Azure Stack POC Hardware

I have been asked several times what I use for my Azure Stack rig and where I got the hardware from. I am going to share in this post what I use to run my single node Azure Stack POC. I bought all parts from Here is a list of the parts:

  • Motherboard: MSI X99A SLI KRAIT EDITION LGA 2011-v3 Intel X99 SATA 6Gb/s USB 3.1 USB 3.0 ATX Intel
  • Video Card: EVGA GeForce 210 DirectX 10.1 512-P3-1310-LR 512MB 32-Bit DDR3 PCI Express 2.0 x16 HDCP Ready Low Profile
  • Power Supply: EVGA 750 BQ 110-BQ-0750-V1 80+ BRONZE 750W Semi Modular Includes Power On Self Tester
  • Processor: Intel Core i7-5820K Haswell-E 6-Core 3.3 GHz LGA 2011-v3 140W BX80648I75820K Desktop
    NOTE: I was not paying attention when I bought this. Azure Stack needs 12 cores. I am able to work around this and have not run into problems yet. When I get a chance and $$$ I will upgrade this.
  • 3 SSD Hard Drives: PNY CS1311 2.5″ 960GB SATA-III (6 Gb/s) TLC Internal Solid State Drive (SSD) SSD7CS1311-960-RB
    NOTE: I bought a couple of more Kingston brand SSD’s. I use these for the OS and general storage.
  • Memory: G.SKILL Ripjaws 4 Series 128GB (8 x 16GB) 288-Pin DDR4 SDRAM DDR4 2800 (PC4 22400) Intel X99 Platform Extreme Performance Memory Model F4-2800C15Q2-128GRKD
  • Case: Corsair Carbide Series Air 540 CC-9011034-WLED Silver Steel ATX Cube Computer Case

As you can see this is generic hardware. The cost of this hardware was just over $2k USD. I have been running Azure Stack since TP1 on this hardware and I am currently running TP3. This is a personal lab for just me and Azure Stack runs well on my hardware. Don’t let a lack of hardware stop you from diving into Azure Stack. As you can see from this post it does not take much to pick up some parts and get going.

I do also run another Azure Stack POC on much better hardware at work. I can’t wait to get a multi-node environment on one of the hardware providers (Cisco, Dell, Lenovo, or HP) platform.

Here is what my rig looks like complete with Azure Stack and other stickers :-).

Before it was built:

After it was built and running:

Read More

Backup Strategy should include Security

Planning for protection as a part of an IT Service Continuity plan often takes into consideration backup of applications and data as well as restore. But what about security?

When planning for protection of applications and data in your environment security should right up there in the forefront. “Backup Security” should be a key part of the plan.

Security in the context of backup can be thought of #1 as securing the backups, and #2 backups being used as an added measure for security breach mitigation. Let me break this down further.

In regards to securing backups you want to do things like encrypt backup data as it travels offsite, encrypting backup data at rest, being able to protect encrypted data, requiring security pins or further authentication of admins and more.

In regards to backup as an added measure for security backup becomes a direct part of Security planning in organizations. Sometimes when security measures fail backups are the only thing that can save you as a last resort. Backups are commonly becoming a way to recover from ransomware attacks as an alternative to paying the hackers. Here is a real world example.

Recently an unnamed hosting providers entire data center became hostage to a ransomware attack. This hacker got in due to a mistake of one of the system admins (more on how to protect at this level later) and basically had full domain admin rights to everything. Keep in mind majority of the servers in this scenario are for customers.

In this case the hosting provider had two choices. Option #1 go to the dark web via a tor network and pay a ton of money in bitcoin for the decryption key. Option #2 Restore everything from offsite backups and pray.

This hosting provider went for option #2 and thank goodness it worked. In this case if it weren’t for a solid offsite backup solution this hosting provider would have been up a creek without a paddle.

It is becoming more common that ransomeware will actually target backups because these are a high target and hackers understand this is a last resort for companies to save themselves. If the backups are deleted there is no other choice but to pay the ransom. This raises the security level of the backups. Administrative actions on backups need an extra layer of security.

Microsoft Business Continuity products help with not only protection but also security. These products consist of System Centers Data Protection Manager (DPM) and Operations Management Suites Azure Backup (AB) and Azure Site Recovery (ASR). In this post I am only going to touch on DPM and AB.

