A while ago I was having an issue deploying a SQL Data Tools project using the Azure DevOps pipelines. It worked fine when there was no data in the database, but once there was some data to preserve in the release the DACPAC deployment started to timeout with the following error when running SqlPackage.Continue reading “‘*** Execution Timeout Expired’ with SqlPackage.exe on Azure DevOps Release Pipeline Fix”
Adding tags to resources in Azure is generally a good idea. This helps administrators manage billing, knowing what things are and when they can be safely decommissioned etc..
I have includes here some guidance and useful scripts for adding tags and managing tags on resources and resource groups.
By default a ‘Registered Application’ account is not a member of any Directory Roles and/or group memberships and there is no easy way to make these changes using the portal. You may have an API or back-end application that will be required to perform actions on your AD that requires elevated permissions (e.g. Reset passwords or delete accounts etc..)
Normally for advanced configuration, you will need to start editing the manifest file. Luckily this has been made easy using the Portal. You can now edit the file directly, or download, make changes and then upload.
However, to make a ‘Registered Application’ a member of a ‘Directory Administrative Role’ you need to use PowerShell to add the role member to the ‘Service Principal’ (as I couldn’t find a way to do this in the manifest!).
You may have discovered that deleting an Azure Active Directory is a particularly frustrating experience that ultimately ends in failure. The new portal have improved things a bit, by running through a series of check before the delete button is enabled.
You may need to go back to the Classic portal (https://manage.windowsazure.com) to see some of the objects/resources to delete.
However, although this will help you remove ‘most’ of what you need to, unfortunately NOT all!
In this case I got a “Unable to delete directory”
As I found the documentation for this somewhat lacking (especially for New-AzureRmVirtualNetworkGateway and New-AzureRmVirtualNetworkGatewayIpConfig), I thought I would try and see if it was possible to create and fully configure a Virtual Network and Gateway using PowerShell. I have posted my PowerShell script examples and efforst here.
NOTE: Several of these command return a warning (shown below) which means things will be changing soon…again 😉 …and other just exception, so although you can setup a Virtual Network you can not create the Gateway!
I am using version 3.3.0 of the Azure cmdlets.
# Get Azure cmdlets version Get-Module -ListAvailable -Name Azure -Refresh
- Setup variables, login and set current context
# Setup Variables $location = "North Europe" $rgName = "MyResourceGroup" $strgAccount = "MyStorageAccount" $vnetName = "vnet-1" $gatewayPIPName = "gateway-2-pip" $clientAddressPool = "192.168.0.0/16" $gatewayName = "mygateway1" # Setup PowerShell Environment Add-AzureRmAccount Select-AzureRmSubscription -SubscriptionName "MySubscription" Set-AzureRmCurrentStorageAccount -ResourceGroupName $rgName -Name $strgAccount # get and check current context (ARM) Get-AzureRmContext
- Create the Virtual Network (include a subnet called ‘GatewaySubnet‘ specifically for the VPN Gateway. It appears this is required even if using the Portal to add a Gateway to a Virtual Network.)
# Create the Virtual Network with 3 subnets) # Setup Subnets $gatewaySubnet = New-AzureRmVirtualNetworkSubnetConfig ` -Name GatewaySubnet -AddressPrefix "10.1.0.0/24" $frontendSubnet = New-AzureRmVirtualNetworkSubnetConfig ` -Name frontendSubnet -AddressPrefix "10.1.1.0/24" $backendSubnet = New-AzureRmVirtualNetworkSubnetConfig ` -Name backendSubnet -AddressPrefix "10.1.2.0/24" # Create VNet $vnet = New-AzureRmVirtualNetwork -Name $vnetName ` -ResourceGroupName $rgName -Location $location ` -AddressPrefix "10.1.0.0/16" ` -Subnet $gatewaySubnet,$frontendSubnet,$backendSubnet
- Create a Public IP Address (PIP) to be used by the Gateway
# Create a PIP $pip = New-AzureRmPublicIpAddress -AllocationMethod Dynamic ` -ResourceGroupName $rgName -Location $location ` -Name $gatewayPIPName
- Create the VNet Gateway (Attempt 1 – Although I can’t see any issues in the script below, unfortunately this is returning a 500 Internal Server Error. I have tried a number of variations!!)
# Gateway config $vnetGatewayIPConf = New-AzureRmVirtualNetworkGatewayIpConfig -Name default ` -PublicIpAddress $pip -Subnet $gatewaySubnet # Create VNet Gateway $vnetGateway = New-AzureRmVirtualNetworkGateway -Name "hmstraingateway1" -ResourceGroupName $rgName ` -Location $location ` -IpConfigurations $vnetGatewayIPConf ` -GatewayType Vpn ` -VpnType RouteBased ` -GatewaySku Basic ` -VpnClientAddressPool $clientAddressPool
Attempt 2: I then thought I would see if it would be possible to complete the process using ARM Templates. When attempting to get an ARM Template for an existing Virtual Network Gateway we get the following errors.
Error details - Microsoft Azure
The schema of resource type 'Microsoft.Network/virtualNetworkGateways' is not available. Resources of this type will not be exported to the template. (Code: ResourceTypeSchemaNotFound)
The schema of resource type 'Microsoft.Web/connections' is not available. Resources of this type will not be exported to the template. (Code: ResourceTypeSchemaNotFound)
This effectively indicates that the ARM capability of this type of resource is not yet all there in Azure. I seem to come across issue like this quite a lot.
Also with the ARM Virtual Network you can’t use the Get-AzureVNetConfig to download the configuration files either.
So in conclusion the only way to currently create a Gateway and complete the process, is to use the Azure Portal. Please comment below if you know of another way or have spotted an issue.
I have been banging my head against a wall wondering why my Azure PowerShell DSC commands like
Publish-AzureRmVMDscConfiguration ".\MyDSCConfig.ps1" -ResourceGroupName "VM-Training" -StorageAccountName "hmsvmtraindsc"
was failing with a “Resource Group not found“, even though other commands worked with that Resource Group and my current context.
The answer is do NOT use the x64 build of PowerShell or the “Windows PowerShell ISE”!
Use the x86 versions for now!
I found this advice at the bottom of this page https://azure.microsoft.com/en-us/blog/turn-on-windows-feature-using-dsc-cli/, and switching to the x86 ISE worked for me!
However, when I tried to reproduce the issue on the x64 ISE, the command worked fine??? However, by that time the Blob container had been created by the x86 version, so who know?
If I get time I will try to reproduce the error, otherwise please post a comment if the same thing happened to you.