SysAdmins, do i need to know what is Docker????

Good day All,

Welcome back!!! As sysadmin we have witnessed how Virtualization played a role in Company Infrastructures for last 10-15 yrs.

We have moved away from racks and racks of Servers in datacenter to very few large Servers with Hypervisor running on it with lots and lots of Virtual Machines..

this Picture below we all have seen it right ???????????????  typical Hypervisor model

So we all know advantages in Virtualization so today let's see few of the disadvantages


1. One to One ratio for Applications so more number of Virtual Machines
2. OS license for each Virtual Machines
3.CPU,Memory for these Virtual Machines
4. Storage for each Virtual Machines
5..Administrative cost maintaining the Virtual Machines
6. few more .....

Now let's take a look at the below Picture:

Able to identify the difference???? Let's see if this match with what i tell

1.1 large Server
2. Only Multiple Applications but no Virtual Machine, NO OS.

If you closely look at the above Picture you see blue color boxes they are nothing but Containers ..

Containers run  above the OS Kernel but all Applications run in a box independent of each other, so you don't need Virtual Machines to be provisioned.

For sysadmins we need to think this like a Type 2 Hypervisor, Docker engine will be running on the Operating System which will help to create and run these containers... something like this below..

Naveen ,so containers what's the big deal is this going to be game changer? do i really need to know more about it..

well lets see since this made big from 2013 how did it grow...

more check this URL : https://www.datadoghq.com/docker-adoption/


Big players like Microsoft supports Containers in Windows 2016, VMware already came up with  integration of Containers in the VCenter,..

AWS,Azure has been really pushing containers for Devops in Public cloud..

Hopefully this will help someone to kick start there learning in Docket's
Until next one you all have a good day!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Server builds in on Premises and how it differs in Cloud

Good day All,

Welcome back!!!

As sysadmins we all must have done lot of Server builds so let's see if have to do the same in cloud how it differs

On Premises Server build Steps:

1. On Premises Architect will understand Application requirement , and work with Business and get a Approval to  Create a new VM
2. Build document from Business which will list out Server Name, Number of CPU, Memory.Number of IP's ,Network Details,Hard disk Specifications, Additional Windows Component request , and all business tools.
3. ITIL Process,
4. As most of the environment would be VMware i am just taking that as example here.As Sysadmins you would check for a template , convert the template to Virtual Machines and configure the Virtual machines as per Build documents and hand it over to Client.


In Cloud everything you do will cost you money and this is  were Architects play a major role.

Still confused lets me explain more.

As sysadmins did you ever think about business requirement like CPU,Memory,Hard disk,IOPS etc.. nope we just followed the build documents but in Cloud you need to pay attention to every bit and pieces of these things and if wrongly provisioned you looking at burning money to company.

Terrified???  In Cloud all these are referred as compute resource and you need to buy with different Server model available.

Still confused let me see if i can explain.. so if you have to build a Server you will have to pick certain Size Virtual machine in market place  which is kind of bundle with OS,Memory, CPU,IOPS of the Hard disk examples as below

General Purpose VM
Compute Optimized VM
Memory Optimized VM
Storage Optimized VM
GPU Optimized VM
High Performance Compute VM


In Cloud Server build Steps:

1. On Premise Architect will have to do a major upgrade to understand Cloud and will have to work with Business , Understand Application requirements and its Compute resource requirement like CPU,Memory,Hard disk,IOPS it required  and  come with Cost optimized Virtual Machine Sizes before getting approval for a VM.
2. Build documents will now have VM Size to pick in Cloud and rest of the details like Server Name, IP details and Install Tools will remain same.
3.ITIL process will be same as On Premises.
4. As sysadmin you will login to Cloud, Pick the VM mentioned in Build document and just do couple of clicks and your VM will be provisioned. Post joining to domain, tools install will be same as you do in on premises.


As a Sysadmins it's not a major learning curve but if you want to be a Cloud Architect then yes a very big learning curve


Hopefully this helps someone, until next one you all have a good day!!!!!!!!!!!!!!!!!!!!!!!!!!



Note: Above steps i mentioned is if Business requirement is for a IAAS offering for VM. If Architects further analyzing the Application may even look at PAAS offering then the whole Build process will change 

Sys Admins and moving to Cloud

Good day All,

Welcome back!!!

