Category: Windows Server 2019

Azure Hybrid Cloud Webinar Series

Join the Microsoft Azure Hybrid Cloud Webinar Series

Together with Microsoft Indonesia, we are offering an Azure Hybrid Cloud Webinar Series with two webinars around Azure Hybrid Cloud. The first one on September 22nd will be called: Innovation Anywhere with Azure Hybrid and on September 23rd: Deep Dive VM and Kubernetes Management to any Infrastructure with Azure Arc.

Innovation Anywhere with Azure Hybrid

Tuesday, 22nd September 2020 | 2.00 PM-3.30 PM (GMT+7) 📆

Free Registration âś”

Join us in the first session of the Azure Hybrid Cloud Training Series to learn and discover how Microsoft Azure Hybrid Cloud products and services help to manage your environment. In this session, Cloud Advocate Thomas Maurer will give you an overview of the Microsoft Azure Hybrid Cloud offering. Learn how you can use the Azure Hybrid services and products like Azure Arc, Azure Update Management, the new Azure Stack portfolio, Azure Stack HCI, and many more to introduce hybrid cloud management to your environment.

Deep Dive VM and Kubernetes Management to any Infrastructure with Azure Arc

Wednesday, 23rd September 2020 | 2.00 PM-3.30 PM (GMT+7) 📆

Free Registration âś”

Azure Arc has the ability to managed multi-cloud and on-premise. Join us on the second day of the Azure Hybrid Cloud Webinar Series to learn and discover how to manage and govern your Windows and Linux machines hosted outside of Azure on your corporate network or other cloud providers, similar to how you manage native Azure virtual machines.

When a hybrid machine is connected to Azure, it becomes a connected machine and is treated as a resource in Azure. Azure Arc provides you with the familiar cloud-native Azure management experience, like RBAC, Tags, Azure Policy, Log Analytics, and more.

Conclusion

These two sessions will be a lot of fun including an overview of the Azure Hybrid Cloud capabilities. I hope this gets your interested and I hope to see you there!



Azure Automatic VM Guest OS Patching

How to configure Azure Automatic VM guest OS patching

If you want to keep your Azure virtual machines (VMs) up-to-date, then there is a service called Azure Update Management, which helps you to manage updates on your Azure VM guest operating system. However, this needed some additional planning and configuration. To make patching of your Azure virtual machines (VMs) easier, there is a new option called Automatic VM guest patching, which helps ease update management by safely and automatically patching virtual machines to maintain security compliance.

Automatic VM guest patching is now available in public preview for Windows virtual machines on Azure.

With Azure automatic VM guest patching enabled, the VM is assessed periodically to check for available operating system patches for that Azure VM. Updates classified as ‘Critical’ or ‘Security’ are automatically downloaded and installed on the VM during off-peak hours. This patch orchestration is managed and handled by Azure and patches are applied following availability-first principles.

In a nutshell, Azure automatic VM guest patching has the following capabilities:

  • Patches classified as Critical or Security are automatically downloaded and applied on the VM.
  • Patches are applied during off-peak hours in the VM’s time zone.
  • Patch orchestration is managed by Azure and patches are applied following availability-first principles.
  • Virtual machine health, as determined through platform health signals, is monitored to detect patching failures.
  • Works for all VM sizes.

Patches are installed within 30 days of the monthly Windows Update release, following availability-first orchestration described below. Patches are installed only during off-peak hours for the VM, depending on the time zone of the VM. The VM must be running during the off-peak hours for patches to be automatically installed. If a VM is powered off during a periodic assessment, the VM will be automatically assessed and applicable patches will be installed automatically during the next periodic assessment when the VM is powered on.

You can find more information on Azure automatic VM guest patching on Microsoft Docs.

How to enable Azure Automatic VM guest OS patching

To enable Azure automatic VM guest OS (operating system) patching, we currently have a couple of requirements.

  • Currently, only Windows VMs are supported (Preview). Currently, Windows Server 2012 R2, 2016, 2019 Datacenter SKUs are supported. (and more are added periodically).
  • Only VMs created from certain OS platform images are currently supported in the preview. Which means custom images are currently not supported in the preview.
  • The virtual machine must have the Azure VM Agent installed.
  • The Windows Update service must be running on the virtual machine.
  • The virtual machine must be able to access Windows Update endpoints. If your virtual machine is configured to use Windows Server Update Services (WSUS), the relevant WSUS server endpoints must be accessible.
  • Use Compute API version 2020-06-01 or higher.

These requirements might change in the future during the preview phase (for the current requirements check out Microsoft Docs).

During the preview, this feature requires a one-time opt-in for the feature InGuestAutoPatchVMPreview per subscription. You can run the following Azure PowerShell or Azure CLI command.

