Sunday, 23 April 2017

Connect to more than two Azure VPNs at once

If you just want the "juice", skip to TLDR;

Recently I had the need to be connected to more than the default two Azure VPNs. That's not so much an Azure specific limitation but rather a Windows limitation. And after many hours of scouring the internet, I found exactly zero ways to do it.

So, back to the drawing board and start looking at my computer and let go of the internet for a while.
I did find out, somewhere, that Windows had this built-in limit of two simultaneous outgoing connections for each type of VPN. That started me on the right path, so, powering up Device Manager, I went looking for the proper device, in this case,  "WAN Miniport (SSTP)". Right-click it, Properties and browsed through the available options in the Details tab... Nothing useful.

Well, almost nothing. There's the "Device instance path", so I copied it and launched Registry Editor, navigated to HKLM\System\CurrentControlSet and searched for this. And I found it in
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}\0010. You  may find yours in a different path.

Browsing through the available registry entries, a few spurred my curiosity:
MinWanEndpoints = 0
MaxWanEndpoints = 3
WanEndpoints = 2

Bingo!

So I changed WanEndpoints to equal MaxWanEndpoints (playing conservative here!), that is = 3, rebooted my machine and tried to connect to 3 Azure VPNs and got them all connected! I did try increasing that MaxWanEndpoints as well, but it got reversed back to 3, so tweaking that may require some more work but at least you get 50% more simultaneous VPN connections. :)

TLDR;

Open Registry Editor, navigate to HKLM\SYSTEM\CurrentControlSet and search for SWD\MSRRAS\MS_SSTPMINIPORT.
Once there, edit the "WanEndpoints" entry and set it to 3.
Reboot your computer, and you should be able to get 3 rather than the default 2 simultaneous connections.

As an added bonus, if you're using Windows 10, you may want to change the default network connection to the "old" Windows 8.x style, where clicking the tray icon and then clicking one of the VPNs will give you the option to connect to it, rather than popup another window for you to click the same VPN again. It also sorts the VPNs with the connected ones on top and the rest below, like in the image to the side.

You can find the instructions for making that change here (linking to the source so as to give proper credit to the author).

Enjoy and share with whom you think may need this. :)

In a future post, we'll be removing one more click from connecting to the VPNs by bypassing that Azure connect dialog altogether. If you feel adventurous, have a look here - I had to adjust a bit, plus I used some PowerShell to make it easier, but if you can't wait, check that other post.

Sunday, 29 January 2017

One shell to rule them all

Or, how to connect to multiple services such as Exchange Online, Local Exchange, SharePoint Online, Azure and more from a single PowerShell Session.
[Edited on 2017/02/21 to account for changes in Azure Module distribution]

Introduction

I wanted to be able to manage all services from a single PowerShell session, and after searching around, I found this article which is quite a nice way to start. However, since I always try to cut on repetitive tasks, it wasn’t long until I considerably changed that process so as to have it all ready by simply executing one command and avoiding logins by storing them safely in my machine. Not only that, but the need to add some more modules, like Azure related ones, had me expanding on that article a lot.

Services

By following the instructions below, you’ll be able to connect to one or more (or all!) of the following services in a single PowerShell session:
  1. Microsoft Online (aka: Office 365 user management);
  2. Exchange Online (aka: Office 365 mailboxes/groups);
  3. Security and Compliance Centre;
  4. SharePoint Online;
  5. Skype Online (aka: Skype For Business);
  6. Azure (both Service Management and Resource Manager models);
  7. On Premises Exchange.
You can add more to the list, the functions are all laid out in an easy to follow format. I could have condensed them and cut considerably on code repetition, but I think they are more readable this way.