We have great Admins worked in data centers with lot of experience but when it comes to cloud i see we are falling behind and still kind of confused where shall i start ? what is required from me to learn cloud? is it even required? so let's see if we can answer the questions


1. As Sysadmin's do we need to know Cloud?

Well i think is a big yes and note not just one Cloud provider you need to get familiar in multi Cloud platforms.You must be saying what Naveen i don't have time to learn one.. cloud is so big and now you telling to learn multiple?

So this is how it unfolds .. Business as we all know on premises we want to do cost cutting and bring in Automation and any cloud provide that can give a better offer is what business will choose and top of the chart right now is Azure, AWS closely followed by Google,Oracle..

2. Second big question is from where should i start my journey to Cloud?

As Sysadmins we know every bit and pieces of things in On Premise just that the same terms in cloud is different so try first correlate the On premises terms and what it means in Cloud should be your first step,
Check mark all the things you are strong in On premise and see how is done in Cloud should be your next steps..

See below i listed few of the task we do

Now from the above list we can check mark the tasks we already know and start understand how it differs in Cloud.

Next article i will post lets take a example of Server build and lets see how it differs in Cloud.

Hopefully this helps sysadmins to kick start there cloud journey ......
Until next one you all have a good day!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Cloud Terms for Sysadmins

Good day All,
Welcome back!!!

We as admins sooner or later will have to start supporting cloud and lot of companies when they moving to cloud are looking at mix and match on different cloud providers.

For example when i was talking to a friend in a big company they planning to move most of the Servers to Cloud they had partnered with both Amazon and Azure for IAAS and PAAS Services.
So its important that few terms what we use in On premises to understand what is been called in Cloud. Below listing are only for AWS,Azure which are right now the industry leading Cloud providers.

Any corrections are always welcome and hopefully it will help admins to quickly refer!!!!
Until next one you all have a good day!!!!!!!!!!!!!!!!!!!!!

Migrating_Upgrading Physical Vcenter 5.5 to Virtual Vcenter 6.5

Good day All,

Welcome back!!!!

Recently we had a very hot request to upgrade VC from 5.5 U3 to 6.5 to support HP Gen 10 Blades in the farm as they dont support 5.5 U3.

As our VC was on a blade Windows 2008 R2 with SQL 2008 R2 we had to do some planning to get this accomplished.. so below are the steps we did..

Pre steps :

1. SQL Database backup
2. Full Server backup
3. Created a Windows 2012 R2 Server with same name kept it as workgroup Server in case P2V fails.


Note: We tried to do P2V but for some reason the P2V would fail at 95% and final sync didn't get completed, so we had a Backup plan and we went with it...

Steps performed during the cutover:

1, Unjoined the physical Server and it was power down.
2. New Virtual Machine with same name was added back to domain.
3. SQL 2008 R2 SP1 was installed
4.VC 5.5 U3 was installed
5. Validated VC was online and able to access
6.Took a snapshot and restored the SQL database backup we took from Physical Server.
7.Server was rebooted and then all the Service came back clean,
8.Connected to Server and all the existing Permissions,  Standard Switches,Distributed Switches, VLANs was all in tact.
9.After confirming everything as expected snapshot was deleted
10. As SQL 2008 was old the requirement got little changed and the request was to upgrade SQL to 2014, so we upgrade the SQL 2008R2 SP1, applied Sp2 and then upgraded to SQL 2014 as inplace upgrade.

11. Validated everything was intact and at this point took a snapshot before we proceeding to VC 6.5

12. VC was upgraded from 5.5 to 6.5 and everything was tested out.

13. Last step was to upgrade the Vc license file from 5.5 to 6.5 and apply it on the Server.

So must be wondering no issues at all ???  well any upgrades there will be suprises and below are few we had

1. Auto deploy 5.1 was registered and we had to unregister it..so follow the VMware KB 2041183
2.We had HPDP GRE plugin and we had error saying it will not be upgraded and new to reinstall
3.Last big surprise was we lost all the permissions and roles other things like Standard switches,Distributed switches, VLANS was intact.
So solution was to restore dbo.vpx_access as per the KB 2086548

this pretty much covers the steps, hopefully this helps someone and until next one you all have good day!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Windows 2012 showing formatted SAN disk as RAW Volumes

Good day All,

Welcome back!!!