Azure PowerShell:

# Register AzProvider
Register-AzProviderFeature -FeatureName InGuestAutoPatchVMPreview -ProviderNamespace Microsoft.Compute
 
# Check the registration status
Get-AzProviderFeature -FeatureName InGuestAutoPatchVMPreview -ProviderNamespace Microsoft.Compute
 
# Once the feature is registered for your subscription, complete the opt-in process by changing the Compute resource provider.
Register-AzResourceProvider -ProviderNamespace Microsoft.Compute

Now you can enable automatic VM guest patching for your Azure virtual machines within that subscription. To do that you can currently use the REST API, Azure PowerShell, or the Azure CLI.

With Azure CLI, you can use the az vm get-instance-view .

az vm update --resource-group test-autopatch-rg--name azwinvm01 --set osProfile.windowsConfiguration.enableAutomaticUpdates=true osProfile.windowsConfiguration.patchSettings.patchMode=AutomaticByPlatform

You can see that there are two important parameters for this cmdlet. First the -enableAutoUpdate and secondly the -PatchMode. There are currently three different patch orchestration modes you can configure.

AutomaticByPlatform

  • This mode enables automatic VM guest patching for the Windows virtual machine and subsequent patch installation is orchestrated by Azure.
  • Setting this mode also disables the native Automatic Updates on the Windows virtual machine to avoid duplication.
  • This mode is only supported for VMs that are created using the supported OS platform images above.

AutomaticByOS

  • This mode enables Automatic Updates on the Windows virtual machine, and patches are installed on the VM through Automatic Updates.
  • This mode is set by default if no other patch mode is specified.

Manual

  • This mode disables Automatic Updates on the Windows virtual machine.
  • This mode should be set when using custom patching solutions.

If you need more control, I recommend that you have a look at Azure Update Management, which is already publicly available and also supports Windows and Linux servers running in Azure or on-premises.

To verify whether automatic VM guest patching has completed and the patching extension is installed on the VM, you can review the VM’s instance view.

az vm get-instance-view --resource-group test-autopatch-rg --name azwinvm01

This will show you the following result:

Azure Automatic VM Guest OS Patching Status

Azure Automatic VM Guest OS Patching Status

You can also create the patch assessment on-demand.

Invoke-AzVmPatchAssessment -ResourceGroupName "myResourceGroup" -VMName "myVM"

I hope this provides you with an overview of the new Azure automatic VM guest patching feature. If you want to have some advanced capabilities to manage updates for your Azure VMs and even your servers running on-premises, check out Azure Update Management. This will provide you with some advanced settings and your own maintenance schedules. If you have any questions, feel free to leave a comment.



Hyper-V VM Stop-VM failed to change state

Force Hyper-V Virtual Machine VM to turn off

In this blog post, we are going to have a look at how you can force a Hyper-V virtual machine (VM) to turn off using the HCSDiag tool. A couple of days ago I had an issue where I wasn’t able to shut down and turn off a Hyper-V virtual machine (VM). After I tried to shut down the Hyper-V VM using the Hyper-V Manager the VM was in a locked state and I couldn’t really do anything with it. Of course the first thing I tried using the PowerShell Stop-VM cmdlet with the force parameter to turn off the virtual machine.

Hyper-V VM Stop-VM failed to change state

Hyper-V VM Stop-VM failed to change state

But as you can see I had no success. Luckily I remembered a tool called the Hyper-V Host Compute Service Diagnostics Tool (HCSDiag.exe), which provides me with a couple of advanced options when it comes to Hyper-V virtual machine, container, and Windows Sandbox management.

The Hyper-V Host Compute Service Diagnostics Tool (HCSDiag.exe) is available in Windows 10 and Windows Server 2019 if you have the Hyper-V roles or virtualization features enabled, and can be helpful to troubleshoot Hyper-V containers, virtual machines (VMs), Windows Sandbox, Windows Defender Application Guard, Windows Subsystem for Linux 2 and more.

Hyper-V Get-VM list VMiD

Hyper-V Get-VM list VM ID

HCSDiag allows me to list all the running Hyper-V containers, including virtual machines. With the HCSDiag kill command, I can then force the Hyper-V VM to turn off.

Force Turn Off of Hyper-V virtual machine VM

Force Turn Off of Hyper-V virtual machine VM

I hope this post was helpful if you have a Hyper-V VM which you can’t turn off. If you have any questions, feel free to leave a comment. You can find more information about the HCSDiag tool, how it works with containers and other tools here on my blog.



Eject ISO from Hyper-V VM using PowerShell

Eject ISO from Hyper-V VM using PowerShell

This is one of these quick and dirty blog posts mostly as a note for myself. Hyper-V offers the capability to add an ISO image to a virtual CD/DVD drive and you can use Hyper-V Manager to do that, or you can also use PowerShell. Here is how you can eject or remove an ISO from a Hyper-V virtual machine (VM) using PowerShell.

