Sunday, September 9, 2018

[Solved] Azure Application Gateway Failed.

If you are getting an error saying your application gateway is not started or in failed state, then this will help you to kill your rest of the day Smile

But there are few ways to start the App gateway rather than getting a new Gateway and connect the existing Backend Pools. I’m writing the Azure Resource explorer method which is easy to follow.

try this and if you still facing any issues let me know,

Once you into the App Gateway service you will notice that its in failed state. there isn’t any feature to start that.


Go into

and login by using the same Azure credentials.

Then go into

Subscription > <Select the Subscription> > Providers > Resource Group > <Select the correct Resource Group> > Application Gateway > <Select the correct APP Gateway > >


You will notice that APP gateway is in failed state. There you can edit the state and then send a get command to change.

If you don’t have the permission then change the permission level to read write.

Or else go into the Action pane and click on start to enable the App Gateway.


No you can see that App Gateway status will change to updating and little later it will start and run without any issues.


Its simple like this and make sure to check the NICs attached into this. Sometime those also be in failed state. you can use the same resource Explorer to start them or change the private IP address into a another one and save. That will restart the VM and start the Network interface also.

Wednesday, July 4, 2018

Configure Azure Backup - using PowerShell

If you are configuring this for the first time then you need to register your Recovery Service provider with your subscription. For that you can run the below command.

Register-AzureRmResourceProvider -ProviderNamespace "Microsoft.RecoveryServices"


You can verify that the Providers registered successfully, using the following commands

Get-AzureRmResourceProvider -ProviderNamespace "Microsoft.RecoveryServices"


Create a recovery services vault

The Recovery Services vault is a Resource Manager resource, so you need to place it within a resource group. You can use an existing resource group, or create a resource group with the New-AzureRmResourceGroup cmdlet. When creating a resource group, specify the name and location for the resource group.


By default, the vault is set for Geo-Redundant storage. To further protect your data, this storage redundancy level ensures that your backup data is replicated to a secondary Azure region which is far away from the primary region.

To use this vault with the remaining steps, set the vault context with


Rather than creating the services one by one, you can copy paste the below mentioned Script into the PowerShell and run to create the Backup job. The details are mentioned below.

1. NameResourceGroup - Give the resource group name. you can give an existing resource group name or else create a ResourceGroup first.

2. Location - Give the correct Location name where you going to host your services. E.g. Australia East, UK South

3. VmName - Server Names .This is case Sensitive and make sure to give the VM name which you want to enable the protection.

4. NameRecoveryServicesVault – Give name for the Recovery service Vault

5. NamePolocy - Give a name for the Backup Policy

6. FriendlyName - Friendly name for the backup Container

Rest of the variables you can keep as it is and if there is any requirement to change the backup schedule you can edit that by go into the Backup policy.

You can copy paste the below scrip into the PowerShell and run to create the backup job.

PowerShell Script


#Variables for common values

$NameResourceGroup = "AAA-Production"

$NameRecoveryServicesVault = "A123RecoveryServicesVault"

$location = "WestUS2"

$NamePolocy = "DefaultPolicy"

$vmName = "AAA-Prod-SVR1"

$FriendlyName = "AAAProdSVR1"

#Create a recovery services vaults

New-AzureRmRecoveryServicesVault `

-ResourceGroupName $NameResourceGroup `

-Name $NameResourceGroup `

-Location $location

#Create a recovery services vaults

Get-AzureRmRecoveryServicesVault `

-Name $NameRecoveryServicesVault | Set-AzureRmRecoveryServicesVaultContext

# Enable backup for an Azure VM

$policy = Get-AzureRmRecoveryServicesBackupProtectionPolicy -Name $NamePolocy

Enable-AzureRmRecoveryServicesBackupProtection `

-ResourceGroupName $NameResourceGroup `

-Name $vmName `

-Policy $policy

# Start a backup job

$backupcontainer = Get-AzureRmRecoveryServicesBackupContainer `

-ContainerType "AzureVM" `

-FriendlyName $FriendlyName

$item = Get-AzureRmRecoveryServicesBackupItem -Container $backupcontainer

-WorkloadType "AzureVM"

Backup-AzureRmRecoveryServicesBackupItem -Item $item


Once this is completed, you can run Get-AzureRmRecoveryservicesBackupJob Command to check the status of the backup job.