Recently we build a new physical Gen 10 Server with Windows 2012 R2 and it was provisioned with couple of 2 TB of LUN's formatted as NTFS

As part of the build steps we completed all the Tools installation and as the Physical Server was a HP Server and our Firmware\Drivers Standard  is always N-1 we applied the March SPP.

Server was rebooted and handover to client for SQL Install.

When client started to install SQL he realized that couldn't access the LUN's and asked us to verify it.

So when we checked we saw couple of LUN's was showing RAW and couple was showing just fine as GPT NTFS formatted disk.

This became a puzzle and we reached out to SAN team and they confirmed that SAN LUN's are properly formatted and they don't see any issues.

At this point we thought may be there is some issue with the OS install so started to redo the OS intall and performed the whole 9 yard.

One thing we noticed is that OS was installed , wew verified LUN's it was all showing as NTFS and as soon as we ran March 2018 SPP and reboot few disk would change to RAW Luns.

We happy that we know that because we ran March SPP this is issue so we started to look into Setup logs what all components was installed.

In the logs saw a driver install for Storage fiber channel adapter so went ahead and reverted the drivers to Oct 2017 and issue got resolved and just to ensure this is the right driver .. we tried installing again the March one and same issue.

Now that we identified instead of keeping Oct driver we tried with June driver CP032880.exe and issue got resolved .

Hopefully this helps someone!!! until next one you all have good day!!!!!!!!!!!!!!!!!!!!!!!!!!!

Moving 14 TB Dynamic Disk from Windows 2003 to Windows 2012

Good day All,

Welcome back!!!


We had a scenario as part of phasing out Windows 2003 VM we wanted to build a new Windows 2012 Server. The only challenge was that this Windows 2003 had 14 TB of Dynamic disk ,

Couple of ideas was discussed

1. Get a new disk in GPT on Windows 2012 and move the 14 TB data using robocopy. Well looking at the data it looks scary on the integrity as the data was very critical.
2. Create a 14TB LUN on the Storage and move the data on the storage end, as multiple disk was provisioned from SAN, LUN to LUN copy was ruled out.
3. Restore the 14 GB LUN from Backup very time consuming and we didn't have long Window from business.


All the options looked very time consuming and integrity of so much data was challenge...

Finally this is what we did and i had no clue that this would have worked...

1. As this was a 2003 VM all the Volumes of the dynamic disk we moved to a big large datastore.
2.Made a note of the order the disk's for the VM
3. Built a new Windows 2012 VM
4. Detached the dynamic disk from Windows 2003 VM and attached to Windows 2012 VM in the same order
5. Powered on the Windows 2012

I have never did something like this before and my hope was only 50%..

Well to our surprise after booting up Windows 2012 recognized the disk as dynamic disk and all the 14 TB was intact ..

If anyone feels had a better idea please share it to me probably we can use it for any more of future migrations..

Hopefully this helps someone... until next one all Have a good day!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

SQL Server, 16 GB Ram where did my memory go?

Good day All,

Welcome back!!!
I was pulled for a incident on  Server running SQL 2008,Windows 2008 Virtual Machine and having 16 GB memory was reporting 97% usage.

So first thing i did was reached out to SQL team to confirm what is the max memory set for the SQL and they confirmed that its was only 4 GB.
Well i pulled up Process explorer and started to look at the commit memory and on doing a rough calculations it was rounding off to like 12 GB and close to 4 GB of ram i couldn't count it for .

It was strange right, so i pulled out RAMMAP and when checked i could see that AWE was holding close to 4 GB of memory, that kind of struck why would this been doing.

Not sure if everyone is aware AWE,SQL 2008 has lot of issues so i kind of started to lean on SQL Server ...

As this was VM i started to looked around if VMTools was running fine and was there any alerts on the VM and didn't see much in there..
So when i checked the ESXi host i found that for some reason this host was max outing memory ,then i realized may be AWE as part of ballooning is holding the memory..

Quickly forced few VM's out of the host and in next 5- 10 mints i saw the memory 4 GB AWE was holding dropped down to in KB's and issue got resolved.

