The Deployment Bunny

Subscribe to The Deployment Bunny feed The Deployment Bunny
OS Deployment, Virtualization, Microsoft based Infrastructure...
Updated: 57 min 42 sec ago

Speaking at SCUG.no – 2015-06-25

Sun, 05/10/2015 - 16:45

I’m proud to announcing that I will be one of the speakers at SCUG.no

My session is at 13:30 to 14:30 and will 100% focusing on Windows Server 2016 in the Modern Datacenter!

Session 4: “Windows Server vNext in the Modern Datacenter”

Windows Server has changed over the last few years, it has now become the main engine regarding Software Defined Compute, Storage and Network. In the demo intense session you will learn how to design, build and take advantage over the new features in Windows Server vNext.
(Speaker: Mikael Nystrom, MVP)

For more information http://www.scug.no/events/system-center-user-group-meeting-june-2015/

/Mike


Categories: MDT

Microsoft Virtual Academy (MVA) – Storage Spaces Deep Dive

Fri, 05/08/2015 - 06:10

I have been working with Windows Server Storage Spaces since it was invented. It is great technology and I love it! Recently I was asked to be a part a MVA session on Storage Spaces and I just could not resist. My idea was to do something that is based on our real experience building storage spaces solutions.

So, together with Markus Lassfolk and Ola Skoog we did a Microsoft Virtual Academy class with four parts,

  • Storage Spaces: Architecture
  • Storage Spaces: Design
  • Storage Spaces: Performance
  • Storage Spaces: Lessons From The Field

If you are into Storage Spaces and you would like to know from experienced MVP’s building Storage Spaces, this is for you, Enjoy!

http://www.microsoftvirtualacademy.com/training-courses/storage-spaces-deep-dive


Categories: MDT

Windows Server vNext – Hyper-V in Hyper-V

Fri, 05/01/2015 - 16:23

Yes, it is true

Continue reading the story at the source for much more information!!!

http://www.hyper-v.nu/archives/hvredevoort/2015/05/nested-hypervisor-in-windows-server-vnext/


Categories: MDT

Nice to Know – Deploying Windows 10 IoT to a Raspberry PI 2

Fri, 05/01/2015 - 15:44

So, just for the fun of it I got 2 Raspberry PI 2 a while back, someone said to me that they could run Windows 10 and therefore they can be deployed, and therefore I must try. So far I have no idea what to do with them, but I’ll find out eventually.

Note: My friend Johan Arwidmark has done a great Video, you will find it here: https://www.youtube.com/watch?v=Q5SfPTykM6A

Step One:

Go to https://dev.windows.com/en-US/iot

Step Two:

Select the Raspberry Pi 2 (or if you have something else, select that device)

Step 3:

This is what you need:

  • A PC running Windows 10 (it can be a VM “if” you have a VM platform that can write to a Micro SD card) build 10069 or higher
  • A Raspberry Pi 2
  • A Micro USB power supply, go for one with 2A or better, that way you will have enough power when you start connecting stuff to your USB ports
  • A Micro SD Class 10 device, I’m running the Samsung Evo 16GB Micro SD’s, works great!
  • A HDMI cable and a monitor, just for the fun to see when things happens, but not needed
  • An Ethernet cable connect to your network with DHCP
  • The “image” that you get from connect http://connect.microsoft.com/windowsembeddedIoT/Downloads/DownloadDetails.aspx?DownloadID=57782

This is how you do:

  • Download and unzip the image from connect and store in a folder
  • Insert the Micro SD in your computer
  • Find the disk number that SD card is using (take a pick)
    • Using Disk part
      Diskpart.exe
      List Disk
    • Using WMIC
      wmic diskdrive list brief
    • Using PowerShell
      Get-PhysicalDisk | Select-Object FriendlyName,DeviceId
  • Apply the Image to the Micro SD using an elevated prompt usin g this command. Note Replace “N” with your number for the drive:

    dism.exe /Apply-Image /ImageFile:flash.ffu /ApplyDrive:\\.\PhysicalDriveN /SkipPlatformCheck
  • Wait until it is done and use the safe remove feature in Windows to remove the Micro SD
Step 4:
  • Insert the Micro SD in the Raspberry PI
  • Connect Network
  • Connect HDMI
  • Connect Power
  • It will now boot and configure it self, when its done you should see this:

Step 5:

So, the PI is up and running and you need to connect to it and to do that you need an IP address, and that’s when the HDMO monitor comes very “handy” since the IP address will be on that screen…

#Bug fix for StackOverFlow
remove-module psreadline -force

#Setting Vars
$ThePIIP = ‘192.168.133.125’
$ThePIPassword = ‘p@ssw0rd’
$ThePIUserName = ‘Administrator’
Set-Item WSMan:\localhost\Client\TrustedHosts -Value $ThePI -Force

$SecurePassword = $ThePIPassword | ConvertTo-SecureString -AsPlainText -Force
$Credentials = New-Object System.Management.Automation.PSCredential -ArgumentList $ThePIUserName, $SecurePassword

Enter-PsSession -ComputerName $ThePIIP -Credential $Credentials

After that you should have a remote PowerShell prompt up and running and if you do it in ISE, you will also see that the command windows on the right side will get updated with all the commands that does exist in the OS:

Step 6:

Time to configure:

Here is a nice link of commands that are available

http://ms-iot.github.io/content/win10/tools/CommandLineUtils.htm

You should change the password and if you want you can also change the name of the device…

Step 7:

Just for the fun of it:

You can access the device using FTP:

If you browse to ftp://192.168.133.125/Windows/ImageUpdate/OEMInput.xml you can see that you are actually running a Windows Phone…

You can access the device using the web:

When accessing using the web you will see a bunch of different functions you can perform, you can even upload your appx applications and install them…

Links that you will find handy:

https://www.youtube.com/watch?v=Q5SfPTykM6A

http://www.element14.com/community/docs/DOC-76402/l/windows-10-iot-core-on-the-raspberry-pi-2

http://www.element14.com/community/docs/DOC-76415/l/running-windows-10-iot-core-and-code-on-the-raspberry-pi-2

http://microsoft.hackster.io/

https://www.youtube.com/watch?v=Hkm4THS3Rf8

/mike

 

 

 

 

 


Categories: MDT

Speaker at Windows Management User Group Netherlands (WMUG NL) on 2015-05-13

Fri, 05/01/2015 - 14:19

I’m proud to be invited to speak at WMUG in May. This time my session is all about Windows Server vNext. The Session will be in English, mostly because my Dutch is not really that good, in fact its horrible…

To sign up:

http://wmug.nl/2015/05/01/wmug-webinar-3-13-05-2015-windows-server-vnext-get-ready-hosted-by-mikael-nystrm-microsoft-mvp-and-principal-architect-at-truesec/

/mike


Categories: MDT

Nice to Know – Windows 10 OS Deployment links

Fri, 05/01/2015 - 13:56

Here are the basic media you need to start Windows 10 OSD.

Windows ADK RC for Windows 10

https://msdn.microsoft.com/en-us/windows/hardware/dn913721(v=vs8.5).aspx

(Note: it will be located at the last part of the page)

Windows 10 Insider Preview ISO April Update

http://windows.microsoft.com/en-us/windows/preview-iso-update-1504

Windows 10 Enterprise Insider Preview

https://www.microsoft.com/en-us/evalcenter/evaluate-windows-enterprise-insider-preview

MDT 2013 Update 1 Preview

https://connect.microsoft.com/ConfigurationManagervnext/Downloads/DownloadDetails.aspx?DownloadID=57061

/mike


Categories: MDT

My Sessions at Microsoft Ignite 2015

Fri, 05/01/2015 - 11:49

Hands-on Windows 10 Enterprise Deployment

Want to know how to prepare for Windows 10, or how to upgrade from Windows 7, 8, or 8.1 to Windows 10? Maybe you want to know how to build, customize, and deploy your own Windows 10 image? In this pre-day session we explore all of those areas, with hands-on labs to ensure that you’ll be ready for Windows 10 in your organization.

