Issue Description​

Failed to delete the private endpoint. Error: Call to Microsoft.Storage/storageAccounts failed

Root Cause​

Azure Backup locks the storage account when you configure protection for any file share in the corresponding account. This provides protection against accidental deletion of a storage account with backed-up file shares.

Resolution​

In my case, the Storage account I was attempting to remove the Private Endpoint from was an Azure File Sync storage account, that had Azure File Shares that were getting Backuped Up.

• Found and removed the lock on the storage account
• Then successfully delete the private endpoint

More info​

Generally, it is recommended that keep the lock taken on the storage account by Azure Backup. If you delete the lock, your storage account will be prone to accidental deletion and if it's deleted, you'll lose your snapshots or backups.

https://learn.microsoft.com/en-us/azure/backup/backup-afs#best-practices

https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources

Note: Warning buzzwords to follow. Yes, it's that type of article. The views expressed are purely my own.

We are at a turning point in history, where technology is enabling us to do more with less and faster, human life expectancy is longer than what it has ever been, and the world has never been as connected - We are in the 4th industrial revolution.

In an effort to continue to make things better, stronger, and faster we have developed technological aids to assist to drive us forward, in areas such as (but not only) Health, space exploration, travel, and business transformation, one could almost call it the evolution of the first hammer or axe as a tool to help us survive and thrive.

Although there are many technologies in play around the world, artificial intelligence, machine learning, virtual and augmented reality, biotechnology, robotics, and the internet of things to name a few – faster computer processing capability and datacenters all connected to each other and built into the fabric of connectivity across the backbone of the internet, is what I am here to talk about today.

Companies such as Microsoft, in just over 11 years have revolutionized the world of Information Technology. The Microsoft Azure ecosystem is not just ‘someone else computer’, it is so much more than that.

Traditional data centers or on-premises equipment use to require specialized knowledge around areas such as Networking and Hardware, every business function needed to have a physical server, taking up space in a specialized air-conditioned room or just sitting under someone’s desk, running critical functions needed by businesses. I am not saying, this is still not the case and that there are no excuses for such implementations (other than running under someone’s desk), what I am saying is that ‘Information Technology was about Information Technology’ – the ‘Information’ portion of that was a bit harder to access than it is today and was a lot more hands-on to drive value.

Cloud is disrupting traditional IT faster than we think. Today, with 80% of businesses deploying or fully embracing the cloud, we have ‘crossed the chasm’ and are in the ‘early majority stage of the adoption curve.

“A ship is safe in harbor, but that's not what ships are for.” - William Shedd

Using and treating the Microsoft Azure ecosystem, like a normal on-premises datacenter in a world where "a kid working in a garage anywhere in the world, can put you out of business" will slowly but surely limit your potential, with the global scale of the Azure platform, its now possible for businesses, charities and similarly minded individuals to have a global and multi-regional presence.

In the world of digital transformation, technology has become the source of competitive differentiation – If you haven’t realized that your company is a technology company, you have already lost.

Information Technology functional requirements have changed from thinking of performance in terms of the central processing unit (CPU), and Random-access memory (RAM), to thinking about user experience (useability), portability, and scalability.

Cloud-based thinking is migrating workloads from IaaS (Infrastructure as a Service) to PaaS (Platform as a Service), or from PaaS to SaaS (Software as a Service), instead of you working for the technology, the technology works for you.

Those previous Information Technology professionals that once worked till the early hours of the morning replacing hardware, keeping systems up and running, are now free to automate, simplify and understand how the technology can work for the consumer. They can now finally concentrate on helping you to deliver and concentrate on the Information that is now at your disposal.

The perimeter for security is no longer some black box, running in a dark room blinking into the night – it is your identity, your phone, your password (or password less). Security is everyone’s concern and education of security and how to use technologies is just not the ‘IT guys’ responsibility.

While the cloud can bring greater business value and agility, it can also bring new concerns, including cloud sprawl.

