Sorry, this entry is only available in Italian.
Tag: Azure
How to check the execution of Microsoft Agent Backup
To check the outcome of Microsoft Azure Backup execution we can take advantage of the fact that, if the backup fails, some events are generated.
Prepare script to send email
Copy and paste the following code in a new file and modify it with your data (mail server, user, password, messages).
$SMTPServer = "YOUR SMTP SERVER" $SMTPPort = "25" $Username = "USERNAME TO ACCESS SERVER" $Password = "PASSWORD" $to = "Email recipient" # $cc = "cc email recipient" $subject = "Error Backup MyServer" $body = "backup failed" # $attachment = "" $message = New-Object System.Net.Mail.MailMessage $message.subject = $subject $message.body = $body $message.to.add($to) # $message.cc.add($cc) $message.from = $username # $message.attachments.add($attachment) $smtp = New-Object System.Net.Mail.SmtpClient($SMTPServer, $SMTPPort); $smtp.EnableSSL = $true $smtp.Credentials = New-Object System.Net.NetworkCredential($Username, $Password); $smtp.send($message) write-host "Mail Sent"
Save it as file with extension .ps1
Creating a new Task
- Open the Task Scheduler : Control Panel -> Administrative Tools -> Task Scheduler
- Right-click the “Task Scheduler Library” branch, and select the New Folder option.
- Type a name for the folder. For example, MyTasks.
- Expand the “Task Scheduler Library” branch, and select the MyTasks folder.
- Click the Action menu.
- Select the Create Task option.
Task to check Azure Backup
- In the Name field you can write something like “Check Micrososft Agent Backup”.
- Click the Triggers tab.
- Click the New button.
- Use the “Begin the task” drop-down menu to select “On a Event”
- Click custom option under the Settings section.
- Click the Edit Event Filter… button.
- Go the XML tab and at the bottom of the menu press the edit query manually button.
- Copy and paste the below XML and OK the changes.
<QueryList> <Query Id="0" Path="CloudBackup"> <Select Path="CloudBackup">*[System[(Level=1 or Level=2) and (EventID=5 or EventID=10 or EventID=11 or EventID=12 or EventID=13 or EventID=14 or EventID=16 or EventID=18)]]</Select> </Query> </QueryList>
- Click the Actions tab.
- Click the New button.
- Browse on the previous powershel script
- Clicck OK to save the task
From now on, an email should be sent to you when the backup fails.
Configure a Point-to-Site VPN connection via Openvpn on Azure
Create a virtual network
- Sign in to the Azure portal.
- In Search resources, service, and docs , type virtual network.
- On the Virtual Network page, select Create.
- On the IP Addresses tab, configure the values
Subnet: If you use the default address space, a default subnet is created automatically.
- Subnet name: In this example, we named the subnet “FrontEnd”.
- Subnet address range: The address range for this subnet.
On the Security tab, at this time, leave the default values:
- DDos protection: Basic
- Firewall: Disabled
So we will have this configuration (as example) :
- Address space: 10.1.0.0/16
Subnet name: FrontEnd - Subnet address range: 10.1.0.0/24
Create a virtual network gateway
- In the Search the Marketplace field, type ‘Virtual Network Gateway’
SKU: Select the gateway SKU from the dropdown. For Openvpn you need to select VpnGw1 because
Gateway subnet address range: This field only appears if your VNet doesn’t have a gateway subnet. If possible, make the range /27 or larger (/26,/25 etc.)
In this example :
GatewaySubnet: 10.1.1.0/27
Certificates
Certificates are used by Azure to authenticate clients connecting to a VNet over a Point-to-Site VPN connection. You have two options : use a root certificate that was generated with an enterprise solution (recommended), or generate a self-signed certificate.
Generate and export certificates for Point-to-Site using PowerShell
Two steps : generate root certificate; generate client certificate.
root certificate
From a computer running Windows 10 or Windows Server 2016, open a Windows PowerShell console in Admin mode.
Use the following example to create the self-signed root certificate. The following example creates a self-signed root certificate named ‘TestVPNRootCert’ that is automatically installed in ‘Certificates-Current User\Personal\Certificates’.
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature -Subject "CN=TestVPNRootCert" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
You can view the certificate by opening certmgr.msc, or Manage User Certificates.
client certificate
Each client computer that connects to a VNet using Point-to-Site must have a client certificate installed. You generate a client certificate from the self-signed root certificate.
From a computer running Windows 10 or Windows Server 2016, open a Windows PowerShell console in Admin mode. Identify the self-signed root certificate that is installed on the computer. This cmdlet returns a list of certificates that are installed on your computer.
