One of my clients wants to upgrade Exchange Server 2013 CU8 to Cu23. When preparing the server for upgrade and started upgrade and at the first step of the upgradation process the upgradation errors out with the following error and needed to exit from it. Error: ” was run: “Microsoft.Exchange.Data. Directory.ADOperationException:
Error:
The following error was generated when "$error.Clear();
initialize-ExchangeConfigurationPermissions -DomainController $RoleDomainController
" was run: "Microsoft.Exchange.Data.Directory.ADOperationException: Active Directory operation failed on OrgDC.domain.com. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03152612, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
---> System.DirectoryServices.Protocols.DirectoryOperationException: The user has insufficient access rights.
at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
at Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, Nullable`1 clientSideSearchTimeout, IActivityScope activityScope, String callerInfo)
at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync)
--- End of inner exception stack trace ---
at Microsoft.Exchange.Data.Directory.ADDataSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException, Boolean isSync)
at Microsoft.Exchange.Data.Directory.ADDataSession.SaveSecurityDescriptor(ADObject obj, RawSecurityDescriptor sd, Boolean modifyOwner)
at Microsoft.Exchange.Management.Tasks.InitializeConfigPermissions.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)"
Solution 1:
There are two ways to work around on this issue. You use the first work around when you don’t have the built-in administrator account access.
You need to launch Active Directory Users and Computers and, on the view menu, make your advanced features on the view menu is ticked.
Next, find the user that you are trying to install the exchange server with and open the properties and advanced settings on the security tab enable inheritance and click apply.
Also make sure the account you are tying to install CU is member following groups.
Enterprise Administrators
Schema Admins
Domain Admins
Organizational Management
Relaunch the CU upgrade setup and the error won’t be there in this time.
Solution 2:
Or if you have administrators account password with you, just login with administrator account and launch the CU installation setup.
Today I was updating Exchange Server 2016 CU 18 on one of the client’s Exchange Servers and I came across the below error. The error is the original web.config file was not able to back up because of a web.config.bak file was already there in the %ExchangeInstall%\ClientAccess\ Autodiscover\. Error: ” was run: “System.UnauthorizedAccessException”
Error:
" was run: "System.UnauthorizedAccessException: Access to the path 'C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\Autodiscover\web.config.bak' is denied. at
System.IO
.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at
System.IO
.File.InternalCopy(String sourceFileName, String destFileName, Boolean overwrite, Boolean checkHost) at
Microsoft.Exchange.Management
.SetInstallPathInAppConfig.InternalProcessRecord() at
Microsoft.Exchange
.Configuration.Tasks.Task.<ProcessRecord>b__91_1() at
Microsoft.Exchange
.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed) at
Microsoft.Exchange
.Configuration.Tasks.Task.ProcessTaskStage(TaskStage taskStage, Action initFunc, Action mainFunc, Action completeFunc) at
Microsoft.Exchange
.Configuration.Tasks.Task.ProcessRecord() at
System.Management
.Automation.CommandProcessor.ProcessRecord()".
Solution:
In order to resolve this issue, I have backed up the existing web.config.bak file and removed this file from the location above. I reran the setup again and, Bingo! There was no error on the stage and the Cumulative update was completed with charm. I recommend this solution if you encounter this issue in your Exchange Server 2013/1016/2019 cumulative update upgrade.
Please feel to comment your thoughts and I will be right there to answer you in case of any questions.
This is a demonstration article to deploy Windows Server 2019 as Certificate Server in an Active Directory Domain environment where the server is configured as Root CA on Enterprise Certification authority. The demonstration has been started with the Domain Server installed with Active Directory Certificate Service role and configured as Certification Authority, Certification Web Enrollment, Certificate Enrollment Web Service, and Certificate Enrollment Policy Service role services. After Installing Certification Service Role and their role services the group policy object has been configured to enable organization computers to authentication the user’s workstation with a Workstation Authentication Certificate Template. The workstation authentication has been tested by a domain-joined computer updated with the group policy.