Some exciting things have been happening with Azure Backup and Data Protection Manager to ensure security is front and center as a part of your enterprise backup solution. Microsoft’s goal with the backup security is to provide prevention, alerting, and recovery.

More about this including a video can be found here:

Just yesterday DPM update rollup 12 for 2012 and update rollup 2 for 2016 was announced. Along with UR2 comes some enhanced security features for DPM. These will be called out later in this blog post. Microsoft has rolled out some great security features to both across hybrid clouds. I will go ahead and break these down.

– Azure Backup –

Encrypted backup data at rest
Described in DPM section.

Security PIN
With Azure Backup you can require a security pin for sensitive operations such as removing protection, deleting data, or changing other settings in Azure Backup itself such as changing a Passphrase.

Azure Backup also has some other security measures in place like a minimum retention range to ensure a certain amount of backup data is always available and notifications upon critical operations to subscription admins or others as specified.

NOTE: These security features are now also available in DPM with the UR’s (UR 12 for 2012 and UR2 for 2016) announced yesterday. When an administrator changes the passphrase, or delete backup data, you need to enter the PIN if you have Enhanced Security Enabled. Also, there is a minimum retention range of 14 days for cloud protected data that is deleted.

MFA is Multi-Factor Authentication. Microsoft has MFA available as a part of Azure Active Directory. Within Azure Backup you can configure it to require MFA of admins when performing critical operations. By enabling MFA you would then ensure via authentication from a second device usually physical to the user that they are who they say they are.

NOTE: When you enable security settings they cannot be disabled.

Ransomware attacks
Described in DPM section.

– Data Protection Manager –

Backup data encrypted during offsite transfer
When data is sent from DPM to Azure Backup it is encrypted before it even leaves your four walls. Data is encrypted on the on-premises server/client/SCDPM machine using AES256 and the data is sent over a secure HTTPS link.

Encrypted backup data at rest
Once backup data is on Azure it is encrypted at rest. Microsoft does not decrypt the backup data at any point. The customer is the only one with the encryption key that can decrypt the backup data. If this key is lost not even Microsoft can decrypt your backup data. This is very secure.

Protection and recovery of encrypted computers
The release of Hyper-V on Windows Server 2016 included a new feature known as Shielded virtual machines (VM’s). This feature essentially utilizes Virtual Trusted Platform Module (vTPM) technology and BitLocker to encrypt a VM to encrypt virtual machines at the virtual layer. This means if a VM is physically copied off a Hyper-V host whoever has the VM will not be able to get to the data on the virtual hard drive.

With the release of DPM 2016 it supports protecting Shielded VM’s. DPM can protect Shielded VM’s regardless if they are VHD or VHDX. This is great news because as a secure organization you should want to encrypt your virtual machines and DPM can protect them. This gives you an added layer of security on top of having backups.

Ransomware attacks
In today’s world ransomware attacks are a common thing. These type of attacks are targeted at small, medium, and large enterprise businesses. No company is too small or too big to be put in the crosshairs of ransomware attacks. A well-known attack is Cryptolocker.

As mentioned before in this blog post backups are an alternative to paying the ransom of a ransomware attack. They key here is to ensure you have a solid offsite backup in place such as Azure Backup. Having that offsite backup will ensure you can get your data back even if the ransomware attack get ahold of your onsite backup data.

I even go as far as to recommend sticking to the 3-2-1 rule (3 copies of backup data 2 offsite and 1 onsite). This way if something happens to one of your offsite copies of data you have another one. It may seem overkill to have 2 offsite copies but you would be surprised how often offsite backup data is accidently destroyed.

So there you have it. Security is a critical part of any backup solution. It is clear that Microsoft realizes this based on the security enhancements they have made to both Azure Backup and Data Protection Manager 2016. Their goal is to ensure both backup solutions are enterprise ready. I have been working with DPM for years and Azure Backup as soon as it came out. I know the team behind these products have a lot of new features and functionality planned for the future of these products and I am looking forward to it.

