Hands-on-Labs

13 Topics

Login to Windows virtual machine in Azure using Azure AD authentication (and the pitfalls)!
Dear Microsoft Azure Friends, This article is about the login to Windows virtual machine in Azure using Azure Active Directory authentication and what needs to be considered in the process. This article describes the procedure. So far, everything is actually in perfect order. https://docs.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows So I have worked through the steps and now I want to log on to the virtual machine with an Azure Active Directory account. Why does this error message appear now? Have I done something wrong? I am going through all the steps again. No fits. So I take another close look at the article and discover the following: But that's exactly not the case with me. I want to connect from my local system which is not registered or joined in Azure. Let's take it one step at a time. First of all, I create a group in Azure Active Directory. This will contain the account I will use later for the login. ATTENTION: Use the appropriate Windows OS => Windows Server 2019 Datacenter edition and later or Windows 10 1809 and later Next I create a new virtual machine with the default settings (including a public IP address and yes this is not good, but this demo absolutely OK). Except for Management I set the following settings. If you want to work with an existing virtual machine you need to install the extension. You can do this with the Azure Cloud Shell, in a Bash terminal. az vm extension set \ --publisher Microsoft.Azure.ActiveDirectory \ --name AADLoginForWindows \ --resource-group YourResourceGroup \ --vm-name YourVM After the virtual machine is created we need to work with Role based Access Control RBAC. There are two roles that can be used. Virtual Machine Administrator Login or Virtual Machine User Login If you need local admin rights you need the first role. If you want to log in as a standard user, you can work with the second role. Now we connect to the virtual machine using RDP, but ATTENTION, I use the account I created when I created the virtual machine (not an Azure AD account). In the virtual machine I start the command prompt and use dsregcmd /status. The machine is Azure AD Joined. In the virtual machine, navigate to Start and invoke "run". Type sysdm.cpl and navigate to the Remote tab. Remove the "Allow connections..." option and click "Select Users". When you click on "Locations" you will immediately see that you cannot select an account from Azure AD. We need the command prompt for this. Start the command prompt with elevated privileges and enter the following (customized with your information, of course). net localgroup "remote desktop users" /add "AzureAD\Email address removed" Go back to the Azure Portal to your virtual machine. Download the RDP connection file. Open this RDP file with an editor and add the following lines. enablecredsspsupport:i:0 authentication level:i:2 Now double click on the RDP connection file and now use the Azure account for login. AND BINGO, we can now log in to our virtual machine using the Azure Active Directory account! Cool! I hope this article was useful. Thank you for taking the time to read the article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler
TomWechsler
Mar 05, 2022 Place Azure Compute
32KViews
8likes
18Comments
ASR Replication is stuck at "Waiting for First Recovery Point"
Hi All, I am trying to add ASR for one of my setup[VM's] present in Azure environment. But, all the VM's are stuck in "Waiting for First Recovery Point". Please find more details below. Configuration: 1. All the VM's re located in "East US2" 2. All the VM's are installed with Linux[Cent OS] Status of ASR: Created a new Recovery Service Vault “SoakASR-Vault” Enabled Replication for 3 servers for 3 performance servers. You can find the replicated servers in “SoakASR-Vault | Replicated items” Issue: All the 3 servers are stuck at “Waiting for First Recovery Point" Observations: I have created Recovery Services Vault in “Central US”. But, I see Network Mapping as WEST US in "Site Recovery infrastructure | Network mapping" Extension update is failing at "Site Recovery infrastructure | Extension update settings" I see 'Installing Mobility Service and preparing target' with status as “Completed with Information” message. Error ID: 151083 Error Message: Site recovery mobility service update completed with warnings Please help if you have any idea where I am going wrong. Thanks in advance.
psamudrala
Jan 22, 2021 Place Azure Compute
15KViews
0likes
2Comments
Create a custom role (VM Reader) for a user using PowerShell in Azure!
