:
psexec.exe \\(publicIP) -u(username) -p (password) -i 1 cmd /c c:\runMe.bat
In the Azure portal, navigate into the resource group where your VM resides. Select the 'Network Security Group' profile used by your VM (eg, yourVMnameNSG) -> edit -> add inbound security rules.
eg:
Name: psexec
Source: any
Destination: any
Service: Custom (Any/135)
Action: allow
Repeat for required services
Related
I'm looking to connect VS Code to Azure Cloudshell, especially for the file explorer component.
It is a bit of an anti-pattern, but cloudshell is the only way in which I am able to run some commands that connect to Azure resources (spinning up a VM is not allowed).
I know the 'remote-ssh' extension can connect to a remote machine and provide a nice file explorer, however, for cloudshell I do not have ssh available. However, there is a connection possible through the 'Azure account' extension.
(There is also a 'remote tunnel' extension that is able to establish connections over different protocol than ssh).
This is the connection that 'Azure account' sets up with the cloudshell:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
tcp ESTAB 0 0 10.xxx.xx.169:http-alt 10.xxx.xx.29:57404
tcp ESTAB 0 0 10.xxx.xx.169:51710 20.xxx.xx.200:microsoft-ds
Does anybody know if this can be used to get a full remote development experience in VScode connected to Azure cloudshell?
(I tried to install the vs code server rpm package in cloudshell, failed due to lacking yum and sudo permissions.)
Answer:
TLDR: type code . in azure Cloudshell in browser to get file editor.
(Using own IDE is not possible, only cloudshell as terminal)
Check the below steps to connect to Azure Cloud shell (PowerShell/Bash).
Open VSCode, = >Extensions => search for Azure Account.
Check whether Azure Account is Installed and Enabled.
If it is not done, Install and Enable it.
We need to Login to Azure Account to Open the Cloud shell.
In View tab => Command Palette => Azure: Sign in
OR
Press Ctrl + Shift + P => Azure: Sign in.
Click on Sign in and login to Azure.
You
In the right, click on the dropdown symbol beside + .You will find an option for Azure Cloud shell (PowerShell / Bash).
Select Azure Cloud shell (PowerShell) .
If it is not sign into Azure, you will get an option to Sign in.
Once after Sign, you will get the below message in the terminal.
To make sure we are connected to Azure Cloud shell, execute any of the PowerShell command and check once.
file explorer component
Thanks #Brendan Burn for the Post.
Refer this SO Thread regarding File Explorer.
I made a file on Azure using "File Service" and then tried to mount it using "connect". It has given me the username: localhost\xyz.
Two questions:
why username starting from "localhost" and not with "Azure"?
why I am unable to mount as windows security not giving any error, instead keep on turning back to credentials page?
p.s. TCP port 445 working properly..
Here are a few workarounds that worked for us.
WAY-1
You can directly go to your PowerShell of your machine and paste the script that you have provided in your storage account
WAY-2
You can click on More options and select for different account and then use the storage account name prepended with AZURE\ as the username and a storage account key as the password.
WAY-3
You can create a file share directly by unchecking the connect using different credentials.
OUTPUT:
For all the above ways here is the screenshot of fileshares that got mounted.
REFERENCES:
Mount SMB Azure file share on Windows
I am building a Release Pipeline on Azure DevOps. Part of my release is to copy a bunch of files to the Azure VM. As far as I understand, the target machine needs to have PowerShell 5986 port open.
I have a VM with port 5986 open (I verified that by invoking remotely some commands on this VM with "PowerShell on Target Machines" task).
I added "Windows Machine File Copy" task and filled fields:
- Source
- Machines
- Admin Login
- Password
- Destination Folder
In "Machines" field, I put IP of the target machine.
As a result of running the release, I'm getting an error:
Failed to Create PSDrive with Destination:
'\\11.11.11.11\C$\TargetDirectory',
ErrorMessage: 'The network path was not found' The network path was
not found
I also tried to put IP address with a port, in this form: 11.11.11.11:5986
Then, I got this error:
Cannot convert value "\23.97.151.221:5986" to type "System.Uri".
Error: "Invalid URI: The hostname could not be parsed."
Documentation (https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/windows-machine-file-copy?view=azure-devops) says that IP address with a port is allowed.
What's the issue here?
I was getting the exact same error while doing these:
Initially in my release pipeline, I had an agent job and I created a Windows machine file copy task under the job and filled in all details correctly. I set the Machines field with the public IP address of my target server (a Windows azure VM) and I always got this error you reported.