When you are ready let’s get started with installing the ADCS roles on the server manager console and continue configuring the certificate server moving on,
Add Active Directory Certificate Server Role
You can install the Active Directory Certificate Service roles as a Standalone CA on a workgroup computer or Enterprise CA on an Active Directory domain environment. The Root CA is the top hierarchy and Subordinate CA is right next to the Root CA. If you want a more secure environment for Certification Authority installation, you can install a Root CA and then Subordinate CA and take the Root CA offline to make it more secure. The subordinate CA requires the Root CA only when the Certificate service is installed on it. After installing subordinate CA, the Root CA is not required as all the certificate requests and other processes will be handled by the subordinate CA.
In this demonstration to make the environment simple and make this article for small to a medium office environment, we are installing only Root CA on an Enterprise CA setup. The Active Directory Domain Services is already up and running on this network, so we are skipping the ADDS installation or assuming the ADDS setup on your network is already running. So, the demonstration starts with the Certificate Server manager console. To make the demonstration understandable and easy to follow even for a newbie, I have not skipped any screenshot on the way of installing and configuring this certificate Server. If you follow this article you can easily install and configure Certificate Service on your Active Directory domain setup. I hope you are very much convinced and let us start the demonstration and just follow on from this point.
Launch Server Manager and click Add Roles and Features on the middle of the console.
On the Installation type selection screen point to the “Role-Based or Feature-based Installation” radio button and click Next.
On the destination server selection screen leave the local server selected and Click Next
On the Select Server Roles Click on the Active Directory Certificate Services check box, when you click this check box immediately the pop-up would show up to add Features related to it. Click Add Features
The Active Directory Certificate Services role selected and Click Next to continue.
On the next screen to select Features, just leave the features selected default and Click Next.
On the next screen you will be shown with a note about Active Directory Certificate Services and what it will do, so if you are new to ADCS, go through the note that will help you get some information about it. Click Next to continue.
On the Role Services selection screen, select Certification Authority which the main reason we installing this server Certificate Authority we enrollment, which is making some manual certificate enrollment easy for administrators. The other two Certificate Enrollment, that is web Service and policy web service would be useful for enrolling the non-domain joined device in your network such as Access point, a network switch, and so on. Leave the other two roles for now, and click next to continue.
The next screen is an informative note for web server roles just as we see ADCS role info a little bit back in this demonstration. Click Next to continue.
The default web server roles are only required to install this service, so click next to continue.
On the Confirm installation selections screen, all the selection install the role so far will be listed just browse through the features and click next to continue.
In the installation progress screen shows the installation is complete, click on the link in the middle of the progress window to configure ADCS on this server. Click “Configure Active Directory Certificate Services on the destination server” and the ADCS configuration wizard will start and follow on with that screen to configure it.
Configure Active Directory Certificate Services
The currently logged on user account will be taken by the configuration wizard as a role configuration account, make sure the account is Domain Admin of the root domain and Enterprise admin of the forest and click next to continue.
You can only select Certification Authority and Certification Authority web Enrollment role services and click Next.
As this is an Active Directory Domain environment I have chosen Enterprise CA for the CA type, click Next to continue.
As this is the First Certification Authority Server in the network and this is only one CA server, select Root CA and click Next.
As this is the Root CA, select Create a new private key and click next.
Leave the default RSA as a cryptographic provider and pick the maximum key length for better security and SHA 256 as an algorithm as most of the devices support this algorithm.
Give a Descriptive CA name I have given my organization name added CA to identify the Root CA.
Make the validity at least 10 years as it will give some room for the Root CA will be operating on your network without renewing it. You can make it valid as much as you want.
You can change the certificate database and log path to a separate disk. But you can leave the default path for small and medium environments.
On the confirmation screen you will be listed with all the selections done so far and if you are happy with the selection click to Configure to start the configuration.
On the Results screen, you would see the Configuration Successful for both the role services and click close.
Once you click close a pop-up will appear and it will prompt whether you want to configure the rest of the two services. Click Yes and move on to configure Certificate Enrolment web service and policy web service.
Leave the administrator account selected on the next screen and click Next.
On the Role Services selection screen, click the rest of the two role services, that is Certificate Enrollment web service and policy web service and click next.
As we have already configured Root CA on this Server the CA name will be taken automatically, check the CA name and click next to continue.
You can choose one of the three authentication methods, as we have Active Directory already in place, it is wise to select Windows integrated authentication. Once selected your preferred authentication, click next to continue.
