Thanks to Simon J.K. Pedersen (https://github.com/sjkp) there is now a reasonably easy way to get auto-updating “Let’s Encrypt” SSL certificates in you Azure App Services using the “Azure Let’s Encrypt” Extension (https://github.com/sjkp/letsencrypt-siteextension).
There are some very comprehensive install and setup steps here https://github.com/sjkp/letsencrypt-siteextension/wiki/How-to-install
Continue reading “Let’s Encrypt Extension for Azure App Services”
I finally successfully passed the three exams necessary to certify as a Microsoft MCSD: Azure Solution Architect (now becoming the MCSE: Cloud Platform and Infrastructure). \o/
- Exam 70-532: Developing Microsoft Azure Solutions
- Exam 70-533: Implementing Microsoft Azure Infrastructure Solutions
- Exam 70-534: Developing Microsoft Azure Solutions
It was no easy feat, not least because of the absolutely massive number of topics that you need to learn, but also that Microsoft decided to update the syllabus’s of all three exams just as I was ready to take them (Nov/Dec 2016). Continue reading “My Microsoft Azure Certification Revision Sheets”
You may have discovered that deleting an Azure Active Directory is a particularly frustrating experience that ultimately ends in failure. The new portal have improved things a bit, by running through a series of check before the delete button is enabled.
You may need to go back to the Classic portal (https://manage.windowsazure.com) to see some of the objects/resources to delete.
However, although this will help you remove ‘most’ of what you need to, unfortunately NOT all!
In this case I got a “Unable to delete directory”
Continue reading “How to delete an Azure Active Directory (ADD) Tenant”
Once you have uploaded your SSL certificates to your Azure App Service and then configured the bindings (if you are using your own custom domains), there are two ways to force ALL requests to be redirected from HTTP to HTTPS. The ‘Developer way‘ and the ‘Easy, no code way‘! Continue reading “Azure App Service – Force redirect from HTTP to HTTPS the easy way!”
As I found the documentation for this somewhat lacking (especially for New-AzureRmVirtualNetworkGateway and New-AzureRmVirtualNetworkGatewayIpConfig), I thought I would try and see if it was possible to create and fully configure a Virtual Network and Gateway using PowerShell. I have posted my PowerShell script examples and efforst here.
NOTE: Several of these command return a warning (shown below) which means things will be changing soon…again 😉 …and other just exception, so although you can setup a Virtual Network you can not create the Gateway!
I am using version 3.3.0 of the Azure cmdlets.
# Get Azure cmdlets version
Get-Module -ListAvailable -Name Azure -Refresh
- Setup variables, login and set current context
# Setup Variables
$location = "North Europe"
$rgName = "MyResourceGroup"
$strgAccount = "MyStorageAccount"
$vnetName = "vnet-1"
$gatewayPIPName = "gateway-2-pip"
$clientAddressPool = "192.168.0.0/16"
$gatewayName = "mygateway1"
# Setup PowerShell Environment
Select-AzureRmSubscription -SubscriptionName "MySubscription"
Set-AzureRmCurrentStorageAccount -ResourceGroupName $rgName -Name $strgAccount
# get and check current context (ARM)
- Create the Virtual Network (include a subnet called ‘GatewaySubnet‘ specifically for the VPN Gateway. It appears this is required even if using the Portal to add a Gateway to a Virtual Network.)
# Create the Virtual Network with 3 subnets)
# Setup Subnets
$gatewaySubnet = New-AzureRmVirtualNetworkSubnetConfig `
-Name GatewaySubnet -AddressPrefix "10.1.0.0/24"
$frontendSubnet = New-AzureRmVirtualNetworkSubnetConfig `
-Name frontendSubnet -AddressPrefix "10.1.1.0/24"
$backendSubnet = New-AzureRmVirtualNetworkSubnetConfig `
-Name backendSubnet -AddressPrefix "10.1.2.0/24"
# Create VNet
$vnet = New-AzureRmVirtualNetwork -Name $vnetName `
-ResourceGroupName $rgName -Location $location `
-AddressPrefix "10.1.0.0/16" `
- Create a Public IP Address (PIP) to be used by the Gateway
# Create a PIP
$pip = New-AzureRmPublicIpAddress -AllocationMethod Dynamic `
-ResourceGroupName $rgName -Location $location `
- Create the VNet Gateway (Attempt 1 – Although I can’t see any issues in the script below, unfortunately this is returning a 500 Internal Server Error. I have tried a number of variations!!)
# Gateway config
$vnetGatewayIPConf = New-AzureRmVirtualNetworkGatewayIpConfig -Name default `
-PublicIpAddress $pip -Subnet $gatewaySubnet
# Create VNet Gateway
$vnetGateway = New-AzureRmVirtualNetworkGateway -Name "hmstraingateway1"
-ResourceGroupName $rgName `
-Location $location `
-IpConfigurations $vnetGatewayIPConf `
-GatewayType Vpn `
-VpnType RouteBased `
-GatewaySku Basic `
Attempt 2: I then thought I would see if it would be possible to complete the process using ARM Templates. When attempting to get an ARM Template for an existing Virtual Network Gateway we get the following errors.
Error details - Microsoft Azure
The schema of resource type 'Microsoft.Network/virtualNetworkGateways' is
not available. Resources of this type will not be exported to the template.
The schema of resource type 'Microsoft.Web/connections' is not available.
Resources of this type will not be exported to the template.
This effectively indicates that the ARM capability of this type of resource is not yet all there in Azure. I seem to come across issue like this quite a lot.
Also with the ARM Virtual Network you can’t use the Get-AzureVNetConfig to download the configuration files either.
So in conclusion the only way to currently create a Gateway and complete the process, is to use the Azure Portal. Please comment below if you know of another way or have spotted an issue.
I have been banging my head against a wall wondering why my Azure PowerShell DSC commands like
-ResourceGroupName "VM-Training" -StorageAccountName "hmsvmtraindsc"
was failing with a “Resource Group not found“, even though other commands worked with that Resource Group and my current context.
The answer is do NOT use the x64 build of PowerShell or the “Windows PowerShell ISE”!
Use the x86 versions for now!
I found this advice at the bottom of this page https://azure.microsoft.com/en-us/blog/turn-on-windows-feature-using-dsc-cli/, and switching to the x86 ISE worked for me!
However, when I tried to reproduce the issue on the x64 ISE, the command worked fine??? However, by that time the Blob container had been created by the x86 version, so who know?
If I get time I will try to reproduce the error, otherwise please post a comment if the same thing happened to you.