Read More

Monitor Azure Stack Fabric with OMS

I wanted to monitor my Azure Stack environment with OMS. This would include only the Azure Stack fabric servers and the host. I did not want to manually install the OMS agent on all of these servers especially since the Azure Stack fabric is a set of known servers. So I decided to put together a quick PowerShell script to handle the install of the OMS agents including the workspace ID and key. Here are details for the script:


This script can be used to install OMS agents on all of the Azure Stack Fabric servers. This has been tested with TP2.

This script can be used to install OMS agents on all of the Azure Stack Fabric servers. This has been tested with TP2. This script can be run from PowerShell ISE or a PowerShell console. It is recommended to run this from an elevated window. This script should be run from the Azure Stack host. Ensure you are logged onto the Azure Stack host as azurestack\azurestackadmin. This script allows you to input your OMS workspace ID and key. The Azure Stack Fabric servers that this script will attempt to install on is:













Fabric servers can be added or removed from the array list if desired. The script will look for the OMS agent (MMASetup-AMD64.exe) in C:\OMS\ on the Azure Stack host. Ensure you create an OMS folder on your Azure Stack host and download the OMS agent to it. This script also copies the OMS agent to C:\Windows\Temp on each Fabric server. Ensure there is enough free space on the C drive on all of your fabric servers.

This is Guid ID for your OMS workspace, it can be found in the OMS portal at: >> Overview >> Settings >> Connected Sources >> Windows Servers

This is the OMS API key for your OMS workspace. You can use the primary or secondary key. These keys can be found in the OMS portal at: >> Overview >> Settings >> Connected Sources >> Windows Servers



Script Name: AzureStackFabrickOMSAgentInstall.ps1
Version: 1.0
Author: Cloud and Data Center Management MVP – Steve Buchanan
Creation Date: 1-1-2017
Purpose/Change: Install OMS agents on Azure Stack Fabric servers.
Updates: None

.\AzureStackFabricOMSAgentInstall.ps1 -OMSWorkSpaceID “20d4dd92-53cf-41ff-99b0-7acb6c84beedsr” -OMSKey “aazedscsjwh52834u510350423tjjwgogh9w34thg2ui==”

The script can be downloaded here:

To kick off the script run from PowerShell ISE or a PowerShell console. If you run from ISE you will be prompted for the workspace ID and the key. If you run from a PowerShell console run this syntax to kick it off:

.\AzureStackFabricOMSAgentInstall.ps1 -OMSWorkSpaceID “YOURWORKSPACEID” -OMSKey “YOUROMSKEY”

The script will kick off, building an array of the Azure Stack VM’s, looping through each of them to copy over the OMS agent, and then install the OMS agent setting the OMS workspace ID and key.

The script will detect if an OMS agent is already installed and will skip that server as shown in the following screenshot.

Otherwise the script will install the OMS agent as shown in the following screenshot.

The following screenshot shows the script running in a PowerShell console vs ISE.

You will be prompted when running the script for credentials. Use Azurestack\azurestackadmin as shown in the following screenshot.

After the OMS agent is installed you should be able to log onto any of the Azure Stack VM’s and see the OMS agent in control panel as shown in the following screenshots.

You can also log onto OMS and see your Azure Stack servers listed under connected computers.

Azure Stack fabric servers wire data:

My Azure Stack host in OMS Service Map:

Happy Stacking and OMS’ing!

Read More

External Access to Azure Stack

Here is a little community gift for the new year (2017). Azure Stack expert Ruud Borst (@Ruud_Borst) recently published a blog post titled “Expose the Azure Stack Portal through NAT”. Ruud included a PowerShell script in this blog post that simplifies extending external access to Azure Stack.

The PowerShell script runs on your Azure Stack host and will make the IP mappings in NAT on MAS-BGPNAT01 to expose your Azure Stack instance externally to your network.

We no longer have to work through a bunch of tedious steps to give external access to Azure Stack. Thanks Ruud! Great example of community power. With Ruud’s script it can be done even if you already have Azure Stack deployed. The link to his blog post and script is here:

Running the script is as easy as running something like this:

.\Expose-AzureStackPortal.ps1 -PortalExternalIP YOURFIRSTIPHERE -ACSExternalIP YOURSECONDIPHERE

Add -AppServiceAPIExternalIP if you are using the App Service RP you will need to specify a 3rd IP. SQL and MySQL both use the -PortalExternalIP so no need for an extra IP for these.