This works with Hyper-V on Windows Server and on Windows 10.

Remove or eject ISO from Hyper-V VM using PowerShell

To remove or eject the ISO file from a Hyper-V VM virtual DVD drive, you can use the following PowerShell command:

Find the right DVD drive

Get-VMDvdDrive -VMName "Windows10"

Eject the ISO file from the Hyper-V VM

Get-VMDvdDrive -VMName "Windows10" | Set-VMDvdDrive -Path $null

You can also pipe these commands

Get-VM -VMName "Windows10" | Get-VMDvdDrive | Set-VMDvdDrive -Path $null

If you have multiple DVD drives and controllers on VM, you can also use the following command to be more specific on which ISO to eject.

Set-VMDvdDrive -VMName Windows10 -ControllerNumber 0 -ControllerLocation 1 -Path $null

You can also simply add an ISO to the Hyper-V virtual DVD drive:

Get-VMDvdDrive -VMName "Windows10" | Set-VMDvdDrive -Path "C:\ISO\myisofile.iso"

Be aware that it takes a moment until the ISO file is removed from the virtual DVD drive. You can find more information on the Set-VMDvdDrive cmdlet on Microsoft Docs.

Conclusion

If you want to build some automation around Hyper-V on Windows 10 or on Windows Server, PowerShell is the way to go. If you have any questions feel free to leave a comment.



Add ISO DVD Drive to a Hyper-V VM using PowerShell

Add ISO DVD Drive to a Hyper-V VM using PowerShell

Hyper-V offers the capability to add an ISO image to a virtual CD/DVD drive and you can use Hyper-V Manager to do that, or you can also use PowerShell. Here is how you can add an ISO to a Hyper-V virtual machine (VM) using PowerShell. There are two ways of doing it if you already have a virtual DVD drive attached to the VM or if you need to add a virtual DVD drive.

This works with Hyper-V on Windows Server and on Windows 10.

Attach ISO to an existing DVD Drive on a Hyper-V VM using PowerShell

To attach an ISO file to an existing virtual DVD drive on a Hyper-V virtual machine (VM) using PowerShell, you can use the following command:

Set-VMDvdDrive -VMName Windows10 -Path "C:\Users\thoma\Downloads\ubuntu-18.04.4-live-server-amd64.iso"

Add ISO file and DVD Drive to a Hyper-V VM using PowerShell

If your Hyper-V virtual machine doesn’t have a virtual DVD drive attached to it, you can add a virtual DVD drive including the ISO file with the following PowerShell command:

Add-VMDvdDrive -VMName "Windows10" -Path "C:\Users\thoma\Downloads\ubuntu-18.04.4-live-server-amd64.iso"

If you run this command on a virtual machine, which already has a virtual DVD drive attached, you will simply add a second virtual DVD drive to this machine. You can find more information on the Add-VMDvdDrive cmdlet on Microsoft Docs.

Conclusion

If you want to build some automation around Hyper-V on Windows 10 or on Windows Server, PowerShell is the way to go. If you have any questions feel free to leave a comment.



Windows Server on Microsoft Azure

Learn about Windows Server on Microsoft Azure

As many of you know, Microsoft Azure is the best cloud to run Windows Server workloads. Last week the team published two new Microsoft Learn Learning paths, where you can learn more about how to run Windows Server on Azure. The first two learning paths available are “implement Windows Server IaaS VM networking” and “implement Windows Server IaaS VM Identity”. These two learning paths offer a couple of modules around the specific topics.

Implement Windows Server IaaS VM networking

In this learning path, you’ll learn about Azure IaaS networking and identity. After completing the learning path, you’ll be able to implement IP addressing, manage DNS, and deploy and manage domain controllers in Azure.

Modules

  • Implement Windows Server IaaS VM IP addressing and routing
    In this module, you’ll learn how to manage Microsoft Azure virtual networks (VNets) and IP address configuration for Windows Server infrastructure as a service (IaaS) virtual machines (VM)s.
  • Implement DNS for Windows Server IaaS VMs
    In this module, you’ll learn to configure DNS for Windows Server IaaS VMs, choose the appropriate DNS solution for your organization’s needs, and run a DNS server in a Windows Server Azure IaaS VM.
  • Implement Windows Server IaaS VM network security
    In this module, you will focus on how to improve the network security for Windows Server infrastructure as a service (IaaS) virtual machines (VMs) and how to diagnose network security issues with those VMs.

You can find the full learning path on Microsoft Learn.

