Not able to connect through Rasdial in azure ARM VPN connection - azure

I am not able connect to VPN using powershell cmdlet. I use 'rasdial' from a build agent to connect to vpn, so that we can trigger automated tests. The whole process is automated.
Earlier same rasdial command - Rasdial "VPNName" was working perfectly fine with classic model (ASM) of vpn. But, after I migrated to ARM, I am facing this issue. However through UI i.e. clicking on buttons to connect to vpn is working fine but our need is to connect through script.
I am getting a message-
This function is not supported on this system.
NB: I am following this post- https://dzone.com/articles/deconstructing-azure-point
The same workaround worked in ASM but not woking in ARM. What can be another workaround or fix for this ?
I am using below script to create and download the VPN package. I am not sure I am missing something in my script which is causing this issue-
$VNetName = "MYVPN"
$SubName = "Subnet-1"
$GWSubName = "GatewaySubnet"
$VNetPrefix1 = "15.3.0.0/16"
$SubPrefix = "15.3.1.0/24"
$GWSubPrefix = "15.3.200.0/26"
$VPNClientAddressPool = "158.17.201.0/24"
$RG = "VMsRG"
$Location = "West Europe"
$DNS = "15.3.0.0"
$GWName = "GateWay"
$GWIPName = "GateWayIP"
$GWIPconfName = "GateWayIPConfig"
$P2SRootCertName = "XXXXX.cer"
$DeployUserName = "atf#hotmail.com"
$DeployUserPassword = "XXXXX"
$Azurepwd = ConvertTo-SecureString $DeployUserPassword -AsPlainText -Force
$AzureCredential = new-object -typename System.Management.Automation.PSCredential -argumentlist $DeployUserName, $Azurepwd
Add-AzureRmAccount -credential $AzureCredential -SubscriptionName Development
New-AzureRmResourceGroup -Name $RG -Location $Location
$fesub = New-AzureRmVirtualNetworkSubnetConfig -Name $SubName -AddressPrefix $SubPrefix
$gwsub = New-AzureRmVirtualNetworkSubnetConfig -Name $GWSubName -AddressPrefix $GWSubPrefix
New-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $RG -Location $Location -AddressPrefix $VNetPrefix1 -Subnet $fesub, $gwsub -DnsServer $DNS
$vnet = Get-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $RG
$subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnet
$pip = New-AzureRmPublicIpAddress -Name $GWIPName -ResourceGroupName $RG -Location $Location -AllocationMethod dynamic
$ipconf = New-AzureRmVirtualNetworkGatewayIpConfig -Name $GWIPconfName -Subnet $subnet -PublicIpAddress $pip
$MyP2SRootCertPubKeyBase64 = "XXXXX"
$p2srootcert = New-AzureRmVpnClientRootCertificate -Name "P2SVNETRootCertName" -PublicCertData $MyP2SRootCertPubKeyBase64
New-AzureRmVirtualNetworkGateway -Name $GWName -ResourceGroupName $RG -Location $Location -IpConfigurations $ipconf -GatewayType Vpn -VpnType RouteBased -EnableBgp $false -GatewaySku Standard -VpnClientAddressPool $VPNClientAddressPool -VpnClientRootCertificates $p2srootcert
Get-AzureRmVpnClientPackage -ResourceGroupName $RG -VirtualNetworkGatewayName $GWName -ProcessorArchitecture Amd64
As I am able to connect using GUI. I hope script is doing it's job.

After 4 Months I got a reply from MS (as I raised a ticket for the same).
They told Rasdial is not supported by Azure VPN Client Package till date. Also, Even after deconstructing-the-azure-point-to-site-vpn lacks addition of route which should be taken care by adding the route explicitly.
So as an workaround I did the steps provided in the blog - http://www.diaryofaninja.com/blog/2013/11/27/deconstructing-the-azure-point-to-site-vpn-for-command-line-usage
However the last part of adding the route is a bit complex. So, for adding route I have created my own PS script-
$Subnet = #("10.0.1.0", "10.0.2.0","10.0.3.0")
$VPNClientAddressPool = "x.x.x"
$Mask = "255.255.0.0"
$azureIpAddress = ""
$VPNCmd = "MYVPNName"
Here x.x.x are the 3 octet that can be found in "GateWay - Point-to-site configuration" of the VPN-
$routeExists = route print | findstr $VPNClientAddressPool
if($routeExists)
{
route delete $Subnet
}
rasdial $VPNCmd > $null
$azureIPAddress = ipconfig | findstr $VPNClientAddressPool
if($azureIPAddress -ne $null)
{
$azureIpAddress = $azureIpAddress.Split(": ")
$azureIpAddress = $azureIpAddress[$azureIpAddress.Length-1]
$azureIpAddress = $azureIpAddress.Trim()
route add $Subnet MASK $Mask $azureIPAddress
}
This solved the purpose for me. Basically You just need to take care of the route add part.