Hopefully this helps someone!!!
Until next one you all have good day!!!!!!!!!!!!

Who has logged into a Server

Good day All,
Welcome back!!!
Its been quite sometime i know so many things happened and lost track a bit because of the busy schedule.
Couple of interesting topic i worked on and want to share to all of us. So to start with i was asked as part of some investigation to  identify if during a particular time any user with an specific ID did a RDP Session to a Server and if so what ID they logged with it  what is the Server they trying to connect at that time.

I was knowing that we would need Security log to start with and hopefully its not over written and if RDP session is successful the logon type it will generate a event in Security log is LOGON Type 10.

So basically we are looking for 2 event ID's 4624 and 4648, below is the out of the 2..

Log Name:      Security

Source:        Microsoft-Windows-Security-Auditing

Date:          6/14/2018 10:29:37 AM MST

Event ID:      4624

Task Category: Logon

Level:         Information

Keywords:      Audit Success

User:          N/A

Computer:      Server name

Description:

An account was successfully logged on.

Subject:

                Security ID:                         SYSTEM

                Account Name:                 Computer account$

                Account Domain:                             domain name

                Logon ID:                             0x3E7 

Logon Type:                                       10

Impersonation Level:                     Impersonation

New Logon:

                Security ID:                         domain\user id

                Account Name:                 UserID

                Account Domain:                             Domain Name

                Logon ID:                             0x72EADD999

                Logon GUID:                      {60d466ce-e71e-0080-95ca-d00b008dbba6}

Process Information:

                Process ID:                          0x3468

                Process Name:                  C:\Windows\System32\winlogon.exe

Network Information:

                Workstation Name:        Host name

                Source Network Address:            Source IP it connecting from.

               Source Port:                       0

Detailed Authentication Information:

                Logon Process:                  User32

                Authentication Package:               Negotiate

                Transited Services:          -

               Package Name (NTLM only):       -

                Key Length:                        0

Below alert just confirms the successful logon and the ID he used when he initiated a RDP session

Log Name:      Security

Source:        Microsoft-Windows-Security-Auditing

Date:          6/14/2018 10:31:03 AM

Event ID:      4648

Task Category: Logon

Level:         Information

Keywords:      Audit Success

User:          N/A

Computer:      Host name

Description:

A logon was attempted using explicit credentials.

Subject:

                Security ID:                         domain\ID

                Account Name:                 ID

                Account Domain:                             domain name

                Logon ID:                             0x72EADD999

                Logon GUID:                      {60d466ce-e71e-0080-95ca-d00b008dbba6}

Account Whose Credentials Were Used:

                Account Name:                 ID used to RDP

                Account Domain:                             host name

                Logon GUID:                      {00000000-0000-0000-0000-000000000000}

Target Server:

                Target Server Name:     destination Computer

                Additional Information: destination computer

Process Information:

                Process ID:                          0x338

                Process Name:                  C:\Windows\System32\lsass.exe

this was easy so hopefully this helps someone!!!!!!!!!!!!!!!!
Until next one you all have a good day!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Server wouldn't boot through Legacy after Gen 9 Oct SPP' 2017 - Restored in UEFI

Good day All,

Welcome back!!!!

We started to test Oct 2017 SPP on HP Gen 9 Windows 2012 R2 Servers  and as part of the testing we picked couple of Non-Production Servers to start the deploy.

As part of the prerequisites we did the following

1. System state back was taken and kept in the D drive
2. SPP was copied local to system. I know lot of people think why but sometimes we have seen NIC drivers disapper and if you have to deploy them you have to mount ISO etc to Server.

So online SPP was run and all the components got installed and after reboot Server didn't come online and after the Post Boot status we will get to below error and will just reboot again

Vendor case was opened and following steps was performed

1. Controller drivers was downgraded by booting through UEFI
2.System board replaced
3.Controller cards replaced
4. CPU replace
5. again a new system board replaced
6. New disk in empty slot and tried to boot from OS cd still not able to boot the Server in legacy mode

case was escalated to L3 and they had no idea why it was and writing of this post they still looking why the error.

