Create Virtual network in Azure

Published on in Azure, Management, Virtualization, Windows Server by Elvis

I decided to publish few articles where I will document how to create a hybrid network between your local network and Azure (using some chip routers) and finaly how to create a VM in Azure as a part of your network. This is the Part 1 of whole proces and here is covered how to create Virtual network in Microsoft Azure.

In this article I will explain the complete step-by-step guideline how to create a network in Azure, site to site VPN from your local network to Azure and finally how to create an Azure VM connected to your local domain.
There are few things that you have to know:

  • local subnet,
  • IP of local router,
  • IP of local DNS server (in your AD domain).

First we need to create virtual network in Azure. This will be a part of our network, but as we will connect to this network via VPN, it must be on a different subnet.
To create a Virtual network, you have to login into an Azure portal, select Networks and then Create a virtual network.

Screen1

This will launch a wizard for creating network and this are the steps that you have to perform. First just give a name to network and chose a location and subscription. Be careful with choosing a location. Later you will be able to use VPN only to virtual machines, in the same location where the network is.

Screen 2

On the second screen you have to enter some data about connectivity. As we said at the beginning, the VPN will be site to site, so you have to select this one. DNS servers will be used to resolve names in this network and as we want to add a virtual machine, which is a part of our Active directory, we should be able to resolve it in our AD. This is the reason why specified DNS servers have to be our local DNS servers from local AD (not public DNS!).

Screen 3Next step is to specify our local network. You have to specify the name of the network.
VPN device IP address is a public address of your router, from which you will establish the connection to Azure.
In address space you have to specify all of your private networks, from which you want to establish connections to Azure.
All of this data are needed by Azure for determination of routes and connectivity.

Screen 4

In the last step, you have to define the address space used in Azure. This is a private IP address space and has to be different from your local IP address space.

Screen 5

The rules to define are the same as those you have when you create VPN between two local sites, but there are some more settings:

  • Address space defines the whole address space that you can use as a part of Azure virtual network. Any subnet, which is a part of this network, must be created as a part of this space.
  • Gateway subnet: this subnet is responsible to have connectivity outside of Azure. In this subnet will be located a router, which will act as endpoint of VPN tunnel. Do not use this subnet to create virtual machines in it.
  • Subnet: you have to create at least one subnet. This will be the address space where you will create virtual machines. In many cases will be enough one subnet, but if you have to build a larger deployment, isolations of VM or similar things, maybe you will need more than one.

Screen 6

With this steps you created a set of network settings that include Azure virtual network, local network and DNS setting. When you finish this steps, your Azure network is ready to use, but don’t forget to create a gateway. This one is necessary to establish a VPN connection.

Screen 7

If you want to use this network in a combination with your local network, you have to create a gateway. This is an IP which will act as an end point of VPN Tunnel. For creating the gateway, you have another wizard; it is not complicated, but it could take time (30 minutes or more).

Screen 8

Click on create gateway on the bottom of the page, and use Static routing if you have a static IP address. After the creation of the gateway is complete, you will have an IP address of the gateway. This is the IP address that you will have to write into your local router as the endpoint of VPN. The only thing that is missing now, is a shared key. You can read it by clicking Manage Key button on the bottom of the page. Write down this key, because you will need it later in the router configuration.

If you have a router model (like Cisco…) that is supported by Azure, you can export data to configure it directly from the portal with clicking “Export” button. In all other cases, you will need to estabilish VPN manually – here you will need to press the Manage Key button.

AzN9

 For establishing the connection to Azure network successfully, you will need a preshared key and a gateway IP address (showed at previous and next picture). I recommend, to write them down into some file or on a paper.

AzN10.

Many free tools for administrators

Published on in Essentials Server, Exchange Server, Management, SharePoint, Terminal server, Virtualization, Windows, Windows Server by Elvis

For any administrator, who want to use any kind of free tools to have better access or monitor some functionalities in Windows environments, here we have a list of many free tools. Just look which is usable for you and use it:
https://4sysops.com/best-free-windows-admin-tools/
And please, test it in test environment prior you use it in production. Many times tolls are not exactly the same as you expect..

Forgot ILO Password?

Published on in Essentials Server, Management, Windows SBS Server, Windows Server by Elvis

No problem. You can reset it via software from your operating system. It is possible to do it from almost any Windows server system and from Linux (from Linux I didn’t try).
To do this, you have to install HP Lights-Out Online Configuration Utility for the system that you are using. You can download it form HP web page, where the drivers are located.
After you have installed this software, you will need a XML file with this content:

<ribcl VERSION=”2.0″>
 <login USER_LOGIN=”Administrator” PASSWORD=”boguspassword”>
   <user_INFO MODE=”write”>
    <mod_USER USER_LOGIN=”Administrator”>
     <password value=”YourNewPassword”/>
    </mod_USER>
   </user_INFO>
 </login>
 </ribcl>

I know, that the login password (the old one) is not correct, but you don’t need to know it (scary…), it will work.
Save this file into the folder C:\Progam Files\HP\hponcfg and launch the command prompt as Administrator. Navigate to the folder and type:
Hponcfg /f YourFile.xml /l YourLogFile.txt
You will be noticed that script worked correctly. Now you have just to login into ILO with the new password.
Easy to do it. Maybe too easy.