Ps1 file can be download from here

Tuesday, July 3, 2018

Azure Recovery service Vault creation error New-AzureRmRecoveryServicesVault : Operation failed.

If you get an error when you are creating your Recovery service like below,

New-AzureRmRecoveryServicesVault : Operation failed.
ClientRequestId: 3f3842bd-7638-469e-a14c-46c230221d9b-2018-07-03 07:49:41Z-P
One or more errors occurred.
At line:1 char:1
+ New-AzureRmRecoveryServicesVault
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     + CategoryInfo          : CloseError: (:) [New-AzureRmRecoveryServicesVault], Exception
     + FullyQualifiedErrorId : Microsoft.Azure.Commands.RecoveryServices.NewAzureRmRecoveryServicesVault


It may be because of the wrong information which you have provided.

I have run the command in debug mode and found that the given Resource group is not created in the tenant.

Created the Resource group and then verified by running Get-AzureRmResourceGroup command.


Then check whether the location entered without any spaces.


Other thing that I want to highlight is the Resource Group. You have to enter the existing Resource group name and if the given Resource group is a new one, then create the Resource group first.

Ran the recovery service creation command again. No errors found


Friday, June 29, 2018

Fully configured virtual machine create using PowerShell Script

If you are very concern on the naming-convention of your services when you are deploying your Azure hosted VM's then you can try the below mentioned script. This is purely support for Windows Server deployment.

Here I have done some additional work and took all the services into one place where you can do the changes in the first place and then run the deployment.

Steps are listed below.

1. First login into the AzureRM using the PowerShell



Once the login is successful then you will be able to see the below information.


2. Copy paste the below mentioned script and and changed the names as you required under the Variables.

ResourceGroup    - Give the resource group name. Define the Resource Group Name/s
Location                - Give the correct location name where you going to host you services. E.g. Australia East, UK South
VmName                - Server Names                                         
SubnetName          -  Subnet Name
NamevNET             - Virtual Network name.
Namemypublicdns- Public DNS Name.
NameNetworkSecurityGroupRuleRDP  - Network Security Group Rule name. Here you can add the additional ACLs and the script is used to enable only the RDP port. Later you need to add the IP restriction.
NameNetworkSecurityGroup – Network Security Group Name.
NameVNic               - Virtual Network name.
VMSize                     - The Size of the VM. This will need to select carefully with the requirement
AddressPrefix         - The  Address prefix need to be change under Subnet configuration and the Virtual Network Section.

PowerShell Script


# Variables for common values

$resourceGroup = "AAA-Production3"

$location = "West US 2"

$vmName = "AAA-Prod-SVR1"

$SubnetName = "AAA-PROD-SUBNET01"


$Namepublicdns = "AAA-PROD-ADF01-IP01"

$NameNetworkSecurityGroupRuleRDP = 'Default-allow-rdp'

$NameNetworkSecurityGroup = 'AAA-SVR1-NSG'

$NameVNic = "AAA-PROD-VNIC01"

$VMSize = 'Standard_D1_v2'

# Create user object

$cred = Get-Credential -Message "Enter a username and password for the virtual machine."

# Create a resource group

New-AzureRmResourceGroup -Name $resourceGroup -Location $location

# Create a subnet configuration

$subnetConfig = New-AzureRmVirtualNetworkSubnetConfig -Name $SubnetName -AddressPrefix

# Create a virtual network

$vnet = New-AzureRmVirtualNetwork -ResourceGroupName $resourceGroup -Location $location `

-Name $NamevNET -AddressPrefix -Subnet $subnetConfig

# Create a public IP address and specify a DNS name

$pip = New-AzureRmPublicIpAddress -ResourceGroupName $resourceGroup -Location $location `

-Name "$Namepublicdns$(Get-Random)" -AllocationMethod Static -IdleTimeoutInMinutes 4