As part of troubleshooting we had spent like a week on it, Client was getting hot on it and we decided that lets try UEFI and see if we an reinstall the OS

When we started to boot through UEFI , we had to format only the C drive accidentally whole drive was formatted and new C drive was created.
So we proceeded with OS install and Windows 2012 successfully got installed

At this point we had 2 choice
1. Install all the tools and handover the Server to Client saying Servers is down and we couldn't recovery and request for app install
2. Option 2 was to try the restore process, i had only 10% hope because System state taken was when the Server was in legacy mode so we are now in UEFI mode so will it work was the big question



Following steps was performed

1. As we lost both drivers, we requested our Backup team to restore both C and  D drive complete restore with permissions(Note: make sure not to reboot the Server at this point)
2. After restore was done we could see the system state backup

3. Luckily before we requested backup team to do a restored we had enabled the Windows backup client feature both GUI and Command line. The reason i said it because after C drive was restored the MMC showed corrupt error and we couldn't open any MMC.
At that point we thought we screwed :)

4. Well then remember we installed the Command tools as well so we started to try the command tool syntax

a. first step was to get the version date of the system state backup

wbadmin get versions -backupTarget:d:

b.  Following command was run to initiate the restore...

wbadmin start systemstaterecovery -version:08/25/2008-06:45 -backupTarget:D:

c. Accept to restore yes and the restore process started and completed successfully


5. After the system state restore was done, rebooted the Server and started to look at ILO session to see what would happen.
Server after the post, loading Windows and started to apply some changes and again it rebooted.

6. After the first reboot Windows started to load and we say a successful Windows login screen and after login everything was intact and all Applications came back clean with no errors.


Couldn't believe my eyes because not sure if anyone tested this kind of scenario in the past but this was first time for me that a backup taken in legacy mode we could restore the Server in UEFI Mode.

Always a learning lesson and hoping this will help someone too!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 Until next one you all have good day!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

My First hand burn in the Cloud

Good day All,

Welcome back!!!!

I planned on doing couple of more series on system admin but unfortunately got sick for couple of days.
As part of demo i created a 2 Node Availability set with Scale out File Server on Windows Failover cluster with Storage space direct.
In order to create the demo i created 2 VM's with 2 SSD and was able to complete my demo.
Later that day i stopped all the VM's so that it gets allocated and my free credit was like 100$ left for next 14 days.
Suddenly got sick for couple of days and then i got a notification that my free subscription is disabled.
Went in there to verify what the heck happened and when i saw all my funds was gone and it went with over subscription of the amount so my account my disabled.


Well before i got sick i did stop the VM's and de-allocated it right? then what happened.. so of my planning screwed because i used 4 SSD which are premium disk for the demo and i forgot to remove them and that burnt all my free fund.

So people out there planning to demo in Azure ensure to save fund after you done playing de-allocate or remove everything no needed and keep as minimal as possible so that you dont end up cost on it.

Trying for another alternative to kick start my demo, so until next one you all have a good day!!!!!!!!!!!!!!!!!!!!!!!

Resize OS disk or datadisk - Azure SystemAdminLab4

Good day All,

Welcome back!!!

With we system admin so used to expanding or resizing disk on the fly this would be odd to see that you need to shutdown the VM to perform disk expansion in cloud and it needs downtime.

As things changes i think we will these little things getting fixed for now below is the steps and this can be possible on using power shell

One more point is these disk are Managed disk scroll down below steps to do UnManaged disk
Information you need is :

1.Name of the Virtual Machine
2.Resource group name the Virtual Machine is residing

it will ask if you want to use Bash Shell or Powershell , then it will authenticate to you subscription

and something like will open

In the below example i am expanding OS disk from 128 GB to 135 GB

PS Azure:\> $rgName = 'SystemLabSeries'   - Resource Group Name

PS Azure:\> $vmName = 'FooAzureVM1'    - Virtual Machine

PS Azure:\> $vm = Get-AzureRmVM -ResourceGroupName $rgName -Name $vmName

PS Azure:\> Stop-AzureRMVM -ResourceGroupName $rgName -Name $vmName

Virtual machine stopping operation
This cmdlet will stop the specified virtual machine. Do you want to continue?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): y


OperationId :
Status      : Succeeded
StartTime   : 3/8/2018 1:27:33 PM
EndTime     : 3/8/2018 1:29:44 PM
Error       :