Installing the required software

Pre-Windows 10 - requires at least PowerShell 3.0, but if you can, just go all the way to 5.1 with the following links:
.NET Framework 4.5+ (I tested with 4.6.2 on Windows 7 SP1 x64)
Windows Management Framework 5.1  (Reboot to continue)

All 64 bit platforms with at least PowerShell 3:
Requires downloading some installers to execute on the machine, so, let’s start with that. Download and install all of the following:
Microsoft Online Service Sign-in Assistant for IT Professionals RTW
Windows Azure Active Directory Module for Windows PowerShell (64-bit version)
SharePoint Online Management Shell
Skype for Business Online, Windows PowerShell Module

Now launch PowerShell ISE as Administrator and run the following commands:
Set-ExecutionPolicy RemoteSigned –Force
Install-Module Azure -Force
Install-Module AzureRM -Force
You'll have to answer Yes to a couple prompts for the second command, and it's ok to see an error complaining of commands overwriting similar named commands in other modules: the Azure team is working on that, but for now just ignore if it still happens when you follow this procedure.

Download the following files from this github repo: https://github.com/fmad/one-shell-rule-all
Services.psd1 – Contains settings that you MUST change!
Common.ps1 – Main file with the required functions
These files will go to the same folder as your PowerShell profile (type $profile to find out where it is).
You will need to add the following line to your $profile (create one if you have none already, otherwise add to the end):
Get-ChildItem ([Environment]::GetFolderPath("MyDocuments")+"\WindowsPowerShell\Common.ps1") `
-ErrorAction SilentlyContinue |% { .$_ }
(You can add it in a single line: broken here for clarity. Remove the “`” if you place all in a single line)
Note: SharePoint Online, Azure and Skype Online modules will require that you run PowerShell as Admin, so the easiest way is to change your PowerShell shortcut to run in admin mode. You’ll get a clear error if trying to execute the functions in a “normal” PowerShell session.
Don’t forget to edit the Services.psd1 file! There are at least 9 places that you need to edit, all marked with [ and ] (remove the brackets after replacing the placeholders with the proper values, e.g., suppose your online login is foobar@xpto.com – where you have:
    Login  = "[login@yourtenant]";
You should edit to:
    Login  = "foobar@xpto.com";
After that, whenever you launch PowerShell, you should see this:
image
This is a reminder to let you know what functions you have available. If you wish to connect to ALL, just run Connect-SvcAll
When you do, you’ll get something like this:
image
The first warning reminds you to run the command:
Save-EncriptedCredentials -UserPrincipalName foobar@xpto.com
This will prompt you for the password for that account and will store it encrypted in a file in your home folder. Should this file be moved to another computer it will NOT work. You will notice some more warnings about the same thing – that’s because you probably use the same login in multiple services – you only need to run the above command ONCE for each unique login.

The second warning tells you that loading the Azure module was skipped because you’re not running PowerShell as Administrator, so you know what to do to fix that.

After you enter all the needed credentials and run the commands again in a properly elevated PowerShell, you’ll see something like this (assuming you did everything right: if you didn’t, you’ll probably get a nice warning giving you a hint on what went wrong):
image
Note: in the above screenshot I did not have a valid local exchange to test, so I intentionally did not enter the credentials.

I’ve added some extra code to start WinRM when connecting to Skype Online as it would stop and prompt me to do so, and to stop the service upon closing down PowerShell, if it was started in that session. If you don’t want that to happen for some reason, just edit the Connect-SvcSkypeOnline function and search for WinRM and remove all the lines.

Optionally, you may want to install the following extra modules and ISE AddOns if you're working with RunBooks:

Install-Module AzureAutomationAuthoringToolkit -Scope CurrentUser
Install-AzureAutomationIseAddOn
Install-Module ISEScriptAnalyzerAddOn


Finally, if you find this useful, feel free to spread the word. Also feel free to suggest improvements and/or bug fixes.

Tuesday, 17 January 2017

The eluding case of the sleeping computer

Now, this is not Azure related, but I thought I’d share this information anyway.

Spoiler / TL;DR: If your laptop is going to sleep when inactive for a few minutes and you know it is set correctly to NOT go to sleep, check your external monitor’s power saving configuration! In my case, the external monitor was saving power and when it did so, my computer would join it in sleep as well!

