Category Archives: Azure

ATP, Azure, Linux, Office 365, Security

Onboarding Linux Client (DEEPIN) to Microsoft Azure Threat protection ATP using ubuntu repository

Leave a comment

Installing Microsoft Azure Threat Protection (ATP) on Linux Devices

While playing with ATP on some windows devices, I was in the mood of trying the new Deepin 20 desktop flavor which is a famous Chinese Linux OS based system.

Microsoft doesn’t indicate anywhere that installation of ATP on a Linux client is possible but Linux server is mentioned in the official ATP installation documents.

How to Install?

After I installed the Deepin OS, I was really impressed by the new beautiful Linux design so I plan to use it and have it secure with ATP.

image

Prerequisites:

  1. Configure the Linux software repository for Ubuntu and Debian
  2. Application Installation
  3. Download the onboarding Package
  4. Client Config

1-Configure the Linux software repository for Ubuntu and Debian

You will need to install the required libraries, install Gpg, apt-transport-https and update repository metadata using the following commands one by one.

  • sudo apt-get install curl

image

  • sudo apt-get install libplist-utils

image

image

  • sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-ubuntu.list
  • sudo apt-get install gpg

image

image

image

After successfully installing all the libraries, I will go ahead and install the application

2- Application Installation

From the Linux client Terminal using sudo power user run the following script

sudo apt-get install mdatp

image

Once finished, You can go back to the ATP portal and download the Linux Onboarding package on the linux server/client you want to onboard

3- Download the onboarding Package

Since I am doing a single deployment not bulk, then I will go to the Microsoft Defender Security Center’s setting page and download the Linux package from the device management section.

image

The steps for the onboarding is already mentioned on that page so after you download the script you’ll know exactly what to do next.

The file is 9kb python in size

image

Copy the file to your Linux Desktop

image

4- Client Config

From the terminal type in chmod a+x MicrosoftDefenderATPOnBoardingLinuxServer.py and hit enter

Note: python must be installed on this linux dervice.

Then type python /MicrosoftDefenderATPOnBoardingLinuxServer.py

image

This will run pretty quick and will assign your Linux server/client with your Organization ID.

To see the Organization ID type:

mdatp –health orgId

image

Few minutes later you’ll be able to see the installation completion and the status through this command

Check if WDATP is functioning as expected

mdatp –health healthy

image

Check if WDATP agent is enabled

mdatp –health realTimeProtectionEnabled

image

Let’s check on our ATP portal and see if the machine is showing there.

Note: It might take 5-15 mins to update the definitions of WDATP when onboarding.

image

Running a detection Test:

curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt

image

In few seconds the file has disappeared

image

Checking for threats

mdatp –threat –list –pretty

image

Let’s see this on the ATP Portal

image

image

This is just a test malware not a real one therefore it wont harm your machine at all.

Hope this helps you with your deployments

Ref:

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually

Deepin 20 Beta version

https://www.deepin.org/en/2020/04/15/deepin-20-beta/

Azure, Microsoft, Office 365, Virtualization

Azure RDWEB page is blank when accessing it with authorized users

Leave a comment

Blank page on RDWeb for users

When you have finished deploying Azure WVD machines and added those machines in the correct hosts you might fall into this error by a chance and not easily be able to understand or see it.

clip_image001[4]

During the creation of Host Pools and AppGroups you might want to create your own fancy Host pool names and app group names, This is something normal but not when you want to use Azure WVD.

What Happens?

When you create an app group name other than the ones already existing (Desktop Application Group) you have to make sure that you would type this group name into the ARM Template since while deploying the VMs and typing the template would choose the default Application Group Name.

image

Error 1

The connection to the remote PC was lost. This might be because of a network connection problem. If this keeps happening, ask your admin or tech support for help.

clip_image001[6]

clip_image002

Error 2

User is assigned to the wrong Application Group

add-RdsAppGroupUser : The specified UserPrincipalName is already assigned to a RemoteApp AppGroup in the specified HostPool.