# Create an inbound network security group rule for port 3389

$nsgRuleRDP = New-AzureRmNetworkSecurityRuleConfig -Name $NameNetworkSecurityGroupRuleRDP -Protocol Tcp `

-Direction Inbound -Priority 1000 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * `

-DestinationPortRange 3389 -Access Allow

# Create a network security group

$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $resourceGroup -Location $location `

-Name $NameNetworkSecurityGroup -SecurityRules $nsgRuleRDP

# Create a virtual network card and associate with public IP address and NSG

$nic = New-AzureRmNetworkInterface -Name $NameVNic -ResourceGroupName $resourceGroup -Location $location `

-SubnetId $vnet.Subnets[0].Id -PublicIpAddressId $pip.Id -NetworkSecurityGroupId $nsg.Id

# Create a virtual machine configuration

$vmConfig = New-AzureRmVMConfig -VMName $vmName -VMSize $VMSize | `

Set-AzureRmVMOperatingSystem -Windows -ComputerName $vmName -Credential $cred | `

Set-AzureRmVMSourceImage -PublisherName MicrosoftWindowsServer -Offer WindowsServer -Skus 2016-Datacenter -Version latest | `

Add-AzureRmVMNetworkInterface -Id $nic.Id

# Create a virtual machine

New-AzureRmVM -ResourceGroupName $resourceGroup -Location $location -VM $vmConfig


Same script can be download here

Thursday, June 28, 2018

Azure Error - This.Client.SubscriptionId' cannot be null

If you receive this error when you try to remove your existing resources from your Tenent, Then you have to check the Azure subscription status.

Error will say something like,

Remove-AzureRmResourceGroup : 'this.Client.SubscriptionId' cannot be null.
At line:1 char:1
+ Remove-AzureRmResourceGroup -name QlikSense
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     + CategoryInfo          : CloseError: (:) [Remove-AzureRmResourceGroup], ValidationException
     + FullyQualifiedErrorId : Microsoft.Azure.Commands.Resources.RemoveAzureResourceGroupCmdlet

As I mentioned in the above this error will trigger when you try to remove the resources by using the PowerShell commands.

To verify you can run below mentioned command,




If you check this in the Azure portal, you will see,


To resolve this issue you can set the Azure subscription manually by running         Select-AzureRmSubscription  command or remove the Resource groups by login into the Azure portal.

I preferred the second option as it worked for me few times.

Thursday, June 14, 2018

Data Protection Resources - Microsoft cloud services

The detail about the  GDPR Mapping to Microsoft Controls can be found in this Whitepaper.

Information about how Microsoft cloud services protect your data, and how you can manage cloud data security and compliance for your organization.

* Office 365 GDPR control mapping 5.24.18

* Dynamics 365 GDPR control mapping 5.24.18

* Professional Services GDPR control mapping 5.24.18

* Azure GDPR control mapping 5.24.18

* Office 365 - Audited Controls NIST 800_53A Rev 4

* Office 365 - Audited Controls ISO 27018:2014

* Office 365 - Audited Controls ISO 27001:2013

More details regarding the Pen Test and Security Assessments, Compliance guides and Audited controls can be found by clicking here.

Tuesday, June 12, 2018

How to add a Manage Disk into Azure VM

If you need to add a new data disk into your existing Azure server then you can follow the below steps to add a new disk into that environment.

Mainly there are two ways of doing that,

1. Create the required disk fist and then ad into the server.

2. Under the Server settings, go into the Disk and then create the required Disk from there itself.

Steps here are for first option and to create that,

1. Go into all service > search for disk.


2. Click on add and button and give a name for the disk. Then select the correct Resource group and the location.

3. Account type needs to be select as per the requirement and source can be select “None”.

- Need to be very careful with selecting the size of the Disk. The pricing details can be find here.


- Once the validation complete, click on create.

4.  Then go into Virtual Machine > Settings> Disk

And add the disk from there.



- After completing that log into the server and format and add the disc by go into the Disk Manager.

Wednesday, June 6, 2018

How to deploy Highly available virtual Machines in Microsoft Azure.

If you have an concern about the hosted VM availability and the reliability then you can select this option to reduce the risk which is involve with that.