You can create a service account for certificate enrollment web services (CES) and provide that account details here, as this is a demonstration, I have chosen App pool identity for this service to run. Click next to continue.
We have specified certificate enrollment web services, not we are going to an authentication method for certificate enrollment policy web service. Select an appropriate authentication method, choose windows integrated authentication if you are not sure which authentication method to use. Click next to continue.
On the select server authentication certificate, the root certificate we have configured in the previous configuration will be shown existing certificate SSL encryption, click refresh and click next to continue.
On the confirmation page check all the role services and features selected on this wizard and click configure to configure them.
On the Results pane, you would see the configuration succeeded and click close to close out the configuration wizard, and go back to roles and features installation.
Click close again on the Active Directory Certificate Services installation window if you have not closed it yet. Now the Active Directory Certificate Services role has been added and roles services have been configured.
Enable Group Policy Object to auto-enroll workstation authentication.
Open Server Manager and select Group policy management from the tools menu.
Point to Default Domain policy and click edit to modify the policy.
The group policy management editor windows will be opened and go to Computer Configuration/Policies/Windows Settings/Security Settings /Public key policies and double click the object Certificate Services Client – Auto-Enrollment as in the screen capture below.
On the Configuration Model, select Enabled. And select the checkboxes below.
Renew expired certificates, update pending certificates, and remove. Update Certificates the use certificate templates.
Once these two checkboxes are checked click OK.
The GPO for workstation authentication is completed. Go to the Certification Authority management console to create a workstation authentication template.
Configure Workstation Authentication
Go to Server Manager and launch Certification Authority from the tools menu to configure the workstation authentication template.
Select the Certificate Template and right-click and select Manage on the menu list.
As we are going to do some modification on the workstation authentication template it is wise to duplicate that template so the original template will not be modified if we need to use the template again for some other purpose or misconfigured by mistake could not get it back to the default configuration. Right-click the workstation authentication template and click Duplicate Template.
On the Properties of the Template, go to the general tab and give a descriptive name for the template I have given the organization name followed with the template name.
Then go to the Security tab and point to Domain Computers group name and select Autoenroll check box and click ok.
We have created a duplicate of the Workstation Authentication template and configured it, now enable the template to issue. Right-click the Certificate Template and select Certificate Template Issue from the New subtree.
Select the newly duplicated template and click OK.
To test go to a client computer such as Windows 10 and run the command gpupdate /force.
Once the group policy on the client computer is updated the certificate of the workstation can be found on the issued certificates list on the Certificate Authority management console.
Conclusion
In this article, we have gone through Active Directory Certificate Services role installation and then configured role services of the Certificate Services components. After installing the roles services and configured them, we have enabled the GPO for client authentication for workstation authentication and enabled the template by duplicating from the template node on the certification authority management console. This concludes the Certification Authority deployment and Active Directory Certificate Services up and running on our network environment. I hope the demonstration above is easy to follow and you understand the subject better than before.
I have a lot of happiness in getting your feedback on this article and your feedback will encourage me to write a lot more articles like this. Please post your comment below, I will see you next time in a different article.
When you upgrade Exchange Server 2013 or 2016 Cumulative Update, you sometimes see an error the Exchange-Online Application Account already exists on the first step of the upgrade. This issue arises if you have configured Hybrid Configuration for Office 365 and failed or you have Hybrid Configuration in place. The error would be something as below.
Error:
The following error was generated when “$error.Clear();
#
# O15# 2844081 – Create PartnerApplication “Exchange Online” in DC and On-Premise
” was run: “Microsoft.Exchange.Data.Directory.ADObjectAlreadyExistsException: Active Directory operation failed on ExchServer.domain1.local. The object ‘CN=Exchange Online-ApplicationAccount,CN=Users,DC=domain1,DC=local’ already exists. —> System.DirectoryServices.Protocols.DirectoryOperationException: The object exists.
at Microsoft.Exchange.Data.Directory.ADDataSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)
at Microsoft.Exchange.Data.Directory.ADDataSession.Save(ADObject instanceToSave, IEnumerable`1 properties, Boolean bypassValidation)
at Microsoft.Exchange.Configuration.Tasks.SetTaskBase`1.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.NewTaskBase`1.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.NewADTaskBase`1.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)”.