A successful run of the script should look like this:

VERBOSE: Created NAT external addresses and for Portal and ACS.

VERBOSE: Created Static NAT port mappings on to for Portal
VERBOSE: Created Static NAT port mappings on to for XRP
VERBOSE: Created Static NAT port mappings on to for ACS
VERBOSE: Created Static NAT port mappings on to for SQLrp
VERBOSE: Created Static NAT port mappings on to for MySQLrp

The last step in this process is to make sure you add the DNS records on your external network or to the host file on external servers or clients. Ruud explains this in his blog. I extended Azure Stack to my Buchatech lab environment so I went the DNS route.

For DNS entries I used a CSV file and PowerShell to import all of the DNS records I needed for Azure Stack. I used a PowerShell script from a fellow MVP. The blog post with that script can be found here:

Here is what the CSV file should look like:

name ip type zone dnsserver
 portal A azurestack.local
 api A azurestack.local
 xrp.tenantextensions A azurestack.local
 keyvault.tenantextensions A azurestack.local
 health.adminextensions A azurestack.local
 compute.adminextensions A azurestack.local
 network.adminextensions A azurestack.local
 storage.adminextensions A azurestack.local
*.blob A azurestack.local
*.queue A azurestack.local
*.table A azurestack.local
sqlrp A azurestack.local
mysqlrp A azurestack.local
A azurestack.local
A azurestack.local
A azurestack.local
A azurestack.local

Here is the CSV file I used so you don’t have to create it.

Azure Stack DNS Entries

Notice something different I did with my DNS is I did not add *.azurestack.local. I did not do this because it caused any of the storage DNS entries to respond with the PortalExternalIP instead of the ACSExternalIP. Here is a screenshot of my Azure Stack DNS zone in my Buchatech domain:

After adding the DNS records and installing the Azure Stack certificate in the trusted root authority store I was able to access the Azure Stack portal and connect via PowerShell or Visual Studio without VPN. 🙂

Here is a screenshot of me connecting to Azure Stack’s portal from my domain on one of my utility servers.

A huge thanks to Ruud for building that PowerShell script. I am excited about bringing access to Azure Stack on my other lab network because this opens up all sorts of possibilities and will net some cool blog posts very soon!

Happy Stacking!

Read More

Azure or Azure Stack “Write Once, Deploy Anywhere” Update

A while back I wrote a blog post about being able to take one IaaS VM Azure Resource Manager (ARM) template and deploy it to both Azure or Azure Stack. This blog post included a JSON file and the PowerShell to do this. The idea for that came from needing to set up a cool and working demo for MMS 2016 and the need to showcase the power of Microsoft’s HybridCloud. Here is a link to that original blog post:

Write once, deploy anywhere (Azure or Azure Stack)

Today I have finished updating the PowerShell and ARM template/JSON file to be more streamlined and to work with TP2. Here is the link to download these:Here are the updates:

Here are the updates:

  • The JSON and PowerShell script have been modified to work with Azure Stack TP2.
  • This script now utilizes the connection PowerShell module AzureStack.Connect.psm1 from Azure Stack tools.
  • This is included with the download of this script and JSON file on TechNet Gallery.
  • The script is hard coded to look locally to import the AzureStack.Connect.psm1 module.
  • Streamlined the JSON file and PowerShell script.
  • The script no longer prompts for the publicDNS name. It is now automatically set to the same as the vmname.
  • The script no longer prompts for the storage account name. It is automatically set to vmnamestorage.
  • The script no longer prompts for the resourcegroup name. This is now automatically set to vmname-RG.
  • By default this script now uses a JSON file hosted on Github. This is set in the $templateFilePath variable as shown on the next line.
  • To keep it to the local directory just use the JSON file name.

GITHUB: $templateFilePath = “”
LOCAL: $templateFilePath = “AzureandAzureStack.json

This will be my last blog post of 2016. See you next year folks…..

Happy Stacking!

Read More

Detailed SQL RP Azure Stack TP2 Deploy & Config

Microsoft has made a new version of the SQL resource provider (RP) for Azure Stack TP2 available. It can be found here in the documentation: This RP is an add-on for Azure Stack and allows you to offer SQL as PaaS.