Every now and then, my Windows 10 laptop would go to sleep after some (semi-random) inactivity period. In normal operation, that is not a problem and more of a minor annoyance like locking the computer, go fetch a cup of coffee or something else and return to a sleeping computer. But these days, I’ve been doing some online courses, and I find myself at times just quietly reading through documentation and not moving the mouse nor using the keyboard for a couple minutes. And that’s when this behaviour gets annoying.

Of course, the very first thing I do when I format my laptop is to disable all forms of sleep and hibernation – *I*, not the computer, know better when it’s time for it to take a nap. I had also on occasion gone through some Google searches and applied some “fixes” which “seemed” to work at the time – turns out, they didn’t, I just didn’t notice it! :)

So, today, I decided to go further and dig deeper. Event viewer was the first place I looked, only to be greeted with what I already knew: that the computer had gone to sleep and resumed from said sleep… Not much luck here. Even the “More information” link was useless as it would send me to Microsoft’s home page, instead of where it used to send me (maybe something’s broken in this Windows 10 build, not used this option in a while). Manually googling for “Kernel-Power Event ID 42” did not yield much useful information for my situation, so, back to some old-fashioned troubleshooting.

First, I created a simple batch file to simply run powercfg –requests every second, in a loop, and save that to a file, along with a timestamp. It would also echo just the timestamp to the screen so I could keep track. Every 2 to 3 minutes, and the laptop would go to sleep. Also, the only relevant thing in the log around the time it went to sleep were these two lines:

PERFBOOST:
[DRIVER]: Legacy Kernel Caller

Googling for that didn’t help much, so I decided to try a couple things, namely, using the “old” way of removing stuff that is not needed and trying to repeat the behaviour. Having seen some people complaining about USB power saving, my first try was to remove the only USB device I had attached (a mouse) and repeat the tests. Sure enough, after a couple minutes, the laptop was sleeping again, so that could not be the culprit. Next on the list, unplug my external monitor, that was plugged in through the VGA port. 2 minutes, 3 minutes, 4 minutes, 5 minutes… And it would go on and not power down! Re-plug the monitor, repeat the test, and, sure enough, 2 to 3 minutes later, my computer was sleeping again. So, check my external monitor settings and, sure enough, it had a setting for Power Saving and that setting was ON. I would never expected that to also put my computer to sleep, but apparently, it does! So, disable the setting, run the test again, and now both the monitor and computer keep going on as they should.

So, here you go, I hope this can be of use to someone else experiencing the same problem and if you know someone who suffers from this, have them check their monitor’s Power Saving setting. And now back to some more reading. :)

Sunday, 15 January 2017

Install Azure CLI for Linux on Windows

The following lists the steps needed to install Windows Subsystem for Linux on Windows 10 and Azure CLI, so that you can try out using the CLI on a "Linux-like" environment.

Enable WSL:

If not done yet, enable WSL (Windows Subsystem for Linux):
  1. Enable Developer Mode:
    Windows > Settings > Update and Security > For developers > Developer mode;
  2. Enable the Windows Subsystem for Linux and restart by running this command in an elevated PowerShell:Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
  3. Run "bash.exe" and complete installation of WSL;

Install Azure CLI on WSL:

  1. Launch bash
  2. If not done yet, work around sudo not being able to resolve your machine name by running:sudo chmod 666 /etc/hosts
    sudo echo 127.0.0.1 $HOSTNAME >>/etc/hosts
    sudo chmod 644 /etc/hosts
  3. Install (a decent!) NODE package:
    curl -sL
    https://deb.nodesource.com/setup_7.x | sudo -E bash -
    sudo apt-get install -y nodejs