ActivityId: feb39a7b-b74f-49d3-a100-1fc22ec66454

Powershell commands to diagnose the failure:

Get-RdsDiagnosticActivities -ActivityId feb39a7b-b74f-49d3-a100-1fc22ec66454

At line:4 char:1

+ add-RdsAppGroupUser -TenantName cagriandMoh10ly -HostPoolName WVD-Hos …

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : FromStdErr: (Microsoft.RDInf…RdsAppGroupUser:AddRdsAppGroupUser) [Add-RdsAppGroupUser], RdsPowerShellException

+ FullyQualifiedErrorId : UpnAlreadyHasRemoteAppAssignment,Microsoft.RDInfra.RDPowershell.AppGroupUser.AddRdsAppGroupUser

clip_image003

Solution:

Remove the user from the other application group and add him to the one where you have your RdsSessionHost that you would like your users to access.

Connect to Azure-AD first and run the following command, Make sure you specify the AppGroupName that you want to remove your users from and the AD Group that’s relevant to those users.

foreach($UPN in (Get-AzureADGroupMember -ObjectId ((Get-AzureADGroup | Where-Object DisplayName -Like “WVDUsers”).ObjectId)).UserPrincipalName)

{

Write-Output $UPN

Remove-RdsAppGroupUser -TenantName cagriandMoh10ly -HostPoolName WVD-Host-Pool01 -AppGroupName “Desktop App Group” -UserPrincipalName $UPN

}

clip_image004

Add the Users again and see what happens

foreach($UPN in (Get-AzureADGroupMember -ObjectId ((Get-AzureADGroup | Where-Object DisplayName -Like “WVDUsers”).ObjectId)).UserPrincipalName)

{

Write-Output $UPN

Add-RdsAppGroupUser -TenantName cagriandMoh10ly -HostPoolName WVD-Host-Pool01 -AppGroupName “Desktop Application Group” -UserPrincipalName $UPN

}

clip_image005

Refresh the RDWEB Page and see if you can access your host

clip_image006

clip_image007

The same desktop came back since we are using FSLogix profile container

clip_image008

Active Directory, Azure, Powershell

Reset Azure VM Admin password with Domain Controller installed

Leave a comment

Active Directory Admin Password

We had a security lab on Azure with 12 machines, It included 2 DCs and 10 other machines of different OS and had RDP closed on all the machines except one machine to use.

The Password was set for something simple however it seems that someone has changed it and no one was able to access the domain controller anymore nor any of the machines.

I had another user created for backup but it seems that user was also changed.

The usual method of resetting Azure VM is going through portal or PowerShell

Resetting Via Azure Portal

When you try to reset the password from Azure Virtual machine itself. If the VM has Domain Controller it will fail to reset the password with the following error:

Failed to reset RDP configuration

VM has reported a failure when processing extension ‘enablevmaccess’. Error message: “VMAccess Extension does not support Domain Controller.” More information on troubleshooting is available at https://aka.ms/vmextensionwindowstroubleshoot

image

Through PowerShell

To reset a password, we first need to define the VM we’re working with. To do this, we can use the Get-AzureRmVm cmdlet. I’ll go ahead and assign variables to both the VM name and the resource group since we’ll need to reference those later, as well.

$vmName = 'YOURVMNAMEHERE'
$resourceGroupName = 'YOURRGHERE'
$vm = Get-AzureRmVm -Name $vmName -ResourceGroupName $resourceGroupName

Next, we’ll need some way to pass the username and password into the script. A great way to do that is through the Get-Credential cmdlet.

$credential = Get-Credential

Once the credential is saved, we can then execute the command to actually make the password change using the variables we set earlier. Notice we had to use the GetNetworkCredential() method on the pscredential object. This method will not work if the credential is retrieved from another computer or from another user account. This shouldn’t be a problem, though, since you’re likely to execute this in a single script.

$extensionParams = @{
    'VMName' = $vmName
    'Username' = $Credential.UserName
    'Password' = $Credential.GetNetworkCredential().Password
    'ResourceGroupName' = $resourceGroupName
    'Name' = 'AdminPasswordReset'
    'Location' = $vm.Location
}

$result = Set-AzureRmVMAccessExtension @extensionParams

Once this completed (hopefully successfully), the VM will need to be rebooted. We can do that by using the Restart-AzureRmVm cmdlet.

$vm | Restart-AzureRmVM

While this PowerShell script might work with a normal VM, It will not work with a DC and would result in the same error as in the portal.

Solution

The solution is to write a script which would run through the CustomScriptExtension that you can deploy from the Azure Portal on the intended VM that has the Domain Controller Deployed on it.

Once you get the script ready to change the administrator Password you can upload the script and deploy it.

Let’s get the script ready and demonstrate these steps one by one.