This is a great SQL self-service scenario for Hybrid Cloud. The aforementioned link contains documentation on how to deploy the SQL RP. There are some “Gotchas” with the RP and some other information that is important when deploying and configuring this RP.

I am going to walk through my deployment and configuring experience covering the “Gotchas” and other important information in this blog post. This post will be broken out into the following sections:

  • Deployment
  • RP Configuration
  • Offer/Plan Setup
  • Tenant provisioning of SQL PaaS

Ok. Now let’s dive into it.


Before you begin go to the document link and review the RP documentation. You can download the RP on this page from the Download the SQL Server RP installer executable file link.

Once the RP is downloaded extract the files and scripts by running AzureStack.Sql. You should have the following:


Now from an elevated PowerShell window run DeploySQLProvider.ps1.

NOTE: Important this should not be run from PowerShell ISE. It fails when it is run from ISE and you may end up with a partial deployment that requires cleanup.

NOTE: Also you can specify a local location for the SQL 2014 SP1 Enterprise Evaluation ISO if you have it downloaded already. To do this run the script with a parameter of -DependencyFilesLocalPath. If not specified the ISO will be downloaded during deployment. I prefer to let the script download it as a part of the deployment.

This script will do the following:

The script will prompt you to input local admin account info. Note that the password you input here will also be used for the SQL SA account.


The script will then prompt you for your Azure Active Directory tenant name. This is

You will then be prompted for an Azure Active Directory account. This should be the account you deployed Azure Stack TP2 with. This will be used to access Azure Stack and create stuff such as the resource provider, resource group and other resources needed by the RP.


You need to enter a resource group name. You can leave the default if you want.


You will then be prompted for the SQL server VM Name. Ignore the title of the pop-up here.


The script will then run through all of its steps. Here is what the script does as detailed in the official documentation:

  • If necessary, download a compatible version of Azure PowerShell.
  • Create a wildcard certificate to secure communication between the resource provider and Azure Resource Manager.
  • Download an evaluation build of SQL Server SP1 from the internet or from a local file share.
  • Upload the certificate and all other artifacts to a storage account on your Azure Stack.
  • Publish gallery package so that you can deploy SQL database through the gallery.
  • Deploy a VM using the default Windows Server 2012 R2 image that comes with Azure Stack.
  • Register a local DNS record that maps to your resource provider VM.
  • Register your resource provider with the local Azure Resource Manager.
  • Connect the resource provider to the SQL server instance on the RP VM

As the script runs you will see it run through each of the steps with detail and status. Be patient. I have had this take anywhere from 30 minutes to 45 minutes. Good time to go take a break.


Once the script is done it will show that the installation is successful as shown in the following screenshot.


NOTE: You could run the deployment script with the required parameters to avoid the prompts. For example:
DeploySQLProvider.ps1 -AadTenantDirectoryName “” -AzCredential “” -LocalCredential “username”

If for some reason the RP deployment fails you will need to view the logs to troubleshoot. Logging will be found in: LOCATIONOFYOURDOWNLOADEDRP\SQL PaaS RP\Logs in the following format DeploySQLProvider.ps1_20161205-171516.txt as shown in the following screenshot.



After the SQL is deployed you can see it in the Azure Stack portal at https://portal.azurestack.local. The first thing you will want to look for is the resource group. Mine is named Microsoft-SQL-RP. Default is Microsoft-SQL-RP1. The RG is shown in the following screenshot.


Next you will want to ensure the SQL Resource Provider is listed in Resource Providers as shown in the following screenshot.


Go ahead and click on the resource provider to display its details. The first thing you will notice is that we don’t have any SQL Hosting Servers. This is normal and does not mean the script forgot to deploy the SQL server.


Click on SQL Hosting Servers. Now click on + Add.
Input the same name that you put in when prompted for ...

Read More

Resource Group Clean-up in Azure Stack

If you are like me, you end up creating a ton of resource groups in Azure Stack when testing things out. I needed a way to delete them without having to click one each one via the portal. The best option of course is to leverage PowerShell. I threw together some PowerShell to handle this. I came up with two options #1 can be used to delete a bunch of RG’s that have a common name. For example, I had a bunch of VM00* resource groups. I use the script to go loop through and delete all resource groups with VMO in the name. Option #2 pop’s up a GUI window so I could select the RG’s I wanted to delete. It put them in an array and then looped through to delete them in one shot.

