All about Azure D-Series Virtual Machines

As you already know Azure has the biggest and sweetest chocolates to offer in the IaaS market. Let’s see why these big D-series VMs are so important and why you should consider moving into D-series.

Suitable workloads for D-Series

  • Big Data
  • Video Rendering systems
  • Transaction Processing Systems
  • Analytics
  • AI

As you can see D-Series the ideal candidate for your performance eating Database Servers or Web Servers. There are two categories, General Purpose and High Memory.

Type Name No. of vCPUs Memory (GB) Local SSD (GB)
General Purpose Standard_D1 1 3.5 50
Standard_D2 2 7 100
Standard_D3 4 14 200
Standard_D4 8 28 400
High Memory Standard_D11 2 14 100
Standard_D12 4 28 200
Standard_D13 8 56 400
Standard_D14 16 112 800

As you can see the largest VM provides 16 vCPUs 112 GB of RAM and 800 GB of SSD storage which is more than enough for a high I/O, high CPU demanding workloads.

The local SSD storage is a temporary storage, same aw in AWS EC2 compute instances. If you are running SQL 2014 this will help you to leverage Buffer Pool Extensions feature to provide much higher I/O throughput. In BPE the local SSD will be used to cache memory pages from RAM whenever needed.

Also you can use D-series instances for your cloud services (web roles & worker roles) as well.

If you are uncertain about moving your workloads to cloud due to performance, I hope you already have the answer now.

Why can’t I delete my Azure AD?

If you have tried to delete any of  Azure AD tenants that you have in  your Azure subscription sometimes you just can’t do that. Let’s see why is that and how to successfully delete an AD tenant  from Azure.

I have an Azure AD tenant that I wanted to delete in my subscription. This has AD Premium Trial (Expiring on March 2015) active in it.

Delete Azure AD 1When I try to delete the tenant it gives the below error message.

Delete Azure AD 2This is because I have an active Microsoft Online Services service associated with this directory. If you have,

  • Office 365
  • Microsoft Intune
  • Azure RMS

enabled for your AD tenant, you’ll have to log in to Microsoft Cloud Support portal by visiting here and initiate a support request with the Microsoft Billing & Subscriptions team.

If you have Enterprise Mobility Suite (EMS) or Azure AD Premium enabled for the directory you want to delete (yes an active trial also counts) you’ll have to contact volume licensing partner to cancel that subscription. But if that’s a trial like mine again you’ll have to contact Office 365 support.

This is only one issue you can get when you try to delete an Azure AD Tenant. There are several other errors you can possibly get and you can find how to rectify same from this TechNet article.

Removing orphaned local AD accounts from Azure AD

Is anyone wondering how to remove orphaned local AD accounts that were synchronized to Azure AD using DirSync? Let’s see how we can achieve this with some simple steps and little bit of PowerShell.

Scenario

Your on-premise AD DS server is no longer functional. That means loacl AD is dead.

Problem

When AD DS is no longer available you cannot remove any objects that has been synced to Azure AD. Usually if you want to deleted a synced object you should do that in local AD.

Let’s see how we rectify this issue.

When an account is orphaned you no longer see the Delete option.

Azure AD Delete User 7

  1. If you haven’t done already, install the Azure Active Directory Module for Windows PowerShell. You can find guidelines here.
  2. Open Windows Azure AD PowerShell & connect to your Azure AD tenant. If you do not know how to do that refer here.
  3. Remember for step 2 you cannot use the Microsoft Account associated with your Azure Subscription. You should authenticate using a global admin account for the particular azure AD tenant. Otherwise you’ll get an error like below.Azure AD Delete User 4 Azure AD Delete User 5
  4. Disable DirSync using below PowerShell cmdlet. Note that it can take up to 72 hours to complete this operation depending the size f your directory.
    Set-MsolDirSyncEnabled –EnableDirSync $false
  5. To verify DirSync has been fully disabled or not run below cmdlet. If it is disabled you should get a false value. This might take a while.
    (Get-MSOLCompanyInformation).DirectorySynchronizationEnabled