This solution is is supported through the Azure Availability set and that ensure that the VMs you deploy on Azure are distributed across multiple isolated hardware nodes in a cluster.If you are implementing this then if there is any failures with the Azure Hardware or the software then that will be impact only to the subset of the VM and the total solution will remaining without any downtime.

To configure this first you need to create your availability set and then need to add the VMs into that while crating the VMs.

There are two ways that you can create this,

* When creating the Virtual Machine under settings you can find the Availability Set selection and there itself can create.

* Create Availability Set first and then add that in to the VM while creating the Azure Virtual machine.

1. First go into the portal and search for Availability Set. Click on that.


2. Next click on ad and give the required information.


There you can see that fault domain and the update domains are listed,

Fault Domain : When you put VMs in to an availability set, Azure guarantees to spread them across Fault Domains and Update Domains. A Fault Domain (FD) is essentially a rack of servers. It consumes subsystems like network, power, cooling etc. So 2 VMs in the same availability set means Azure will provision them in to 2 different racks so that if say, the network or the power failed, only one rack would be affected.


Update Domain :  Sometimes you need to update your app, or Microsoft needs to update the host on which your VM(s) are running. Note that with IaaS VMs, Microsoft does not automatically update your VMs. You have complete control (and responsibility) over that. But say if a serious security vulnerability is identified and a patch created. It’s in Microosft’s interest to get that applied to the host underneath your VM as soon as possible. So how is that done without taking your service offline? Update Domains. It’s similar to the FD methods, only this time, instead of an accidental failure, there is a purposeful move to take down one (or more) of your servers. So to make sure your service doesn’t go offline because of an update, it will walk through your update domains one after the other.

3. Click Yes on the User Manage Disk

4. Adding Virtual machines into the Availability set

- Start creating the VM and under Settings, you can find the Availability Set.

- Click on the Availability set and the created availability set can be found there.

- Select the created availability set.


5. Same job run add the next servers also into the Availability set.

6. Go into Availability Set and verify the status


Note : The availability set can only be configured when creating a virtual machine. You must recreate the virtual machine to move it in or out of an availability set

Sunday, June 3, 2018

Azure Strategy and Implementation Guide from Microsoft

Learn the building blocks of  Microsoft Azure governance. Download the Azure Strategy and Implementation guide now.

Key areas covered are,

  • General architectures that incorporate security, identity, and cloud design principles.
  • DevOps and how it fits with cloud technologies. 
  • Integrating, planning, and managing cloud resources. 
  • Microsoft Azure governance.

  • image

    You can download this on location.

    Monday, May 28, 2018

    How to Start/Stop Azure VMs during off-hours

    If you host your VM’s on Azure then you need to think about a ways that you can save something form the solutions that you have selected for yourself or the propose solution for the client.

    Here I'm talking about large scale server list which is hosted in the Azure.

    This solution provides a decentralized automation option for users who want to reduce their costs by using server less, low-cost resources. With this solution, you can:

    • Schedule VMs to start and stop.
    • Auto-stop VMs based on low CPU usage.
    • Schedule VMs to start and stop in ascending order by using Azure Tags (not supported for classic VMs).


    * VMs need to be in the same Subscription.

    * These regions only supported for the time Australia Southeast, Canada Central, Central India, East US, Japan East, Southeast Asia, UK South, and West Europe.

    * If you want the email notification to be setup then select Yes to deploy the SendGrid.

              ** SendGrid is a third-party service. 

    Limitations with SendGrid are:

    • A maximum of one SendGrid account per user per subscription.
    • A maximum of two SendGrid accounts per subscription.

    To deploy the solution you can follow the below steps,

    1. In the Azure portal, click Create a resource.
    2. In the market place page , type the keyword start/Stop and search for “Start/Stop VMs during off-hours [Preview]” resource
    3. Click create.


    4. then Need to ad the solution, First select the OMS Workspace. If you don't have one create a new OMS Workspace.


    You can give a name for the Workspace and select the subscription if you have more,

    Then Select the Resource Group and the Location(Available locations are Australia Southeast, Canada Central, Central India, East US, Japan East, Southeast Asia, UK South, and West Europe.)