With the pace of change brought on by cloud-based digital technology, your business needs to be highly attuned to the capabilities, skills, and processes necessary from a people perspective to stay relevant and competitive.

What can and cannot be achieved has now been limited by people’s imaginations and the way that people work.

With companies now operating at a global stage and remote working, retaining talent has never become so important, the importance of a company mission statement, strategic priorities, and their ‘Why’ - to use the words of Simon Sinek ‘People don't buy what you do, they buy why you do it.’ Has become a lot more important and visible as employees follow vision, leadership, and technology.

Long story short so, what does this all mean?

In a few bullet points – this is some of what comes to mind when I think of having a Cloud frame of mind means:

• Collaboration across Information Technology professionals (as the enablers) and Business needs have never been so important.
• Try, Try, Fail and Try again – Experiment!
• Think outside of the traditional box, into using technology across Cloud ecosystems such as Azure to drive outcomes.
• Partnerships with Microsoft and other businesses globally are important to learn, adapt and avoid reinventing the wheel.
• Shift from Captial to Operational expenses, subscription-based modelling and pay for what you use and consume.
• Enable, Trust and empower employees.
• Do not aim for perfection before moving forward or you will never get there.
• Use Analytics, Integration, and Machine Learning engines to help drive data-driven business decisions.
• Adopt a continuous learning culture.
• Embrace Chaos
• Remember that employee Utilisation does not equal maximum throughput.
• Build what you cannot buy. Buy what you can't live without
• Log what is useful, monitor what matters, alert on what's actionable.
• Empower others (ie shift left) while making sure that everything is auditable, standardized.
• Develop and promote an ‘everything as code’, ‘everything is automated’ mindset.
• Test and develop roadmaps to get the most out of upcoming Cloud capabilities.
• Educate employees on Security and the use of technology to get the most out of it.
• Remember that some of your clients’ employees are not ‘bogged’ down by what they deem as not possible in IT.
• Take advantage of the variable cost model of the Cloud
• Design efficient use of resources via such activities as rightsizing (the process of resizing cloud resources to better match the workload requirements), allocating container costs, finding unused storage and compute, and identifying whether spending anomalies are expected.
• Automate what is trivial, boring, mundane, and belittling.
• The Cloud can offer cost savings with resiliency, high-availability, and security automation strategies, you just need to take advantage of it.
• Champion improvements in People/Process and ways of working
• Using the Cloud, does not always equal cost savings, however the real value is decreased time-to-deployment, increased agility to adapt to changes and opportunies for innovation, security and modernisation.
• Concentrate and continue on operational improvements, such as Incident and Problem Management
• Just as you have to have a push of changes, you have to have a pull of changes to keep the environment lean and avoid waste.

And finally, Revisit, Improve and Reinvest... and enjoy the challenge and opportunities that being in the 4th industrial revolution has to offer!

It is surely an exciting time and is only just the beginning...

Installing the RSAT (Remote Server Administration Tools for Windows 10) tools using PowerShell. This is just a quick article, written purely as an easy reference.

In the age of the cloud and work from anywhere, Windows 10 allows you easily, install the Remote Server Administration Tools using PowerShell, sometimes (like me) you need these tools not to actually use them - but for the PowerShell modules that come with them to work on scripts locally.

Note: This needs to be run from an elevated PowerShell console (ie ran as Administrator). You can check this using the following:

$currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
$currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)

If it returns:

• False - You are not in an elevated PowerShell window and will have to relaunch as Administrator
• True - You are all set to go and can continue...

