Connecting the VM to On Prem and Promoting as Active Directory - Part 5

Good day All,

Welcome back!!!

So underlying above infrastructure is ready so now we need to add our first Server in Azure and Install AD role by connecting to On premises AD Server.
After we do that, any new VM in Azure we can add the VM to a AD in Azure Site rather then connecting to On-premises AD.

For all System Admins this Azure site is just one more Site  with local AD Servers.

 As my On prem AD is 2012 i picked 2012 only

In about 5-10 mints you VM will get created with Public Attached IP

Login into the Server and make sure you able to connect and confirm the Server Name

You will need to do 2 important steps one is assign Static IP for the VM and also DNS Server change it to 10.92.76.10 on your on premises AD Server

Now login to Server do the Ping test to your On premise AD Server

When you try to ping from On Premise AD Server to VM 10.1.0.4 the pings fails as by default ICMP is blocked in the VM

run the below command in the Azure VM to allow ICMP traffic and you should be able to Ping it.

On ONPREMFOODC:

Now add your Azure VM to your existing On Premises AD Server
If you see below i was able to successfully add the VM to On premise AD Server and to existing domain FOO.com

Next step is to Proceed with Active directory domain and Service role and promote this Server as AD.and DNS Server,

After completing the Install you should be able to Open the Active directory Sites and Services and see the new Azure AD reporting in there

if this we have successfully created a AD/DNS Server in Azure site and any new VM's we have point to local AD and DNS Server.

Before i end couple of things you should do is always create a Azure JumpServer in the same Virtual network and have a Public IP Assigned and any other VM's you create just uncheck creating Public IP,

As the JumpServer and other VM's are connected to same vnet they will communicate with no issues.

Finally it comes to a end of this series. i know as system Admins when you do migration you may already have a Azure site with all the Netwroking ,conenctions all done for you .. you may just create new VM or do migration having knowledge on how this is all been connected is very useful

This helped me and hopefully this helps someone too!!!

Until next one you all have good day!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Setting up your On Premises for VPN - Part 4

Good day All,

Welcome back!!!

In the Part 4 we will go over setting up our VPN device and connecting to Azure

Login to your Windows 2012 RRAS Server and open Routing and Remote Access.

Note: The reason we picked Windows RRAS is because this acts as Router and as well you can configure VPN on this.

If you have at home a Router with VPN capability than you dont need that RRAS at all.


For VPN to work we need to enable port forwarding on my broad band router for Port TCP50, UDP 50,500,4500.

if  on your broad band router if you have DMZ setup then you can point the IP to this RRAS Server but its little risky as all traffic is been forward

Port forwarding on my broadband Router:

Now login to RRAS Server and perform the below steps

 Some Name

Select VPN

Select IKEv2

you need to put the  Public IP you generated as part of Virtual network Gateway right

you are adding a Static route to Azure Virtual Network as Single hop

Just putting some Name in user name because we will be using pre-shared option to connect VPN

Right click on the created dail up connection and then go to security and select use preshared key for authentication and entry the value. If you remember when creating Connections in Virtual network gateway i have give the pre-share key as 123456789 and then click ok.

Now right click the dial up connection you created and click Connect

If all goes well you will see the its connected.

If you clcik on Local network gateway and then in connections you will see the status as Succeeded.

Issue 1:

When i first tested connecting the dial up connecting i got error saying Remote Server name or IP couldn't be identified.

Solution: I gave a static IP to the RRAS WAN NIC as 192.168.1.12 but forgot to exclude that IP in the IP in the DHCP list of my home modem router and it allocated the same IP to another device

Issue 2:

As we are using a non Static Public IP of our home broad band router and sometime this gets changed so when you try to connect you will get couldn't be established error

Solution: Go to local network gateway and if the Pubic IP is changed on your home router update the same and try connecting.

this comes to a end of Part 4, in part 5 i will setup a VM, Promote it as AD my pointing to you
on-premise AD Server.

Hopefully this helps someone until next one you call have a good day!!!!!!!!!!!!!!!!!!!!!!!!!!!

Site to Site VPN to my On Premises LAB at home - Part 3

Good day All,

Welcome back!!!!

So in this part 3 series will go over step by step creating Azure Lab for site to site VPN

Azure Lab:

Virtual Network: 10.1.0.0/16
Production Subnet: 10.1.0.0/24
Virtual Network gateway : 10.1.0.0/27

Created a resource group called HybridRG

Now create Virtual Network called HybridVNet with IP range 10.1.0.0/16.
Created a Production Subnet where you Virtual Machines will be attached.

Next step is to create  Gateway subnet

Click on the Virtual Network HybridVnet and click on subnet and follow the below steps

Next step is to create Virtual Network Gateway HybridVNG

Go to more Services, search for Virtual Network Gateway and click Add

Select Gateway  Type as VPN
Select VPN Type as Route-Based

Select your Virtual Network that is HybridVNet
Click Create gateway IP Configuration as we need Public IP to connect VPN device.

Now you need to be patient as it will take at-least like 30 mints min to create a Public gateway IP

Next step is to create your On-Premises Local Network

Below is the Public IP for my home Broadband router and you need to put that in IP Address field

Now last step is to create Connections so click on Virtual Network gateway, select connection and click on ADD

Select connection Type as Site-to-Site VPN

Select your Virtual netwrok gateway

Select your Local Network gateway

Generate a few Pre-shared key , we need this when creating a VPN connection from On- premises VPN device

Select the resource group and click create

Status will be empty or connecting as we are yet to configure the VPN device on the On-premise

We will continue in Part 4 Setting up VPN on RRAS Server and then creating 2 VM's in Azure and test the Site to Site VPN

Hopefully this helps someone until next one you all have a good day!!!!!!!!!!!!!!!!!!!!!!!!!!!