I have an iis hosted website on Azure windows 19 server.
To update the certificate for ssl binding I have installed keyvault extention on the vm.
Hoping if I push new version of certificate in keyvault then vms will automatically pull the certificate and apply it on IIS ssl binding.
But when I update the certificate in keyvault , extention is able to pull the certificate and put in windows My localstore. But it is not updating the corresponding ssl binding in iis with new certificate.
Moreover if I browse https://localhost then I see the client is getting latest certificate(new version).
Not able to get where it is creating the problem.
You could try to use the PowerShell script to update the IIS SSL binding:
$PublicSettings = '{
"fileUris":["https://raw.githubusercontent.com/Azure-Samples/compute-automation-configurations/master/secure-iis.ps1"],
"commandToExecute":"powershell -ExecutionPolicy Unrestricted -File secure-iis.ps1"
}'
Set-AzVMExtension -ResourceGroupName $resourceGroup `
-ExtensionName "IIS" `
-VMName "myVM" `
-Location $location `
-Publisher "Microsoft.Compute" `
-ExtensionType "CustomScriptExtension" `
-TypeHandlerVersion 1.8 `
-SettingString $publicSettings
For more detail please refer to below article:
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-secure-web-server#configure-iis-to-use-the-certificate
I would like to run some tests on some VM machines. The machines belong to different users with different MSDN accounts, which means private passwords.
What I did was so far is to create an Azure VM for each MSDN account and set a similar user name/password for the machine.
What I would like to do is to:
Connect to any of these VMs. My problem: I don't know the machine name. I tried to connect using the rdp file provided by Azure, and it's working, but the problem is that it's using an IP instead of a name.
I tried finding the machine name, but all documentation about this seems to be outdated. . I tried to connect to amam10x64.westeurope.cloudapp.azure.com but without success.
Copy a file to/from the VM. My hope is that I can use the following snippet:
$commandStr = [string]::Format("Copy-VMFile ""{0}"" -SourcePath ""{1}"" -
DestinationPath ""{2}"" -CreateFullPath -FileSource Host -Force", $VM,
$SessionPath, $RemoteFullPath)
$commandBlock = [scriptblock]::Create($commandStr)
Invoke-Command -Session $sess -ScriptBlock $commandBlock
Run a command on the VM. Hopefully, I can use same command from Pt. 2.
I tried to connect to amam10x64.westeurope.cloudapp.azure.com but
without success.
If you want to connect this VM with DNS, we should set FQDN for this VM, please refer to this link.
Copy a file to/from the VM. My hope is that I can use the following
snippet:
Maybe we can use winrm to do this.
About how to use winrm connect Azure VM, please refer to this answer.
Run a command on the VM. Hopefully, I can use same command from Pt. 2.
We can use this script to connect Azure VM via Winrm:
$username = 'jason'
$pass = ConvertTo-SecureString -string 'password' -AsPlainText -Force
$cred = New-Object -typename System.Management.Automation.PSCredential -argumentlist $username, $pass
$s = New-PSSession -ConnectionUri 'http://23.99.82.2:5985' -Credential $cred -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck)
Invoke-Command -Session $s -ScriptBlock {Get-Process PowerShell}
I want to create Azure VM with public static IP.
Here is the issues I encountered:
I have a "VS professional MSDN subscription" which gave me 45e/month Azure credit.
I log into Azure portal (https://manage.windowsazure.com) with MSDN subscription enabled account to create new virtual machine, in "REGION/AFFINITY GROUP" option, only "central us", "south central us", "east asia", "south east asia", "japan west" is available, while I would like to create VM in "north europe"
If I log into Azure preview portal (https://portal.azure.com), I can create VM in "north europe" but New-AzureReservedIP powershell command is not working with `-Location "North Europe", only locations avaialabe from old portal region list allows (such as "south central us")
In "classic" mode New-AzureReservedIP create a new IP address for your cloud service. After the reserved IP has been created, you can only associate it with the cloud service.
When it can be useful?
If all of the virtual machines in a cloud service are in the StoppedDeallocated state (or deleted), the public IP
address of the cloud service is lost. You can mitigate this by using a reserved IP address hosting your virtual machines.
Now if you use https://portal.azure.com and "Resource Manager" for creating your VMs, you can configure the public IP for the VM at creation time or change after.