To get a list of all the Remote Server Administration tools you can install run the following:

Get-WindowsCapability -Name RSAT.* -Online

The versions as of the time this article was written are:

• Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0
• Rsat.BitLocker.Recovery.Tools~~~~0.0.1.0
• Rsat.CertificateServices.Tools~~~~0.0.1.0
• Rsat.DHCP.Tools~~~~0.0.1.0
• Rsat.Dns.Tools~~~~0.0.1.0
• Rsat.FailoverCluster.Management.Tools~~~~0.0.1.0
• Rsat.FileServices.Tools~~~~0.0.1.0
• Rsat.GroupPolicy.Management.Tools~~~~0.0.1.0
• Rsat.IPAM.Client.Tools~~~~0.0.1.0
• Rsat.LLDP.Tools~~~~0.0.1.0
• Rsat.NetworkController.Tools~~~~0.0.1.0
• Rsat.NetworkLoadBalancing.Tools~~~~0.0.1.0
• Rsat.RemoteAccess.Management.Tools~~~~0.0.1.0
• Rsat.RemoteDesktop.Services.Tools~~~~0.0.1.0
• Rsat.ServerManager.Tools~~~~0.0.1.0
• Rsat.Shielded.VM.Tools~~~~0.0.1.0
• Rsat.StorageMigrationService.Management.Tools~~~~0.0.1.0
• Rsat.StorageReplica.Tools~~~~0.0.1.0
• Rsat.SystemInsights.Management.Tools~~~~0.0.1.0
• Rsat.VolumeActivation.Tools~~~~0.0.1.0
• Rsat.WSUS.Tools~~~~0.0.1.0

To install ALL the RSAT Tools run the following:

Get-WindowsCapability -Name RSAT.* -Online | Add-WindowsCapability -Online

To only install ONLY the Active Directory Users & Computers Remote Administration tool run the following command:

Get-WindowsCapability -Name RSAT.ActiveDirectory* -Online | Add-WindowsCapability -Online

To only install ONLY the Group Policy Management Remote Administration tool run the following command:

Get-WindowsCapability -Name RSAT.GroupPolicy* -Online | Add-WindowsCapability -Online

Issue Description​

Unable to start Windows Azure Guest Agent (it's in a disabled state). When trying and set the service to auto the following error occurs 'The specified service has been marked for deletion.'

VM Agent is unable to communicate with the Azure Backup service.

Root Cause​

This may occur if Windows Communication Framework (WCF) profiling is enabled. WCF profiling should only be enabled while debugging a WCF issue. It should not be left enabled while running a production workload.

Resolution #1​

1. Restart your workload, I would recommend to Stop (deallocate first) to make sure that the workload starts correctly on a new hypervisor, the Azure Backup agent starts and checks for agent updates during the boot process.

Resolution #2​

Disable WCF profiling:

1. Launch an elevated CMD prompt. 2. Run the following commands to back up the existing: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config file:

   cd C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config

   copy machine.config machine.config.bak

3. Run notepad machine.config to edit the file in Notepad.

Remove this text, being careful not to also remove any additional text that may be on the same line:

<add name="Microsoft.VisualStudio.Diagnostics.ServiceModelSink.Behavior" type="Microsoft.VisualStudio.Diagnostics.ServiceModelSink.Behavior, Microsoft.VisualStudio.Diagnostics.ServiceModelSink, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>

Also remove this text, being careful not to also remove any additional text that may be on the same line:

<commonBehaviors><endpointBehaviors><Microsoft.VisualStudio.Diagnostics.ServiceModelSink.Behavior/></endpointBehaviors><serviceBehaviors><Microsoft.VisualStudio.Diagnostics.ServiceModelSink.Behavior/></serviceBehaviors></commonBehaviors>

4. Save and close the file. 5. Restart the guest agent services:

net stop Rdagent

net stop WindowsAzureGuestAgent

net stop WindowsAzureTelemetryService

net start Rdagent

6. In some cases the VM may need to be restarted for the WCF disablement to take effect.

Resolution #3​

From time to time the Azure backup agent may fail. Sometimes this will self-resolve but on the odd occasion, additional steps may be needed.