Implement Windows Server IaaS VM Identity

After completing this learning path, you’ll know how to implement identity in Azure. You’ll be able to extend an existing on-premises Active Directory identity service into Azure.

Modules

  • Implement hybrid identity with Windows Server
    In this module, you’ll learn to configure an Azure environment so that Windows IaaS workloads requiring Active Directory are supported. You’ll also learn to integrate on-premises Active Directory Domain Services (AD DS) environment into Azure.
  • Deploy and manage Azure IaaS Active Directory domain controllers in Azure
    In this module, you’ll learn how to extend an existing Active Directory environment into Azure by placing IaaS VMs configured as domain controllers onto a specially configured Azure virtual network (VNet) subnet.

You can find the full learning path on Microsoft Learn.

Prerequisites for the learning paths

Before you take the learning path, make sure you are familiar with the prerequisites.

  • Experience with managing Windows Server operating system and Windows Server workloads in on-premises scenarios, including AD DS, DNS, DFS, Hyper-V, and File and Storage Services.
  • Experience with common Windows Server management tools (implied by the first prerequisite).
  • Basic knowledge of core Microsoft compute, storage, networking, and virtualization technologies (implied by the first prerequisite).
  • Basic knowledge of on-premises resiliency Windows Server-based compute and storage technologies (Failover Clustering, Storage Spaces).
  • Basic experience with implementing and managing IaaS services in Microsoft Azure.
  • Basic knowledge of Azure Active Directory.
  • Basic understanding security-related technologies (firewalls, encryption, multi-factor authentication, SIEM/SOAR).
  • Basic knowledge of PowerShell scripting.
  • An understanding of the following concepts as related to Windows Server technologies:
    • High Availability and Disaster Recovery
    • Automation
    • Monitoring

Learn more

There are even more learning paths for different technologies available on Microsoft Learn. If you want to learn more about Windows Server on Azure, check out the following resources:

  • Windows Server on Azure (link)
  • Ultimate Guide to Windows Server on Azure (link)
  • Migration Guide for Windows Server (link)
  • Windows virtual machines in Azure (link)

Windows Server on Azure is not just great because of the unmatched security features or the hybrid integration, Microsoft Azure also offers three years of extended security updates for your Windows Server 2008 and 2008 R2 servers for free, and the option to of bringing your on-premises licenses to the cloud, which provide substantial cost savings.

I hope this blog post was helpful to make you aware of the different options to learn about Windows Server on Azure. If you have additional resources or any questions, feel free to leave a comment.



Azure Arc Servers Log Analytics

Azure Log Analytics for Azure Arc Enabled Servers

In this blog post, we are going to have a quick look at how you can access Azure Log Analytics data using Azure Arc for Servers. The Azure Log Analytics agent was developed for management across virtual machines in any cloud, on-premises machines, and those monitored by System Center Operations Manager. The Windows and Linux agents send collected data from different sources to your Log Analytics workspace in Azure Monitor, as well as any unique logs or metrics as defined in a monitoring solution. When you want to access these logs and run queries against these logs, you will need to have access to the Azure Log Analytics workspace. However, in many cases, you don’t want everyone having access to the full workspace. Azure Arc for Servers provides RBAC access to log data collected by the Log Analytics agent, stored in the Log Analytics workspace the machine is registered.

Introducing Azure Arc
For customers who want to simplify complex and distributed environments across on-premises, edge and multicloud, Azure Arc enables deployment of Azure services anywhere and extends Azure management to any infrastructure.
Learn more about Azure Arc here.

How to enable Log Analytics for Azure Arc Enabled Servers

To enable log collection, you will need to install the Microsoft Monitoring Agent (MMA) on your Azure Arc enabled server. You can do this manually for Windows and Linux machines, or you can use the new extension for Azure Arc enabled servers. If you already have the MMA agent installed, you can start using logs in Azure Arc immediately.

Create Microsoft Monitoring Agent - Azure Arc

Create Microsoft Monitoring Agent – Azure Arc

After you have installed the agent, it can take a couple of minutes until the log data shows up in the Azure Log Analytics workspace. After the logs are collected in the workspace, you can access them with Azure Arc.

Azure Arc Servers Log Analytics

Azure Arc Servers Log Analytics

Now you can run queries using the Keyword Query Language (KQL) as you would in the Azure Log Analytics workspace, but limited to the logs for that specific server.

Conclusion

With Azure Arc for Servers, we can use role-based access controls to logs from a specific server running on-prem or at another cloud provider, without having access to all the logs in the log analytics workspace.

You can learn more about how Azure Arc provides you with cloud-native management technologies for your hybrid cloud environment here, and you can find the documentation for Azure Arc enabled servers on Microsoft Docs.

If you have any questions or comments, feel free to leave a comment below.