    5.  Add an Automation Account

    Under the Add Solution page, select Automation account. If you are using a  new Log Analytics workspace, then you need create a new Automation account to be associated with it.

    Select Create an Automation account, and on the Add Automation account page, provide the following:

    Name : Name for the Automation account

    All other options are automatically filled based on the Log Analytics Workspace selected. You can’t modify those options.


    6. Add a Parameter.

    Here you can set the parameters.

    Specify the Target ResourceGroup Names. These are resource group names that  contain VMs to be managed by this solution. You can enter more than one name and separate each by using a comma (values are not case-sensitive). Using a wildcard is supported if you want to target VMs in all resource groups in the subscription.

    Specify the VM Exclude List (string). This is the name of one or more virtual machines from the target resource group. You can enter more than one name and separate each by using a comma (values are not case-sensitive). Using a wildcard is supported.

    Select a Schedule. This is a recurring date and time for starting and stopping the VMs in the target resource groups. By default, the schedule is configured to the UTC time zone. Selecting a different region is not available. To configure the schedule to your specific time zone after configuring the solution, see Modifying the startup and shutdown schedule.
    To receive Email notifications from SendGrid, accept the default value of Yes and provide a valid email address.


    Once click create it will take more than 5 min to complete the task. then you can see the below mentioned dashboard and after few runs you will be able to see the summary of the job which you have created.


    Wednesday, May 9, 2018

    [Solved] CredSSP encryption oracle remediation error

    Today after the MS patch installation, most of them experience an issue with the Remote desktop. 

    An Authentication error has occurred.

    The function requested is not supported.

    Remote computer: <#servername#>

    This could be due to CredSSP encryption oracle remediation


    This will be effecting to the Windows Server and the Win 7/10 environments as well.

    when I checked the hotfix details I saw that yesterday there were few updates and this will cause the issue.


    While I'm searching this on the internet found that this is because of the below mentioned three hotfixes.

    KB4103725 (Windows 8/10)
    KB4103727 (Server 2016/2012)
    KB4103718 (Windows 7)

    If you have them installed frequently, uninstall them and check.

    But as a quick fix you can add a registry value and fix this the details are mentioned bellow,


    Windows Registry Editor Version 5.00


    Copy and paste this into a notepad and save as a .REG file. Then run the Registry editor as a run as admin.


    Import this registry file and once that is done you will be able to see that that new registry value is set as below,


    Restart your PC after that and see the status. Now you will be able to RDP again.

    For me this works without restarting the PC.

    Note :  This is not a permanent fix. Once the MS Patch is released, need to remove this.

    Friday, May 4, 2018

    Azure Service Health

    Azure Service health gives a customizable dashboard which helps to track the Azure service health status. Region wise technical issues updates and many more.

    You can track active events like ongoing service issues, upcoming planned maintenance, or relevant health advisories. When events become inactive, they get placed in your health history for up to 90 days. Finally, you can use the Service Health dashboard to create and manage service health alerts which proactively notify you when service issues are affecting you.

    Mainly there are three things tracked and those are,

    1. Service issues - Problems in the Azure services that affect you right now.

    2. Planned maintenance - Upcoming maintenance that can affect the availability of your services in the future.

    3. Health advisories - Changes in Azure services that require your attention. Examples include when Azure features are deprecated or if you exceed a usage quota.

    Service Health dashboard is like below,


    By default this service is active under your Azure subscription and to easy access you can ping that into the dashboard.

    To do that Search Health Service under All services and from there ping that into the dashboard.


    Tracking ID

    This will be a problem tracking number and you can copy paste the mentioned URL if you want to send this details to some third party.


    Summary Download

    Here you can download a summary of the problem as a PDF doc and that also can use as a reference or send to the people who doesn't have access to the Azure portal. Or

    Can scan the QR code on you mobile and grab more detail about the event while you are travelingWinking smile


    Best part is to configure the notification. For that you can click on Service Health Alert and configure.


    If you need more information about the notification profile setup, Please check my previous post about SQL notification setup. Which can be found in location.

    Wednesday, April 25, 2018

    Security Features in Azure Backup

    Now everyone is concern on the security if that is hosted in a different place then you should check this first if you enable the backup.