Sunday, May 3rd  – 9:00 am to 5:00 pm

Troubleshooting Windows 10 Deployment: Top 10 Tips and Tricks

Need help with troubleshooting Windows deployment issues? Johan and Mikael share lessons learned around handling device drivers in the deployment process, common deployment issues and their workarounds, parsing log files, WinPE and PXE troubleshooting, UEFI deployments. As a foundation, Microsoft Deployment Toolkit and Microsoft System Center Configuration Manager will be used. You can expect a lot of live demos, tips, and tricks in this session.

Wednesday, May 6th – 10:45 am to 12:00 pm

Expert-Level Windows 10 Deployment

Join us for a live demo on how to build a Windows deployment solution, based on Microsoft System Center Configuration Manager. In the session we are taking OS Deployment in Microsoft Deployment Toolkit and System Center Configuration Manager to its outer limits. Deployment tips, tricks, and hard core debugging in a single session. You can expect a lot of live demos in this session.

Thursday, May 7 7th – 9:00 pm to 10:15 pm

Windows 10 Deployment: Ask the Experts

Still have questions about Windows deployment, even after all the other sessions this week? For this session, we gather as many experts as we can find for a roundtable Q&A session, with plenty of “official” and “real-world” answers for everyone, troubleshooting and implementation advice, and probably a fair number of opinions and “it depends” answers as well.

Thursday, May 7 7th – 3:15 pm to 10:15 pm

Book signing in the Bookstore

If you for any reason would like to have a book written by me signed, I’ll be there and I will happily sign it for you:

Wednesday, May 6th – 12:30 pm


Categories: MDT

Nice to Know – Reset the WSUS update Count during OSD, allows automatic reinstallation of patches that failed

Mon, 03/30/2015 - 17:03

No, this is NOT something new, its just that it needs to be spread more…

In MDT 2010, there were some improvements to the ZTIWindowsUpdate.wsf script, the reason as to cut down time, they did and at the same time ZTI was not as reliable as it used to be. The issue is very simple, the task sequence remembers all patches that has been installed, so it will never ever re-install a patch and that is great, unless a patch needs to be reinstalled and it might need to…

Alexey (with help from Keith) did create a script in mars 2010 that resets the counter. You can find the blog post here http://blogs.msdn.com/b/alex_semi/archive/2010/03/17/ztiwindowsupdate-wsf-does-not-install-all-patches.aspx. The script you download from my site, does the same thing, the script is just slightly polished…

How to use it?
  • Download http://1drv.ms/1CqmjBN, Unzip and store the script in the Scripts folder of the MDT share
  • Modify the task Sequence:
  • Add a “Run Command Line” with the following command
    • cscript.exe "%SCRIPTROOT%\ZTIWindowsUpdateReset.wsf"

It should look something like this:

/mike


Categories: MDT

Nice to Know – Reset WSUS to “Factory Default” settings after OSD in MDT

Mon, 03/30/2015 - 16:39

Same days a go I write a post on how to reset WSUS after OSD in MDT, but of course a very good friend was complaining slightly, it was something “Yeah, great but I would like to reset WSUS back to it has never ever been used, like a factory reset…”

Since I’m a nice guy, here it is, the WSUS Factory Reset application for MDT.

So, same story, download(http://1drv.ms/1IKrIFY), unzip and import as an application, like this.

Then add it as an application in the MDT Task Sequence, something like this.

/Mike


Categories: MDT

Nice to Know – Reset WSUS settings after OSD in MDT

Thu, 03/26/2015 - 03:30

After deploying a OS in MDT there are some “leftovers”, this script will remove those settings which is very convenient when creating a ref image that uses another WSUS server and you would like to minimize issues. Just download it, unzip it, import as an application, like this.

Then add it as an application in the MDT Task Sequence, something like this.

Download : http://1drv.ms/1bwlwXm

/mike


Categories: MDT

Nice to Know–Adding a second federated domain in ADFS fails if –SupportMultipleDomain was not used in the first place

Sat, 02/07/2015 - 17:12

Today as was trying to fix an issue regarding with ADFS and Office 365.