Your PowerShell script seems fine (I didn't try the login and resource group pieces, but everything else works from $fesub on.) except for the third line from the bottom. The -Name tag which you currently have as "P2SVNETRootCertName" needs to be the same as your $P2SRootCertName. For more information, refer to Azure documentation: https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-howto-point-to-site-rm-ps/
As for Rasdial, another StackOverflow post has answered this: Azure Virtual Network Point-to-Site (ex. Azure Connect) autoconnect
-Bridget [MSFT]

Related

Setup and deploy Azure function using PowerShell

I try to setup and deploy Azure Function by using PowerShell script based on this topic: Setup Azure Function from PowerShell
My script looks like this:
#=============Defining All Variables=========
$location = 'Central US'
$resourceGroupName = 'MyResourceGroup'
$subscriptionId = 'MysubscriptionId'
$functionAppName = 'MyfunctionAppName'
$appServicePlanName = 'ASP-test-8b50'
$tier = 'Dynamic'
$archivePath = 'd:\TestAzureFunc.zip'
Connect-AzAccount
#========Creating Azure Resource Group========
$resourceGroup = Get-AzResourceGroup | Where-Object { $_.ResourceGroupName -eq $resourceGroupName }
if ($resourceGroup -eq $null)
{
New-AzResourceGroup -Name $resourceGroupName -Location $location -force
}
#selecting default azure subscription by name
Select-AzSubscription -SubscriptionID $subscriptionId
Set-AzContext $subscriptionId
#========Creating App Service Plan============
New-AzAppServicePlan -ResourceGroupName $resourceGroupName -Name $appServicePlanName -Location $location -Tier $tier
$functionAppSettings = #{
ServerFarmId="/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Web/serverfarms/$appServicePlanName";
alwaysOn=$True;
}
#========Creating Azure Function========
$functionAppResource = Get-AzResource | Where-Object { $_.ResourceName -eq $functionAppName -And $_.ResourceType -eq "Microsoft.Web/Sites" }
if ($functionAppResource -eq $null)
{
New-AzResource -ResourceType 'Microsoft.Web/Sites' -ResourceName $functionAppName -kind 'functionapp' -Location $location -ResourceGroupName $resourceGroupName -Properties $functionAppSettings -force
}
#========Defining Azure Function Settings========
$AppSettings =#{}
$AppSettings =#{'FUNCTIONS_EXTENSION_VERSION' = '~2';
'FUNCTIONS_WORKER_RUNTIME' = 'dotnet';}
Set-AzWebApp -Name $functionAppName -ResourceGroupName $resourceGroupName -AppSettings $AppSettings
#========Deploy Azure Function from zip========
Publish-AzWebapp -ResourceGroupName $resourceGroupName -Name $functionAppName -ArchivePath $archivePath
The script works without errors. Resource group and Function App created as needed. But the list of functions of the Function App is empty.
Function details here:
My intuition tells me that I've forgotten something. But I don't know what.
Could you advise me on how to deploy my Azure function properly?
One of the workaround you can follow ,
Looking at your script we need to ensure that we are providing function app configuration as below cmdlts the link you followed:-
$AzFunctionAppSettings = #{
APPINSIGHTS_INSTRUMENTATIONKEY = $AppInsightsKey;
AzureWebJobsDashboard = $AzFunctionAppStorageAccountConnectionString;
AzureWebJobsStorage = $AzFunctionAppStorageAccountConnectionString;
FUNCTIONS_EXTENSION_VERSION = "~4";
FUNCTIONS_WORKER_RUNTIME = "dotnet";
}
And also make sure that the storage account connection string you provided in the function is same as here providing.
And then you can navigate to Kudu API to check the wwwroot folder is exist or not.
For more information please refer the below links:-
SO THREAD|Powershell command Publish-AzWebApp not publishing apllication
BLOG|How to Deploy Azure Function Apps With Powershell.

