Tag: Azure VM

Add a PowerShell Remoting Session in the Windows Terminal Menu

Add a PowerShell Remote Session in Windows Terminal

I am sure you have heard about the new Windows Terminal, which is in preview, and you can get it from the Windows Store. In this blog post, I want to share how you can add a PowerShell remote session to the drop-down menu in the Windows Terminal when you open a new tab. The new Windows Terminal is highly customizable and it allows you to run different shells like the classic command prompt, Windows PowerShell, PowerShell 7, and also Windows Subsystem for Linux shells (I am using, for example, Ubuntu with the Windows Subsystem for Linux 2 (WSL 2)).

Scott Hanselman wrote a great blog post on how you can add tabs to open an SSH connection directly, so why not do the same thing with PowerShell? In my example, I will add a tab in Windows Terminal, which opens up a PowerShell remoting session (using WS-Management WSMan) to an Azure virtual machine (VM). However, this would work with every other machine which you can access using PowerShell Remoting.

Add a PowerShell Remote Session in Windows Terminal Tab

To get started, we need to open up the settings of the Windows Terminal. This will open up a profiles.json file, which you can edit in your favorite editor, for example, Visual Studio Code. To add new “menu items,” you will need to add a profile to the profiles array in the JSON file. In my case, I will add two to different menu items, once I am going to do a PowerShell remoting session to an Azure VM using Windows PowerShell and in the other, I am going to use PowerShell 7.

Windows Terminal Settings profiles

Windows Terminal Settings profiles

You can see here the following to profile entries:

Remote Session using Windows PowerShell 5.1

{
"name":  "PS Thomas AzureVM",
"tabTitle": "PS Thomas Maurer AzureVM",
"commandline": "powershell.exe -NoProfile -NoExit -Command Enter-PSSession -ComputerName azurevmps.westeurope.cloudapp.azure.com -Credential thomas",
"icon": "C:/Users/thoma/Downloads/AzureVMIcon32.png"
},

Remote Session using PowerShell 7

{
"name":  "PS Thomas AzureVM",
"tabTitle": "PS Thomas Maurer AzureVM",
"commandline": "pwsh.exe -NoProfile -NoExit -Command Enter-PSSession -ComputerName azurevmps.westeurope.cloudapp.azure.com -Credential thomas",
"icon": "C:/Users/thoma/Downloads/AzureVMIcon32.png"
},

As you can see, we define the profile name and the tab title in for the Windows Terminal entry. We have the command line command here, which starts the PowerShell remoting session. The command opens a PowerShell session to a specific computer or server using the ComputerName parameter and the Credential parameter for the credentials. In my case, I am connecting to an Azure VM with the name azurevmps.westeurope.cloudapp.azure.com (could also be an IP address) and the username Thomas. The last thing I add is a small icon (32×32 pixel) since I am connecting to an Azure VM, I took the Azure VM icon.

In this scenario, I am using PowerShell Remoting over HTTP, you can use the same thing for your connections using PowerShell Remoting over HTTPS or even PowerShell Remoting over SSH which are way more secure, and should be used for your connections.

Now your Windows Terminal drop-down menu will look like this:

Add a PowerShell Remote Session in Windows Terminal Tab

Add a PowerShell Remote Session in Windows Terminal Tab

By selecting one of these profiles, you will automatically open a PowerShell remoting session to a specific computer or server in Windows Terminal.

Windows Terminal - Azure virtual machine VM PS Remote Session

Windows Terminal – Azure virtual machine VM PS Remote Session

I hope this gives you an idea of how you can add a PowerShell remote session in Windows Terminal menu. If you want to know more about the Windows Terminal, check out the following blog, and if you have any questions, please feel free to leave a comment.

If you want to know more about what’s new in PowerShell 7, or if you want to learn more about how to customize the Windows Terminal, check out my blog.



Visual Studio Code Azure Virtual Machines Extension

Create and Manage Azure VMs from VS Code

With the new Azure Virtual Machines (VMs) extension for Visual Studio Code (VS Code), you can now create and manage Azure VMs directly from VS Code. This is a great new extension if you are working with VS Code and Microsoft Azure. The extension is currently in preview and lets you view, create, delete, start and stop Azure Virtual machines, as well as adding SSH keys to existing Azure VMs.