Solution:
If you come across the error as above, open Active Directory Users and Computers and find the account “Exchange Online-ApplicationAccount” and delete this account and rerun the Cumulative Update Upgrade. The account will be recreated when the cumulative update or setup /PrepareAD invoked and office 365 connectivity and applications such as free/busy and so on will be working as before.
We will find a resolution for the Exchange server 2013 or Exchange server 2016 error on the database index. Yesterday, one of the users in my client’s place called but told me that they could not search the content on their outlook or OWA. The moment I received the call, I made sure it was related to the Exchange server database’s content index and directly login to ECP and checked the content index’s status and found that it was in a disabled state as in the image below.
Resolution:
The get-mailboxdatabase command on Exchange Management Shell shows the IndexEnabled parameter as False for the database where the problem mailbox exists.
The command to check the database index state is as below.
Once the above set command has been run restart the following services.
Microsoft Exchange Search and
Microsoft Exchange Search Host Controller.
After restarting the above services and wait for a few minutes, you can see the database status changed from disabled to Crawling. The crawl of the database will take time; based on the database size. So wait till the database content index to complete crawl and try searching the content on Outlook or OWA client, and you will find the results shown.
In this article, we are going to Troubleshoot SQL Service Error. I recently had a client called me and told me that their application stopped working, and they did not know precisely the issue and asked me to investigate it and resolve the issue. As the client’s data center is far from my place, I decided to take the server remote access using VPN and started the investigation.
When I started accessing the app, the app was spitting out that the database was not accessible from the app server. So, I logged into the Microsoft SQL server and started checking the status of the service. I saw the SQL server instance on services not running, and when I tried to start the service, I get the following error. We are going to troubleshoot SQL Service Error 1051 in this article.
As mentioned in the services warning, I went to the system log on the MS SQL server and analyzed the records. I found that the MS SQL server was running on evaluation and stopped working after the evaluation period. So I confirmed license is the issue.
I pointed this to my client and requested them to arrange for the license and its product key.
Upgrade MS SQL server instance edition to Troubleshoot SQL Service Error
I got the license key and launched the SQL installation center from StartàMicrosoft SQL 2017àSQL installation center. You can launch this from launching setup.exe on MS SQL server installation media as well. Once the Installation center is launched, click Maintenance on the left side navigation and click Edition upgrade.
On the product key page, select ”Enter the product key,” and type the product key and click Next.
Accept the license terms and click Next.
Verify the Edition upgrade rules do not have any error. The SQL server is installed on the domain controller in my environment, so ignore the warning and click on Next.
Select the instance you want to upgrade. You can see the instance name and select that instance. In this case, MSSQLSERVER instance, which pointed out with evaluation. Select the instance and click Next.
Once the ”Ready to upgrade edition” page click upgrade.
The upgrade process will take about 5 mins to complete; wait if it even takes more than that.
Once the upgrade is over, you will get a complete status. All succeeded with a green tick stating that Microsoft SQL edition upgraded.
Now for to services and start the Microsoft SQL instance service, and you see the service running.
Conclusion:
In this article, we gone through troubleshooting the SQL server instance services not starting issue and upgrading the SQL server edition for a particular instance. If you want to learn more about MS SQL click here and for installation guidance click here.
I would like to hear from you if you come across any issues doing this or have any feedback to share. I look forward to sharing our thoughts in the comments section, and I sign off for now
In this article, we are going to demonstrate how to create a VM clone both portal and PowerShell script way. Using this guide, you can choose the portal or script to clone an Azure virtual machine based on your requirement and what you are comfortable with. The original virtual machine has been cloned by creating the Snapshot of OS disk and Data Disk using the portal.
The snapshots have been used to create managed disks and virtual machines created by attaching the managed disks. In the first part of the demonstration, we have created a virtual machine using the portal, and in the second part demonstration, we have created the virtual machine using the script and running it on the cloud shell. This tutorial is created to show the audience how it relates portal and PowerShell script to create the VMs, and you can use any one of these two methods to create VM. The portal method will be quick and easy, but PowerShell script would be granular, and you can automate the VM cloning.
The following topics discussed in this article; The parameters given in the demonstration are just examples; you can replace the parameters which is relevant to your environment and create cloned VMs. We start the article with VM cloning using the portal, and, in the end, we are going to discuss how to use the script to accomplish the same.