Cannot parse the request - MissingJsonReferenceId : Error while creating NIC using PowerShell Az command

I am using below Az PowerShell command to create the NIC for virtual machine.
# Create a NIC for the web server VM.
$nicVMweb = New-AzNetworkInterface -ResourceGroupName $rgName -Location $location `
-Name $VmFrontendNICCardName -PublicIpAddress $publicipvm1 `
-NetworkSecurityGroup $nsgfe -Subnet $virtualNetwork.Subnets[0]
Cannot parse the request. StatusCode: 400 ReasonPhrase: Bad Request ErrorCode: InvalidRequestFormat ErrorMessage: Cannot parse the request. Additional details: Code: MissingJsonReferenceId Message: Value for
| reference id is missing. Path properties.ipConfigurations[0].properties.subnet. OperationID : 78525e42-a036-460f-10f9-5b993b7ca5e6
Issue Resolved by Below PowerShell
$Subnet = Get-AzVirtualNetwork -Name $virtualNetworkName -ResourceGroupName $rgName
$IPconfig = New-AzNetworkInterfaceIpConfig -Name $VmFrontendIpConfigName -PrivateIpAddressVersion IPv4 -PrivateIpAddress "10.0.0.10" -SubnetId $Subnet.Subnets[0].Id
$nicVMweb = New-AzNetworkInterface -Name $VmFrontendNICCardName -ResourceGroupName $rgName -Location $location -IpConfiguration $IPconfig
What is the issue in first command?
Could not reproduce your issue, your first command works fine on my side.
$virtualNetwork = Get-AzVirtualNetwork -Name "<vnet-name>" -ResourceGroupName "<group-name>"
$publicipvm1 = Get-AzPublicIpAddress -ResourceGroupName <group-name> -Name joyvm-ip2
$nsgfe = Get-AzNetworkSecurityGroup -Name joyvm-nsg -ResourceGroupName <group-name>
$nicVMweb = New-AzNetworkInterface -ResourceGroupName <group-name> -Location "West US 2" -Name "joyinter" -PublicIpAddress $publicipvm1 -NetworkSecurityGroup $nsgfe -Subnet $virtualNetwork.Subnets[0]
For this issue, it may be related to the version of Az.Network module, I use the 3.3.0 version, try to update it to the latest version:
Update-Module -Name Az.Network

Powershell + Azure App Service + Azure Container Registry

I am using powershell to handle various CI/CD functions.
=============================================
Here is what I have done so far.
Build NodeJS App
Package NodeJS App in Container
Publish Container to Private Azure Container Registry
=============================================
Here is what I am trying to figure out.
Create App Service Plan on the Fly
Create Web App (Container) on the Fly
Pull in Container from ACR into App Service
Here is my code. It doesn't seem to be working.
$azureContainerCredential = Get-AzContainerRegistryCredential -ResourceGroupName $env:AZURE_CONTAINER_REGISTRY_RESOURCE_GROUP -Name $env:AZURE_CONTAINER_REGISTRY_NAME
$azureSecuredPassword = ConvertTo-SecureString $azureContainerCredential.Password -AsPlainText -Force
$azureContainerRegistry = Get-AzContainerRegistry -ResourceGroupName $env:AZURE_CONTAINER_REGISTRY_RESOURCE_GROUP
$azureAppServicePlan = Get-AzAppServicePlan -ResourceGroupName "amlihelloworld" -Name "amlihelloworld-app-service-plan"
if($null -eq $azureAppServicePlan)
{
"==============================================================================="
Write-Output "CREATING HELLO WORLD WEB APPLICATION"
$azureAppServicePlan = New-AzAppServicePlan -Name "amlihelloworld-app-service-plan" -Location "Central
US" -ResourceGroupName "amlihelloworld" -Tier Standard
$azureApp = New-AzWebApp -ResourceGroupName "amlihelloworld" -Name "amlihelloworld2" -AppServicePlan
$azureAppServicePlan.Name -ContainerImageName "amlihelloworld:20200422.7" -ContainerRegistryPassword
$azureSecuredPassword -ContainerRegistryUrl $azureContainerRegistry.LoginServer -
ContainerRegistryUser $azureContainerCredential.Username
$azureAppSlot = New-AzWebAppSlot -Name $azureApp.Name -ResourceGroupName "amlihelloworld" -Slot
"development"
}
$azureApp1 = Get-AzWebApp -ResourceGroupName "amlihelloworld" -Name "amlihelloworld"
=============================================
Here is whats happening
When I switch the slots to my app for production.
It doesn't seem to be showing my app at all.
How can I tell if it uploaded my app or not?
Actually, I don't think there is a logic problem in the code, but a problem for the commands itself.
First, if you want to cut the PowerShell command into multiple lines, you need to add the character ` append each line except the last one. And you'd better use the same web app name if you want to get it. So you'd like to make a little change in your code:
$azureContainerCredential = Get-AzContainerRegistryCredential -ResourceGroupName $env:AZURE_CONTAINER_REGISTRY_RESOURCE_GROUP -Name $env:AZURE_CONTAINER_REGISTRY_NAME
$azureSecuredPassword = ConvertTo-SecureString $azureContainerCredential.Password -AsPlainText -Force
$azureContainerRegistry = Get-AzContainerRegistry -ResourceGroupName $env:AZURE_CONTAINER_REGISTRY_RESOURCE_GROUP
$azureAppServicePlan = Get-AzAppServicePlan -ResourceGroupName "amlihelloworld" -Name "amlihelloworld-app-service-plan"
if($null -eq $azureAppServicePlan)
{
"==============================================================================="
Write-Output "CREATING HELLO WORLD WEB APPLICATION"
$azureAppServicePlan = New-AzAppServicePlan -Name "amlihelloworld-app-service-plan" -Location "Central
US" -ResourceGroupName "amlihelloworld" -Tier Standard
$azureApp = New-AzWebApp -ResourceGroupName "amlihelloworld" -Name "amlihelloworld2" `
-AppServicePlan $azureAppServicePlan.Name `
-ContainerImageName "amlihelloworld:20200422.7" `
-ContainerRegistryPassword $azureSecuredPassword `
-ContainerRegistryUrl $azureContainerRegistry.LoginServer `
-ContainerRegistryUser $azureContainerCredential.Username
$azureAppSlot = New-AzWebAppSlot -Name $azureApp.Name -ResourceGroupName "amlihelloworld" -Slot
"development"
}
$azureApp1 = Get-AzWebApp -ResourceGroupName "amlihelloworld" -Name "amlihelloworld2"
You also need to check carefully if your environment variables exist as normal.
Apparently it's a bug on Microsoft side and it's not possible to publish containers through powershell scripts.
Please read here:
https://github.com/Azure/azure-powershell/issues/10645