– On my Computer I will write a tiny script that will say

Net User domainadmin Adm!nPassw0rd1

image

– Save the file on your desktop for later use. Go to Azure Portal, Virtual Machines and select your Domain Controller.

– Go to Extensions.

– Click on Add

image

– Select Custom script Extension

image

– Click Create

– Browse the PowerShell script on your Desktop.

– Select Storage Account

– Select an existing container or create new one

– Upload the file to the container

image

image

image

image

image

Result

Once deployed, it’ll take few mins to reset the password and you don’t have to restart the server.

Through PowerShell

image

After this I was able to access the machine again using the new password in the script.

ref:

https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/features-windows#troubleshoot-vm-extensions

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/run-command

https://mcpmag.com/articles/2017/12/13/azure-vm-password-with-powershell.aspx

https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/reset-local-password-without-agent

Azure, Microsoft, Virtual Machine Manager

Deploy Azure Linux and Windows servers in 10 mins via cli

Leave a comment

This is a step by step guide about deploying Linux or Windows servers on Azure via CLI.

Why Cli?

Some people prefer using Linux rather than PowerShell and it seems sometimes easier and faster to learn esp if you’re not GUI type of person.

Installation Options

If you’re working on Windows and would like to use CLI, you’ll have two options to install CLI

Option 1

Run Azure CLI installation directly from your Powershell (PowerShell needs to run from a privileged account)

Invoke-WebRequest -Uri https://aka.ms/installazurecliwindows -OutFile .\AzureCLI.msi; Start-Process msiexec.exe -Wait -ArgumentList ‘/I AzureCLI.msi /quiet’

As soon as you run this command, it’ll take about 5 mins or less depending on the connection you have.

clip_image001

Option 2

Download the MSI file directly from MS’s link and install it on your Computer.

https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-windows?view=azure-cli-latest

Connect to Azure CLI from PowerShell

Run PowerShell or CMD and type the following command to connect

Az Login then hit enter

As soon as you type this, a web page will be launched asking you for your Azure Account credentials so open the session for your Cli window.

The moment you verified your account, PowerShell will list your azure plans that you have / had before.

clip_image002

If you’re going to use Linux (Ubuntu, Debian) flavor then you’d have to following the following instructions

Manual install instructions

If you don’t want to run a script as superuser or the all-in-one script fails, follow these steps to install the Azure CLI.

  1. Get packages needed for the install process:

    bash

    

    sudo apt-get update
    
sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg

  2. Download and install the Microsoft signing key:

    bash

    

    curl -sL https://packages.microsoft.com/keys/microsoft.asc | 
    
    gpg --dearmor | 
    
    sudo tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg > /dev/null

  3. Add the Azure CLI software repository:

    bash

    

    AZ_REPO=$(lsb_release -cs)
    
echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" | 
    
    sudo tee /etc/apt/sources.list.d/azure-cli.list

  4. Update repository information and install the

    azure-cli

    package:

    bash

    

    sudo apt-get update
    
sudo apt-get install azure-cli

Run the Azure CLI with the

az

command. To sign in, use the az login command.

  1. Run the

    login

    command.

    Azure CLI

    Try It

    

    az login

    If the CLI can open your default browser, it will do so and load an Azure sign-in page.

    Otherwise, open a browser page at https://aka.ms/devicelogin and enter the authorization code displayed in your terminal.

  2. Sign in with your account credentials in the browser.

To learn more about different authentication methods, see Sign in with Azure CLI.

Deploying Linux (CentOS):

Creating a Resource Group for Azure Container Instances (ACI)

We will start first by creating a Resource Group for our Machine, calling it a AzureLinuxServersGroup to easily identify that this group contains our Linux Servers

az group create –name AzureLinuxServersGroup –location westeurope

clip_image001[4]

Next we will be creating a container to contain the Linux OS on the resource group which we have just created

First, How we know which Image to use and if that will be proper for our deployment?

To answer that, we will use the following command which will view the available latest edition Linux OS with different flavors.

I would like to use CentOS since its identical to RedHat and used by majority of Enterprises.