This is great because I can kick this off and go do something else. I will share both below in this blog post along with some screenshots. I won’t have a download for the PowerShell syntax so just copy from this post if you want to use it. Be sure to use AzureStack.Connect.psm1 for connecting to your Azure Stack environment before running any of the following code.


#Create Variable of RG’s with common name
$Resourcegroups = Get-AzureRmResourceGroup | where {$_.ResourceGroupName -like (‘*VM0*’)}

#Create array of RG’s
$RGLIST = $Resourcegroups.ResourceGroupName

#Loop to remove each resource group in the array
$rg in $RGLIST
Get-AzureRmResourceGroup -Name $rg -ErrorAction SilentlyContinue | Remove-AzureRmResourceGroup -Force -Verbose

This image shows the array of RG’s that will be looped through. I highlighted vm003rg in the array and in the PowerShell status message.


The following screenshot shows VM003RG being deleted in the Azure Stack portal.



#Create Variable of RG’s from GUI selection
$selectedrgs = (Get-AzureRmResourceGroup | Out-GridView ` -Title “Select ResouceGroups you want to remove.”` -PassThru).ResourceGroupName

#Loop to remove each resource group in the array
$rg in $selectedrgs
Get-AzureRmResourceGroup -Name $rg -ErrorAction SilentlyContinue | Remove-AzureRmResourceGroup -Force -Verbose

After running the Create Variable of RG’s from GUI selection part of the code a window as shown in the following screenshot will pop up. Select the RG’s you want to remove, click Ok and they will be placed into an array.


Below if the output of the array. Run the Loop to remove each resource group in the array part of the code and each of the RG’s will be removed.


I have also used this when a resource group would not delete from the portal. On some stubborn resource groups I have had to run this a couple of times. This is a short post. I hope this helps someone out!

Read More
OMS: Service Map dependency data flow

OMS: Service Map overview

Recently the Operations Management Suite (OMS) team at Microsoft announced the private preview of Service Map in OMS formally known as Application Dependency Map. Service Map has been a long awaited feature in OMS. Service Map is a feature that is a part of OMS that discovers and maps Windows & Linux app and system dependencies. Service Map displays these dependencies in application maps within OMS. Service Map did not start with OMS. It actually started as a standalone product named Fact Finder and later was integrated with SCOM. The integration of FactFinder with SCOM allowed Bluestripe to automatically create Distributed Applications in SCOM. Well Microsoft acquired BlueStripe and the rest is history.

In this post I will set out to explore and break down Service Map, how it is installed, info about the agent, how it works, key points about it, how the data flows and more. NOTE: Click on any of the images in this post to display larger in a new window. Also this post is my first effort in taking one of my PowerPoint’s and converting into a post! The following graphic describes some of the benefits of having application maps including in your monitoring solutions along with information about FactFinder:


Now let’s take a look at what Service Map does and how it looks.


Now let’s take a look at one of the Service Maps aka Application Maps in OMS. Notice on the left hand side the breakdown of the interface. In Service Map there is a focus machine in the center. There are front end and back end connections into that focus machine. These are the dependencies flowing in and out of the focus machine giving the mappings. Notice on the left-hand side you can control the time controls and select either a Windows or Linux machine from the list. Finally, on the left-hand side are the details of the current selection. The current selection can be a machine or process.


Also notice that SM integrates with Change Tracking, Alerts, Performance, Security, and updates. What this means is that when you have a focus machine selected you can click on the corresponding solution on the right hand. When you click on the solution i.e. updates or security the update or security dashboard widget will be shown and you can drill down from there for further detail.



A common question that comes up when discussion Service Map is how does it work. The following graphic displays the process from the solution add to the actual mapping within OMS.


Other key information about Service Map is detailed in the following graphics.


The next graphic looks at deploying the SM agent and locations for logs. The process is as simple as downloading and installing the agent from OMS.

Here is some more critical information you need to know about the SM agent.


This next graphic details how Service Map dependency data flows into OMS.