    This is a new feature introduced for Azure backup and recovery and help to stop unattended backup deletion.

    The following versions will support this Security features:

    • 1. MAB agent – use minimum agent version 2.0.9052
    • Azure backup server – use minimum MAB agent version 2.0.9052 with Azure Backup Server upgrade 1
    • DPM – use minimum MAB agent version 2.0.9052 with DPM 2012 R2 UR12 or DPM 2016 UR2

    To enable this feature first go into the Azure tenant which you have Azure backup enabled.

    Then search for the “Recovery Services vaults” and Select Properties under Settings.

    Under Security settings select Update.


    Then Click Yes to enable the two factor. Click enable after that.

    Note : Once you enable this, you can revert that back. 


    Then If you want to delete or recover your data from the backup then again you have to come here and generate the Security PIN as mentioned below.


    Thursday, April 19, 2018

    Snapshot operation failed due to COM+ error - Azure Backup.

    You will get this error message on your Azure Backups which used to take Azure hosted VMs backup.

    This can be due to Azure VM agent communication issue or because of the high utilization of the Virtual machine or an Agent communication issue.


    To fix this Backup issue you have to login into the Server and restart the,

    COM+ System Application service.

    Then you can restart the Windows Azure Agent service to refresh the environment.

    Sometime you will get the below error. This means the service was hanged or currently used by an application which is having some issue.

    You can get a downtime and restart the Server. This will cure this problem.


    Then, once the server comes online, restart this “COM+ System Application” Service.

    Let the backup run after that. 

    Wednesday, April 18, 2018

    Enable Azure hosted SQL service notifications.

    Enable Azure hosted SQL service notifications.

    This article shows the step to set up Azure SQL Database and Data Warehouse alerts using the Azure portal. This article also provides best practices for setting alert periods.

    To do this you can use OMS or the Azure portal. Here we are using the Azure portal to configure notifications.

    You can receive an alert based on monitoring metrics for, or events on, your Azure services. This will be based on the section that you are going to

    Activity log events - An alert can trigger on every event, or, only when a certain number of events occur.

    Metric values - The alert triggers when the value of a specified metric crosses a threshold you assign in either direction. That is, it triggers both when the condition is first met and then afterwards when that condition is no longer being met.

    You can configure an alert to do the following when it triggers:

    · Send email notifications to the service administrator and co-administrators

    · Send email to additional emails that you specify.

    · Call a webhook

    Once you go into the SQL instance in the Azure tenant you will see the below mentioned window where you can see the overall performance and the database utilization.


    1. To configure the notification you can select the SQL instance then Alerts under monitoring.

    2. Then click ad alert.


    3. Select the Add alert command and fill in the fields.


    4. Name your alert rule, and choose a Description, which also shows in notification emails.

    5. Select the Metric you want to monitor, then choose a Condition and Threshold value for the metric. Also choose the Period of time that the metric rule must be satisfied before the alert triggers.

    So for example, if you use the period "5 min" and your alert looks for CPU above 80%, the alert triggers when the average CPU has been above 80% for 5 minutes. Once the first trigger occurs, it again triggers when the average CPU is below 80% over 5 minutes. The CPU measurement occurs every 1 minute. Consult the table below for supported time windows and the aggregation type that each alert uses- not all alerts use the average value.

    Supported metrics list is mentioned below, Highlighted metrics used in our environment which helps to do the changes before effecting to the live DB failures.


    6. Check Email owners... if you want administrators and co-administrators to be emailed when the alert fires.

    7. If you want additional emails to receive a notification when the alert fires, add them in the Additional Administrator email(s) field. Separate multiple emails with semi-colons -;

    8. Put in a valid URI in the Webhook field if you want it called when the alert fires.

    9. Select OK when done to create the alert.

    It will take few min to activate the alert.

    Once the alert rule is created then you can select that and mange that.

    • · Edit or delete it.
    • · Disable or Enable it if you want to temporarily stop or resume receiving notifications for that alert
    • · View a graph showing the metric threshold and the actual values from the previous day.

    Can be done by selecting the cleated alert rule.