To list the Images, Enter the following command

az vm image list –output table

clip_image002[4]

Notice there are many columns, The one which we are going to use in terminal command line is the UrnAlias. It’s important to remember this.

az vm create \

–resource-group AzureLinuxServersGroup \

–name AzureCentOSWP \

–image CentOS \

–admin-username Moh10lyUser \

–generate-ssh-keys

clip_image003

Since we are using Bash, It’s a case sensitive and it complained about user having capital letters. So we’ll go ahead and use small letters

clip_image004

After running the command with small letters, it’s telling us where we can find the keys in order for us to reach and get them to use later to login to this newly created machine.

SSH key files ‘/home/moh10ly/.ssh/id_rsa’ and ‘/home/moh10ly/.ssh/id_rsa.pub’ have been generated under ~/.ssh to allow SSH access to the VM. If using machines without permanent storage, back up your keys to a safe location.

The deployment of the machine takes about 3 mins, and it’ll be created with the default minimum resources. Let’s view

clip_image005

Our machine is ready to be accessed now

clip_image006

In order for you to get the SSH Keys, you’ll have to have a bit of knowledge

I am going to go the location mentioned previously after creating a machine and copy the keys from the bash screen into a file. Save the file and Import it into SSH client which I will be using (Bitvise in my case).

From the bash screen goto cd /

Cd /home/user/.ssh/

Cat id_rsa hit enter and copy the key and save it into notepad.

Cat id_rsa.pub and copy/save into a notepad as the public key.

clip_image007

After loading both keys, I was able to successfully login to the Server

clip_image008

clip_image009

clip_image010

Get a list of Azure VMS

az vm image list

clip_image011

Let’s List and deploy a WordPress on CentOS

To view the list of available CentOS images, we’ll use the following cli command

az vm image list -f CentOS –all

The image needs to be grabbed from dockerhub URL

cognosys:wordpress-with-centos-77-free:wordpress-with-centos-77-free:1.2019.1008

az container create –resource-group mohazbackupgroup –name mohcontainer –os-type Linux –image cognosys:wordpress-with-centos-77-free:wordpress-with-centos-77-free:1.2019.1008 –dns-name-label azmohlinux –ports 22

Create Windows Server core with IIS

az container create –resource-group mohazbackupgroup –name mohcontainer –os-type windows –image mcr.microsoft.com/windoervercore/centos –dns-name-label azmohlinux –ports 22ws/servercore/iis:nanoserver –dns-name-label azmohiis –ports 80

clip_image012

Here we go I got a machine ready (took about 5 mins)

clip_image013

azmohiis.westeurope.azurecontainer.io

To delete the container, you can write the following

az container delete –resource-group mohazbackupgroup –name mohcontainer

clip_image014

clip_image015

Stay tuned for more articles about Azure.

Azure, Azure RMS, RMS for O365, Exchange 2019, Exchange Online, Office 365, Office365, Powershell

How to Bulk Delete Exchange Online Distribution and Office 365 groups

Leave a comment


Part of Office 365 security auditing is to ensure that all users and groups in your organization are created for a purpose of which you’re aware of and can control these users, groups.

After auditing groups on Office 365 Exchange CP, I noticed that it’s not possible to bulk or multi delete groups from CP and it has to be done one by one or go through the better and more professional way of using PowerShell.


Create CSV for groups to be deleted:

In order for you to delete multiple groups at once you’ll need to first create file with the groups that needs to be deleted. Download the CSV from Groups tab in Exchange Admin Center as in the below screenshot.


image

Once you download the file you can create a new column where you’ll highlight the once to be deleted and export the csv after filtering the once to be deleted.


image


Connect to Office 365:

Once you’ve got the file ready, You only need to connect to Office 365, You might want to make sure you have an App Password created with the privileged account if your MFA is enabled to delete/create groups or users.

To create an app password you must login to your account and follow these steps

https://support.office.com/en-us/article/create-an-app-password-for-office-365-3e7c860f-bda4-4441-a618-b53953ee1183

After logging in to Exchange Online ( Office 365 ) you will be able to bulk delete groups using the following script

# This script deletes selected groups imported from csv file “Groups-to-delete.csv”
# CSV file contains the following
# DISPLAYNAME,GROUPTYPE,STATUS,EMAIL,Delete
# Group1(ADEO),Distribution list,Group1@Moh10ly.com,yes
# Make sure you use an APP Password to authenticate Exchange Online
$cres = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cres -Authentication Basic -AllowRedirection
Import-PSSession $Session
$groups = Import-Csv “C:\Users\groups-to-delete.csv”
foreach ($group in $groups)
{
$GroupID = $Group.Email
$DN = $group.DISPLAYNAME
$State = $group.STATUS
If (Get-DistributionGroup -Identity $GroupID){
Write-Host $DN exists and will be deleted -ForegroundColor Green
Remove-DistributionGroup -Identity $GroupID -Confirm } else
{
Write-Host $DN “Group doesn’t exist”
}
}

image


Delete Office 365 Type Groups:

In the case you have Office 365 type groups, Those groups are not considered Exchange groups and they don’t reside in Exchange server but Azure AD and they must be deleted from there. Assuming I want to delete some Office 365 groups that has name (Kaizala) in their display name.