At this current time Service Map supported Operating Systems at this time are:

Windows Linux
  • Windows 10
  • Windows 8.1
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008 R2 SP1
  • Oracle Enterprise Linux 5.8-5.11, 6.0-6.7, 7.0-7.1
  • Red Hat Enterprise Linux 5.8-5.11, 6.0-6.7, 7.0-7.2
  • CentOS Linux (Centos Plus kernel is not supported)
  • SUSE Linux Enterprise Server 10SP4, 11-11SP4

Service Map’s computer and process inventory data is available for search in OMS Log Analytics. This is very cool as the log analytics and searching capability in OMS is powerful and most important very FAST. Having application components, service dependencies, and supporting infrastructure configuration data at your fingertips through the log analytics gives you a powerful troubleshooting and forensics tool. I am sure over time the query capabilities will be expanded to include even more.

 oms-servicemap-overview-11  oms-servicemap-overview-12
Type=ServiceMapComputer_CL Type=ServiceMapProcess_CL

A few Service Map Log Analytic query examples:

List the physical memory capacity of all managed computers:

Type=ServiceMapComputer_CL | select TotalPhysicalMemory_d, ComputerName_s | Dedup ComputerName_s

List computer name, DNS, IP, and OS version:

Type=ServiceMapComputer_CL | select ComputerName_s, OperatingSystemVersion_s, DnsNames_s, IPv4s_s | dedup ComputerName_s

List Process Map by process name:

Type=ServiceMapProcess_CL (ProductName_s=TeamViewer)

Thanks for reading and I hope you enjoyed this post on OM’s Service Map. Now go out and add the public preview right away.

Read More

Azure Stack Deployment…No KVM…No Problem

When deploying Azure Stack (TP2) you may not have a KVM, a physical monitor, or maybe you just don’t want to use either with the host. Well there is a solution for this. You can utilize a Windows setup answer file for an unattended installation. What this will do is automate the Windows Setup for you. For Azure Stack you basically just need to input the administrator password. 🙂

Microsoft has put together an answer file and a PowerShell script that enables you to inject an answer file into CloudBuilder.vhdx before deploying Azure Stack. What this will do is enter info on the Windows setup screen for you so that you don’t have to have a KVM or physical monitor attached to the host.  You can just wait for the host to reboot and then RDP in. This unattended answer file and script is a part of the AzureStack-Tools. The AzureStack-Tools have some great resources in the repository and I will be blogging about more of them in the future.

There are basically 2 steps to inject this answer file into your Azure Stack VHDX. These are:

Step 1:

Go and download the Deployment tools files manually onto your Azure Stack host from here:

Or run this PowerShell from your Azure Stack host:

# Variables
$Uri = ‘
$LocalPath = ‘YOURLOCATION:\AzureStack_TP2_SupportFiles’

# Create folder
New-Item $LocalPath -Type directory

# Download files
‘BootMenuNoKVM.ps1’, ‘PrepareBootFromVHD.ps1’, ‘Unattend.xml’, ‘unattend_NoKVM.xml’ | foreach { Invoke-WebRequest ($uri + $_) -OutFile ($LocalPath + ‘\’ + $_) }

Be sure to set $LocalPath to your location.

Step 2:

NOTE: You need to have the CloudBuilder.vhdx downloaded to your Azure Stack host and it cannot be mounted.

From within PowerShell navigate to the directory you downloaded the deployment tools to and run this

.\PrepareBootFromVHD.ps1 -CloudBuilderDiskPath YOURDRIVE:\CloudBuilder.vhdx -ApplyUnattend

Be sure to point the script to the location containing your CloudBuilder.vhdx before running this.

You will be prompted to enter the password you want to use for the local administrator account.


You will see the bcdedit command execution and output as shown in the following screenshot. This saves you the step of modifying the bcdedit. The CloudBuilder.vhdx will also be mounted. You will then be asked to confirm a reboot also as shown in the following screenshot.


Before you reboot if you are interested you can go see the unattend.xml file that was created. This is the answer file that will be used. This is shown in the following screenshot.


The host will be rebooted. When it comes back online you will be able to RDP in. You will then be able to kick off the Azure Stack deployment.

Happy Azure Stacking!!!

Read More

Azure Stack TP2 deployment failure 60.120.123

I recently deployed the new Azure Stack TP2 release. This install is way better. I did run into one small issue during the deployment. Below is what I ran into and the solution.