PS Azure:\> $disk= Get-AzureRmDisk -ResourceGroupName $rgName -DiskName $vm.StorageProfile.OsDisk.Name

PS Azure:\> $disk.DiskSizeGB = 135

PS Azure:\> Update-AzureRmDisk -ResourceGroupName $rgName -Disk $disk -DiskName $disk.Name


ResourceGroupName  : SystemLabSeries
ManagedBy          : /subscriptions/fe0e7be8-12b6-4f07-9198-408138129742/resourceGroups/SystemLabSeries/providers/Microsoft.Compute/virtualMachines/FooAzureVM1
Sku                : Microsoft.Azure.Management.Compute.Models.DiskSku
Zones              :
TimeCreated        : 3/7/2018 6:47:11 AM
OsType             : Windows
CreationData       : Microsoft.Azure.Management.Compute.Models.CreationData
DiskSizeGB         : 135
EncryptionSettings :
ProvisioningState  : Succeeded
Id                 : /subscriptions/fe0e7be8-12b6-4f07-9198-408138129742/resourceGroups/SystemLabSeries/providers/Microsoft.Compute/disks/FooAzureVM1_Os Disk_1_80ff944c93b34895a4d67caa2b014c52

Name               : FooAzureVM1_OsDisk_1_80ff944c93b34895a4d67caa2b014c52
Type               : Microsoft.Compute/disks
Location           : southindia
Tags               : {}


PS Azure:\> Start-AzureRmVM -ResourceGroupName $rgName -Name $vmName


OperationId :
Status      : Succeeded
StartTime   : 3/8/2018 1:37:59 PM
EndTime     : 3/8/2018 1:39:51 PM
Error       :

If you see below successfully expanded the drivers.

So if you have to do this example of a datadisk then steps are same just the below changes, you need to mention Data Disks[0] , 1 2 etc..

$disk= Get-AzureRmDisk -ResourceGroupName $rgName -DiskName $vm.StorageProfile.DataDisks[0].Name

UnManaged disk:

Steps pretty much the same for OS disk

$rgName = 'my-resource-group-name' $vmName = 'my-vm-name' $vm = Get-AzureRmVM -ResourceGroupName $rgName -Name $vmName Stop-AzureRmVM -ResourceGroupName $rgName -Name $vmName $vm.StorageProfile.OSDisk.DiskSizeGB = 1023 Update-AzureRmVM -ResourceGroupName $rgName -VM $vm Start-AzureRmVM -ResourceGroupName $rgName -Name $vmName

Un Managed datadisk : you just change from OSDisk to DataDisk[0]

$vm.StorageProfile.DataDisks[0].DiskSizeGB = 1023

We come to end of this one, until next one you all have a good day!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Un-assign a Pubic IP for a Virtual Machine - Azure SystemAdminLab3

Good day All,

Welcome back!!!

As we know in cloud everything cost you money and when recreating VM's you should try to avoid assign Public IP for some reason you have done and how to deallocate.

Note: best practice is to create a Public Jump Server in same Subnet make sure Proper Access and security is applied on it .So any new Server build or to access the Server you login to JumpServer and from there internally you can go as by default all VM's in the VNet should be able to access.

If you see below my VM FooAzureVM1 has a public IP

De-allocating the public IP:

Couple of ways to do it, so what i doing is going through Resource group

Click on the Network Interface Name and then click dissociate and click Yes

After its done then you will see something like this Public IP is gone

 If
If for some troubleshooting reason you need to get back public IP you will come to same place and this time click on Associate and it will generate a Public IP.

come to end of this one Until next one you all have a good day!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Adding the VM to domain - Azure SystemAdminLab2

Good day All,

Welcome back!!!

In the part 2 of the series will go over how to add the new Virtual Machine to existing domain

Azure AD   :     FOOAZUREAD       IP:10.1.0.4
On-premises:     ONPREMFOODC   IP:10.92.76.10


Note: We usually change IP,DNS etc in the host Virtual Machine in Azure VM we dont do anything inside Virtual Machine we will have to do it Portal or Powershell.