The Issue:

A very simple error, when you try to add the second domain it fails and in this case it was because the first federated domain was not setup using –SupportMultipleDomain

The solution:

After some digging and searching I found this post:

https://exitcodezero.wordpress.com/2013/03/05/supportmultipledomain-is-not-supported-here/

The issue was not exactly the same but close enough, a bit further down in the post it seems that he had the same issue as a while back.

Delete the object in the ADFS console

Open up the ADFS mmc snap-in

and delete it

Switch from Managed to Federated

Open the elevated PowerShell prompt with the Msol CMDLets, connect and authenticate and run this command to fix it:

Convert-MsolDomainToFederated -SupportMultipleDomain -DomainName viamonstra.com

From this point on, you can now switch from Managed to Federated on all the other domains as well

Last thing you do is to run:

Get-MsolDomain to verify:

/mike


Categories: MDT

Nice to Know–Adding a second federated domain in ADFS fails if –SupportMultipleDomain was not used in the first place

Sat, 02/07/2015 - 17:12

Today as was trying to fix an issue regarding with ADFS and Office 365.

The Issue:

A very simple error, when you try to add the second domain it fails and in this case it was because the first federated domain was not setup using –SupportMultipleDomain

The solution:

After some digging and searching I found this post:

https://exitcodezero.wordpress.com/2013/03/05/supportmultipledomain-is-not-supported-here/

The issue was not exactly the same but close enough, a bit further down in the post it seems that he had the same issue as a while back.

Delete the object in the ADFS console

Open up the ADFS mmc snap-in

and delete it

Switch from Managed to Federated

Open the elevated PowerShell prompt with the Msol CMDLets, connect and authenticate and run this command to fix it:

Convert-MsolDomainToFederated -SupportMultipleDomain -DomainName viamonstra.com

From this point on, you can now switch from Managed to Federated on all the other domains as well

Last thing you do is to run:

Get-MsolDomain to verify:

/mike


Categories: MDT

Nice to Know – HP FlexFabric 10GB 2-port 534FLB Adapter can cause network issues using NVGRE

Thu, 02/05/2015 - 16:54

Today I was working at a customer site, setting up a NVGRE Gateway in a Fabric domain. Install, configuration, all went nice and smooth until we should test and verify that the VM’s could access the network, found a miss configuration and then, hey it was working, well TCP was working but NOT UDP, wtf??? Some troubleshooting (Google and Bing and some cursing) and it seems to be some various obscure things, some hotfixes but then we found something that actually worked…

The issue: Encapsulated Task Offloading

I’m pretty sure that the idea behind it is all good, but of course as all “great” things, it does not work in this combination.


Here you can se the setting that needs to be disabled and you can also see the driver version and date that was in place.

The Solution: Disable it!

But, if you disable it on every hyper-v host (not only the hosts running the NVGRE gateway), it starts working. At the time we could not find any other solution then to disable it.

In this case the customer (and you know how you are) was kind enough to let me post the script that was used to disable this “amazing” technology.

or here in plain text form

$Nics = Get-NetAdapterAdvancedProperty -DisplayName “Encapsulated Task Offload”

foreach($Nic in $Nics)
{
Set-NetAdapterEncapsulatedPacketTaskOffload -Name $Nics.Name -EncapsulatedPacketTaskOffloadEnabled:$false
}

/Mike


Categories: MDT

Nice to Know – HP FlexFabric 10GB 2-port 534FLB Adapter can cause network issues using NVGRE

Thu, 02/05/2015 - 16:54

Today I was working at a customer site, setting up a NVGRE Gateway in a Fabric domain. Install, configuration, all went nice and smooth until we should test and verify that the VM’s could access the network, found a miss configuration and then, hey it was working, well TCP was working but NOT UDP, wtf??? Some troubleshooting (Google and Bing and some cursing) and it seems to be some various obscure things, some hotfixes but then we found something that actually worked…

The issue: Encapsulated Task Offloading

I’m pretty sure that the idea behind it is all good, but of course as all “great” things, it does not work in this combination.


Here you can se the setting that needs to be disabled and you can also see the driver version and date that was in place.

The Solution: Disable it!

But, if you disable it on every hyper-v host (not only the hosts running the NVGRE gateway), it starts working. At the time we could not find any other solution then to disable it.