Cloning VM using Azure Portal
Cloning VM using Cloud Shell (PowerShell)
We have started this article with VM cloning using the portal, and, in the end, we are going to discuss how to use the script to accomplish the same.
Cloning VM using Azure Portal
Log in to https://portal.azure.com and go to the VM, which needs to be cloned. From the dashboard, select Virtual machines and the VM name to go to the VM object.
On the VM object, you can see the resource name, VM size, and Geo-Location, and so on. From this VM, we are going to take a snapshot of the OS and Data disks. So we are interested in navigating to Disks from the left navigation.
Create snapshot of OS Disk
This parent VM is a Microsoft SQL Server 2017 on Windows Server 2019. From the parent, on the disks view we see two disks. one disk is the Operating system disk, called OS disk, and another disk is the Data disk where the databases and its logs are stored. Click on each disk one by one and create a Snapshot of the disks.
From the previous image step, we selected the OS disk, and we are going to create a Snapshot of the OS disk first and, subsequently, the Data disk. Click on OS disk and get the OS disk management properties.
Click Create Snapshot to create an OS disk snapshot.
On the “create a snapshot window,” we will provide the details such as resource group name, snapshot name, and so on. It is good to create the clone VM in a separate resource group, away from where the original VM exists. Once the cloned VM purpose is over, delete that resource group to remove all the related resources to make it clean tidy.
Once a resource group has been created or selected based on your scenario, type Snapshot name, and select storage type. As this is a demo, I have chosen Standard HDD.
Creating OS snapshot will be started once you confirm the validation check is passed and Create Snapshot clicked.
On the next screen, the deployment of the resource is complete. In this case, the creating of OS disk snapshot.
Create a snapshot of Data Disk
As the OS disk snapshot is created, we are making the Snapshot of the data disk, go to the Disks navigation on the VM management page and click on data disk as shown in the image below.
Click Create Snapshot, this time we are create data disk snapshot.
Select the same resource group you have created or selected in the previous Snapshot of OS disk snapshot and move on to naming the data disk snapshot. Same as the last occasion, we are choosing the Standard HDD as this is just a demonstration.
Click on the Review + Create button to move on to create the Snapshot.
Verify the validation passed by checking the green tick mark and click on Create.
The Data disk snapshot also completed, as shown in the image below, you would get the deployment completed message, so you have finished creating a Snapshot of OS disk and Data disk.
Create Managed Disks from Snapshots
The next step in this process is creating managed disks from the snapshots. Select the menu icon (three horizontal lines) on the Azure portal and click “Create Resource.”
Search the key word “Managed Disks”
You will see the managed disks option and click create from the bottom of it.
Select the Resource group where the snapshots exist.
Type a name for the managed disk for OS disk snapshot
Select Source type as Snapshot
Select the OS disk snapshot Source snapshot
The size of the managed disk must be the size of the original OS disk.
Once you enter the details, go to Create and Review and check for ‘validation passed’ indication and click Create.
You will get the message deployment is complete.
Same way, create a managed disk from the data disk snapshot.
Select the Resource group where the Snapshot exists.
Type a name for the managed disk for Data disk snapshot
Select Source type as Snapshot
Select the Data disk snapshot Source snapshot
The size of the managed disk must be the size of the Original Data disk.
Click Review + Create, and it will run validation.
You will get the ‘validation passed’ indication click create the Data managed disk.
Upon the completion of Data managed disk creation, you will get “Your deployment is complete” message.
Go to the Resource Group, where the managed disk created, and open the OS managed disk.
Create VM clone from Managed Disk
From the OS disk managed disk control, create VM as in the image below.
On the Create Virtual Machine window,
Select the Resource Group where managed disk exists
Type a name for the virtual machine
Select the OS disk managed disk as Image
Select the VM size from the drop-down list, recommended using the same size as the original VM.
Choose Windows Server as License type
And select the option whether you have a license or not. If you are not sure about this, click No.
Click Next Disks to go to disk selection.
On the Disks page, select attach on the data disk attach column.
On the existing disks list, select the data managed disk.
Once the data disk is selected, select read-only from the host caching drop-down.
On the virtual network page, select the Virtual network of the original VM or the one assigned on VPN, if point to site is configured to access the VMs.