At creation time
It seems that static IP address currently is not supported. I have tried to create an static PublicIP address with New-AzureRmPublicIpAddress but its support only dynamic type. When I set "static" for the switch -AllocationMethod Static its return me this error
Currently this
configuration is not supported. Network interfaces can use only dynamic public IPs.
In the ARM CLI, you can use the following command to create a static public IP in the resource group "momentarybehaviorrg" (which must already exist) with name "myipname" in location "North Europe":
azure network public-ip create -g momentarybehaviorrg -n myipname -l "North Europe" -a Static
For more info, take a look at the documentation with the following command:
azure network public-ip create -h
Microsoft prevented my account to create VM in European regions.
Their tech support enabled it after internal team discussion.
Now I can create VMs as I want.
Thus, it is an issue in the back-end.
You can script all the vm creation process via powershell, this include the creation of resource group, the subnet, the vnet, the public ip, network security group, the storage and much more.
You can attach all vm resources to one resource group and by doing this you can easly delete the vm and realted resources by executing one command line.
Install and import AzureRM
In order to use and execute the below commands we need to install and import the AzureRM powershell module if we don't already have it, if you already have it you can skip this section.
PS: You need elevated privileges to install modules from PowerShell Gallery
`Install-Module -Name AzureRM -AllowClobber`
By default, the PowerShell gallery is not configured as a trusted repository for PowerShellGet. The first time you use PSGallery, the following message is displayed:
Untrusted repository
You are installing the modules from an untrusted repository. If you trust this repository, change
its InstallationPolicy value by running the Set-PSRepository cmdlet.
Are you sure you want to install the modules from 'PSGallery'?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "N"):
So, don't worry about this message.
Once installed, you can import AzureRM by running the following command:
Import-Module AzureRM
Finnaly, to finish with this section we need to connect to Azure account, simply execute this command and you we be prompted:
# Connect to Azure with an interactive dialog for sign-in
Connect-AzureRmAccount
Create a resource group
A resource group is a logical container in which Azure resources are deployed and managed.
From your SDK, run the following code block to create a resource group:
# Create variables to store the location and resource group names.
$location = "francecentral"
$ResourceGroupName = "resource-group-1"
New-AzureRmResourceGroup -Name $ResourceGroupName -Location $location
Create storage resources
Create a storage account to store the output of boot diagnostics.
# Create variables to store the storage account name and the storage account SKU information
$StorageAccountName = "msstorage01"
$SkuName = "Standard_LRS"
# Create a new storage account
$StorageAccount = New-AzureRMStorageAccount `
-Location $location `
-ResourceGroupName $ResourceGroupName `
-Type $SkuName `
-Name $StorageAccountName
Set-AzureRmCurrentStorageAccount `
-StorageAccountName $storageAccountName `
-ResourceGroupName $resourceGroupName
Create networking resources
Create a VNet (virtual network), subnet, and a public IP address. Creating these Azure resources help us providing the network connectivity to our VM.
# Create a the subnet configuration
$subnetConfig = New-AzureRmVirtualNetworkSubnetConfig `
-Name subNet-1 `
-AddressPrefix 192.168.1.0/24
Create the virtual network
$vnet = New-AzureRmVirtualNetwork `
-ResourceGroupName $ResourceGroupName `
-Location $location `
-Name vNet-1 `
-AddressPrefix 192.168.0.0/16 `
-Subnet $subnetConfig
Create a public IP address and specify a DNS name
$publicip = New-AzureRmPublicIpAddress `
-ResourceGroupName $ResourceGroupName `
-Location $location `
-AllocationMethod Static `
-IdleTimeoutInMinutes 4 `
-Name "mypublicdns$(Get-Random)"
Create a NSG (network security group ) and a NSG rule
The NSG secures our VM by using inbound and outbound rules.
Now, we need to create an inbound rule for port 3389 to allow incoming RDP (Remote Desktop) connections and an inbound rule for port 80 to let our VM receive the incoming web traffic.
