Tuesday, October 31, 2017

Azure Virtual Network Gateway

Creating a Virtual Network gateway in an Azure environment is not a rocket science. But there a few things that you need to clearly defined and if you missed them, then, will kill your day to find solutions for those errors.


To configure the Virtual network gateway select the “Virtual Network Gateway” by going into the ore services as shown below.


image


image

If you see your Virtual network in inactive that means you have to create the Gateway subnet for this network.To do that you can go into Vnet >  Subnet then you can go into “Gateway Subnet”

image

But If you have deployed by using the default configuration then you will not be able to

add the CIDR (Classless Inter-Domain Routing). That is because you cant use a overlapping IP range.


image

To overcome this you can change the “Address Space”. Here I have change to *.*.*.*/16 Which will be easy for me to manage my demo environment. but when you are doing this, you should plan this properly to reduce the unwanted broadcasts.

image

Once that is done, You can assign a name for the Gateway and a Static IP for the Gateway.

image


Hope this helps you to configure your Virtual Gateway in your Azure environment.

Friday, October 27, 2017

How to create Windows Root Certificate By using PowerShell


This will be required for the few occasions like when you want to create an Azure site to site VPN and when creating an ADFS.

First, you need to download the Window SDK and install on the server. You can find the download URL below.

Windows 10 SDK 


Once that's done, you can go into the location where this “makecert.exe” located in.

As you can see below now the location was changed and you can find that


C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x86>

I have highlighted the new folder location in yellow color.

Now you can run “Dir” a check whether the ““makecert.exe” file is available there.

image

To create the Root Certificate you can run,

makecert -sky exchange -r -n "CN=AzRootVPNCert" -pe -a sha1 -len 2048 -ss My "AzRootVPNCert.cer"

image

Once that is succeed, you should be able to find the created certificate under the personal certificate.


image

Next  will find the way that we can create the client certificate.

Monday, October 16, 2017

How to change the default RDP port in Azure VM

Changing an RDP default port in a Server is not a rocket science. But to do that in a VM which is hosted in the Azure environment will make more troubles if you failed to follow the correct steps.

The first thing that I recommend is to keep another server in the same resource group and the same subnet.

Then, even if you make a mistake, then you have a way of accessing your registry by using your secondary VM.

Once you ready to change the  RDP port, logged into your VM through the RDP and open the Registry Editor.

Then go into below location,

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\PortNumber

image

Default port will be 3389 and as you can see above change that to the port that you want.

Before doing any changes make sure that you have allowed the firewall for this port or to do the testing disable the Windows firewall

Click Ok and restart the VM.

Now go into the Azure portal and the Networking pane under settings. There you can find the default RDP endpoint which was created earlier.

Edit that and change the RDP inbound port as you configured in your VM. Same port needs to be in the both the configuration files.

image

Now  open the RDP connection and give the VM IP and the port as mentioned in the below print screen.

image

This will help you to minimize the brute force attacks to your Azure VM.

No subscriptions found in Azure portal


This is a common error which we can see when we setup a new azure account. Sometime this is not an error and this error is coming because of a mistake that we are doing.

If you experience this issue you an start with the below steps to troubleshoot this.

First, you need to check whether you have logged into the correct account. Because mainly there two categories, and if you are in the wrong account, then you will not be able to see your subscription.

This option will prompt once you type your user name and if you have personal and work accounts created for the same email address.

image


If this is not the case, then you can check the User permission under the Microsoft Azure Access control (IAM).

Check the Role that is assigned for the email address that you are using and you have to have minimum owner permission to access your subscription.

If that is not set. Give the owner's permission.

image

Then login into your Azure portal by using that email account. Now you should be able to see the subscriptions.

Friday, October 13, 2017

Configure Alerts and Events for Azure Backup


To do this first you need to enable the Windows backup. To do that first search for

Recovery Services vaults > Backup Alerts >

image

Then select the configure notifications an enable Email Notifications and give the recipient email address of the Ticketing system or he alert dashboard.


image

You can set the method of notification and severity. Based on your selections you will be able to receive the alerts.

This is a small configuration that you need to do. But that will stop a future disaster.