Get-ChildItem -Path "Cert:\CurrentUser\My"
As output you will see a string and a name for every certificate installed on your machine.
For example :
AED812AD883826FF76B4D1D5A77B3C08EFA79F3F CN=MyOldVPNRootCert 7181AA8C1B4D34EEDB2F3D3BEC5839F3FE52D655 CN=TestVPNRootCert
Declare a variable for the root certificate using the string from the previous step:
$cert = Get-ChildItem -Path “Cert:\CurrentUser\My\7181AA8C1B4D34EEDB2F3D3BEC5839F3FE52D655”
Modify and run the example to generate a client certificate. The result of the following example is a client certificate named ‘TestVPNClientCert’
New-SelfSignedCertificate -Type Custom -DnsName TestVPNClientCert -KeySpec Signature -Subject "CN=TestVPNClientCert" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")
The client certificate that you generate is automatically installed in ‘Certificates – Current User\Personal\Certificates’ on your computer.
Export the root certificate public key (.cer)
To obtain a .cer file from the certificate, open Manage user certificates. Locate the self-signed root certificate, typically in ‘Certificates – Current User\Personal\Certificates’, and right-click. Click All Tasks, and then click Export. This opens the Certificate Export Wizard.
Select No, do not export the private key, and then click Next
On the Export File Format page, select Base-64 encoded X.509 (.CER)., and then click Next.
For File to Export, Browse to the location to which you want to export the certificate. For File name, name the certificate file. Then, click Next.
Click Finish to export the certificate. You’ll find a file .cer in location selected.
Export the client certificate
To export a client certificate, open Manage user certificates. The client certificates that you generated are, by default, located in ‘Certificates – Current User\Personal\Certificates’. Right-click the client certificate that you want to export, click all tasks, and then click Export to open the Certificate Export Wizard.
Select Yes, export the private key, and then click Next. IMPORTANT!!!!
On the Export File Format page, leave the defaults selected. Make sure that Include all certificates in the certification path if possible is selected
On the Security page, you must protect the private key, using a password.
On the File to Export, Browse to the location to which you want to export the certificate. For File name, name the certificate file. Then, click Next.Click Finish to export the certificate.
Add the client address pool
The client address pool is a range of private IP addresses that you specify. The clients that connect over a Point-to-Site VPN dynamically receive an IP address from this range. Use a private IP address range that does not overlap with the on-premises location that you connect from, or the VNet that you want to connect to.
Open virtual network gateway configuration page, navigate to the Settings section of the virtual network gateway page. In the Settings section, select Point-to-site configuration. Select Configure now to open the configuration page.
In the Address pool box, add the private IP address range that you want to use. VPN clients dynamically receive an IP address from the range that you specify.
For example : 172.16.0.0/24
Tunnel Type : OpenVpn
Authentication Type : Azure certificate
In root certificate section you have to put the root certificate name (in this example TestVPNRootCert).
Open the root certificate file (.cer) with a text editor, such as Notepad. Copy the text as in image and past it in “Public certificate data”
Save Point to Site Configuration.
Download vpn Client clicking on “Download vpn Client” 🙂
Install Openssl
https://slproweb.com/products/Win32OpenSSL.html
Extract the private key and the base64 thumbprint from the .pfx client certificate.
Using OpenSSL on your machine is one way. The profileinfo.txt file contains the private key and the thumbprint for the CA and the Client certificate
openssl pkcs12 -in “C:\myfolder\clientcert_vpn_test.pfx” -nodes -out “C:\myfolder\profileinfo.txt”
Configure openvpn client
Unzip the profile downloaded from virtual network point to site configuration. Next, open the vpnconfig.ovpn configuration file from the OpenVPN folder using Notepad. Open profileinfo.txt in Notepad and copy and paste in vpnconfig.ovpn the sections :
# P2S client certificate # please fill this field with a PEM formatted cert <cert> $CLIENTCERTIFICATE </cert>
# P2S client root certificate private key # please fill this field with a PEM formatted key <key> $PRIVATEKEY </key>
IMPORTANT :certificate and kay need to be insert in openvpncon with —- begin — and —-end —–
- https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal
- https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
- https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site#clientexport
- https://slproweb.com/products/Win32OpenSSL.html
- https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-openvpn-clients
Authentication Developing for Azure Media Service
After creation of your Azure Media Service (AMS) Account (Create a Media Services account using the Azure portal) you need to authenticate your application that your are developing , to manage your video and streaming channels.
Developing with .net
In this article we are using .net framework to develop an app, but the information should be valid for all languages.