Create an inbound NSG rule for the 3389 port
# Create an inbound NSG rule for the 3389 port
# This rule will allow us to connect to the VM via an RDP connection
$nsgrdprule = New-AzureRmNetworkSecurityRuleConfig `
-Name nsg-rdp-rule `
-Protocol Tcp `
-Direction Inbound `
-Priority 1000 `
-SourceAddressPrefix * `
-SourcePortRange * `
-DestinationAddressPrefix * `
-DestinationPortRange 3389 `
-Access Allow
Create an inbound network security group rule for port 80
# This rule will allow the VM to receive incoming web connections via the port 80
$nsgwebrule = New-AzureRmNetworkSecurityRuleConfig `
-Name nsg-inbound-www-rule `
-Protocol Tcp `
-Direction Inbound `
-Priority 1001 `
-SourceAddressPrefix * `
-SourcePortRange * `
-DestinationAddressPrefix * `
-DestinationPortRange 80 `
-Access Allow
Create the NSG (network security group)
# This will wrap up previously created rules (nsg-web-rule and nsg-rdp-rule) within an NSG
$nsg = New-AzureRmNetworkSecurityGroup `
-ResourceGroupName $ResourceGroupName `
-Location $location `
-Name nsg-1 `
-SecurityRules $nsgrdprule,$nsgwebrule
# This command will create a VNC (virtual network card) and associate it with public IP address and NSG
$nic = New-AzureRmNetworkInterface `
-Name nic-1 `
-ResourceGroupName $ResourceGroupName `
-Location $location `
-SubnetId $vnet.Subnets[0].Id `
-PublicIpAddressId $publicip.Id `
-NetworkSecurityGroupId $nsg.Id
# Define a credential object to store the username and password for the VM
$UserName='ali.mselmi'
$Password='P#ssword123'| ConvertTo-SecureString -Force -AsPlainText
$Credential=New-Object PSCredential($UserName,$Password)
Create the VM configuration object
$VmName = "VirtualMachinelatest"
$VmSize = "Standard_A1"
$VirtualMachine = New-AzureRmVMConfig `
-VMName $VmName `
-VMSize $VmSize
$VirtualMachine = Set-AzureRmVMOperatingSystem `
-VM $VirtualMachine `
-Windows `
-ComputerName "MainComputer" `
-Credential $Credential -ProvisionVMAgent
$VirtualMachine = Set-AzureRmVMSourceImage `
-VM $VirtualMachine `
-PublisherName "MicrosoftWindowsServer" `
-Offer "WindowsServer" `
-Skus "2016-Datacenter" `
-Version "latest"
# Sets the operating system disk properties on a VM.
$VirtualMachine = Set-AzureRmVMOSDisk `
-VM $VirtualMachine `
-CreateOption FromImage | `
Set-AzureRmVMBootDiagnostics -ResourceGroupName $ResourceGroupName `
-StorageAccountName $StorageAccountName -Enable |`
Add-AzureRmVMNetworkInterface -Id $nic.Id
Create the VM
Finnaly we can create the VM deployment configuration.
# Create the VM.
New-AzureRmVM `
-ResourceGroupName $ResourceGroupName `
-Location $location `
-VM $VirtualMachine
We can check the VM creation via the Azure portal:
Connect to the VM
To do a remote access into the VM that we created in the previous step, we need its public IP address also previously set up.
To do that, we just need to run the following command and get the public IP address:
Get-AzureRmPublicIpAddress `
-ResourceGroupName $ResourceGroupName | Select IpAddress
Now, we can do a remote desktop access after creating a Remote Desktop session with the VM, just you need replace the IP address with the publicIPAddress of your VM.
When prompted, you can login by using your credentials used when creating the VM.
`mstsc /v publicIpAddress`
Connect to the Azure VM with an RDP, SSH or Bastion
You can connect to the VM via RDP, SSH or Bastion, you just need to click to the created VM via Azure portal and then click connect.
Delete the VM
We can use the following command to remove the resource group that contains the VM and its related resources:
Remove-AzureRmResourceGroup `
-Name $ResourceGroupName
Final words...
The advantage of scripting the entire VM creation process is that often we don't need to create a single VM, but to create several, creating a script for the process gives us the flexibility to customize the VMs creation at large-scale.
Original blog post
Create a Windows Server virtual machine with PowerShell
I am starting to think that i'm really stupid.
Trying since 2 hours to create a vm from the section my discs with powershell. Everywhere in the internet i find information about creating a vm from existing vm images, but not from the my disks section. I mean this one:
How can i achieve this by the powershell?