First let’s connect to Azure AD, which will allow you to see the Office 365 groups and be able to delete them.


Connecting to Azure AD

image

Let’s get the Kaizala groups and see if the powershell command will show us the result positively.

Get-AzureADMSGroup | Where-Object {$_.displayname -like “*kaiza*”}

image

Let’s delete these groups using this cmdlet

Get-AzureADMSGroup | Where-Object {$_.displayname -like “*kaiza*”} | Remove-AzureADMSGroup

image

image

After deleting, now we can see that Kaizala groups are all deleted.

NOTE: Microsoft will keep those groups for a day if you mistakenly have deleted them you’ll be able to recover them from ECP.

If not, They will remain in the Recycle bin for 30 days before permanently getting deleted.


Hope this article helped you.

Azure, Dirsync, Office 365, Office365, Powershell

Connect-MsolService fails with Exception of type was thrown

Leave a comment


If you are working on Windows 10 and try to connect to Microsoft Online PowerShell you might get exposed to couple of failures and errors.

The first error that would appear is the following:


image


Connect-msolservice : Exception of type ‘Microsoft.Online.Administration.Automation.MicrosoftOnlineException’ was
thrown PS C:\WINDOWS\system32> $msolcred = get-credential



Cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
PS C:\WINDOWS\system32> connect-msolservice -credential $msolcred
connect-msolservice : Exception of type ‘Microsoft.Online.Administration.Automation.MicrosoftOnlineException’ was
thrown.
At line:1 char:1
+ connect-msolservice -credential $msolcred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     + CategoryInfo          : OperationStopped: (:) [Connect-MsolService], MicrosoftOnlineException
     + FullyQualifiedErrorId : 0x800434D4,Microsoft.Online.Administration.Automation.ConnectMsolService


The first thing that came to mind was the MFA that Microsoft has forced during this month. So I created an app password and tried it but that didn’t work neither and I got the following error


image

PS C:\WINDOWS\system32> $msolcred = get-credential

cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
PS C:\WINDOWS\system32> connect-msolservice -credential $msolcred
connect-msolservice : The user name or password is incorrect. Verify your user name, and then type your password again.
At line:1 char:1
+ connect-msolservice -credential $msolcred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     + CategoryInfo          : OperationStopped: (:) [Connect-MsolService], MicrosoftOnlineException
     + FullyQualifiedErrorId : 0x80048821,Microsoft.Online.Administration.Automation.ConnectMsolService

I checked the following links on google to see if I am up to date

https://support.microsoft.com/en-us/help/2887306

https://support.microsoft.com/en-us/help/2887306/connect-msolservice-exception-of-type-was-thrown-error-when-you-use-th

Apparently the only thing not mentioned is how to update the MSOnline module on your computer, Microsoft requires Latest module of MSOnline 1.1 in order for you to connect.

Get-Module MSOnline

image

Solution 1:

In order for you to get this to work, You need to update the module manually using Powershell with Administrative Privileges.

First Find the module and make sure it reads the latest version which is supposed to be different than the one installed on your PC.

Find-Module -name MSOnline

image

Trying to Install MSOnline using the following CMDLet resulted in a warning that I am using version 1.0 and need to use –force parameter.

Install-Module -Name MSOnline

image

Solution 2:

Instead, I used the following cmdlet to force installation of version 1.1.183.17 but also ended up with an error stating the following:

Find-Module -name msonline |Install-Module –Force

image

PackageManagement\Install-Package : The following commands are already available on this system:’Add-MsolAdministrative
UnitMember,Add-MsolForeignGroupToRole,Add-MsolGroupMember,Add-MsolRoleMember,Add-MsolScopedRoleMember,Confirm-MsolDomai
n,Confirm-MsolEmailVerifiedDomain,Connect-MsolService,Convert-MsolFederatedUser,Get-MsolAccountSku,Get-MsolAdministrati


Solution 3:

The parameter which resolves the issue is the –AllowClobber, AllowClobber Overrides warning messages about conflicts with existing commands. Overwrites existing commands that have the same name as commands being installed according to MS’s article.