Hi Azure friends, This example is about this customer scenario. A specific user needs to be able to read the settings of all VMs (virtual machines) in a specific subscription, but no more. Access to providers like Microsoft.Compute, Microsoft.Network and Microsoft.Storage, but just not anymore. So the Reader role in Azure is out of the question. For this reason I created a custom role with PowerShell (can also be done with the portal - as you wish). I used the PowerShell ISE for this configuration. But you are also very welcome to use Visual Studio Code, just as you wish. Please start with the following steps to begin the deployment (the Hashtags are comments): #The first two lines have nothing to do with the configuration, but make some space below in the blue part of the ISE. Set-Location C:\ Clear-Host #We need the necessary cmdlets Install-Module -Name Az -Force -AllowClobber -Verbose #Log into Azure Connect-AzAccount #Please replace "your-subscription-id" with the ID of your subscription which have a format like this: #86f81fc3-b00f-48cd-8218-3879f51ff362 #Select the correct subscription Get-AzContext Get-AzSubscription Get-AzSubscription -SubscriptionName "your subscription name" | Select-AzSubscription #First look Get-AzProviderOperation "Microsoft.Support/*" | FT Operation, Description -AutoSize #Checking the roles for the intended user Get-AzRoleAssignment -Scope "/subscriptions/your-subscription-id" -SignInName tim.taylor@tomwechsler.xyz #Powershell create custom role $role = Get-AzRoleDefinition "Virtual Machine Contributor" $role.Id = $null $role.Name = "VM Reader" $role.Description = "Can see VMs" $role.Actions.Clear() $role.Actions.Add("Microsoft.Storage/*/read") $role.Actions.Add("Microsoft.Network/*/read") $role.Actions.Add("Microsoft.Compute/*/read") $role.AssignableScopes.clear() $role.AssignableScopes.Add("/subscriptions/your-subscription-id") #Create the new role New-AzRoleDefinition -Role $role #Assign the new role New-AzRoleAssignment -SignInName tim.taylor@tomwechsler.xyz -RoleDefinitionName "VM Reader" -Scope "/subscriptions/your-subscription-id" #Checking the roles for the intended user Get-AzRoleAssignment -Scope "/subscriptions/your-subscription-id" -SignInName tim.taylor@tomwechsler.xyz Now we have assigned the new role to the user and you can perform the control in the portal. I know that wasn't super fancy at all. But I really wanted to share my experience with you. I hope this article was useful. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM, etc.) that I use can be found on github! https://github.com/tomwechsler
TomWechsler
Jul 12, 2021 Place Azure Compute
4.8KViews
0likes
2Comments
RDP gateway to secure rdp access to vm
Hello, can I set up RDP gateway as Azure Service? I like to secure my lab vm with rdp access. VPN is not so good, because I access the vms from different location and laptops. Regards Stefan
Solved
StefanKi
Nov 01, 2018 Place Azure Compute
4.8KViews
0likes
4Comments
Using PowerShell in Azure to assign a new virtual machine to an existing virtual network!
Hi Azure friends, I used the PowerShell ISE for this configuration. But you are also very welcome to use Visual Studio Code, just as you wish. Please start with the following steps to begin the deployment (the Hashtags are comments): #The first two lines have nothing to do with the configuration, but make some space below in the blue part of the ISE Set-Location C:\Temp Clear-Host #So that you can carry out the configuration, you need the necessary cmdlets, these are contained in the module Az (is the higher-level module from a number of submodules) Install-Module -Name Az -Force -AllowClobber -Verbose #Log into Azure Connect-AzAccount #Search for the resource groups Get-AzResourceGroup | Format-Table #Whats in a specific resource group Get-AzResource -ResourceGroupName tw-azuredemo-rg | Format-Table #Some variables $RGName = "tw-azuredemo-rg" $VnetName = "tw-vnet-workload" $Location = "westeurope" $VMName = "twsrv2021" $credential = Get-Credential #We need all infos about the virtual network $VirtualNetwork = (Get-AzVirtualNetwork -Name $VnetName -ResourceGroupName $RGName) #Let's have a look at the variable $VirtualNetwork #Create a network interface $nic = New-AzNetworkInterface ` -ResourceGroupName $RGName ` -Name "twsrv2021-nic" ` -Location $Location ` -SubnetId $VirtualNetwork.Subnets[0].Id #Define your VM $vmConfig = New-AzVMConfig -VMName $VMName -VMSize "Standard_D2s_v4" #Create the rest of your VM configuration $vmConfig = Set-AzVMOperatingSystem -VM $vmConfig ` -Windows ` -ComputerName $VMName ` -Credential $credential ` -ProvisionVMAgent ` -EnableAutoUpdate $vmConfig = Set-AzVMSourceImage -VM $vmConfig ` -PublisherName "MicrosoftWindowsServer" ` -Offer "WindowsServer" ` -Skus "2016-Datacenter" ` -Version "latest" #Attach the network interface that you previously created $vmConfig = Add-AzVMNetworkInterface -VM $vmConfig -Id $nic.Id #Create your VM New-AzVM -VM $vmConfig -ResourceGroupName $RGName -Location $Location Now you have used the PowerShell to create a new virtual machine and added to an existing virtual network! Congratulations! I hope this article was useful. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler
TomWechsler
Jan 09, 2021 Place Azure Compute
4.6KViews
2likes
0Comments
With the PowerShell collect details about all Azure VM's in a subscription!