More reading:
Export ILO configuration

ILO Scripting guide.

Problems with spam on Gmail or Hotmail

Published on in Exchange Server, Office 365 by Elvis

Do you have problems to deliver mails to Gmail or Hotmail?
I had some issues in last few months and at the beginning I was not able to solve the problem, because all the setting appears to be correct and I was not blacklisted (yes, I know that Google and Hotmail use their blacklist).
The question was how to reach the administrators on the destination side. To do this, just follow this links:
For Gmail: http://www.rackaid.com/resources/gmail-blacklist-removal/
For Hotmail: http://www.rackaid.com/resources/hotmail-blacklist-removal/
Here you will find a lot of information and the ticket to request the support.
PS: Maybe it is not a bad idea to check your status before you send the ticket. You can do it here: https://www.senderscore.org .

RDP 2012R2 Web access? Why not!

Published on in Terminal server, Windows Server by Elvis

Publishing terminal services through the web is more and more popular and I am still convinced that we have to use them more. Maybe with publishing this article I will help someone to decide and publish them. In this article, it is nothing new or revolutionary; there are practically few tricks, that my customers like.
There are many changes, in working with remote applications, that are coming with Windows Server 2012. After some of us really appreciated publishing remote applications with a method of distributing RDP files or MSI installers in Windows Server 2008 and 2008R2, now it is not possible to do it anymore. Many changes are visible also in the installation of RDP rules. Now we have separate steps form installing “just rules and features” – this is a good thing, because doing installation this way, there are not so many errors in RDP deployment and it is the only right way for installing web access and other RDP rules (don’t do it through rules and features!!!).
In addition, this WEB access is the functionality where I want to show some tricks.
As we know, the address https://rdp_server.publicname.com/rdweb is the address, where we can access to our applications. Here you can see a desired application instantly after it was installed and published.
RDP Web
Many times we have unhappy users, because for running those application they have »a lot of work« – they have to type this web address and login… Other not nice functionality of this web interface is that some browsers are unable to run RDP file directly from the web and they have to download it and run it.
Here we can do something for our users. In Windows 7 and newer, in the control panel it is present a setting called Remote App and Desktop Connections. This is exactly what we want to do. Just type in the apposite text box the published web address and add in the end feed/webfeed.aspx (example: https://rdp_server.publicname.com/rdweb/feed/webfeed.aspx). This setting will put all published applications to which user has access to his Start menu under Work Resources (RADC). Need more? They are also dynamic; if you revoke permissions or deinstall application, the application will disappear from there. In addition, if you add a new one, it will simply appear there. Nice.
It is still too complex for your users? OK. Then we can try making this easier for them. There is an option to write the E-Mail address. In this case, E-Mail is used only for getting the domain name. All other work is done by DNS setting and all other process is equal as you write down a published address. Of course, the domain used in the E-Mail address must have a TXT record with this few parameters:

  • Type:                  TXT
  • Record Name:    _msradc
  • Text:                   https://rdp_server.publicname.com/rdweb/feed/webfeed.aspx

The text is the same as you have to write it manually and the domain can be published in a different way, as is the domain in the E-Mail address. Therefore, you have really many opportunities and a user needs to know only E-Mail address, username and password. Things that, I hope, he knows.
RDP2
There is also another great thing: if you publish applications this way, you can publish them from different servers and domains at the same time and you can have contemporary access to services from different hosted services / clouds. It’s great!

There is also another simple change that you can do in Internet Information Service (IIS) console. Just open the console and go to the location Sites > Default Web Site > RDWeb >Pages. At this point, open Application settings. As you can see on the picture, here are many settings that can help you with configuration:

RDP3

  • DefaultTSGateway – It is used to fix which RD Gateway will be used.
  • Password Change enabled – It enables the option to change the password in RD Web console. It is very useful when a user has only RD access to our environment. But you have to be careful here, because if the user with a domain joined PC changes his password from outside, maybe he will lose some other offered services on his PC.
  • ShowDesktops – It is a setting, that determinate if it is a section »Connect to a remote PC« visible or not. Some companies want their employees to connect remotely to their PC’s, other don’t allow this option. Don’t forget, that RD connections true RD Gateway will still work, even if this setting is disabled!
  • Enabling or disabling redirections – This is actually an alternative place, where you can enable or disable redirections for printers, ports, drives, PnP devices and clipboard for all RD users. The same thing you are able to do through policies.

.

WP to LinkedIn Auto Publish Powered By : XYZScripts.com