Select the subnet that is matching to original VM.
And leave the public IP to create an IP.
Click Review + Create and wait for validation to complete.
Once you see the validation passed prompt click create to create the VM.
After the virtual machine’s deployment is complete, click Go to Resource to go to the VM management page.
You can now copy the public IP and login to the VM with the Original VM user account.
The RDP screen of Cloned is VM shown in the below screenshot.
Conclusion
In this demonstration, we have walked through the steps to create a cloned Virtual Machine using the Azure portal. We created Snapshot of OS disk and Data Disk and created managed disks from those snapshots. If your Virtual machine has only OS disk, ignore the data disk part while creating Snapshot and managed disk. Also, create the cloned VM only with OS disk. Most of the scenario requires data disks also to be cloned. So, having that in my intention, I have created a cloned VM with a Data disk. Your mileage may vary.
I hope the portal way of creating a cloned Virtual Machine is comprehensive. We will do the same type of cloning using a cloud shell (PowerShell). Click the link below to go to “Cloning VM using PowerShell” Cloning VM using PowerShell demonstration. I will be right with you in that article.
If you have any comments or feedback, please feel free to send it to me in the comments. I will reply to you when I get it.
In the previous article of this two-part series, we have demonstrated Azure Virtual Machine cloning using the Azure portal. If you have not seen that article, click on the link above and come back to this part as you may want to use the GUI way of cloning as most Azure administrators like the GUI method as it will cover most of the things graphically and easy for you to follow. If you are a PowerShell script person, you continue reading and creating the VM clone, taking the given script, modifying the parameters, and applying it to your environment or need. Guess what, you clone Azure Virtual Machine without any difference from the GUI method.
The snapshot name is the same as the Azure portal method of creating clone and I thought we do not use the same snapshot for this article. But I changed my mind as it will be easy for advanced Azure administrators, but it would be hard to follow for new Azure administrators as they might not know how the snapshot created and the steps to follow. Creating a snapshot for this article would also help viewers not go back and forth between parts 1 and 2 to create a snapshot.
In this part 2 of the two-part article, we will look at creating snapshots of OS and Data disks, a deep explanation about each command on the PowerShell script given on the line above it. When you are ready, let’s look at this demonstration’s breeze, and bingo, the Azure cloned VM is ready to use.
Clone Azure Virtual Machine using PowerShell
The virtual machine used in part 1 to create cloned VM is the one we will use here to create a clone on a new resource group. The Azure VM that we are cloning with PowerShell is the one shown in the below screenshot. We will use the same method to create a snapshot for this demonstration, also. I would recommend following the same steps that I have outlined below for creating a clone using PowerShell.
On the Virtual machine management page, click disks at the left side navigation, and you would find two disks. One disk is the OS disk, and another is the Data disk. If you have only one disk, i.e., OS disk, take a snapshot of the OS disk and don’t run the script’s data disk-related commands. As most VM uses one or more data disks, I have decided to demonstrate the cloning for an Azure VM where the data disk is included.
As we will create a snapshot for the OS disk first, click the OS disk on top and create a snapshot.
On the OS disk overview page, click Create snapshot, as shown in the screen below.
Create a new resource group which is relevant to your scenario,
Type a name for the snapshot
Select the storage type and click the Review + create button.
Verify the validation is passed on the review page and click create to create a snapshot of the Virtual Machine’s OS disk.
Once the OS disk snapshot deployment is complete, you would see a deployment status, as shown below.
We have created a snapshot of the OS disk successfully. The next step is to create a snapshot of the Data disk. Go to the disks page of VM, and you would find the data disk and select it.
On the Data disk overview page, the same as we did the OS disk snapshot, click Create snapshot to create this disk’s snapshot.
Create a new resource group which is relevant to your scenario,
Type a name for the snapshot
Select the storage type and click the Review + create button.
Verify the validation is passed on the review page and click create to create a snapshot of the Virtual Machine’s Data disk
The Data disk snapshot was created successfully. The below screenshot shows that deployment is complete. So we have completed creating the OS disk and the Data Disk snapshots. The next step is to create a script and run it on the cloud shell.
As shown in the screen capture below, click on the cloud shell icon to open the cloud shell on the Azure portal. You can log in to Azure Powershell ISE and run the script. But the cloud shell is good enough for this demonstration.