1. Assign a Static IP to Virtual Machine , the reason is because if you reboot Virtual machine in Azure it may loose the IP and a new IP will be assigned. In my case i am assigning it as 10.1.0.6

click and and you are done.

2. Change the DNS Servers IP of the Virtual Machine

Go to Network adapter resource and click on DNS Server and add the DNS IP

I added 10.1.0.4 for Azure AD and 10.92.76.10 my on premise AD

3. Ping the local AD Server

4. Add the VM to domain

5. Adding to domain error

i was unable to add to domain and it was failing with error code 1332.
If you see above i was able to ping Azure AD but still  had issues

So started to verify DNS and it was working fine too.. then after sometime i realized something
anyone any guess what was the solution?????????????????????????

I had 2 AD 1 in On premise and the Other in Azure right? all my FSMO roles are running on the On premise AD Server and for some reason by site to site VPN got disconnected and it was not able to locate the AD and it was failing.

As soon as i fixed my site to site connection then i was able to add to domain.


Next in the series i will go about how to de-allocate a Public IP in case you have requested it during VM creation...

Hope this helps someone until next one you all have a good day!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Creating a Virtual Machine - Azure SystemAdminLab1

Good day All,

Welcome back!!! As a system admin wanted to try all the things i do on-premise see how to achieve it Azure , so named this Series as SysadminLab

So First article will go over create a Virtual Machine see what are is required .

Note as a Windows guy i like GUI so will try to stick with that if needed only will use Powershell.


Pre- requesties you will need before you think to create a VM:


1. Resource Group
2. Storage Account
3.Subscription details
4.Virtual Network
5.Subnet
6.Public IP if required access over internet
7.Network Security Group
8. Availability Set


Must be wondering WOW so much , as for starts Resource Group Name, Subscription,Virtual Network, Subnet is what needed like Storage Account you can auto create same is the case for Network Security Group and Availability Set.
There are 2 ways to do it, either create all these things ahead of time and then pick from drop down menu or during the Virtual machine creation you get the option to Auto create and you can do so.

As part of the connecting Azure to On Premise i already created a Virtual Network 10.1.0.0/16 and created a Production Subnet as 10.1.0.0/24 so will not show how to do you can refer this link 

Under basics give the details and click ok

 Select a Compute Size and you see how much it cost Per-Month so Select

 Under settings , for now i am creating High Availability. Note if you have any plans to do it it should be done only when you creating a Virtual machine. For now there is no option to add  existing Virtual Machine to a Availability Group

We have Power shell command we will use that will create the VM by deleting existing VM in Availability group in this SystemAdmin Series.

For Storage we are picking Managed disk, which means disk will be managed by Azure and they give 99.95 SLA on it. If you need more than that then they have other Storage redundancy available that we will discuss later or just google on it.

 When you click Network and Virtual Network you have the option to create new Network or use the existing one, so i picked already the existing one .If you need to refer see above in the article gave a link to that.

As i already had a Production Subnet 10.1.0.0 so when VM is created it will autopick a IP in the range and gets assigned unless you go in and change the IP to Static.
Public IP Resource is auto created for you or if you have existing IP you can use.
Network Security Group which is like a Firewall is auto created with Port 3389 Opened
Rest of the details i picked default and click ok

So VM with Windows 2012 R2 is deployed.

Lets check couple of things

1. Virtual Machine Status

2.  How to RDP to the Server from Internet

Click on the VM FooAzureVM1 and click connect to download a RDP file to connect.

Open the RDP file and Will show the Public IP it is connecting to

3. Verifying the Server name and IP (DHCP gave a IP from the Production Subnet)

4. So how was RDP traffic enabled by default?

So it auto created Network interface called Fooazurevm1496 assigned a IP of 10.1.0.6
Auto created Network resource group name as FooAzureVM1-nsg and added a inbound rule to allow port 3389 from internet

So its advice able that you create a Virtual Machine name it as Jump Server and assign Public IP only to that and any machine you create in that Subnet don't assign any Public IP as part of security so that no one from cloud tries to access it,

Also the VM acting a Jump Server you you will add a rule such that only certain Subnet and only certain group will be able to RDP etc.. should be done as part of securing the Server.

Next in the System Admin Lab series would be to assign the Virtual machine to existing Active directory so until next one you all have good day!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!