Monday, 14 July 2014

Enable remote management on Windows Azure VM

In Windows Server 2012 R2 and Windows Server 2012, remote management is enabled by default. I'm telling this from my experience as well as from this Technet article. That is not the case if you have provisioned one of these operating systems in Windows Azure VM. If you check the Server Manager>Local Server>Remote management you will see that it is disabled. However, WinRM listener on port 5986 (HTTPS) is created and it is using self-signed certificate with the name of the Cloud Service in which you have provisioned your virtual machine. This port is mapped to Azure Endpoint so that you can connect to this VM remotely via Powershell. If you are like me trying to add all of your servers in Server Manager console to manage them from a single place (a requirement if you want to configure RDS farm), you will have to enable remote management on port 5985 (HTTP) to connect to the servers with Server Manager. If you click "Enable remote management" in the Server Manager on each server, you will break WinRM functionality with the following error:

Log Name:      System
Source:        Microsoft-Windows-WinRM
Date:          7/14/2014 9:05:24 AM
Event ID:      10150
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      RDSCB1.rdspoc.local
Description:
The WinRM service could not use the following listener to receive WS-Management requests.  The listener is enabled but the listener does not have an IP address configured.

 User Action
 Check the underlying network configuration to determine if this listener has at least one valid IP. If the IP is valid, ensure that WinRM configuration does not exclude that IP address by using the following command:

 winrm get winrm/config/service

 Additional Data
 Listener transport: HTTP
 Listener address: *


Additionally, if you enumerate WinRM listeners you will see the following:

C:\Users\dfabricni.RDSPOC>Winrm enumerate winrm/config/listener
Listener
    Address = *
    Transport = HTTPS
    Port = 5986
    Hostname
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint = A755AF3BC7FF6808F8A5F87AC8CC485961E1D5D3
    ListeningOn = null

Listener [Source="GPO"]
    Address = *
    Transport = HTTP
    Port = 5985
    Hostname
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint
    ListeningOn = null


So, how do you connect to the Windows Server 2012/2012 R2 from the remote Server Manager console in Windows Azure VM? The solution is to uncheck "Enable remote management" and add the WinRM listener manually like this:

winrm create winrm/config/Listener?Address=*+Transport=HTTP

Now if you enumerate the listeners you will see this:

C:\Users\dfabricni.RDSPOC> winrm enumerate winrm/config/listener
Listener
    Address = *
    Transport = HTTP
    Port = 5985
    Hostname
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint
    ListeningOn = 10.3.1.6, 127.0.0.1, ::1, fe80::cd3d:beb0:87da:c02%14

Listener
    Address = *
    Transport = HTTPS
    Port = 5986
    Hostname
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint = A755AF3BC7FF6808F8A5F87AC8CC485961E1D5D3
    ListeningOn = 10.3.1.6, 127.0.0.1, ::1, fe80::cd3d:beb0:87da:c02%14


Now you can manage the server with the remote Server Manager console and you will still be able to connect to the Azure Endpoint from your local PC with remote Powershell as described in this article: Introduction to Remote PowerShell with Windows Azure.








Wednesday, 2 April 2014

Windows Azure Pack: VM Cloud Automation not triggering SMA runbooks

Hello,

For the last couple of weeks I've been extensively working with Windows Azure Pack. I'm implementing minimal deployment architecture as described on this Technet page: Windows Azure Pack architecture. During deployment I ran into numerous problems and mostly managed to solve them, but I've spent ample amount of time. I will try to point on some of the issues in a few blog articles to follow. Here is the first one in the series.

Issue #1: VM Cloud Automation not triggering SMA runbooks

Background:
SMA feature is installed on a separate machine and Service Management Automation endpoint is successfully registered in WAP Service Management Portal:



Service Management Automation endpoint has also been registered in VM Clouds section of the WAP Service Management Portal:



Actions have been linked with Runbooks:



 However, they are not being triggered and there are no meaningful logs recorded in the Event logs.

If you take a look at the following picture from Technet you will see that Runbooks should be triggered from SPF machine:


This process is described here in more detail.

The solution in my case was to add SPF Application Pool Identity account to the local group smaAdminGroup on the SMA machine.

This is excerpt from the IIS log from SMA machine before:

2014-04-02 08:04:47 172.20.14.44 GET /00000000-0000-0000-0000-000000000000/Runbooks() $filter=RunbookName%20eq%20'Demo-Managing-VirtualMachineManager' 9090 CLOUD\scspf-svc 172.20.14.42 Microsoft+ADO.NET+Data+Services - 401 2 5 0
2014-04-02 08:04:47 172.20.14.44 GET /00000000-0000-0000-0000-000000000000/Runbooks() $filter=RunbookName%20eq%20'Demo-Managing-VirtualMachineManager' 9090 - 172.20.14.42 Microsoft+ADO.NET+Data+Services - 401 2 5 15


and after:

2014-04-02 08:11:19 172.20.14.44 GET /00000000-0000-0000-0000-000000000000/Runbooks() $filter=RunbookName%20eq%20'Demo-Managing-VirtualMachineManager' 9090 - 172.20.14.42 Microsoft+ADO.NET+Data+Services - 401 2 5 31
2014-04-02 08:11:19 172.20.14.44 GET /OrchestratorService.svc/Runbooks() $filter=RunbookName%20eq%20'Demo-Managing-VirtualMachineManager' 9090 CLOUD\scspf-svc 172.20.14.42 Microsoft+ADO.NET+Data+Services - 200 0 0 31
2014-04-02 08:11:19 172.20.14.44 POST /00000000-0000-0000-0000-000000000000/Runbooks(guid'508bf1fe-7afc-4630-9ac6-05749bbb61a0')/Start - 9090 - 172.20.14.42 Microsoft+ADO.NET+Data+Services - 401 2 5 0
2014-04-02 08:11:19 172.20.14.44 POST /OrchestratorService.svc/Runbooks(guid'508bf1fe-7afc-4630-9ac6-05749bbb61a0')/Start/ - 9090 CLOUD\scspf-svc 172.20.14.42 Microsoft+ADO.NET+Data+Services - 200 0 0 656


I hope this information helps someone.

Regards,
Dinko