1. Uninstall the agent via the Control Panel. 2. Open CMD as Admin. 3. Stop the following services:

net stop rdagent

net stop WindowsAzureGuestAgent

net stop WindowsAzureTelemetryService 

4. Delete all the services of the agent:

sc delete rdagent

sc delete WindowsAzureGuestAgent

sc delete WindowsAzureTelemetryService 

5. Create a folder called OLD in "C:\ WindowsAzure" and move the old version of the agent to it and the folders that say Packages. 6. Install the service again using the link: https://go.microsoft.com/fwlink/?LinkID=394789&clcid=0x409 or the latest agent available.
7. Restart the server.

Resolution #4​

1. Migrate the Pagefile to a new disk 2. Set a limit on the pagefile

There are many ways to do automation scheduling – whether its Jenkins or even Windows Task Scheduler. Each toolset has its place or specialization today we are looking at the son of Ironman Software’s PowerShell Universal Automation platform – the Desktop Edition!

The Desktop edition replicates some of the same functionality as the Universal Automation platform, however, aimed more at being able to drive automation scheduling from your Desktop! Entirely for someone like me who likes to do a certain amount of automation from the Desktop but has a particular distaste for scheduled tasks – like the Universal Automation platform this is entirely driven for PowerShell!

“Desktop edition comes packaged as an Electron app that provides all the great automation features of UA without role-based access, remote access or authentication.”

You can use Universal Automation Desktop for free as a trial:

• 25 Jobs per day

• Up to 2 concurrent jobs

We are going to be using the Trial here – however, per-user pricing can be found at the following link: Universal Automation

The toolset is quite intuitive a lot of below isn’t worth going into how do use it - as it seems to be easy to pick up but its always pleasant to have it documented and referable! In my example below, we are going to create a Resource Group in Azure.

• TOC {:toc}

Install Universal Automation Desktop:​

Unlike Universal Automation & Universal Dashboard, installation of the Universal Automation Desktop is packaged into an executable.

1. Download the latest Universal Automation Desktop installer (bottom of the download pages – at time of writing the installer is 120MB and version 1.0.0)
2. Installation of Universal Automation Desktop is pretty straight forward, just run the downloaded installer:
3. Once complete, Universal Automation Desktop will load.

Use & Configure Universal Automation Desktop:​

Add Scripts​

Universal Automation supports git, so a Repository folder is created automatically – any scripts that you add will automatically be added to it:

%LOCALAPPDATA%\UniversalAutomation\Repository

1. On the Scripts pane select Add Scripts
2. Select the script you want to upload – in my example; I am using ‘New-AzureResourceGroup.ps1’ the script I created for quickly testing some of the functionality.

Gist of script found below, but its also in my GitHub Repository under Azure (GitHub link on the site menu).

3. Once added you should see the script appear and you should be able to see it in the Repository folder now:

Add variables​

Universal Automation Desktop supports variables.

1. Click on the Variables menu item
2. Select Add Variable
3. In my example, I am adding the location that the Resource Group will be created, so it is going to be the following Key = Value pair: Location = Australia East
4. Click Ok to save

Note: Location is a variable in my script, I also tested manually setting the name of the Resource Group as well with the Name value as well and worked well.

Note: The Variables are not encrypted! They are in plain text under:

Repository\.ua\variables.ps1

I did have a few issues with the UI freezing on me, so also discovered that I can manually add variables to this file and after a restart, it seemed to be picked up by Universal Automation as well.

Change PowerShell version​

This is an interesting feature, that allows you to specify what Version of PowerShell you can have the scripts run under (in this example I will be adding PowerShell 7 preview). We do not need this for my example.

Note: If you do not see the below, you may need to update – Automation Desktop will update automatically and should notify you – close and restart Automation Desktop to continue (if you get an error message – navigate to your notification tray by the time and Quit any open Universal Automation Desktop applications you have open and then relaunch).

1. Click Settings
2. Navigate down to PowerShell versions
3. Click Add New Version
4. A new Table row will appear (Version\Path)
5. In Version we are going to type in: PowerShell 7-preview (x64)
6. In path type in: C:\Program Files\PowerShell\7-preview\pwsh.exe
7. Press Enter

Now when you run your scripts, you can now specify what Version of PowerShell to use!

