Azure Pack: change Web Sites Default Domain DNS Suffix

To change the Default URL (DNS Suffix) for your Web Sites in Windows Azure Pack, follow these simple steps;

On the computer that is hosting the Web Sites Controller, run the following Windows PowerShell command:

Update (2014-07-14): It looks like the command above does not support -DnsSuffix anymore, but one of my readers has posted an alternative solution in the comments;

As an alternative you can use the following approach:

Check the change by using

And you’ll after that also have to do this:
On your SQL Server, open Management Studio.
In the Hosting Database admin.WebSystems table, change the
PublishingDns, FtpDns, and Subdomain to your desired URLs.

Restart your AzurePack servers to make the changes apply everywhere.

Azure Pack: Web Sites MBCA 2.0 Model preventing Feature Pack for Windows Azure Pack Web Sites v2 (KB2927682) from installing.

Windows Update is failing to install “Feature Pack for Windows Azure Pack Web Sites v2 (KB2927682)” on one of my Azure Pack servers. And just give the error message: 0x80070643

The event log shows a slightly better error message; “Product: Web Sites Local Feed — A newer version of Web Sites Local Feed was found on this machine.”

After further investigation, the MSI Logfile reveals some great information and clues;

It lists a program with GUID {BE2AD1F0-C5FF-4F62-95BD-44C829150573} that prevents the installation from completing.
And that GUID turned out, after a quick Registry search, to be “Web Sites MBCA 2.0 Model”.

And after uninstalling “Web Sites MBCA 2.0 Model” from Add/Remove Programs, my Windows Update installation went through at once!

Success!

AzurePack: Components for Website Feature failed to install

I had to install a new Frontend and Publishing server for my Web Sites components inside Azure Pack, unfortunately the installation failed so I had to find out what was wrong.

First check on the troubleshooting step by step list is to control the Firewall, which also revealed the problem:

The automatically created Firewall Rule for the “WebFarmAgentService” which is used to install the rest of the components, only enables the rule for “Public interfaces”. So my interface that’s being used, that’s connected to the Domain, did not obviously allow that traffic.

Enabling “Domain” in the Firewall Rule solved the problem, and the installation went through! I can’t see any reason for the devs to make that decision to only enable the rule for Public… But maybe there is some strange reason that you guys can come up with?

 

SCVMM : Automatic Baseline update script

SCVMM (System Center: Virtual Machine Manager) 2012 and 2012R2 can manage the patch compliance on your servers. That’s a great feature but normally involves some manual work as you have to add each update to the Baselines manually.

My colleague Mikael Nyström (MVP)  made a script to handle this automatically, which I’ve developed a bit further.

The script has a few Pre-Requisites;

  • A WSUS Server defined in SCVMM
  • Approved patches for “Windows Server 2012” and “Windows Server 2012 R2” in WSUS
  • Pre-Defined Baselines (you can use Add-Baseline to create them) with these names;
    • Security Updates
    • Critical Updates
    • Updates
    • Update Rollups

That’s it! You can now run the script and automatically import all matching updates.

The following actions will be performed;

  • Synchronize updates with WSUS
  • Check if there are any updates in the Baseline already
    • If the baseline is empty, import ALL matching updates
    • If the baseline is NOT empty, check the Newest 500 updates and import all matching updates
  • Remove inactive updates
  • Repeat for all Baselines
  • Start a compliance scan

The script will not initiate any remediation. And as the script normally only checks the newest 500 updates, it has to be run fairly regular. In my environment, 500 updates is about 1 month of updates. Though to be safe, run it once a week.

Azure Pack : Database creation failed with internal server error

If you experience problems creating MS SQL Databases as an Azure Pack tenant, with the very descriptive error message “Database creation failed” and details “internal server error” you may have run into the same problem I had today.

Azure Pack states that the user needs to have a 8 character complex password, but in truth it’s using the settings from the Local Security  Policy on the MS SQL Server, which in my case was 12 characters long. So any attempt to create a database with username and a password shorter than 12 characters gave that error message.

Quick solution, set a new Local Security policy with length of at least 8 characters. Problem Solved!

 

Azure Pack : Tenant Site automatic installation

If you want to install Azure Pack : Tenant Site in a distributed installation meaning not an Express installation on just one server. It’s possible to do it manually, OR … of course in a scripted way, so it’s automatic, scripted and unattended. Same result each time and smallest amount of time wasted on installations.  Here is a small powershell script that will take care of all the dependencies and install all the packages for the Public Tenant Site.

 

Bugcheck: DRIVER_POWER_STATE_FAILURE (9f)

I experienced a Bluescreen of Death (BSOD) on my Windows 8 Laptop (HP EliteBook 8560w) this morning when it resumed from Hibernate.
I quickly launched WinDBG and opened the crashdump.

WinDBG managed to find the driver that caused this problem by itself this time. But IF WinDBG had not been able to show me the faulty driver, the next step would have been to use the Bugcheck info (0x0000009f) to dig further into this;

The last argument is the interesting one, and which we should look into further with the !irp command.

It will show something similar to this. And it’s the e1c63x64.sys driver that were active at the time of the bluescreen. Same info as !analyze -v managed to figure out by itself.

Hmm, so what driver is that?

intel_driver1Too bad that it were unable to provide more detailed information. But some oldschool properties of the \SystemRoot\system32\DRIVERS\e1c63x64.sys file gave this;

And a quick search on Intel’s Support sites showed that there was a newer version available for my NIC;
Intel(R) 82579LM Gigabit Network Connection here.

Driver updated, and hopefully no more bluescreens due to this driver bug.

 

Can’t access a computer remotely without password?

I got a question the other day, “how can i access a computer remotely without a password?”

The reason that it’s by default is not possible to access a computer remotely with an account that does not have a password is because there is a new security policy/feature which states:

You can change that behavior by modifying the “Local Security Policy” here:

NoPassword

 

Just a thought. One could argue that it’s actually safer to have no password on the Local Admin account and leave this policy Enabled. Than have a weak password on the Admin account.

Because if there is no password, no malicious person or software could ever remotely access the computer as a local admin. While if you have a weak password, it would be possible for someone to brute force (try all possible combinations until you get in) the password.