    NOTE 1: if you try going the "simpler" way of just running "sudo apt-get install node", you'll get a very old node version and when you later run any azure command you'll get an error similar to the one below: (this is after running azure login, which does work even with the broken node!)
    login@COMPUTER:~$ azure location listinfo: Executing command location list+ Getting ARM registered providers
    error: Object
    https://management.azure.com
    has no method 'endsWith'error: Error information has been recorded to /home/mad/.azure/azure.err
    error: location list command failed


    NOTE 2: if you get connectivity problems when running the above commands, try disabling your AV's FW - I ran into some weird problems using Kaspersky and temporarily disabling allowed these to run properly. The errors I'd get would complain of no connectivity from an IPv6 IP address, even though I have IPv6 disabled...
  4. Install the Azure CLI NPM module: sudo npm install -g azure-cli
  5. Enable auto-completion: azure --completion >> ~/azure.completion.shecho 'source ~/azure.completion.sh' >> ~/.bashrc
  6. Exit and re-open bash and you should now have a working install of Azure CLI commands for Linux, running on your Windows Subsystem for Linux.
  7. Try it out: 
    1. azure login (Follow the on-screen instructions) 
    2. azure account list Don't forget that you have auto completion for azure commands too!

Bonus: Private/Public Keys

  1. Generate a private/public SSH key pair for easier authentication (replace "mypassword" with a proper password that you'll type when needed) ssh-keygen -t rsa -b 2048 -C "$USER@$HOSTNAME" -f ~/.ssh/id_rsa -N mypassword
  2. Verify that the ssh-agent is running (you should get a PID value listed):
    eval "$(ssh-agent -s)"
  3. Add the newly created key to ssh-agent:
    ssh-add ~/.ssh/id_rsa
  4. If you have already created a VM you can install the new SSH public key to your Linux VM with (replace login@yourvmip with proper values):ssh-copy-id -i ~/.ssh/id_rsa.pub login@yourvmip
  5. Test the login using keys instead of a password (again, replace login@yourvmip with proper values – this is a single line, split only on the blog!): ssh -o PreferredAuthentications=publickey -o PubkeyAuthentication=yes -i ~/.ssh/id_rsa login@yourvmip
  6. SSH is successfully configured if you are not prompted for an SSH private key password, or a login password to the VM.

If you need to re-install WSL:

(As I did a few times trying to compile and test these instructions)
Run from a command prompt:
lxrun /uninstall /full
Note: the /full will WIPE your home folder, so a new install will be a clean install; if you want to keep those, just omit /full
lxrun /install
Please note that installing will re-download the Linux image from the Windows store again, so beware of internet charges if applicable.

Sources used to compile this information:

    https://docs.microsoft.com/en-us/azure/xplat-cli-install
    https://docs.microsoft.com/en-us/azure/virtual-machines/virtual-machines-linux-mac-create-ssh-keys
    https://hackernoon.com/running-nodejs-on-linux-on-windows-88bd12993bae#.31kiddj4j
    http://www.howtogeek.com/261188/how-to-uninstall-or-reinstall-windows-10s-ubuntu-bash-shell/


How to “play” with Microsoft Azure

Imagine that you’re doing some online courses on Microsoft Azure and related technologies and you need to follow along. What options do you have at your disposal?

I had to answer this question for myself and thought I’d compile a few options and share with the world. In this short summary, you’ll find only those offers that meet these simple conditions:

  • Must have a spending limit or can configure one;
  • Available for single users (there are other offers available to companies but are outside of the scope of this text - you'll find them all in the link below).

Please note that this list is correct as of this writing but may change, as Microsoft updates their offers, so please double check, especially if reading this sometime in the future. Also, even though I did check everything, the official reference is the Microsoft page linked below.

For a list of all Microsoft Azure Offers, please check here.

Now onto the details. If you need to find out on which countries these offers are valid, please check the proper offer link. For each offer I will list:

  • Offer Name and Number with Hyperlink to the offer's page on Microsoft’s Azure site;
  • If a Credit Card is required or not;
  • Spending limit in Euros and USD per month (for other currencies, see the offer page)
  • Monthly Credits Included;
  • Credits duration in months.