Run the script​

Now that the variables have been set up and the script has been added, we can then Run it.

1. On the scripts pane select ‘New-AzureResourceGroup.ps1’ and select Run
2. Specify the PowerShell version – I believe automating this selection is currently in the backlog: - and click Run
3. The script will now go to the Jobs screen:
4. Usually, the script would just run – but in my case, I have a parameter in my PowerShell script to request the name of the Resource Group we are going to create, click on Response to Feedback icon
5. Type in the name of the Resource Group we are going to create – in my example I am going with: UAutomationRGTest and click Ok
6. It will now run the script:
7. My new Resource Group has been created in Azure, using the name specified in the Parameter (UAutomationRGTest) and the Location (Australia East) that was set in the Variables!

Scheduling scripts​

Although at this stage, I am not scheduling any of my scripts to run – it is a core function of the toolset.

1. Click on Scripts
2. Select the script you want to schedule and select View
3. On the right-hand side blade next to Edit, click on the ellipsis (i.e.…)
4. Select Schedule
5. Specify the schedule you want and click Ok

You should now see the Schedule under Schedules and view the Job history under Jobs.

Overall opinion​

Long story short - Universal Automation has a place and is a toolset I will be looking at more closely and using!

I see myself using it to utilize PowerShell and automation a bit more in completion of general day to day activities (both personal and professional) and service requests - without having to worry about moving to the next step with a bigger toolset.

If I use a script often enough – then there will be a definite need to move to another team based toolset with RBAC tools such as the Universal Automation offering by Adam Driscoll of Ironman Software.

Word of warning – and it should go without saying :

DO NOT RUN UNIVERSAL AUTOMATION DESKTOP ON YOUR DOMAIN COMPUTER FOR PRODUCTION OR SHARED SCRIPTS! PLEASE LOOK AT UNIVERSAL AUTOMATION FOR THAT! YOU DON’T WANT TO GO HOME OR SHUTOFF YOUR PC OR LEAVE FOR BETTER AND BRIGHTER THINGS AND GET CALLED UP BECAUSE SOME VERY IMPORTANT PROCESS DIDN’T RUN!

My Test Script - New-AzureResourceGroup​

I created this function to quickly test 2 things:

• How does Universal Automation work with 3rd party modules?

• How does Universal Automation work with parameters and variables?

Universal Automation Desktop does not touch your scripts, in fact depending on what your use case is your git repository should be inline with Automation Desktop and you can sync the Variables across multiple installs.

My script is using 2 modules:

• CredentialManager

• Azure (AZ)

I thought CredentialManager would be a good test here as Universal Automation is intended to be run from your Desktop (in my case Windows 10) and using Credential Manager to store my Azure SPN details – without revealing it in plan text was a good test. More information can be found below:

ToastIT - Safe Credentials

#requires -Version 2.0 -Modules Az.Accounts, Az.Resources, CredentialManager


function New-AzureResourceGroup
{
  <#
      .SYNOPSIS
      Creates Azure Resource Group
      .DESCRIPTION
      Creates Azure Resource Group function, created as a test function for Universal Automation Desktop
      .EXAMPLE
      New-AzureResourceGroup
  #>
  param
  ([Parameter(Mandatory = $true, HelpMessage = 'Enter the name of the Resource Group you want to create', Position = 0)]
    [ValidateNotNullorEmpty()]
    [string] $Name,
    [Parameter(Position = 1)]
    [string]
    $Location = 'Australia East'

  )
     
  $tenantId = (Get-StoredCredential -Target 'MSDN SPN Demo').GetNetworkCredential().UserName 
  $pscredential = (Get-StoredCredential -Target 'MSDN SPN Demo Key')
  
  Connect-AzAccount -ServicePrincipal -Credential $pscredential -Tenant $tenantId
  
  New-AzResourceGroup -Name $Name -Location $Location -Force
}

New-AzureResourceGroup

Luke - GitHub