Forum Widgets
Latest Discussions
Copying template.json from Export Template and deploy in bicep
I have a question, i want to deploy my resources (already created on Azure Portal) on my Azure Dev Ops Repo. My question is: is it legit to take the template.json from Export Template and then convert it into Bicep and then deploy with some changes on Azure Dev Ops? Thank you very much!Solvedakin_kJul 16, 2024Copper Contributor434Views0likes5CommentsAzure Firewall DNAT not working
I have a typical Hub/Spoke Architecture with Azure Firewall in the Hub, VNEt peerings between Hub/Spoke, route table on Spoke with default route to Firewall in Hub, no NSGs currently applied. I have created DNAT rule for web site running on Windows Server VM (IIS) in Spoke. All as per documented setup e.g. https://learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-dnat. But I cannot connect to the Web site! I have even tried a DNAT rule for RDP exactly as per the article but also not connecting. I can see in the firewall logs the DNAT rule being hit but nothing is getting to the Web Server as verified using packet capture. I have spun up VM in the Hub with a default route to the Firewall and Network rules to allow RDP and HTTPs to the Spoke Vnet. From this machine I can browse to the website and RDP to the Web Server with no issues with and have verified traffic is traversing the firewall OK. What am I missing to get access via firewall DNAT working? Any help/advise, what to try next, how to debug appreciated. Cheers RichRichard_MarderJul 15, 2023Copper Contributor2KViews0likes5CommentsMigrate VM to Azure
I have a virtual machine running on standalone esxi and I do not have the access to the virtual host. but I have access to the VM which runs Windows Server. How can I migrate this to Azure? I have already tried using Starwind v2v and created 2 vhds (1 for OS and 1 for Data) and uploaded them to Azure. I created an image out of the OS disks and tried deploying a VM. It's been like 45 minutes now, but still it says the deployment in progress. If this does not work, what methods I can use to migrate the VM?phantom2000Jan 17, 2023Copper Contributor2.1KViews1like5CommentsKeyvault expiry date notification automation
Hello Team, i would like to automate the Azure Key-vault Key and Secrets Expiry date notification if the expiry date is less than 30 days from the current date. Assume we have multiple subscription with multiple key vault in each of the subscription. How do we notify the respective subscription owners when the secrets or keys are less than 30 days from the current date. There are power shell code which generates the complete list of secrets and keys in each of the key vault and list the affected keys or secrets. But we can only send the notification to one email address via the logic app. How do we ensure that the notifications are send to the respective subscription owners? Thanks.netkrish80Oct 26, 2022Copper Contributor19KViews0likes5CommentsFrontdoor Custom Domain in Bulk
Hi Everyone. We are on the brink of migrating our onprem workload to Azure AKS. We have hundreds of clients and every client has its own subdomain p.e client1.contoso.com. To avoid unexpected overload we'll migrate them in batches and for that, we'll need to create custom domains on Azure Frondoor to forward the clients included in those batches to the correct cluster. The batches are composed of 40-50 clients and creating these custom domains one by one would be a pain. I wrote a bash loop to create the custom domains from a csv file using the following command, which works fine when creating only one domain but it doesn't if I edit it for the loop. az afd custom-domain create -g rg-test-frontdoor --custom-domain-name client1-contoso-com --profile-name FrontDoor01 --host-name client1.contoso.com --minimum-tls-version TLS12 --certificate-type ManagedCertificate --no-wait The loop: #! /bin/bash while IFS="," read -r domainName domainHost do az afd custom-domain create -g rg-test-frontdoor --custom-domain-name $domainName --profile-name FrontDoor01 --host-name $domainHost --minimum-tls-version TLS12 --certificate-type ManagedCertificate --no-wait echo "Creating: $domainName, $domain" echo "" done < <(tail -n +2 domains1.csv) And my test CSV: domainName,domainHost client1-contoso-com,client1.contoso.com client2-contoso-com,client2.contoso.com Running the above bash script as createDomains.sh I get the following: ****@****:/mnt/c/scripts/FrondoorCSV$ ./createdomains.sh Command group 'afd' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus '. dRequest) Property 'AfdDomain.HostName' cannot be set to 'client1.contoso.com Code: BadRequest '. sage: Property 'AfdDomain.HostName' cannot be set to 'client1.contoso.com Creating: client1-contoso-com, client1.contoso.com Command group 'afd' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus '. dRequest) Property 'AfdDomain.HostName' cannot be set to 'client2.contoso.com Code: BadRequest '. sage: Property 'AfdDomain.HostName' cannot be set to 'client2.contoso.com Creating: client2-contoso-com, client2.contoso.com Any ideas on how can I make it work, or a workaround for this massive job? I'd need something to automate the TXT record to DNS zone but this is in the second plan. Thank you in advance, Will.SolvedWilliamBonomoOct 21, 2022Brass Contributor1.7KViews0likes5CommentsDNS configuration in Azure With an Azure DC VM
Hi, I'm thinking about to create an architecure for a customer who want to migrate all onpremise ressources to Azure. Currently, they have 1 DC, 1 Connection Broker, 7 RDS and 1 app servers (All running on Windows 2016). We want to use AVD with FSlogix in Azure Files but for Azure Files, we need to have a domaine service like ADDS, Entra DS or now we can use Microsoft Entra Kerberos but users still need to be hybrid with ADDS. I don't want to use Entra DS because there is no SSO with M365 app on AVD and for 100 users I want to automate the process. So in my test lab, I deployed an Azure VM to act as a DC (For a reason that I don't know, DNS Role wasn't installed after promoted as DC). In my vnet and for the VM we use default dns provide by Azure. I would like to know if I need to install DNS role on this VM or can I setup Private DNS Zone with maybe DNS private resolvers to be in the modern world. In the future the customer will be connect with a site to site VPN to Azure but There will be no more local servers. Thank you for you help. SimsimonduryJul 11, 2024Copper Contributor638Views0likes4CommentsAzure Load Balancer
Hello All, I have created azure load balancer and vmss(virtual machine scale set) as backend. I hosted web application in the vmss using custom script extension. I wanted to know how many request is going to my web app via load balancer. Is there any metrics available or any other way to find the total number of requests?Sathishku1340May 18, 2023Copper Contributor738Views1like4CommentsHow to generate the architecture from azure tenant?
Dear experts, want to know if there is a way to generate the full architecture diagram for an Azure Tenant. It should include network, logical, with VMs , vnet, hub spoke model, something similar to what we see in Azure Architecture Center. I checked the Network map in Defender for Cloud but it gives only network topology , also i could not see where is firewall placed? where is WAF placed etc. Idea is to quickly assess Azure cloud for deployment , if you have a better way then do suggest that as well thank you in advance for your views.SolvedanuragydvSep 28, 2022Copper Contributor7.4KViews0likes4Comments
Resources
Tags
- Azure Virtual Machines7 Topics
- azure4 Topics
- AzureAD3 Topics
- Azure Active Directory (AAD)3 Topics
- updates2 Topics
- EntraID1 Topic
- gpo1 Topic
- Azure Key Vault1 Topic
- infrastructure1 Topic
- Azure Virtual Desktop1 Topic