Find-Module -name msonline |Install-Module -Force –AllowClobber


You should now close Powershell and relaunch it as administrator and the moment you type Connect-MsolService you should get a window asking for your credentials.


image


image

Azure, Dirsync, Office 365

AZURE ACTIVE DIRECTORY SYNC EVENT ID 906 FAILED WHILE PURGING RUN HISTORY INVALID NAMESPACE

Leave a comment

Symptoms: You may notice that when you try to run the Sync command DirectorySyncClientCmd it doesn’t do anything and just closes right away.

If you open your Event viewer you may notice that you are getting the following event

image

Failed while Purging Run History
Invalid namespace
at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
at System.Management.ManagementScope.InitializeGuts(Object o)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get()
at Microsoft.Azure.ActiveDirectory.Synchronization.DirectorySyncClientCmd.Program.PurgeRunHistory(TimeSpan purgeInterval)
at Microsoft.Azure.ActiveDirectory.Synchronization.Framework.ActionExecutor.Execute(Action action, String description)
at Microsoft.Azure.ActiveDirectory.Synchronization.DirectorySyncClientCmd.Program.Main(String[] args)

Cause:

This happens when the WMI object had unregistered itself which might be caused by another tool installed or uninstalled at the time when the problem started to occur.

Resolution:

To resolve the issue, you ‘ll have to run few command lines… each are explained below

mofcomp “D:\Program Files\Microsoft Azure AD Sync\Bin\mmswmi.mof”

As it shows in the command screenshot below the ‘mofcomp’ parses the MMS (FIM) wmi file and goes through the process of adding the classes  to the WMI repository.

image

regsvr32 /s “D:\Program Files\Microsoft Azure AD Sync\Bin\mmswmi.dll”

Registers the WMI mmswmi.dll file to the server.

image

net stop winmgmt /y

image

net start winmgmt
net start “IP Helper”
net start “User Access Logging Service”
net start “Microsoft Azure AD Sync”

image

D:\Program Files\Microsoft Azure AD Sync\Bin\DirectorySyncClientCmd.exe”

clip_image001

clip_image002

clip_image003

clip_image004

image

References:

https://social.technet.microsoft.com/Forums/en-US/cafd290d-d1a8-4d15-b4db-d79460216438/azure-ad-sync-error?forum=WindowsAzureAD

http://blogs.technet.com/b/latam/archive/2015/06/01/erros-1603-ao-instalar-o-aadsync-microsoft-azure-active-directory-sync-services.aspx

Azure, Google cloud

Download VM (VHD) from Azure and uploading it to Google cloud and get it working..

Leave a comment

In order to Download an Azure Virtual machine and make it possible to upload it and get it to work on Google cloud, I am going to export a working virtual machine with Ubuntu 15.4 server version on it with WordPress installed and functioning.

First I’ll have to have Azure PowerShell installed on my Windows PC before starting, If you don’t have it you can download it from the following link below.

1: Download the VHD from Azure.

First i’ll install Azure model from the following link

http://go.microsoft.com/fwlink/p/?linkid=320376&clcid=0x409

Launch the azure PowerShell as an administrator use the following cmdlet which will launch an Internet page that will direct you to login to your azure subscription to download a setting file.

Get-AzurePublishSettingsFile

clip_image001

The page will look like this and should automatically download the file to your Download folder…

 

Then when the file is downloaded, Navigate to the download folder and import the subscription using the following cmdlet

Import-AzurePublishSettingsFile ‘.\Visual Studio Premium with MSDN-10-9-2015-credentials.publishsettings’

Now I will get my Virtual machine’s storage blob link from the Azure portal, I’ll press on the arrow next to the VM’s name

clip_image004

I’ll click on Dashboard

clip_image005

Then scroll down to Disks

clip_image006

I’ll hover the mouse over the VHD link and copy it

clip_image007

clip_image008

Here’s my machine’s link

https://strlync01.blob.core.windows.net/vhds/moh10ly-Ubunut-Mohammed-2015-07-04.vhd