Failure in Deployment log:

2016-11-18 02:18:36 Error    1> Action: Invocation of step 60.120 failed. Stopping invocation of action plan.

Finding the root of the failure:

When walking back the step index in the summary xml log the error landed on step 60.120.123.

-<Task EndTimeUtc="2016-11-18T08:15:23.1042963Z" Status="Error" StartTimeUtc="2016-11-18T08:10:40.5896841Z" ActionType="Deployment-Phase4-ConfigureWAS" RolePath="Cloud">

-<Action EndTimeUtc=”2016-11-18T08:15:23.1042963Z” Status=”Error” StartTimeUtc=”2016-11-18T08:10:40.5896841Z” Type=”Deployment-Phase4-ConfigureWAS” Scope=”Internal”>


-<Step EndTimeUtc=”2016-11-18T08:15:23.1042963Z” Status=”Error” StartTimeUtc=”2016-11-18T08:10:40.5896841Z” Name=”(Katal) Configure WAS VMs” Description=”Configures Windows Azure Stack on the guest VMs.Index=”123“>

-<Task EndTimeUtc=”2016-11-18T08:15:23.1042963Z” Status=”Error” StartTimeUtc=”2016-11-18T08:10:40.5896841Z” RolePath=”Cloud\Fabric\WAS” InterfaceType=”Configure”>


<Message>Function ‘ConfigureWAS’ in module ‘Roles\WAS\WAS.psd1’ raised an exception: Time out has expired and the operation has not been completed. at Stop-WebServices, D:\WAP\Setup\Scripts\Configure-AzureStackMasd.ps1: line 699 at Restart-WebServices, D:\WAP\Setup\Scripts\Configure-AzureStackMasd.ps1: line 712 at Invoke-Main, D:\WAP\Setup\Scripts\Configure-AzureStackMasd.ps1: line 649 at <ScriptBlock>, D:\WAP\Setup\Scripts\Configure-AzureStackMasd.ps1: line 738 at <ScriptBlock>, <No file>: line 21</Message>

<StackTrace> at CloudEngine.Actions.PowerShellHost.Invoke(InterfaceParameters parameters, Object legacyConfigurationObject, CancellationToken token) at CloudEngine.Actions.InterfaceTask.Invoke(Configuration roleConfiguration, Object legacyConfigurationObject, MultiLevelIndexRange indexRange, CancellationToken token, Dictionary`2 runtimeParameter)</StackTrace>

<Raw>CloudEngine.Actions.InterfaceInvocationFailedException: Function ‘ConfigureWAS’ in module ‘Roles\WAS\WAS.psd1’ raised an exception: Time out has expired and the operation has not been completed. at Stop-WebServices, D:\WAP\Setup\Scripts\Configure-AzureStackMasd.ps1: line 699 at Restart-WebServices, D:\WAP\Setup\Scripts\Configure-AzureStackMasd.ps1: line 712 at Invoke-Main, D:\WAP\Setup\Scripts\Configure-AzureStackMasd.ps1: line 649 at <ScriptBlock>, D:\WAP\Setup\Scripts\Configure-AzureStackMasd.ps1: line 738 at <ScriptBlock>, <No file>: line 21 at CloudEngine.Actions.PowerShellHost.Invoke(InterfaceParameters parameters, Object legacyConfigurationObject, CancellationToken token) at CloudEngine.Actions.InterfaceTask.Invoke(Configuration roleConfiguration, Object legacyConfigurationObject, MultiLevelIndexRange indexRange, CancellationToken token, Dictionary`2 runtimeParameter)</Raw>




The first option is to re-run the deployment from the specific failed step. Do this by using the following syntax:

Import-Module C:\CloudDeployment\CloudDeployment.psd1 -Force

Import-Module C:\CloudDeployment\ECEngine\EnterpriseCloudEngine.psd1 -Force

Invoke-EceAction -RolePath Cloud -ActionType Deployment -Start 60.120.123 -Verbose

The second option for this specific issue is to re-run the deployment with network parameters included. Use the following Syntax:

.\InstallAzureStackPOC.ps1 -AdminPassword $adminpass -AADAdminCredential $aadcred -AADDirectoryTenantName -NatIPv4Subnet -NatIPv4Address -NatIPv4DefaultGateway -EnvironmentDNS -Verbose

Read More