In this case the customer (and you know how you are) was kind enough to let me post the script that was used to disable this “amazing” technology.

or here in plain text form

$Nics = Get-NetAdapterAdvancedProperty -DisplayName “Encapsulated Task Offload”

foreach($Nic in $Nics)
{
Set-NetAdapterEncapsulatedPacketTaskOffload -Name $Nics.Name -EncapsulatedPacketTaskOffloadEnabled:$false
}

/Mike


Categories: MDT

Nice to Know – Clean up the ISO name mess I SCVMM so that Windows Azure Pack looks nice

Thu, 02/05/2015 - 09:00

In System Center Virtual Machine Manager there is a library. The library stores resources used in the environment and one kind of resources is ISO images. The problem is that names on those ISO images is slightly “technical” and not so user-friendly. So who cares?

The Issue:

When you start using Windows Azure Pack to provide self-service, that is a very good reason to have nice names here is two samples


In the first picture, all the names looks ok, in the second picture, it looks different…

The names of the these files comes from System Center Virtual Machine Manager and they are easy to change, just go in to the library, open each and everyone and change the name…


How to modify the name of the ISO resource in the SCVMMLibrary using the UI.

However, doing that for one or two files are ok, more then that, it kind of gets boring after a while.

The Solution:

So, you can export all the information in to a CSV file, modify the CSV file to suit your organization and then import it again.

Export CD/DVD meta data from SCVMM using PowerShell

Get-SCISO -All -VMMServer “clscvm01.cloud.truesec.com” | where HostType -EQ LibraryServer | Select LibraryServer,SharePath,Name,Description | ConvertTo-Csv -NoTypeInformation > “$env:TEMPISOInSCVMMLib.csv”

and that will give something like this:


A few of the ISO’s in the SCVMMLibrary.

So, open the file, modify name and description and run this


function Update-ISOForSCVMLib
{
[CmdletBinding()]
Param
(
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=0)]
$LibraryServer,

[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=1)]
$SharePath,

[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=2)]
$Name,

[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=3)]
$Description
)
$ISOToUpdate =  Get-SCISO -All | Where LibraryServer -EQ $LibraryServer | Where SharePath -EQ $SharePath
$ISOToUpdate | Set-SCISO -Description $Description -Name $Name
}

This will give you a new function and that new function can be used in the following way.

Import-Csv .\ISOInSCVMMLib.csv | foreach {Update-ISOForSCVMLib $_.LibraryServer -SharePath $_.SharePath -Name $_.Name -Description $_.Description}

The function is going trough the CSV file and search for the file, find the object and finally change the display name of the object.

/mike


Categories: MDT

Nice to Know – Clean up the ISO name mess I SCVMM so that Windows Azure Pack looks nice

Thu, 02/05/2015 - 09:00

In System Center Virtual Machine Manager there is a library. The library stores resources used in the environment and one kind of resources is ISO images. The problem is that names on those ISO images is slightly “technical” and not so user-friendly. So who cares?

The Issue:

When you start using Windows Azure Pack to provide self-service, that is a very good reason to have nice names here is two samples


In the first picture, all the names looks ok, in the second picture, it looks different…

The names of the these files comes from System Center Virtual Machine Manager and they are easy to change, just go in to the library, open each and everyone and change the name…


How to modify the name of the ISO resource in the SCVMMLibrary using the UI.

However, doing that for one or two files are ok, more then that, it kind of gets boring after a while.

The Solution:

So, you can export all the information in to a CSV file, modify the CSV file to suit your organization and then import it again.

Export CD/DVD meta data from SCVMM using PowerShell

Get-SCISO -All -VMMServer “clscvm01.cloud.truesec.com” | where HostType -EQ LibraryServer | Select LibraryServer,SharePath,Name,Description | ConvertTo-Csv -NoTypeInformation > “$env:TEMPISOInSCVMMLib.csv”

and that will give something like this:


A few of the ISO’s in the SCVMMLibrary.