In a script like this I’ll add it as a source

$sourceVHD = “https://strlync01.blob.core.windows.net/vhds/moh10ly-Ubunut-Mohammed-2015-07-04.vhd

Then configure the destination which is going to be a path to my F root disk

$destinationVHD = “F:\ubuntu-downloaded.vhd”

Next I’ll start downloading with the following command

Save-AzureVhd -Source $sourceVHD -LocalFilePath $destinationVHD

clip_image009

Here the download has already started

clip_image010

clip_image011

2: Convert AZURE VM from VHD to RAW

Once the file downloading is finished, I’ll have to install VirtualBox from the following Link (it works on Windows 10 as well) and it’s needed as it has conversion tool.

http://download.virtualbox.org/virtualbox/5.0.2/VirtualBox-5.0.2-102096-Win.exe

I’ll install Oracle Virtual Box to the default installation path.

clip_image012

Next I’ll download the following tool VBOXHDTOOLS from the following link and install it.. (It uses UI instead of command line for the conversion)

http://sourceforge.net/projects/vboxhdtools/

clip_image013

Now to convert the machine from VHD To the extension that fits to Google cloud (RAW) I’ll have to run the VBOXHDBOX tool as an administrator

The tool comes normally in Spanish language, so I’ll transfer it to English

Click on Archivo – Confuracion – > Idioma -> English

clip_image014

Now I will choose the source VHD that I want to convert and the destination file and the type “RAW”

clip_image015

Once you click Clone, the conversion will start but will take some time depending on the size of the VM and the speed of your Disk (SATA or SSD)

clip_image016

When the conversion has finished and the RAW file is ready, we’ll have to do the following steps which is also documented In the below Google Link on how to import a virtualbox image

clip_image017

3: Import a VirtualBox image

From <https://cloud.google.com/compute/docs/images?hl=en#export_an_image_to_google_cloud_storage>

STEP:1 I’ll have to Download, install, and authenticate the Google Cloud SDK:

Since I am running a Windows machine then I won’t be able to use some commands in the document by google like Curl and Tar ..etc so I’ll have to download the Google cloud SDK from the following link and install it first…

https://cloud.google.com/sdk/

clip_image018

I’ll install python as well which is required for the Gcloud SDK

clip_image019

Once the installation is finished I’ll let it run the Google SDK shell

clip_image020

clip_image021

Second Step : Authenticate

I’ll login and authenticate my Google cloud account (trial account)

The moment you enter this command (gcloud auth login) in Google cloud SDK shell the browser will launch google chrome and ask for authentication from your google account.

So i will go ahead and type the following to authenticate, as soon as you press enter the default browser will launch and redirect your page to google authentication to setup your gcloud trial and get your authentication approval. 

> gcloud auth login

clip_image022

clip_image023

I’ll let it authenticate and continue

clip_image024

As you can see below we have been authenticated now and next we’ll be choosing the project (Like subscription in Azure).

clip_image025

Once authenticated, I’ll choose the project in my google cloud account which I want to export the VM to.

Third step : Selecting a Project 

I have 3 projects created there but I’ll chose one of them only (moh10ly)

I’ll have to use the following CMD to choose the project

gcloud config set project PROJECT

If you don’t know your Project name or you don’t have a project, you can do so from the google cloud console

https://console.developers.google.com

clip_image026

I’ll set the project now

> gcloud config set project as moh10ly

clip_image027

Fourth Step: Creating a storage Bucket

Now I’ll need to create a new storage bucket (storage account) where I will upload the VM to

To create new Google cloud Bucket (Storage) called moh10lybucket I’ll use the following cmd

> Gsutil mb gs://moh10lybucket

clip_image028

You can see if the bucket was created by navigating to your project’s Storage -> Cloud Storage -> Browser window

clip_image029

Now I’ll have to compress the RAW Virtual machine to TAR extension which is a must since Google doesn’t accept any other format and in order for it to be uploaded to Google Cloud Bucket that I have created.