Hi Microsoft Azure Friends, I used the PowerShell ISE for this configuration. But you are also very welcome to use Visual Studio Code, just as you wish. Please start with the following steps to begin the deployment (the Hashtags are comments): #The first two lines have nothing to do with the configuration, but make some space below in the blue part of the ISE Set-Location C:\Temp Clear-Host #So that you can carry out the configuration, you need the necessary cmdlets, these are contained in the module Az (is the higher-level module from a number of submodules) Install-Module -Name Az -Force -AllowClobber -Verbose #Log into Azure Connect-AzAccount #Select the correct subscription Get-AzContext Get-AzSubscription Get-AzSubscription -SubscriptionName "your subscription name" | Select-AzSubscription #Provide the subscription Id where the VMs reside $subscriptionId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" #Provide the name of the csv file to be exported $reportName = "myReport.csv" #If you didn't select the subscription in the step above, you can do so now (or just skip it) Select-AzSubscription $subscriptionId #Some variables $report = @() $vms = Get-AzVM $publicIps = Get-AzPublicIpAddress $nics = Get-AzNetworkInterface | ?{ $_.VirtualMachine -NE $null} #Now start the loop foreach ($nic in $nics) { $info = "" | Select VmName, ResourceGroupName, Region, VirturalNetwork, Subnet, PrivateIpAddress, OsType, PublicIPAddress $vm = $vms | ? -Property Id -eq $nic.VirtualMachine.id foreach($publicIp in $publicIps) { if($nic.IpConfigurations.id -eq $publicIp.ipconfiguration.Id) { $info.PublicIPAddress = $publicIp.ipaddress } } $info.OsType = $vm.StorageProfile.OsDisk.OsType $info.VMName = $vm.Name $info.ResourceGroupName = $vm.ResourceGroupName $info.Region = $vm.Location $info.VirturalNetwork = $nic.IpConfigurations.subnet.Id.Split("/")[-3] $info.Subnet = $nic.IpConfigurations.subnet.Id.Split("/")[-1] $info.PrivateIpAddress = $nic.IpConfigurations.PrivateIpAddress $report+=$info } #Now let's look at the result $report | ft VmName, ResourceGroupName, Region, VirturalNetwork, Subnet, PrivateIpAddress, OsType, PublicIPAddress #We save the file in our home folder $report | Export-CSV "$home/$reportName" Now you have used the PowerShell to create a report with the details about the vm's in a subscription! Congratulations! I hope this article was useful. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler
TomWechsler
Nov 12, 2020 Place Azure Compute
4KViews
0likes
0Comments
Using the PowerShell in Azure to provide a Linux VM (virtual machine) with NGINX support
Hi Azure friends, I used the PowerShell ISE for this configuration. But you are also very welcome to use Visual Studio Code, just as you wish. Please start with the following steps to begin the deployment (the Hashtags are comments): #The first two lines have nothing to do with the configuration, but make some space below in the blue part of the ISE Set-Location C:\Temp Clear-Host #So that you can carry out the configuration, you need the necessary cmdlets, these are contained in the module Az (is the higher-level module from a number of submodules) Install-Module -Name Az -Force -AllowClobber -Verbose #Log into Azure Connect-AzAccount #Select the correct subscription Get-AzContext Get-AzSubscription Get-AzSubscription -SubscriptionName "your subscription name" | Select-AzSubscription # Variables for common values $resourceGroup = "myResourceGroup" $location = "westeurope" $vmName = "myVM" # Define user name and blank password (never put a secret in code, but for this demo it is OK) $securePassword = ConvertTo-SecureString 'P@ssw0rd123!!' -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential ("tom", $securePassword) # Create a resource group New-AzResourceGroup -Name $resourceGroup -Location $location # Create a subnet configuration $subnetConfig = New-AzVirtualNetworkSubnetConfig -Name mySubnet -AddressPrefix 192.168.1.0/24 # Create a virtual network $vnet = New-AzVirtualNetwork -ResourceGroupName $resourceGroup -Location $location ` -Name MYvNET -AddressPrefix 192.168.0.0/16 -Subnet $subnetConfig # Create a public IP address and specify a DNS name $pip = New-AzPublicIpAddress -ResourceGroupName $resourceGroup -Location $location ` -Name "mypublicdns$(Get-Random)" -AllocationMethod Static -IdleTimeoutInMinutes 4 # Create an inbound network security group rule for port 22 $nsgRuleSSH = New-AzNetworkSecurityRuleConfig -Name myNetworkSecurityGroupRuleSSH -Protocol Tcp ` -Direction Inbound -Priority 1000 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * ` -DestinationPortRange 22 -Access Allow # Create an inbound network security group rule for port 80 $nsgRuleHTTP = New-AzNetworkSecurityRuleConfig -Name myNetworkSecurityGroupRuleHTTP -Protocol Tcp ` -Direction Inbound -Priority 2000 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * ` -DestinationPortRange 80 -Access Allow # Create a network security group $nsg = New-AzNetworkSecurityGroup -ResourceGroupName $resourceGroup -Location $location ` -Name myNetworkSecurityGroup -SecurityRules $nsgRuleSSH,$nsgRuleHTTP # Create a virtual network card and associate with public IP address and NSG $nic = New-AzNetworkInterface -Name myNic -ResourceGroupName $resourceGroup -Location $location ` -SubnetId $vnet.Subnets[0].Id -PublicIpAddressId $pip.Id -NetworkSecurityGroupId $nsg.Id # Create a virtual machine configuration $vmConfig = New-AzVMConfig -VMName $vmName -VMSize Standard_DS2_v2 | ` Set-AzVMOperatingSystem -Linux -ComputerName $vmName -Credential $cred | ` Set-AzVMSourceImage -PublisherName Canonical -Offer UbuntuServer -Skus 18.04-LTS -Version latest | ` Add-AzVMNetworkInterface -Id $nic.Id # Create a virtual machine New-AzVM -ResourceGroupName $resourceGroup -Location $location -VM $vmConfig # Install NGINX. $PublicSettings = '{"commandToExecute":"apt-get -y update && apt-get -y install nginx"}' Set-AzVMExtension -ExtensionName "NGINX" -ResourceGroupName $resourceGroup -VMName $vmName ` -Publisher "Microsoft.Azure.Extensions" -ExtensionType "CustomScript" -TypeHandlerVersion 2.0 ` -SettingString $PublicSettings -Location $location #Check NGINX within the vm or use the public IP of the VM in a browser session. Now you have configured a linux virtual machine with the PowerShell in Azure! Congratulations! #Delete all resources (when you no longer need it) Remove-AzResourceGroup -Name myResourceGroup -Force I hope this article was useful. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler
TomWechsler
Oct 19, 2020 Place Azure Compute
1.9KViews
1like
0Comments
MPI job in cluster built with Standard D2s v3 (2 vcpus, 8 GB memory)
Hello everyone, I am new to Azure. And I tried to build a cluster with Ubuntu nodes in Azure. So I chose D2s v3 (2 vCPUs, 8 GB memory) and Ubuntu1604 Image to build tow VMs as the master node and worker node. I just followed the guidebook to create these two VMs and established /etc/hosts in each node and set up NFS so that the /home of the master node can be mounted on /home of the worker node. It worked, I can passwordless ssh to each node from the other. I ping node001 from the master node: miker2746@mt-test21:~/rm-test1$ miker2746@mt-test21:~/rm-test1$ ping node001 PING node001 (10.0.0.25) 56(84) bytes of data. 64 bytes from node001 (10.0.0.25): icmp_seq=1 ttl=64 time=0.963 ms 64 bytes from node001 (10.0.0.25): icmp_seq=2 ttl=64 time=0.553 ms 64 bytes from node001 (10.0.0.25): icmp_seq=3 ttl=64 time=0.622 ms 64 bytes from node001 (10.0.0.25): icmp_seq=4 ttl=64 time=0.748 ms 64 bytes from node001 (10.0.0.25): icmp_seq=5 ttl=64 time=0.709 ms ^C --- node001 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4057ms rtt min/avg/max/mdev = 0.553/0.719/0.963/0.139 ms miker2746@mt-test21:~/rm-test1$ But when I ran my MPI job in this cluster, it failed and showed some errors as follows: miker2746@mt-test21:~/rm-test1$ mpiexec -n 2 -f ~/hostfile fds random_meshes.fds ^C[mpiexec@mt-test21] Sending Ctrl-C to processes as requested [mpiexec@mt-test21] Press Ctrl-C again to force abort [mpiexec@mt-test21] HYDU_sock_write (../../utils/sock/sock.c:418): write error (Bad file descriptor) [mpiexec@mt-test21] HYD_pmcd_pmiserv_send_signal (../../pm/pmiserv/pmiserv_cb.c:252): unable to write data to proxy [mpiexec@mt-test21] ui_cmd_cb (../../pm/pmiserv/pmiserv_pmci.c:174): unable to send signal downstream [mpiexec@mt-test21] HYDT_dmxu_poll_wait_for_event (../../tools/demux/demux_poll.c:76): callback returned error status [mpiexec@mt-test21] HYD_pmci_wait_for_completion (../../pm/pmiserv/pmiserv_pmci.c:501): error waiting for event [mpiexec@mt-test21] main (../../ui/mpich/mpiexec.c:1147): process manager error waiting for completion miker2746@mt-test21:~/rm-test1$ I have built exactly the same cluster with similar VM size on AWS EC2 and Google Compute Engine before, they all worked very well and never showed these errors before. I tried to find the answers and solutions to my problem by reading documents of Azure. And according to https://docs.microsoft.com/en-us/azure/virtual-machines/linux/sizes-hpc, it seems that only VM size of H16r, H16mr, A8 or A9 is allowed to run MPI jobs. Is that true? Or it just means that MPI jobs can experience low latency RDMA when they run in HPC cluster built with one of these 4 VM sizes. So my questions are: 1. Can anyone tell me what's wrong with my cluster, why will I have this kind of errors. Is that because I haven't set up Virtual Network correctly? 2. Can I run MPI jobs on a cluster that built with VM sizes other than these 4? 3. If MPI jobs only allow running in these 4 VMs, how can I set up a cluster with this particular VM? Thank you very much Michael
shuai shao
Feb 09, 2018 Place Azure Compute
1.7KViews
0likes
0Comments
A few PowerShell (in Azure from virtual machines) impressions summarized!
Hi Azure Friends, In this article I have summarized a few tasks that I used on a project. This is certainly not an exhaustive summary when it comes to working with Azure and PowerShell, I just wanted to summarize a few points. I used the PowerShell ISE for this configuration. But you are also very welcome to use Visual Studio Code, just as you wish. Please start with the following steps to begin the deployment (the Hashtags are comments): #The first two lines have nothing to do with the configuration, but make some space below in the blue part of the ISE Set-Location C:\Temp Clear-Host #So that you can carry out the configuration, you need the necessary cmdlets, these are contained in the module Az (is the higher-level module from a number of submodules) Install-Module -Name Az -Force -AllowClobber -Verbose #Log into Azure Connect-AzAccount #Select the correct subscription Get-AzContext Get-AzSubscription Get-AzSubscription -SubscriptionName "your subscription name" | Select-AzSubscription #Some variables $RgName = "tw-rg01" $vmName = "tw-win2019" $Location = "westeurope" #Infos about the vm's Get-AzVM #Get VM status and add results to variable $AllVMs = Get-AzVM -ResourceGroupName $RgName -Status | Select-Object ResourceGroupName,Name,Location, @{ label = "VMStatus"; Expression = { $_.PowerState } } #Display the results $AllVMs | Format-Table -Auto -Wrap #Or get VM status where server names match VM and add results to variable $AllVMs = Get-AzVM -ResourceGroupName $RgName -Status | Where-Object {$_.name -match "srv"} | Select-Object ResourceGroupName,Name,Location, @{ label = "VMStatus"; Expression = { $_.PowerState } } #Display the results $AllVMs | Format-Table -Auto -Wrap #Display results in new window $AllVMs | Out-GridView -Title "Azure VMs" #List VMs in a resource group Get-AzVM -ResourceGroupName $RgName #Get all virtual machines in the location Get-AzVM -Location $Location #Get information about a VM Get-AzVM -ResourceGroupName $RgName -Name $vmName #We start just one vm Start-AzVM -ResourceGroupName $RgName -Name $vmName #Stop a VM Stop-AzVM -ResourceGroupName $RgName -Name $vmName #Restart a running VM Restart-AzVM -ResourceGroupName $RgName -Name $vmName #For which VM's is Auto-Shutdown configured? (Get-AzResource -ResourceType Microsoft.DevTestLab/schedules -Expandproperties).Properties | Select-Object -Property targetResourceId, taskType, status | Format-List I am absolutely aware that this is nothing overwhelming. But I would like to share a few experiences with you. I hope this article was useful. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github! https://github.com/tomwechsler
TomWechsler
Jul 27, 2021 Place Azure Compute
1.6KViews
0likes
0Comments
Check if autoshutdown feature and PIM is enabled for VMs in resource group using powershell/CLI
Hi All, I would like to know how to check if autoshutdown feature and PIM is enabled for VMs in resource group using powershell/CLI.
Sagar_Lad
Jan 04, 2021 Place Azure Compute
1.5KViews
0likes
2Comments