Wednesday, December 7, 2016

Azure VPN (Point-to-site) connected, no internet connection

while I was setting up azure VPN, I did it. but noticed while connecting to Azure VPN, my internet in browsers stopped working in my office N/W. but both worked in my home N/W.


the issue I found is the client address space that I am using in the Gateway.
I was using 10.8.0.0/24. if I use 192.168.0.0/24, I was able to connect to internet while VPN connected.


here is how you change. just login to new portal and change as highlighted. difficult to do in old portal. can use script though.

Regards,
yes.sudhanshu
Posted by at No comments:
Labels: ,

Thursday, September 29, 2016

Azur BAckup vault service VM not available to register

while creating backup service vault in Azure, if you do not see the VM in the list, no worry... this happens if you have already registered a set of VMs and then you have created new VMs and now you are going to register the new VMs.
so what you do is click Discover 1st and wait for sometime , it to list the new VMs and then go ahead to register and you will get the new VMs listed....

hope this helps.

Regards,
yes.sudhanshu

Posted by at No comments:
Labels:

Sunday, September 18, 2016

Network Infrastructure in Multiple Regions and Impacted Dependent Services. West Europe

i got an warning in my azure subscription with heading "Network Infrastructure in Multiple Regions and Impacted Dependent Services" and detailed message is




Azure SQL Database services were able to handle large number of requests from our customers quickly enough to seamlessly process and Azure SQL Database customers would have seen recovery except Central US region. Unfortunately, Azure SQL Databases in Central US region were overwhelmed by requests that came in higher rate than expected and resulted in availability impact to Azure SQL Database service in Central US region. Azure SQL Database service team was engaged promptly and identified a higher rate of sending requests that prevented Azure SQL Database services from recovery. The team controlled the amount of requests to Azure SQL Database service to be able to handle seamlessly, confirmed all requests were processed normally by 17:15 UTC. Affected HDInsight and Media Services in Central US region were fully recovered shortly after. CUSTOMER / SLA IMPACT: Customers may have experienced degraded service availability for multiple Azure services listed in “Impacted Services” above when connecting to resources or services that have a dependency on the recursive DNS services. We estimated that the availability of Azure SQL Database and DW, and HDInsight and Media Services that are dependent on these was reduced by approximately 60% due to the impact of the recursive DNS issue. After the recursive DNS issue was mitigated, a subset of our customers using Azure SQL Database and DW resources in Central US region, services that have a dependency on Azure SQL Database and DW in Central US region may have continued experiencing the impact. WORKAROUND: No workaround was available during the initial impact period from 11:18 UTC to 13:00 UTC. For customers who were impacted by the subsequent outage on Azure SQL Database and DW in Central US region, if customers configured active geo-replication, the downtime would have been minimized by performing a failover to a geo-secondary which would be loss of less than 5 seconds of transactions. Please visit https://azure.microsoft.com/en-us/documentation/articles/sql-database-business-continuity/ for more information on these capabilities. AFFECTED SUB REGIONS: All Regions ROOT CAUSE: The root cause of the initial impact was a software bug in a class of network device used in multiple regions which incorrectly handled a spike in network traffic. This resulted in incorrect identification of legitimate DNS requests as malformed, including requests from Azure services to resolve the DNS names of any internal endpoint or external endpoint to Azure from within Azure. The root cause of the subsequent Azure SQL Database issue in Central US region was triggered by a large amount of requests before Azure SQL Database service was fully recovered to process those requests, which resulted in availability impact to Azure SQL Database service in Central US region. Azure SQL Database and DW and its customers make extensive use of DNS. This is because the connection path to Azure SQL Database and DW requires 2 DNS lookups. All Azure SQL database and DW connection requests are initially handled by an Azure hosted service called the control ring. This is the IP address referenced by the DNS record .database.windows.net. The control ring tracks which Azure hosted service currently hosts the database/datawarehouse requested, and returns the DNS name of that service to the client in the form ...worker.database.windows.net. The client then performs a DNS lookup to connect to that location. For some customers (those connecting from outside Azure), the control plane proxies the entire connection, and thus performs the DNS lookup itself. Internal connections to databases and datawarehouses, for instance to perform service management operations and geo-replicate transactions, act as clients to other databases and datawarehouses and thus go through the same 2 lookups. We estimate that during the outage, DNS lookups failed at approximately 75% rate, for Azure SQL Database and DW this meant approximately 6% of connections succeeded on first try. NEXT STEPS: We sincerely apologize for the impact to affected customers. We are continuously taking steps to improve the Microsoft Azure Platform and our processes to help ensure such incidents do not occur in the future, and in this case it includes (but is not limited to): 1) Azure Network Infrastructure: The network device bug fix released in all regions once testing and validation are completed [Status – in progress] 2) Azure Network Infrastructure: Improve alerting to detect an inability of DNS services quicker to minimize the time to resolve [Status – in progress] 3) Azure Network Infrastructure: Set new configurations to bypass the network devise bug [Status – Completed] 4) Azure SQL Database/DW: Reduce dependency on DNS by increasing TTL for most records maintained by Azure SQL Database and DW (Instance and server names change rarely, this occurs only on service management operations, therefore the low TTL is unnecessary) [Status – in progress] 5) Improve resiliency options for our customers to be able to minimize downtime. This includes Azure services that have a dependency on the DNS services used by Azure services [Status – in review] In addition, we continue working on the following remediation actions that were identified during Azure SQL Database and DW incident on September 12th. We are committed to complete these items as soon as possible to help avoid any further interruption. We again apologize for any impact you may have experienced due to this issue. 1) Run multiple active/active control rings to avoid single point of failure in a region. [Status – in progress] 2) Document additional control ring IPs and later provide an easy to manage IP tagging mechanism in the future using Azure Network security groups. [Status – in progress] 3) Automate health detection of full control ring health and failover to standby. After item#1 this becomes move of traffic to the healthy rings. [Status – in progress] 4) Evaluate enhancements to Quality-of-Service traffic management scenarios [Status – in progress]