Get started

To get started with the Azure Virtual Machine extension in Visual Studio Code, simply follow these steps:

  1. Download and install the Azure Virtual Machines extension for Visual Studio Code
  2. Once complete, you’ll see an Azure icon in the Activity Bar
  3. Sign in to your Azure account by clicking Sign in to Azure. If you don’t have an Azure account yet, you can create a free Azure account here.

Free Azure Account

If you don’t have an Azure account yet, you can sign up today for your free Azure account and receive 12 months of free popular services, $200 free credit, and 25+ always free services.

Create an Azure VM in VS Code

You can now create Azure VMs directly from Visual Studio Code. The wizard will ask you for a VM name, username, Azure region, and passphrase.

VS Code creating Azure Virtual Machines

VS Code creating Azure Virtual Machines

This will create an Azure VM Standard D2s V3 (2 CPU Cores & 8 GB of ram) with the image Ubuntu 18.04-LTS. An SSH key will be created, and your SSH Config file (~/.ssh/config) will be updated so you can immediately connect via SSH ($ ssh vm-name) or using the Remote-SSH extension. You can find more information about how you can connect to Azure VM using Visual Studio Code in my blog post.

Azure VM management in VS Code

Azure VM management in VS Code

Having the possibility to manage Azure VMs and connect with them directly within Visual Studio makes working with these tools and Azure much more convenient.

I hope you can go and try out the Azure VM extension for VS Code. If you have any questions, please feel free to leave a comment.



How to Reduce the Costs of your Azure IaaS VMs

How to Reduce the Costs of your Azure IaaS VMs

Azure Infrastructure-as-a-service (IaaS) offers significant benefits over traditional virtualization. With benefits like the possibility to quickly spin up a couple of virtual machine in any Azure region around the world whenever you need it, is pretty powerful. There are a lot more benefits to Azure IaaS virtual machines. However, that’s not part of this blog. This blog post is focused on helping you saving money by reducing the costs when you are using Azure IaaS virtual machines (VM). Some of the tips here will help everyone out there, some of the tips

Pick the right Azure VM series and the right Azure VM size

Reduce cost by picking the right Azure VM size

Reduce cost by picking the right Azure VM size

First of all, obviously, you pay more for larger virtual machines. Something I realized by working with a lot of customers is that they take the on-premises VM size and use the equivalent size in Azure. Not realizing that the VM size they had was way to oversized. But since they had the static capacity on-prem, they didn’t’ care. Now when you pay for more capacity in the cloud, the story is different. So make sure you realize that the Azure VM sizes are not oversized. You can still change the size later to a larger virtual machine if needed. And if you are looking at tools like Azure Migrate to migrate your existing VMs to Azure IaaS, you will have some additional advantages. Azure Migrate asses your environment and helps you pick the right Azure VM size depending on performance data history. Azure Migrate works with Hyper-V and VMware virtual machines, if you want to know more about Azure Migrate, check out my blog post. If you are already running the virtual machine in Azure, Azure Advisor can be helpful to figure out that your virtual machine is underutilized. Picking the right size will help you to save money and reduce the cost of Azure IaaS VMs.



Reset RDP and Admin Password Azure VM

How to Reset RDP and Admin Password of an Azure VM

I think we all had that experience where we suddenly couldn’t use Remote Desktop Services (RDP) to access our Windows Server anymore. Luckily, if this happens to an Azure virtual machine (VM), we can use the VMAccess extension to reset the RDP configuration as well as the password of the Azure VM. You can reset the RDP configuration or the Azure virtual machine password using the Azure portal or Azure PowerShell.

Reset the administrator password of an Azure VM 🔓

To reset the password of an Azure VM, you can use the Azure portal or Azure PowerShell. If you take the portal path, log in to the Azure portal, go to the Azure VM, you want to reset the password. Under Support + Troubleshooting, click on Reset Password, and follow to the Reset Password wizard to update the credentials. Note that this is not supported for Active Directory Domain Controllers.