To develop an application with .net frameeork, you need to install, via nuget , the package windowsazure.mediaservices.extensions with its derived packages.
You can authenticate in one of two ways :
User authentication
Authenticates a person who is using the app to interact with Azure Media Services resources. The interactive application should first prompt the user for credentials.
For this authentication your app needs two strings :
Azure AD tenant (“tenant” in example) : In Azure portal, select your AMS and select, on the left menu, api page. In the table at the bottom of the page one of the fields is “Domain Tenant ADD”.
Endpoint API REST (“endpoint” in example) : you can read this information directly in main page of your AMS on the right at the top of the page. Should be something like this :
https://yourams.restv2.yourlocation.media.azure.net/api/
In your application you have to write this code :
var tokenCredentials = new AzureAdTokenCredentials(tenant, AzureEnvironments.AzureCloudEnvironment); var tokenProvider = new AzureAdTokenProvider(tokenCredentials); _context = new CloudMediaContext(new Uri(endpoint), tokenProvider);
Running the application you should automatically see the Microsoft user credentials form
Service principal authentication
Authenticates a service, a specific app, without user interaction. To use this authenticaton in your app, you need four strings :
Azure AD tenant (“tenant” in example) : As above
Endpoint API REST (“endpoint” in example) : As above
Client ID (“clientid” in example) : Enter in azure portal and look for “applications”. Add new application. After creation, in properties, at the top of the page, you can find the “application ID”.
Client Secret (“secretid” in example): in your AMS select the API page. In the middle of page you can find a little form with two fields. In the first field you ha to select the application created before. Use the second field to create the client secret.
In your application you have to write this code :
AzureAdTokenCredentials tokenCredentials = new AzureAdTokenCredentials(tenant, new AzureAdClientSymmetricKey(_clientid, _secreteid), AzureEnvironments.AzureCloudEnvironment); var tokenProvider = new AzureAdTokenProvider(tokenCredentials); _context = new CloudMediaContext(new Uri(endpoint), tokenProvider);
prerequisites to access azure storage from powershell
In order to use Microsofoft Azure Storage from PowerShell you need to Install the Azure PowerShell module.
Open power shell as Administrator.
Azure PowerShell requires PowerShell version 5.0. To check the version of PowerShell running on your machine, run the following command:
$PSVersionTable.PSVersionRun the following command in an elevated session
Install-Module -Name AzureRM -AllowClobberCreare un sito web statico su Microsoft Azure
Sorry, this entry is only available in Italian.
Connecting to Microsoft Azure Service with FTP
Azure App, Piani di Servizi App e Risorse
Sorry, this entry is only available in Italian.
WordPress on Azure: Error establishing a database connection
You have a WordPress site hosted on Microsoft Azure.Perhaps your site is part of a free or shared app service plan.
Trying to connect to the site, one day, you have this wordpress error message: Error establishing a database connection
How to find out and solve the problem?
Connecting to Microsoft Azure Service with FTP
First of all you have to connect to the site via ftp to understand where the error is. We can connect to Azure web application with FTP also. In the Overview section of the your Azure web application, select “Get publish profile”. It will download a file that has a lot of things and teh details about FTP username and password, which is constant and can be used for FTP connection.
Enable WordPress Debug Logging
You need FTP connection to enable WordPress Debug Logging. To enable error logging in WordPress, you will have to make both of the following changes :
- In wwwroot directory, create a file named .user.ini Add the following line:
log_errors=on - In wwwroot directory, open wp-config.php
Add the following lines :
//Enable WP_DEBUG mode
define('WP_DEBUG', true);
//Enable Debug Logging to /wp-content/debug.log
define('WP_DEBUG_LOG', true);
//Supress errors and warnings to screen
define('WP_DEBUG_DISPLAY', false);
//Supress PHP errors to screen
ini_set('display_errors', 0);
Also comment the line :
/* define('WP_DEBUG', false); */
Analyze the Log File
Try to load your site. Now, through ftp, you can enter in the directoy LogFiles and analyze the file
php_errors.log
Database error
Perhaps you have a database error, for example a duplicate key problem. On azure, in your app service, select Mysql In -app button. On the top of the section, you can see the Manage button. Click on the button and you’ll load the phpMyAdmin portal on your local Mysql DB.
Duplicate entry
If you have this kind of error : Duplicate entry ‘XXXXX’ for key ‘PRIMARY’ for the query INSERT INTO `table_name`, just ran following command :
REPAIR TABLE table_name
That’s it! It was done.
Condividere i file in Cloud con Azure
Sorry, this entry is only available in Italian.