Azure Powershell - Applying multiple service endpoints to a subnet

I have coded a powershell script to set an existing subnet to function as a service endpoint for multiple services. However, when I run the command line in the script, it doesn't add a new service endpoint, it just changes the existing one.
I am trying to parameterise this through Jenkins as well, which may be an added complication. I think if I can get the base syntax right then that shouldn't be a problem.
Syntax I am using is:
#Get vnet
$virtualnetwork = Get-AzureRmVirtualNetwork -Name $VN -ResourceGroupName $RG
#Configure service endpoint
Add-AzureRmVirtualNetworkSubnetConfig -Name $SN -AddressPrefix $SAP -
VirtualNetwork $virtualnetwork -ServiceEndpoint $EP
#Set configuration
$virtualnetwork | Set-AzureRmVirtualNetwork
You can use something like this to add as many endpoints as required:
$rgname = "amgar-dtl"
$vnName = "Dtlamgar-dtl"
$sname = "Dtlamgar-dtlSubnet"
$subnetPrefix = "10.0.0.0/20"
#Get vnet
$VirtualNetwork = Get-AzureRmVirtualNetwork -ResourceGroupName $rgname -Name $vnName | Get-AzureRmVirtualNetworkSubnetConfig -Name $sname
#Get existing service endpoints
$ServiceEndPoint = New-Object 'System.Collections.Generic.List[String]'
$VirtualNetwork.ServiceEndpoints | ForEach-Object { $ServiceEndPoint.Add($_.service) }
#Add new service endpoint
Get-AzureRmVirtualNetwork -ResourceGroupName $rgname -Name $vnName | Set-AzureRmVirtualNetworkSubnetConfig -Name $sname -AddressPrefix $subnetPrefix -ServiceEndpoint $ServiceEndPoint.Add("Microsoft.KeyVault") | Set-AzureRmVirtualNetwork
Hope this helps!
Successful syntax is:
#Vnet
$VN = "$ENV:VNET_NAME"
#Resource Group
$RG = "$ENV:RESOURCEGROUP_NAME"
#Subnet
$SN = "$ENV:SUBNET_NAME"
#Subnet Address Prexifx
$SAP = "$ENV:ADDRESS_PREFIX"
#ServiceEndpoint
$EP = "$ENV:SERVICE_ENDPOINT"
Write-Host "Importing the AzureRM module into the PowerShell session"
Import-Module AzureRM
Write-Host "Connect service principle account to Azure RM"
Connect-AzureRmAccount -ServicePrincipal -Credential $CREDS -TenantId $TID -Subscription $SID
#Get vnet
$VirtualNetwork = Get-AzureRmVirtualNetwork -ResourceGroupName $RG -Name $VN | Get-AzureRmVirtualNetworkSubnetConfig -Name $SN
#Get existing service endpoints
$ServiceEndPoint = New-Object 'System.Collections.Generic.List[String]'
$VirtualNetwork.ServiceEndpoints | ForEach-Object { $ServiceEndPoint.Add($_.service) }
$ServiceEndPoint.Add($EP)
#Add new service endpoint
Get-AzureRmVirtualNetwork -ResourceGroupName $RG -Name $VN | Set-AzureRmVirtualNetworkSubnetConfig -Name $SN -AddressPrefix $SAP -ServiceEndpoint $ServiceEndPoint | Set-AzureRmVirtualNetwork
Powershell does not appear to support the command $ServiceEndPoint.Add("Microsoft.KeyVault") with “|”. Once it was executed separately, the script worked.
Here is another version for those looking to process multiple subnets and to validate that the subnet doesn't already have the service endpoint enabled because it will error out if the same service is listed twice when modifying the subnet.
$subscription = "Enter Subscription ID here"
$subnets = #('my-subnet-1','my-subnet-2','my-subnet-3')
$vnetName = "MY-VNET"
$vnetRgName = "MY-VNET-RG"
$newEndpoint = "Microsoft.AzureCosmosDB"
Set-AzContext -Subscription $subscription
foreach($snet in $subnets){
Write-Host "Modifying Service Endpoints for subnet: $snet" -fore red -back white
$virtualNetwork = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $vnetRgName | Get-AzVirtualNetworkSubnetConfig -Name $snet
$addrPrefix = $virtualNetwork.AddressPrefix
#Get existing service endpoints
$ServiceEndPoint = New-Object 'System.Collections.Generic.List[String]'
$virtualNetwork.ServiceEndpoints | ForEach-Object { $ServiceEndPoint.Add($_.service) }
if ($ServiceEndPoint -notcontains $newEndPoint){
$ServiceEndPoint.Add($newEndpoint)
}
#Add new service endpoint
Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $vnetRgName | Set-AzVirtualNetworkSubnetConfig -Name $snet -AddressPrefix $addrPrefix -ServiceEndpoint $ServiceEndPoint | Set-AzVirtualNetwork
}