I tried to use the Azure file copy task instead but I was faced with another problem (error message: Unable to get FQDN for all resources in ResourceGroup: {resourceGroupName}) which I couldn't get to fix after a lot of efforts.
This is the solution that worked for me:
Instead of running an agent job, I ran a Deployment Group Job. With deployment groups, I didn't need an IP address to connect to my VM. Setting up a deployment group for your Azure VM is very simple and well explained here
I created a Windows Machine File Copy task under the Deployment Group job I added. I filled same details for the task except that instead of the IP address of the Windows VM, I entered the computer name in the Machines field and the file copy task ran successfully!
I hope this helps
The problem is because you can't use that task to copy files across Windows Domain boundary! That is to say, if you build on host A and want to copy files to host B, then A and B must be in the same Windows Domain, otherwise you'll get the error like
##[error]Failed to Create PSDrive with Destination: '\\your-server-name-or-ip\some\path', ErrorMessage: 'The network path was not found'
That is to say, if you're using a hosted agent, then you're not able to copy files with that task to any host you have, no matter it has a public IP or not, or a FQDN, because they are not in the same Windows Domain!
You have two options to work around it:
Use Azure File Copy task if your target is an Azure VM or Azure Storage
Use private hosted agent and make sure your target host and your private agent are in the same Windows Domain
Last but not least, the document should really make it clear! It wasted me a lot of time on solving the problem!
go to the destination folder, right-click the folder select properties,share option is there, click that one and share everyone option is there
The solution is to go to the target server and SHARE the directory where the files would be copied. In Windows, just go to Properties of the directory, Sharing tab, and Share it to the user which is used in the VSTS task.
The answer is pretty simple, the DevOps Tasks are actually running PowerShell on you VM and trying to create a PSDrive.
Try using the task mentioned in the screenshot below:
I followed this guide: Copying a virtual machine from one Windows Azure subscription to another with PowerShell to move a Virtual Machine between two subscriptions.
It worked fine, I could log in to the machine (by SSH).
Then (in the destination subscription), I changed the VM size (from A2 to A0), and now I am getting the error:
Access is denied
while logging by SSH. It is a dev machine, I am the only user (none changed my password).
I tried to put the size back to A2 without success.
Do you have any hints?
Assuming that you have installed the Linux Agent, try resetting your credentials using preview portal:
Navigate to Azure Preview Portal >> Browse >> Virtual machines >> Select your VM >> All settings >> Password reset
You can also reset SSH config clicking "Reset Remote Access" in VM dashboard.
I would like to know that is there any way to install the windows service on Azure environment? Or is there any alternate way of doing the same?
If I understand the question correctly what you need in Azure is a Worker Role, similar question on Stackoverflow: What's the concept of *worker role* in Windows Azure cloud?
Check out the this blog post 'Migrating Windows Service to Azure Worker Role'
http://blogs.msdn.com/b/joseph_fultz/archive/2010/04/02/migrating-windows-service-to-azure-worker-role-image-conversion-example-using-storage.aspx
Also look at the Windows Azure Training Kit for code & usage sample for Worker Roles in Azure
http://www.microsoft.com/download/en/details.aspx?id=8396
HTH
Another potential option is to use StartUp tasks to install a windows service in either a Web or a Worker Role.
Here is an MSDN article - although it seems a little short on the details.
How to Define Startup Tasks for a Role
Basically you will need to be sure that the installer is copied during the deployment and create a cmd file to execute the installer. Then add a Startup task element to the service definition XML file.
Couple of things to add along with the other answers:
You can install Services with Web or Worker Role through the Startup Task
Alternatively you can also run a process with elevated privilege through the Task Scheduler
Here are the steps to install a windows service on VM running Windows Server 2012 R2:
start your VM in Windows Azure Console and connect to it with Remote Desktop Connector
map your storage as a new drive in your VM:
net use z: \mystorage.file.core.windows.net\endoint /u:myusername verylongkeythatendswith==
Storage key can be found in your Azure Management Console -> Storages -> Manage Access Keys
copy all the necessary installation files to the mapped storage (copy&paste)
copy nssm to a local drive (not z: as it uses MAFS file system and that cannot be accessed with low-level windows API commands)
Create a .bat file with the following entries
set username=xxx
set password=yyy
call d:\nssm install "My service"
"%programfiles%\PathToService\myservice.exe" "-p 8677"
d:\nssm set "My service" ObjectName "%username%" "%password%"
sc failure "My service" actions= restart/60000/restart/60000/restart/60000 reset= 240
d:\nssm start "My service"
Username and password should be the ones you used to create the VM.
run the script. The service should be visible in your services list.
Enjoy!
PS : I used NSSM to simplify the service deployment.