The below script is for the demonstration. I would recommend you modify the script as per your need. I have given the illustration of each command on top of the command.
# Replace the Subscription ID matching to your Azure subscription
Select-AzSubscription -SubscriptionId '7xx23xxx-5874-7da5-b65c-a37b4e78ff23'
# Assign Resource Group name where the snapshots have been created.
$RGName ='Clone-Demo-Shell'
# Assign snapshot name of the OS disk (provided on creating snapshot) to a variable
$OSSnapshotName = 'DBSRV2019-OSDISK-SnapShot'
# Assign a Managed OS Disk name to a variable
$OSDiskName = 'DBSRV2019-OSDISK-Managed_Disk-Shell'
# Choose between Standard_LRS and Premium_LRS
$StorageType = 'Standard_LRS'
# Get the value of Geo location from the snapshot and assign the value to GeoLocation variable
$GeoLocation = 'westus'
# Retrieve the values of snapshot for the OS Snapshot
$OSSnapshot = Get-AzSnapshot -ResourceGroupName $RGName -SnapshotName $OSSnapshotName
# Create a configurable OS disk object from the details of storage type Geo Location and snapshot ID
$OSDiskConfig = New-AzDiskConfig -AccountType $StorageType -Location $GeoLocation -CreateOption Copy -SourceResourceId $OSSnapshot.Id
# Create a Managed OS Disk from the OS disk Configuration
$OSDisk = New-AzDisk -Disk $OSdiskConfig -ResourceGroupName $RGName -DiskName $OSDiskName
# Assign snapshot name of the data disk that has been provided on creating snapshot
$DatasnapshotName = 'DBSRV2019-DataDisk-Snapshot'
# Assign a Managed Data Disk name to a variable
$DatadiskName = 'DBSRV2019-DataDisk-ManagedDisk-Shell'
# Retrieve the values of snapshot for the Data Snapshot
$DataSnapshot = Get-AzSnapshot -ResourceGroupName $RGName -SnapshotName $DatasnapshotName
# Create a configurable data disk object from the details of storage type Geo Location and snapshot ID
$DatadiskConfig = New-AzDiskConfig -AccountType $StorageType -Location $geolocation -CreateOption Copy -SourceResourceId $DataSnapshot.Id
# Create a Managed Data Disk from the data disk Configuration
$Datadisk = New-AzDisk -Disk $DatadiskConfig -ResourceGroupName $RGName -DiskName $DataDiskName
# Assign the value of virtual network name to VNetName variable (replace the name with the one that your virtual network name)
$VNetName = 'Demo-vnet'
# Assign a variable as the Identity of the VM
$VMIdentity = 'DBSRV2019-Clone-Shell'
# Assign VM size ( for more VM sizes run Get-AzureRmVmSize with location name)
$VMSize = 'Standard_D4s_v3'
# Create a public IP and assign static IP address
$pip = New-AzPublicIpAddress -Name "ClonepublicIP$(Get-Random)" -ResourceGroupName $RGName -Location $GeoLocation -AllocationMethod Static
# Create an inbound network security group rule for port 3389
$nsgRuleRDP = New-AzNetworkSecurityRuleConfig -Name CloneNetworkSecurityGroupRuleRDP -Protocol Tcp -Direction Inbound -Priority 1000 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389 -Access Allow
# Create a network security group
$nsg = New-AzNetworkSecurityGroup -ResourceGroupName $RGName -Location $geolocation -Name CloneNetworkSecurityGroup -SecurityRules $nsgRuleRDP
# The VNET assigned to the clone VM has to be same as Source VM resource Group
$RGNameVnet ='Demo'
# Retrieve the Virtual network details with the Virtual network residing resource group
$vnet = Get-AzVirtualNetwork -Name $VNetName -ResourceGroupName $RGNameVnet
# Create a Network Interface Card
$nic = New-AzNetworkInterface -Name CloneNic -ResourceGroupName $RGName -Location $GeoLocation -SubnetId $vnet.Subnets[0].Id -PublicIpAddressId $pip.Id -NetworkSecurityGroupId $nsg.Id
# Create and assign the value to Virtual machine varriable with the VM identity and VM size
$VirtualMachine = New-AzVMConfig -VMName $VMIdentity -VMSize $VMSize
# Attach Data Disk to the confirguration with the datadisk.id from the data disk maanged disk
$VirtualMachine = Add-AzVMDataDisk -VM $VirtualMachine -Name $dataDiskName -ManagedDiskId $datadisk.id -Lun "0" -CreateOption "Attach"
# Attach OS Disk to the confirguration with the osdisk.id from the OS managed disk and type of operating system on the snapshot
$VirtualMachine = Set-AzVMOSDisk -VM $VirtualMachine -ManagedDiskId $osdisk.Id -CreateOption Attach -Windows
# Add virtual network interface using the NIC ID and assign the value to $VirtualMachine
$VirtualMachine = Add-AzVMNetworkInterface -VM $VirtualMachine -Id $nic.Id
# Create the virtual machine with above details and Managed Disks
New-AzVM -VM $VirtualMachine -ResourceGroupName $RGName -Location $GeoLocation
I have run the above script on the cloud shell, and you can see at the end of the script output that the Virtual Machine is created successfully.