 

Free Trial

0044P - Requires a Credit Card, with a monthly limit and credit of USD $200 or 170 EUR for 1 month.

 

Azure Germany Free Trial

0044P - Similar to the above (link is different, though, even if the offer number is the same). Also has a monthly limit and credit of USD $200 or 170 EUR for 1 month.

 

Visual Studio Dev Essentials

0022P - NO credit card required, has a monthly limit and credit of USD $25 or 21.08 EUR for 12 months. Sign up to a Visual Studio Dev Essentials account and then claim the Azure benefits.

 

Microsoft Imagine

0144P - NO credit card required, has a monthly limit and credit of 0 (Zero) EUR or USD with no time limit. Available to students that are validated through the Microsoft Imagine program. Can be used to access services in the free tier (see the offer page for details).

 

Visual Studio Professional subscribers

0059P - NO credit card required, has a monthly limit and credit of USD $50 or 45 EUR, valid while the associated Visual Studio subscription is active. This credit is worth more than it seems because you have access to special rates for Dev/Test machines and also to use Windows 10 machines in Azure.

 

Visual Studio Test Professional subscribers

0060P - NO credit card required, has a monthly limit and credit of USD $50 or 45 EUR, valid while the associated Visual Studio subscription is active. This credit is worth more than it seems because you have access to special rates for Dev/Test machines and also to use Windows 10 machines in Azure.

 

MSDN Platform subscribers

0062P - NO credit card required, has a monthly limit and credit of USD $100 or 85 EUR, valid while the associated MSDN subscription is active. This credit is worth more than it seems because you have access to special rates for Dev/Test machines and also to use Windows 10 machines in Azure.

 

Visual Studio Enterprise subscribers

0063P - NO credit card required, has a monthly limit and credit of USD $150 or 130 EUR, valid while the associated Visual Studio subscription is active. This credit is worth more than it seems because you have access to special rates for Dev/Test machines and also to use Windows 10 machines in Azure.

 

Visual Studio Enterprise (BizSpark) subscribers

0064P - NO credit card required, has a monthly limit and credit of USD $150 or 130 EUR, valid while the associated BizSpark subscription is active. This credit is worth more than it seems because you have access to special rates for Dev/Test machines and also to use Windows 10 machines in Azure.

 

Visual Studio Enterprise (MPN) subscribers

0029P - NO credit card required, has a monthly limit and credit of USD $150 or 130 EUR, valid while the associated Microsoft Partner subscription is active. This credit is worth more than it seems because you have access to special rates for Dev/Test machines and also to use Windows 10 machines in Azure.

 

In conclusion

There are more options than I first thought, and I hope this is useful to others out there, as it was not obvious and also I had to click each offer in turn to find out the details, hence listing the most relevant here for a quicker overview and comparison of the different offers. Have fun exploring Microsoft Azure!

The mandatory Hello World...

I've started working with Microsoft's Azure and am loving it!

However, it has been a bumpy ride at times, hence I decided to create this blog to document some of my experiences with it, as well as some of the hurdles I had to jump over to get going.


I'll start with a few posts. One will be a shameless copy of my own article in LinkedIn describing your options for controlled ways to play with Azure knowing you won't break your wallet. I'm copying it over so as to keep all that info together in this new site.

A couple more will soon follow: "How to install and use Azure CLI on your Windows 10's Subsystem for Linux" (this one had me going through a few bumps, hence feeling the need to share this information), and then "How to connect to multiple services in a single PowerShell session" (not strictly Azure, but also contemplates Azure as well as Skype for Business, SharePoint Online, Office 365 and even local Exchange installations - handy for the SysAdmin that needs "one PowerShell to rule them all". This last one is mostly taken from a similar post, but I adapted and improved quite a bit, so I figured I should share that as well (and of course I'll link to the original article!)

I hope this and more to come will be useful to other people out there.