Reset Administrator Password of an Azure VM

Reset Administrator Password of an Azure VM

If you want to use Azure PowerShell, you can run the following commands:

$SubID = "SUBID" 
$RgName = "RESOURCE GROUP NAME" 
$VmName = "VM NAME" 
$Location = "LOCATION"
 
Connect-AzAccount 
Select-AzSubscription -SubscriptionId $SubID 
Set-AzVMAccessExtension -ResourceGroupName $RgName -Location $Location -VMName $VmName -Credential (get-credential) -typeHandlerVersion "2.0" -Name VMAccessAgent

This should help you to reset the password of an Azure Virtual Machine (VM) if you lost access to it. If you want to know more, read the following troubleshooting article on Microsoft Docs.

Reset RDP configuration 👩‍💻

If you can access your Azure Virtual Machine using RDP, you can reset the configuration, and this will enable Remote Desktop service in the VM and create a firewall rule for the default RDP port 3389. To reset the Remote Desktop Service (RDP) configuration, you again login to the Azure portal, select the virtual machine you want to reset the RDP configuration. Under Support + Troubleshooting, click on Reset Password, on the new blade select Reset configuration only, and click on update.

Reset Remote Desktop Services RDP of an Azure VM

Reset Remote Desktop Services RDP of an Azure VM

There is also an Azure PowerShell command available to do this:

$SubID = "SUBSCRIPTION ID" 
$RgName = "RESOURCE GROUP NAME" 
$VmName = "VM NAME" 
$Location = "LOCATION"
 
Connect-AzAccount 
Select-AzSubscription -SubscriptionId $SubID 
Set-AzVMAccessExtension -ResourceGroupName $RgName" -VMName $VmName" -Name "myVMAccess" -Location $Location -typeHandlerVersion "2.0" -ForceRerun

I hope this gives you an overview of how you can Reset your Remote Desktop Service of an Azure Virtual Machine (VM) if you lost access to it. If you want to know more, read the following troubleshooting article on Microsoft Docs. You can also use Azure PowerShell in Cloud Shell.

If you want to know more about how you migrate your virtual machines to Azure, check out my blog post about Azure Migrate.

 



Connect Azure VMs with Windows Admin Center

How to manage Azure VMs with Windows Admin Center

Windows Admin Center is a browser-based management tool to manage your servers, clusters, hyper-converged infrastructure, and Windows 10 PCs. You can deploy it anywhere you want. If you run on-prem, you can install it on a Windows Server running in your infrastructure, or you can also install Windows Admin Center on an Azure virtual machine (VM). In this post, we want to address scenarios where you have deployed Windows Admin Center on-premises, and you want to manage some Azure VMs. In this post, I am going to show you how you can manage Azure VMs with Windows Admin Center (WAC).

If you want to know more about Windows Admin Center in general, check out my blog post.

How to manage Azure IaaS VMs with your on-premises Windows Admin Center gateway

As mentioned before, you can also install a Windows Admin Center server running on Azure IaaS virtual machine, but more on that in another post. In this post, I will cover how you can connect to an Azure VM from your on-prem Windows Admin Center (WAC) installation. There are two ways you can connect from WAC to Azure VMs.

The first one would be using the public IP address of a virtual machine running in Azure. This would mean that you need to open the PowerShell remoting port in the network security group (NSG), to be able to connect. I wouldn’t recommend this scenario since this exposes your virtual machines to the public internet. However, if you want to know more about that solution, check out the Microsoft Docs.

What I wound recommend is that you use a VPN connection to connect to your Azure virtual network where your VM is running. However, I know that in a lot of cases, you might not have a Site-2-Site VPN connection to your Azure virtual network. To still be able to connect form Windows Admin Center to an Azure VM, you can use the Azure Network Adapter feature. The Azure Network Adapter will create a Point-2-Site VPN connection from your Windows Server to Azure. And we are going to use this feature on our WAC gateway, so the WAC gateway is able to reach the virtual machine in Azure.

Add Azure Network Adapter

Add Azure Network Adapter

First, you will need to add a new Azure Network Adapter. This can be done in the Network extension in Windows Admin Center. This will open up a wizard that will guide you through the setup and if needed also helps you to register WAC in Microsoft Azure.