 

Posted by at No comments:

Thursday, June 30, 2016

Password expired and request admin to change your password Azure AAD powershell command

I come across with a weird situation as follow while working with Azure.
1. one of my Azure AAD account password has expired.
then I logged with another admin account and reset the password to same password as it was earlier.
then I was able to login and also I can use my automations in Azure.
but when I tried to login to AAD powershell using that account I got error "Password expired and request admin to change your password ".
I though the flag might be still on for password expired.
so I just logged in to Azure with the account wch I was getting error.
then changed password and again changed back to the original password and after that login to AAD powershell was ok.


hope this will help some one if they will come across such....


Regards,
Yes.Sudhanshu
Posted by at No comments:
Labels:

Set-MsolUserPrincipalName : Access Denied. You do not have permissions to call. Azure powershell error

while trying to set the password never expire for AAD, I got below error while running Set-MSOLUser command. (here is the link how to make password never expires for AAD user account)


"Set-MsolUserPrincipalName : Access Denied. You do not have permissions to call
this cmdlet.
At line:1 char:26
+ set-msoluserprincipalname <<<<  -userprincipalname millerj@cajonvalley.net -n
ewuserprincipalname accountame@xxx.onmicrosoft.com
    + CategoryInfo          : OperationStopped: (:) [Set-MsolUserPrincipalName
   ], MicrosoftOnlineException
    + FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.UserN
   otFoundException,Microsoft.Online.Administration.Automation.SetUserPrincip
  alName".
this say very clearly that the account you are logged in to perform this activity does not have the permission to do this.
hence to check and give access login to office 365 (https://www.office.com/).
then go to Admin icon and look for User and then find the account you are using to run the cmdlet above, as shown in right side pic.
just click edit side to role and assign Global Admin (Password admin if you select Customised Admin Rights), then click OK and close.
just wait for few minutes, as it needs to effect all across. (actually I was trying to execute the set command quickly and hence I was getting the same error). so just wait for a while and then run your Set command and this time it should be ok.

Regards,
Yes.Sudhanshu

Posted by at 1 comment:
Labels:

Reset an Azure Active Directory (AAD) user account password to never Expires

I was using Azure account to automate my script to up/down VMs. once I noticed the bill is high and found the script not running. finally saw the error that password for the account I was using to authenticate was expired. so I though to make that account password not to expired.


here is how you can do.
you need to have Microsoft Online Services Sign-In Assistant for IT Professionals RTW (do 32 or 64 as per you machine)and Azure Active Directory Module for Windows PowerShell (64-bit version) or Azure Active Directory Module for Windows PowerShell (32-bit version).


once that is installed ( one error you can follow http://azurehospital.blogspot.sg/2016/06/azure-active-directory-module-import.html ) then run below command and it show all false as below
Get-MSOLUser | Select account@XXX.onmicrosoft.com, PasswordNeverExpires

Then run below
Set-MSOLUser -UserPrincipalName account@XXX.onmicrosoft.com -PasswordNeverExpires $true

if you run Get-MSOLUser you will get as few true.

Hope this helps.

Regards,
Yes.Sudhanshu

Posted by at No comments:
Labels:

Azure Active Directory-Module : Import-Module : Could not load file or assembly file:///C:\Windows\system32 \WindowsPowerShell\v1.0\ Modules\MSOnline\Microsoft Online Administration Automation PSModule dll or one of its dependencies. This assembly is built by a runtime newer than the currently loaded runtime and cannot be loaded

while , I was trying to make one account password never expire, I was trying to connect to azure by using the AAD powershell command utility.
when I open AAD powershell tool I got below error "Azure Active Directory-Module : Import-Module : Could not load file or assembly file:///C:\Windows\system32 \WindowsPowerShell\v1.0\ Modules\MSOnline\Microsoft Online Administration Automation PSModule dll or one of its dependencies. This assembly is built by a runtime newer than the currently loaded runtime and cannot be loaded".
when I check the version of powershell, it was 2.0, but the above needs 3.0.
Hence download 3.0 from https://www.microsoft.com/en-sg/download/details.aspx?id=34595 (do as per 32 or 64) and install and then try to connect.

Regards,
Sudhanshu
Posted by at 1 comment:
Labels:

The job failed. The quota for the monthly total job run time has been reached for the subscription. To get more job run time you change to a different Automation plan or wait until next month when the quota will be reset.

While working on Azure automation.
I had set up auto start/stop for my VMs morning and night to save $$$$.
OK, once I got my monthly bill so HIGH, then I noticed by VMs running 24x7. heck.....
then saw automation job failed, reason is the subject line and as below...
"The job failed. The quota for the monthly total job run time has been reached for the subscription. To get more job run time you change to a different Automation plan or wait until next month when the quota will be reset."
 this means, change your tier for automation.
by default it is free for 500 mnts. for basic it charges $0.002 / minute. more details https://azure.microsoft.com/en-us/pricing/details/automation/


How to change the plan
login to you Azure subscription, then select Automation on left Icons. (below screens are from new portal)
then select "Pricing tier and usage".
the highlighted 54/500, shows how much time (in mnts) it ran out of 500 (this is free one).
 now click "Pricing tier" , you will get Free and Basic. then select Basic and save.
now you are done from this disaster..


hope this helps...


Regards,


yes.sudhanshu

Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)