So, open the file, modify name and description and run this


function Update-ISOForSCVMLib
{
[CmdletBinding()]
Param
(
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=0)]
$LibraryServer,

[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=1)]
$SharePath,

[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=2)]
$Name,

[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$true,
Position=3)]
$Description
)
$ISOToUpdate =  Get-SCISO -All | Where LibraryServer -EQ $LibraryServer | Where SharePath -EQ $SharePath
$ISOToUpdate | Set-SCISO -Description $Description -Name $Name
}

This will give you a new function and that new function can be used in the following way.

Import-Csv .\ISOInSCVMMLib.csv | foreach {Update-ISOForSCVMLib $_.LibraryServer -SharePath $_.SharePath -Name $_.Name -Description $_.Description}

The function is going trough the CSV file and search for the file, find the object and finally change the display name of the object.

/mike


Categories: MDT

Beyond Supported – Azure Site-2-Site VPN (with physical router) behind a NAT device

Mon, 02/02/2015 - 06:22

Last week at TechXAzure I did 3 sessions, during on of them we did some demos around Azure Site-2-Site VPN which is the fundamental connection to create a Hybrid solution. In production that is not really a complex task since the firewall that is used is directly connected to the Internet with a static IP, but that is usually not the case when you play around at home or in the LAB. Running behind a NAT:ed device is not supported, neither is running the solution on a dynamically assign IP, but it works…

So, the idea behind this guide is to give a fairly simple step-by-step guide to build a site-2-site VPN connection to the Azure IaaS service for you to play with at home or in a LAB, just remember, there is NO support for this at all!

The design

Looking at the picture you can see that we basically have two networks, one for the normal traffic and one more that is behind a second router. Behind that network we have access to Azure directly. For me this is perfect when playing around. The “normal network act as the workload network, that is where all normal traffic exists. The network behind the second router act as the fabric network, here is where my Private Cloud cloud is running. Note, this is just for LAB, Testing, Playing and such things. You should not use this for production since it is unsupported.

Hardware:

The Internet facing router is a Linksys EA6900

The Internal router between the normal network and internal Azure Site-2-Site router is a NETGEAR FVS318N

Create Networks in Azure Logon to your Azure Account and create the Local network


Select Local Network.


Give it a name and type in your Internet facing IP.


Type in the IP address range your are going to use behind the second router.

Logon to your Azure Account and create the Virtual network


Select to create a Custom network


Give the network a name and assign it to a Azure location.


Type in the DNS servers you are going to have locally on your network and select Site-2-Site VPN. Note: If you also select Point-2-Site you cannot create a Virtual Router in Azure that supports IKEv1, the router I’m using does not support it, it only supports IKEv1 and there for I cannot have Point-2-Site VPN.


Add the IP address range and gateway range for your virtual network in Azure.

Create the Router

When the network has been created you need to create the Virtual Router


In the Azure portal, click on the Virtual Network “FabricAzure” You can either create a Static or a Dynamic router and you need to select the version based on the router/firewall you have locally. In my case I use a NetGear FVS318N and the features in that router requires my to configure the virtual router as a static router.

This takes time, have lunch or something


Finally its done.

Configure the Internet facing Router


To allow traffic from the Virtual Router in Azure to correctly receive data you need to redirect traffic, the easy way to do this is to use the DMZ function in the Internet facing router. This way, all traffic from that IP will be redirected to the second router.

Configure the second router on your network (not the Internet facing)

In this case it is a NETGEAR FVS318N and the easy thing is to run the Wizard for VPN and then modify the settings, but before you do that, we need the PreShared Key and you can get that in the Azure Portal.


Modify the IKE Policy in the Second router.


Modfy the VPN Policy in the second router

Wait, check logs, wait, check logs and…

/Happy Routing…


Categories: MDT

Beyond Supported – Azure Site-2-Site VPN behind a NAT device

Mon, 02/02/2015 - 06:22

Last week at TechXAzure I did 3 sessions, during on of them we did some demos around Azure Site-2-Site VPN which is the fundamental connection to create a Hybrid solution. In production that is not really a complex task since the firewall that is used is directly connected to the Internet with a static IP, but that is usually not the case when you play around at home or in the LAB. Running behind a NAT:ed device is not supported, neither is running the solution on a dynamically assign IP, but it works…

So, the idea behind this guide is to give a fairly simple step-by-step guide to build a site-2-site VPN connection to the Azure IaaS service for you to play with at home or in a LAB, just remember, there is NO support for this at all!