I tried the following script, however i keep getting this error message and google seems useless, since there are tons of links relating how to create a vm image or how to upload it but not how to create a vm from an existing uploaded disk, nothing else.
My script i tried:
New-AzureVMConfig -Name "kentico1" -InstanceSize Medium -VMImageName "kenticovm-kenticovm-0-201408210905260518" -MediaLocation "https://rivirtualmachines.blob.core.windows.net/vhds/kenticovm-kenticovm-2014-08-21.vhd" | Add-AzureProvisioningConfig -Windows -AdminUsername adminuser -Password "asldfj9283lj" | New-AzureVM -ServiceName "kentico" -ReservedIPName CMSIP -Location "West Europe"
And i keep getting this error
New-AzureVM : BadRequest: OSImage kenticovm-kenticovm-0-201408210905260518.vhd not found. If you are using
a VM image, it must be specified as VMImageName for the role, not as SourceImageName for OSVirtualHardDisk.
Can anybody help me?
Thank you in advance
best
laurin
Okey i figured it out:
New-AzureVMConfig -Name "kentico1" -InstanceSize Medium -DiskName "kenticovm-kenticovm-0-201408210905260518" | Add-AzureEndpoint -Name "HTTP" -Protocol "tcp" -PublicPort 80 -LocalPort 80 | New-AzureVM -ServiceName "kentico" -ReservedIPName CMSIP -Location "West Europe"
I have been asked to "help" a client migrate their on premise AD/Exchange 2010 implementation to the cloud (office 365).
i have no idea where to start and although I have watched quite a few videos on the topic via technet I feel I need some practical experience.
As such I was wondering if anyone knew of some step-by-step guides on how to setup a mock environment on windows azure (setting up a new AD server with multiple users) and then migrating that environment into office 365?
I would certainly recommend setting up a lab environment on Azure IaaS so that you can walk through the process.
Here's the basic process I use...
Set up a new Virtual Network via the Portal
Create an affinity group to ensure that resources are co-located
Create a storage account to host your VHD's
Create a PowerShell script to set up an AD VM
Install AD DS on the AD VM and configure your domain
Create PowerShell scripts for other domain-joined VM's
If you want federated authentication, create an AD FS VM
Create a VM to host DirSync
Configure directory synchronisation in Office 365
Install DirSync from the Office 365 portal on your DirSync VM
Create a VM to act as a test client or configure point-to-site VM and add an existing machine to your lab domain
Here's an example script to create an AD VM...
Import-Module "C:\Program Files (x86)\Microsoft SDKs\Windows Azure\PowerShell\Azure\Azure.psd1"
Import-AzurePublishSettingsFile 'C:\Lab\credentials.publishsettings'
Set-AzureSubscription -SubscriptionName '{your Azure subscription}' -CurrentStorageAccount {your storage account name}
Select-AzureSubscription -SubscriptionName '{your Azure subscription}'
#Deploy the Domain Controller in a virtual network
#-------------------------------------------------
#Specify my DC's DNS IP (127.0.0.1)
$myDNS = New-AzureDNS -Name 'LabDNS' -IPAddress '127.0.0.1'
$vmname = 'LabDC'
# OS Image to Use
# Get the latest Windows Server 2008 R2 SP1 image
$family = "*Windows Server 2008 R2 SP1*"
$images = Get-AzureVMImage `
| where { $_.ImageFamily -like $family } `
| Sort-Object -Descending -Property PublishedDate
$image = $images[0].ImageName
Write-Host "Using image: " + $image
Read-Host "Continue or Ctrl-C to cancel"
$service = 'LabDomain'
$AG = 'LabAffinityGroup'
$vnet = 'LabNetwork'
$user = "LabAdmin"
$password = 'LabPassword123'
$subnet = 'Subnet-1'
#VM Configuration
$MyDC = New-AzureVMConfig -name $vmname -InstanceSize 'Small' -ImageName $image |
Add-AzureProvisioningConfig -Windows -AdminUsername $user -Password $password |
Set-AzureSubnet -SubnetNames $subnet
New-AzureVM -ServiceName $service -AffinityGroup $AG -VMs $MyDC -DnsSettings $myDNS -VNetName $vnet