Create Azure Network Adapter

Create Azure Network Adapter

The setup can take a while, depending on if you already have a VPN gateway in Azure or not. WAC will create all the necessary resources in Azure, and create the Point-to-Site VPN connection for you. Also, keep in mind that the VPN gateway is an additional resource and will have an additional cost.

Connect to an Azure Virtual network

Connect to an Azure Virtual network

Now you can add and connect to your virtual machine running in Azure, using the private IP address of the machine.

Connect Azure VMs with Windows Admin Center

Connect Azure VMs with Windows Admin Center

You add a server by directly entering the IP address or you can use the Add Azure Virtual Machine wizard, to discover the VM in your Azure subscription.

Add Azure VM in Windows Admin Center

Add Azure VM in Windows Admin Center

I hope this helps you to connect your Azure virtual machines security without exposing ports to the public internet. If you have a site-to-site VPN connection to your Azure virtual network, you can use this as well without the need of setting up Azure Network Adapter.

If you are interested in other Azure Hybrid services in Windows Admin Center, check out the following blog post including the video series: Configure Azure Hybrid Services in Windows Admin Center

Besides, you can also have a look at my other blog post about how to set up Azure hybrid cloud services.

If you want to download Windows Admin Center, check out the download page. If you have any questions, feel free to leave a comment.



Deploy and Configure Windows Admin Center in Azure VM

Deploy and Install Windows Admin Center in an Azure VM

The great thing about Windows Admin Center (WAC) you manage every Windows Server doesn’t matter where it is running. You can manage Windows Servers on-prem, in Azure or running at other cloud providers. Now if you want to use Windows Admin Center to manage your virtual machines running in Azure, you can use either an on-prem WAC installation and connecting it using a public IP address or a VPN connection, or you can deploy and install Windows Admin Center in Azure. This blog post will show you how you can deploy and install Windows Admin Center in an Azure virtual machine (VM).

How to deploy and install Windows Admin Center in an Azure virtual machine (VM)

With this guide, you can directly deploy and install a new Windows Admin Center gateway in an Azure VM. If you have already a VM deployed, you can also follow this guide to install Windows Admin Center manually. For the installation, we will use Azure Cloud Shell do run a PowerShell installation script.

Preparation

As mentioned we will run the installation script from Azure Cloud Shell. Optionally you can also install Azure PowerShell on your location machine and run the same steps for the installation on your local machine.

  1. Set up Azure Cloud Shell if you haven’t done it yet.
  2. Start the PowerShell experience in Cloud Shell.
  3. Optional: If you want to use your own existing certificate, upload the certificate to Azure Key Vault.

Installation

Now you can start with the installation process. First, you will need to download the installation script from the following URL. Navigate to your home directory and download the file using PowerShell.

Download Windows Admin Center with PowerShell in Cloud Shell

Download Windows Admin Center with PowerShell in Cloud Shell

# Navigate to your home directory
cd ~
 
# Download file
Invoke-WebRequest -Uri https://aka.ms/deploy-wacazvm -OutFile Deploy-WACAzVM.zip
 
# Expand Zip file
Expand-Archive ./Deploy-WACAzVM.zip
 
# Change Directory
cd Deploy-WACAzVM

After successfully downloading and unpacking the Windows Admin Center deployment script, you will need to modify a couple of parameters. I will use the default parameters to deploy a new Windows Server 2019 and generate a self-signed certificate. However, if you want to use other options, check out the script parameter list.

Configure Parameter

Configure Parameter

$ResourceGroupName = "demo-wac-rg"
$VirtualNetworkName = "wac-vnet"
$SecurityGroupName = "wac-nsg"
$SubnetName = "wac-subnet"
$VaultName = "wac-key-vault"
$CertName = "wac-cert"
$Location = "westeurope"
$PublicIpAddressName = "wac-public-ip"
$Size = "Standard_D4s_v3"
$Image = "Win2019Datacenter"
$Credential = Get-Credential
 
$scriptParams = @{
ResourceGroupName = $ResourceGroupName
Name = "wac-vm1"
Credential = $Credential
VirtualNetworkName = $VirtualNetworkName
SubnetName = $SubnetName
Location = $Location
Size = $Size
Image = $Image
GenerateSslCert = $true
}
./Deploy-WACAzVM.ps1 @scriptParams

This will deploy a new Azure virtual machine with Windows Admin Center installed and open the specific port 443 on the public IP address. You can find more install options and parameters to install WAC on an existing virtual machine or with an existing certificate on Microsoft Docs.