The design

Looking at the picture you can see that we basically have two networks, one for the normal traffic and one more that is behind a second router. Behind that network we have access to Azure directly. For me this is perfect when playing around. The “normal network act as the workload network, that is where all normal traffic exists. The network behind the second router act as the fabric network, here is where my Private Cloud cloud is running. Note, this is just for LAB, Testing, Playing and such things. You should not use this for production since it is unsupported.

Hardware:

The Internet facing router is a Linksys EA6900

The Internal router between the normal network and internal Azure Site-2-Site router is a NETGEAR FVS318N

Create Networks in Azure Logon to your Azure Account and create the Local network


Select Local Network.


Give it a name and type in your Internet facing IP.


Type in the IP address range your are going to use behind the second router.

Logon to your Azure Account and create the Virtual network


Select to create a Custom network


Give the network a name and assign it to a Azure location.


Type in the DNS servers you are going to have locally on your network and select Site-2-Site VPN. Note: If you also select Point-2-Site you cannot create a Virtual Router in Azure that supports IKEv1, the router I’m using does not support it, it only supports IKEv1 and there for I cannot have Point-2-Site VPN.


Add the IP address range and gateway range for your virtual network in Azure.

Create the Router

When the network has been created you need to create the Virtual Router


In the Azure portal, click on the Virtual Network “FabricAzure” You can either create a Static or a Dynamic router and you need to select the version based on the router/firewall you have locally. In my case I use a NetGear FVS318N and the features in that router requires my to configure the virtual router as a static router.

This takes time, have lunch or something


Finally its done.

Configure the Internet facing Router


To allow traffic from the Virtual Router in Azure to correctly receive data you need to redirect traffic, the easy way to do this is to use the DMZ function in the Internet facing router. This way, all traffic from that IP will be redirected to the second router.

Configure the second router on your network (not the Internet facing)

In this case it is a NETGEAR FVS318N and the easy thing is to run the Wizard for VPN and then modify the settings, but before you do that, we need the PreShared Key and you can get that in the Azure Portal.


Modify the IKE Policy in the Second router.


Modfy the VPN Policy in the second router

Wait, check logs, wait, check logs and…

/Happy Routing…


Categories: MDT

Nice To Know – Generate the -JobGroup ID in SCVMM Scripts

Wed, 01/28/2015 - 07:34

When working with SCVMM it is common to perform administrative tasks using PowerShell. One very nice thing in SCVMM is that when using the UI it will create a script in the end and the idea is that you should be able to use that script and you can, one time…why?

…because you need to generate a new ID every time you run the script, so how do you do that?

Generate a GUID using PowerShell:

$JobGroupID1 = [Guid]::NewGuid().ToString()


The result when generating a GUID.

Using the generated GUID in a SCVMM PowerShell script

Here is a list of CMDlets that uses _JobGroup

https://social.technet.microsoft.com/Forums/systemcenter/en-US/ab1e7054-69c7-44ee-a475-229f9557b653/jobgroup-what-cmdlets?forum=virtualmachinemanager

/mike


Categories: MDT

Nice To Know – Generate the -JobGroup ID in SCVMM Scripts

Wed, 01/28/2015 - 07:34

When working with SCVMM it is common to perform administrative tasks using PowerShell. One very nice thing in SCVMM is that when using the UI it will create a script in the end and the idea is that you should be able to use that script and you can, one time…why?

…because you need to generate a new ID every time you run the script, so how do you do that?

Generate a GUID using PowerShell:

$JobGroupID1 = [Guid]::NewGuid().ToString()


The result when generating a GUID.

Using the generated GUID in a SCVMM PowerShell script

Here is a list of CMDlets that uses _JobGroup

https://social.technet.microsoft.com/Forums/systemcenter/en-US/ab1e7054-69c7-44ee-a475-229f9557b653/jobgroup-what-cmdlets?forum=virtualmachinemanager

/mike


Categories: MDT

Pages