    Azure AD Delete User 6

  6. Alternatively you can disabled Dirsync via Azure Portal as well. Select the directory > select DIRECTORY INTEGRATION > Select DEACTIVATED from Directory Synchronization section.Azure AD Delete User 2 Azure AD Delete User 3
  7. Now you can see that orphaned account that were listed as local AD account are converted to Windows Azure AD accounts and the delete option is available.Azure AD Delete User 7Assuming you want to delete the directory you can safely do that as well. But remember if you have subscribed into any Microsoft Online Service like Office 365, Azure AD Premium, Intune etc… you cannot delete the directory and currently it’s a limitation in Azure AD.

 

SCOM 2012 R2 Installation woos | Error with SQL 2008 R2 Cluster

I’ve been working with a SCOM project for a while now. Few days back I faced a strange issue while doing the installation.

SCOM SQL 2008 R2 ErrorThe setup was like below.

Product Version
Operations Manager Setup SCOM 2012 R2
SQL Server (Always on Active-Active cluster) Microsoft SQL Server 2008 R2 SP3 10.50.6000.34 (X64)
OS (Management Server) Windows Server 2012 R2 Update 1
OS (SQL Cluster) Windows Server 2008 R2

Everything seemed normal and correct. All the firewall ports have been configured correctly. I have done following to isolate the issue.

  1. Tried to connect to a SQL Server 2012 cluster and it was successful.
  2. Verified the Management Server OS version.

The only culprit was the SQL Server version . As per official TechNet article SP3 is not listed in supported SQL versions. See here for the full article.

System Center 2012 R2 component SQL Server 2008 R2 SP1 Standard, Datacenter SQL Server 2008 R2 SP2 Standard, Datacenter SQL Server 2012 Enterprise, Standard (64-bit) SQL Server 2012 SP1 Enterprise, Standard (64-bit) SQL Server 2012 SP2
Operations Manager Data Warehouse
Operations Manager Operational Database

Operations Manager Reporting Server

I have tried to perform same on a test environment which had a SQL Server 2008 R2 SP3 Server with Windows Server 2012 R2 and was able to successfully connect to the SQL server. Even it’s not stated SQL Server 2014 also works fine to host the Operational Database & Data warehouse database.

The issue was with Operating System of the SQL Server Cluster. For SCOM 2012 R2 All server OS must be Windows Server 2008 R2 SP1 or above.

System Center 2012 R2 server-side component Windows Server 2008 Windows Server 2008 SP2 Windows Server 2008 R2 Windows Server 2008 R2 SP1 Windows Server® 2012 Standard, Datacenter Windows Server® 2012 R2 Standard, Datacenter
Operations Manager Management Server
Operations Manager Data Warehouse
Operations Manager Gateway Server
Operations Manager Web Console
Operations Manager Operational Database
Operations Manager Reporting Server

As you can see in above table and and this TechNet reference the server OS hosting any of the SCOM components should be 2008 R2 SP1 or above. Once we applied Service Pack 1 to the SQL Cluster host OS the setup was successfully completed without any issue.

Azure Backup now supports x64 versions of Windows Client OS

If you are running Windows 7 SP1, Windows 8 or Windows 8.1 x64 version I have some good news for you. Microsoft Azure backup is now supported in these versions of Client OS. Microsoft will be dynamically updating the capabilities to provide more integration with Client OS.

Let’s see some need-to-knows about Azure Backup on your device.

  1. Backup is incremental over https
  2. There are two options for backup. Option 1 you can register one device per backup vault where you can create 25 backup vaults per subscription.
  3. Option 2 you can register up to 50 devices in a single vault. Each of these have different pass-phrase used for encryption & decryption.
  4. If your laptop is running on battery scheduled backups are automatically skipped until you plugged in to A/C.

Prerequisites

  • Install KB3015072
  • Download and Install Azure Backup Agent from Azure Portal.

The curious case of .NET 3.5 in System Center Installation

As you know .NET framework 3.5 is a mandatory prerequisite for most of the system Center 2012 R2 products such as SCOM, SCCM, SCVMM etc… Recently I have faced a strange issue with .NET 3.5 installation on Windows Server 2012 R2.