Create VM in Azure with powershell with no public IP

I'm creating VM on Azure from an Image using powershell.
This is the script I'm using .
$UserName = "username"
$Password = ConvertTo-SecureString "password#123" -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential($UserName, $Password)
New-AzureRmVm `
-ResourceGroupName "RSG" `
-Name "VMName" `
-ImageName "ImageName" `
-Location "West US" `
-VirtualNetworkName "VNName" `
-SubnetName "default" `
-Credential $psCred
-PublicIpAddressName "None" `
-OpenPorts 3389
But, when I got into the Azure portal and see, some Public Ip is getting assigned by default. I have also tried without giving PublicIpAddressName property assuming , it wont assign any IP, but still it is assigning.
I want the Public IP to be none.Can anyone help me achieve this.Thanks!
Currently this an issue which is still in Open state on official azure-powershell github. You can refer it here . Incase if you still want to bypass this you can try using New-AzureReservedIP or after the deployment command try to remove the public ip by yourself Remove-AzureRmPublicIpAddress.
Note : I have'nt tested it yet. Just an idea.
Refer : Docs
To set no public ip address you have can just define it as "" , in powershell you will need to quote that again so it will be """" .
If you are using PowerShell, then you will need to escape all empty parameters by changing "" to '""' to properly pass an empty string into the command. Without this, PowerShell will not pass the empty string, and you will get an error from the command indicating it's missing a parameter.
$winVmCred = Get-Credential `
-Message "Enter username and password for the Windows management virtual machine."
# Create a NIC for the VM.
$winVmNic = New-AzNetworkInterface -Name "winVMNIC01" `
-ResourceGroupName $resourceGroup.ResourceGroupName `
-Location $location `
-SubnetId $targetVMSubnet.Id `
-PrivateIpAddress "10.10.12.10"
# Configure the Windows management VM.
$winVmConfig = New-AzVMConfig -VMName $winVmName -VMSize $winVmSize | `
Set-AzVMOperatingSystem -Windows -ComputerName $winVmName -Credential $winVmCred | `
Set-AzVMSourceImage -PublisherName $winVmPublisher `
-Offer $winVmOffer `
-Skus $winVmSku `
-Version $winVmVersion | `
Add-AzVMNetworkInterface -Id $winVmNic.Id
# Create the VM.
$winVM = New-AzVM -ResourceGroupName $resourceGroup.ResourceGroupName `
-Location $location `
-VM $winVmConfig `
-ErrorAction Stop

Resources