Azure

There is more than a few blog posts around about how to use the Azure DevOps agent in a container (and by extension Kubernetes), there are even a handful of examples for using an Entra Application Registrations or Workload Identies that miss out on a critical step - the ’exit’ needs a new token because they are not long lived!Both the examples below use the Dockerfile and start.sh script from the official docs as a base. ...

The Azure VPN Gateway supports a variety of connection methods for Point to Site VPN’s, one of the more interesting options that came out not too long ago is support for OpenVPN which is compelling as it ticks off a lot of boxes in terms of support such as: Tunnels over HTTPS so traverses firewalls easily Multi platform support - Windows, Mac OSX, iOS, Android, Linux RADIUS Authentication Can be used without Admin rights when setup correctly on Windows The RADIUS authentication option is really interesting if you use Network Policy Server (NPS) included with Windows Server as you can hook in the Azure MFA Module to provide Multi factor Authentication. Unfortunately the Azure documentation does not outline the required NPS settings to support OpenVPN with RADIUS so after a support ticket, here is the required NPS configuration required to get this working: ...

Microsoft released an updated version of the SQL Server Connector for Microsoft Azure Key Vault on 26/2/2018 (version 15.0.300.96) which seemed to be unable to connect to the Key Vault on existing or new SQL Servers. Typically you run this first step in creating the Asymmetric Key CREATE ASYMMETRIC KEY SAM_TDE FROM PROVIDER [AzureKeyVault_EKM_Prov] with PROVIDER_KEY_NAME = 'SAM_TDE', CREATION_DISPOSITION = OPEN_EXISTING GO With the latest version of the SQL Connector you get the following error message Msg 33049, Level 16, State 2, Line 54 Key with name 'SAM_TDE' does not exist in the provider or access is denied. Provider error code: 2058. (Provider Error - No explanation is available, consult EKM Provider for details) Not very descriptive is it? If you check the Application logs in Event Viewer you should see an Event ID 2 for the Key with the following details: ...

The long overdue update to Azure’s Recovery Vault to support ARM virtual machines has finally arrived. With it are some nice changes to how you backup and recover your VMs, however as is typical with Azure on release of a new or updated feature the documentation is not the best! We’ve been waiting for the update to this part of Azure for quite a while at work and dove right in once it came out. One of our main requirements is that in case of a restore we wanted to restore just the disks so that we can redeploy the server from Powershell with a more ‘advanced’ configuration (Availability Set, choose the IP, disk name etc). ...

The search for how to do some of what is below was one of the main reasons I started thinking about writing a technical blog… On to the interesting stuff! First up - check your LUNs! If you have already added data disks via the portal you should check what their current LUNs are to avoid any errors, run the following and look for the LUN tag in the disk output. ...