In Windows Server 2012 R2 you’ll have to manually point the binaries from an ISO or CD for .NET 3.5. These contained in <Drive Letter:>\sources\sxs path in the ISO or CD. If not you’ll need to supply a Install.wim image to achieve same.

Microsoft.NET 3.5 IssueThe problem was with two security updates KB2966827 & KB2966828 that has been installed as a result of fully patching the server. This TechNet article is all about the issue but still I couldn’t resolve the issue.

I did the the following and still the installation was failing with the same error.

  1. Uninstalled both security updates.
  2. Restarted the server.

Then I realized that Internet access is through a proxy server and directly connected the server to the Internet. and viola .NET 3.5 installed flawlessly.

Conclusion

When I examined C:/Windows/logs/cbs/cbs.log I noticed even though the sources are explicitly mentioned the installer program performs an integrity test with Microsoft Update sources. While on proxy it was unable to do that. To avoid this issue you can do two things.

  1. Enable .NET 3.5 before you patch the server.
  2. If you have already patched the server to the latest make sure that when you enable .NET the server is directly connected to the Internet.

OKAY HOW ABOUT MY AZURE VM? WHERE DO I FIND THE SXS FOLDER IN THERE? DO I NEED TO DOWNLOAD AN ISO?

The answer is NO. If you have properly setup your Azure VM it has internet access enabled on the fly. Just run below PowerShell cmdlet in an elevated PowerShell window.

Add-WindowsFeature NET-Framework-Core

Even with above security patches installed this works flawlessly as the binaries are downloaded from the Internet itself.

Configuring Azure AD Connect Preview

Microsoft has introduced a new tool to synchronize your on-premise active directory with Azure AD. Previously  DirSync & AAD Sync were the tools used to achieve this. From my experience DirSync was mainly focused on Office 365 deployments which later neede much more improvements when Azure came in to GA.

From now on there will not be new releases of above tools and the new Azure AD Connect will be production ready within the next 3 months as per Microsoft. This tool will unify the capabilities of DirSync & AAD sync providing a single UI capable of much more.

All the new features introduced with AAD Sync are included in the Azure AD connect as well.

  • Multi-forest synchronization is possible for Active Directory and Exchange
  • Password write back from Azure AD to on-premise Active Directory

Other features like OU & Attribute based filtering from DirSync remain same. Let’s see how we set up this little beast.

  1. Download & Install AAD Connect tool from here.
  2. Open the Azure AD Connect tool in your desktop and proceed with the license agreement.AAD Connect 1
  3. You will be prompted to install any per-requisites that are needed. These include Microsoft .NET Framework 3.5, MS Online Services Sign in Assistant, Windows Azure Active Directory Module for Windows PowerShell & Azure AD Sync Engine. It’s best that you install first three prior installation to avoid issues.AAD Connect 2 AAD Connect 3
  4. Provide your Azure AD Credentials in the next screen. Note that if you are using Office 365 this would be your global administrator credentials. If you are using Azure AD standalone I would suggest that you create a separate user called DirSync which has global administrator rights for your Azure AD.AAD Connect 4
  5. You can either select Use Express Settings or Customize depending on your requirement. If you are using this tool for Same-Sign-On you can safely use Express settings. Here we are proceeding with Customize option.AAD Connect 5
  6. If you only want Same-Sign-On (Same user name & password as in on-premise AD but will be prompted for credentials) choose Password Sync. If you have implemented ADFS for Single-Sign-On (Users will be authenticated from local AD and no need to enter credentials once logged into the system using domain credentials) Select Single Sign On.AAD Connect 6
  7. Now you have to enter the credentials for your local AD. Note that you can add multiple directories here.AAD Connect 7 AAD Connect 8
  8. If you are planning an Exchange Hybrid Deployment where some user mail boxes will reside on-premise and some are in Office 365 select Exchange Hybrid Deployment. Selecting Password write-back will enable to replicate the password from Azure AD to local AD and  will allow users to self-reset their password if they are assigned Azure AD Premium licenses.AAD Connect 9
  9. The next screen is vital if you are syncing multi-forest environment.  But since I don’t have that I’m proceeding with the first option.AAD Connect 10
  10. You can configure the object mapping in the next screen. As my on-premise UPN & Cloud UPN are same I’m leaving this as default.AAD Connect 11
  11. If you want to configure filtering uncheck the Initial Synchronization check box. You can configure filtering by launching the FIM client  later. This tool is available at  C:\Program Files\Microsoft Azure Active Directory Sync\UIShell\miisclient.exeAAD Connect 12AAD Connect 13
  12. If synchronization is successful you will see the user account from your local AD in your Azure AD. Just in case if you cancel the wizard prior step 11 when you run the tool next time you can resume from where you have left. AAD Connect 14 AAD Connect 15 AAD Connect 16