Deploy and Configure Windows Admin Center in Azure VM

Deploy and Configure Windows Admin Center in Azure VM

After the deployment has finished, simply click on the URL or IP address and it will open the Windows Admin Center portal.

Windows Admin Center Running in Microsoft Azure

Windows Admin Center Running in Microsoft Azure

I hope this gives you an overview about how you can deploy Windows Admin Center in an Azure VM. If you have any questions, please let me know in the comments.



Ping Azure VM Public IP address

How to enable Ping (ICMP echo) on an Azure VM

This is just a very quick blog post because I got the question from a couple of people. In this blog post want to show you how you can enable ping (ICMP) on a public IP address of an Azure virtual machine (VM). First, just let me say that assigning a public IP address to a virtual machine can be a security risk. So if you do that, make sure you know what you are doing. If you need admin access to virtual machines only for a specific time, there are services like Azure Just-in-Time VM Access (JIT) and Azure Bastion you should have a look at. Now back to the topic, Azure by default denies and blocks all public inbound traffic to an Azure virtual machine, and also includes ICMP traffic. This is a good thing since it improves security by reducing the attack surface.

Azure Network Security Group Port Rules Deny All Inbound Traffic to Azure VM

Azure Network Security Group Port Rules Deny All Inbound Traffic to Azure VM

This also applies to pings or ICMP echo requests sent to Azure VMs.

Ping Azure VM failed

Ping Azure VM failed

However, if you need to access your application from a public IP address, you will need to allow the specific ports and protocols. The same applies to the ICMP (Internet Control Message Protocol) protocol. The ICMP protocol is typically used for diagnostic and is often used to troubleshoot networking issues. One of the diagnostic tools using ICMP is ping, which we all know and love.

What do I need to do to be able to ping my Azure virtual machines (VMs)

Overall we need to do two main steps:

Configure Network Security Group (NSG) to allow ICMP traffic

So here is how you enable or allow ping (ICMP) to an Azure VM. Click on add a new inbound port rule for the Azure network security group (NSG).

Enable Ping ICMP in a NSG on an Azure VM

Enable Ping ICMP in an NSG on an Azure VM

Change the protocol to ICMP. As you can see, you can also limit the sources which can make use of that rule, as well as change the name and description. You can also use the following Azure PowerShell commands to add the inbound security rule to your NSG.

Get-AzNetworkSecurityGroup -Name "AzureVM-WIN01-nsg" | Add-AzNetworkSecurityRuleConfig -Name ICMP-Ping -Description "Allow Ping" -Access Allow -Protocol ICMP -Direction Inbound -Priority 100 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange * | Set-AzNetworkSecurityGroup
Configure Network Security Group PowerShell

Configure Network Security Group PowerShell

Set up the operating system to answer to Ping/ICMP echo request

If you haven’t already configured the operating system that way, you will need to allow ICMP traffic, so the operating system response to a ping. On Windows Server, this is disabled by default, and you need to configure the Windows Firewall. You can run the following command to allow ICMP traffic in the Windows Server operating system. In the Windows Firewall with Advanced Security, you can enable the Echo Request – ICMPv4-In or Echo Request ICMPv6-In rules, depending on if you need IPv4 or IPv6.

Windows Firewall Enable Ping

Windows Firewall Enable Ping

You can also run the following command to do that:

# For IPv4
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol="icmpv4:8,any" dir=in action=allow
 
#For IPv6
netsh advfirewall firewall add rule name="ICMP Allow incoming V6 echo request" protocol="icmpv6:8,any" dir=in action=allow

After doing both steps, you should be able to ping your Azure Virtual Machine (VM) using a public IP address.

Ping Azure VM Public IP address

Ping Azure VM Public IP address

I hope this helps you be able to ping your Azure VMs. If you have any questions, please let me know in the comments.