Since TAR is a linux based tool then I will download and install CYGWIN tool to compress the machine according to the google’s documentation

To download Cygwin and install it on Windows use this link

https://www.cygwin.com/setup-x86_64.exe (This works also on Windows 10)

clip_image030

After downloading and installing the tool, I will have to copy the disk.raw to a location where I can easily access it in Cygwin to compress it

$ tar -Sczf vbox-image.tar.gz disk.raw

clip_image031

When you install Cygwin, it gives you the option to choose the installation path which is by default C:\ root directory, however I have chosen a different path for this program which is F:\ root in my case

clip_image032

So in order to access the Disk.raw file I’ll copy the file to F:\cygwin64\home

Once the file is copied there, you can launch Cygwin as an administrator and you can view the directory by typing (LS) command and enter

$ LS  (the LS should be small letters)

clip_image033

If the file is not there, then you must look in the newly created folder which is typically your Window’s User profile name and copy the file again there too.

Once the file is copied and you have access to it via the Terminal then you can start and compress the file to TAR as in the below screenshots.

The command is tar -Sczf vbox-image.tar.gz disk.raw

clip_image031[1]

When the compressing has finished, you will be able to see that the file is there and has its size decreased to 605 MB

clip_image034

Now since the file is ready to be uploaded, I will launch the Google SDK terminal and navigate to the path where the file is located (Or simply copy it to an easier location e.g. C:\) and upload the file to google cloud bucket using the following command line

> Gsutil cp vbox-image.tar.gz gs://moh10lybucket

What the command does is it actually copies the file with the command CP to the cloud storage which is gs://moh10lybucket (Make sure your google sdk terminal is already authenticated to your google cloud account).

clip_image035

Below the file started to upload … it took around 15 minutes for the upload to finish

clip_image036

Now I’ll have to import the file into the images store in order for it to be used from the google cloud bucket

Importing the fıle after uploading

I’ll use the following command

> Gcloud compute images create vbox-ubuntu –source-uri gs://moh10lybucket/vbox-image.tar.gz

clip_image037

Check in google images in google cloud if the image is imported and it is .. First image imported as in the below snapshot

clip_image038

Now I will deploy it as a VM and see if it works!

It did get imported and it works, You can access the ip below to see if my website is active or not!

clip_image039

Hope this was helpful.

Azure, endpoints

Add multiple endpoints port range to an Azure Virtual Machine

Leave a comment

If you ever needed to add multiple ports or range of ports endpoints to a particular Virtual machine on Azure. you might have a difficulty doing this since it’s not allowed by design and that will require time to do this manually for range of ports. that’s where this article comes handy.

 

To achieve this first you will need to connect to your Azure subscription on Azure powershell. Azure PowerShell.

Run Azure powershell as an administrator and type the following cmdlet to get your subscription info

 

Get-AzurePublishSettingsFile

clip_image001

 

This will open a page and ask you to sign in to your Azure user account and download a file called Visual Studio Premium with MSDN-DATE-credentials.publishsettings

 

clip_image002

 

In the powershell you will have to navigate to where the file is located. And import the settings that have just been downloaded in that file

 

Import-azurepublishSettingsFile `.Visual Studio FileLocation`

 

clip_image003

 

You can check for your account and Subscription, using Get-azureaccount script

clip_image004

 

Now I have setup a ubuntu Machine on Azure that hosts Openfire Chat server which requires 10000-10005 port range for the media service. On Azure Web interface the port range option is not yet supported. The only available option is through powershell which will open the required port range for us.

 

To do so I’ll use the following cmdlet highlighting the required information to enter

 

To create endpoints for ports 10000-10005:

 

$vm = Get-AzureVM -ServiceName moh10ly -Name ubunut-mohammed ; 10000..10005 | ForEach { $VM | Add-AzureEndpoint -Name TestEndpoint$_ -Protocol TCP -LocalPort $_ -PublicPort $_} ; $vm | Update-AzureVM

 

To Acquire your service name, you can simply login to Azure portal and check out All Items and see the cloud service name .. Just like the below screenshot

 

clip_image005

 

To Check your Vmname simply navigate to Virtual machines tab and on the right side you can see the name.. I have copied it as well in the command.

 

clip_image006

 

Once you edited the cmdlet with your information you can enter it in the Powershell and enter

 

It should return something like this.

 

clip_image007

 

Once finished you can check Azure end point portal for the new ports configuration

 

clip_image008

 

Here we go .. Ports are created in Azure

 

clip_image009

 

To remove the endpoints for ports 10000-10005:

 

$vm = Get-AzureVM -ServiceName moh10ly -Name ubunut-mohammed ; 10000..10005 | ForEach { $VM | Remove-AzureEndpoint -Name TestEndpoint$_} ; $vm | Update-AzureVM

 

Azure