One important thing. This tool is not still GA so if you are deploying this to production use at your own risk or wait few days till this becomes GA.

Issue with enabling RMS service from Azure AD

For the last two days I was engaged in a technical training that deeply focused on Microsoft’s Enterprise Mobility Suite and it’s capabilities. When I tried to enable RMS feature on one of the custom Azure AD in my Azure tenant I got below error which was strange and confusing.

RMS ErrorAfter few hours of troubleshooting and research I realized what went wrong here. You cannot simply enable RMS in Azure like any other feature. To use RMS you should posses any one of below subscriptions linked to the Azure AD tenant that you need RMS to be enabled.

  • Office 365 (E3 or above)
  • Azure RMS Standalone – For any organization without Office 365 E3 plan or EMS subscription
  • Enterprise Mobility Suite  – Only available for customers with existing Enterprise Agreement
  • RMS for individuals – Individual users can use this even their organization doesn’t have any of above to protect their content.

What you should consider?

  • If you have a Office 365 E3 plan use an administrator account of that to signup for Azure account. This guarantees your Azure AD tenant has RMS. You can easily enable RMS from Office 365 portal and see that it’s activated in Azure Portal.
  • Make sure same account is either a service administrator or co-administrator of your subscription.
  • Make sure whatever Azure AD tenant you use here is the default directory. Otherwise you will have hard time figuring out which directory is RMS enabled.
  • An Azure AD Premium license should be assigned to the administrator of the Azure AD tenant that you are using. In this case it’s your global administrator (not Microsoft account) for this AD tenant.

Hope this will be useful for anyone working with EMS deployments. Please refer this TechNet article if you need a complete reference.

How to add or remove management group settings in SCOM agent

These days I’m super busy with a SCOM project and came across a dilemma of decommissioning an old SCOM server. The scenario is like below.

  1. SCOM 2012 Installed and agents are already deployed.
  2. Need to decommission same and deploy agents with minimal effort.

Now in order to achieve the second goal I thought whether I can use the same agent that is deployed previously and reassign the management group & server in it. Yes it is possible and if you do that in a GUI way you’ll have to edit Operations Manager Agent (Microsoft Monitoring Agent) settings in Control Panel like this.

MOM Agent Modify

But how can we automate this? Of course you cannot centrally execute a script because once you remove the associate with a management group you will have orphaned agents.

All you have to do is use a VBScript like below and execute it in each agent managed computer.

Option Explicit

Dim objMSConfig
Set objMSConfig = CreateObject(“AgentConfigManager.MgmtSvcCfg”)

‘Remove a management group
Call objMSConfig.RemoveManagementGroup (“MyManagementGroupToRemove”)

‘Add a management group
Call objMSConfig.AddManagementGroup (“MyManagementGroupToAdd”, “ManagementServerFQDN”,5723)

Remember the flow is important. I suggest that you remove the old association first. Once the association is successful give it a day’s rest to connect to the new management group. Once connected you can update the agent via push installation at a later point.

Please refer this TechNet article for the syntax.

Do we have to reboot servers If I uninstall the SCOM Agent rather than update it with new values?

The answer is a big NO. You do not need to reboot monitored servers once you install or uninstall an agent. This applies for SCCM as well. Refer this thread from TechNet forums if you are uncertain.