The newly created cloned VM overview page is shown in the screen capture below. Click connect and use the same credentials that you are using for the original VM to RDP to this cloned Virtual Machine.
The RDP screen is shown in the below image that the cloned virtual machine that we have created.
Conclusion
Here is the end of a two-part article of clone Azure virtual machine from the original one using the Azure portal and Azure cloud shell (using PowerShell). We have achieved the same result by using the method in the first part and the Azure portal method or GUI way of creating VM and, in the second part, also Cloudshell way of creating Azure VM. So use the method you are comfortable with and your use case.
I’m delighted to create this article to post it on my blog. You may have some questions or feedback on this article. If you have any, send on the comment below to respond to them at the earliest.
Microsoft SQL Server 2019 is a new personification of the familiar relational database management system. The latest version of the Transact-SQL system gives a mission-critical performance and lowest vulnerabilities among other RDBMS servers. Microsoft SQL Server is a leading product in the database engine and management arena and used in the various level of need from SOHO environment to high transaction database server such as enterprise requirements. SQL Server 2019 Installation will be covered in this article with SQL server management studio installation access.
There are different editions of the SQL server from free express edition to Enterprise edition. The following list shows the different editions of SQL server 2019.
Express editions
Developer
Web
Standard
Enterprise
Express edition is a free and entry-level usage edition, and Enterprise is most robust in performance and data handling for high-level database transactions.
In this article, we are going to demonstrate the SQL server 2019 evaluation that gives 180 days trial to test and plan for your database needs. The installation of Microsoft SQL Server 2019 is straight forward and can be installed by any junior-level system administrators. We are also going to download and install SQL Server Management tools (SSMS) after the installation Microsoft SQL server database engine.
SQL Server 2019 Installation
You can download Microsoft SQL server 2019 from the link here https://www.microsoft.com/en-us/sql-server/sql-server-downloads#. Before starting the SQL server 2019 installation, make sure the Windows update is up to date, and the windows server is fully patched.
Once download the ISO, mount it as a DVD drive on the server that you are planning to install SQL server 2019. Double click the ISO file on the Windows server will mount the ISO file as a drive. Once the ISO file mounted, you can expand the directory on the windows explorer and right-click the setup executable file and run as administrator to start the installation.
The setup executable will open the SQL Server Installation center, as shown below. On the SQL server installation center, select an installation from the left side navigation and click on the link with the description “New SQL server standalone Installation or add features to an existing installation.” Clicking on the link will start the installation.
If you have already purchased one of the SQL Server editions, you can enter the product key and continue the installation, or you want to try the SQL server before buying the software, you can select Evaluation and continue with the installation. This is just a demonstration, so I choose Evaluation from the dropdown. Click Next to continue once the proper installation edition is selected.
The next page is agreeing to license terms, and you need to go through the license terms before continuing the installation. Once you have gone through and agree to the license terms, select the “I accept license terms and privacy statement” checkbox and click Next.
It is recommended to check for Microsoft updates before starting the installation, check the box neat to “Use Microsoft Update to check for updates” and click Next.
On the next screen, Install Rules would check various problems. In this demonstration, Install rules warned about the 1433 inbound rule on the Windows firewall to open for SQL server accessed from other servers or client computers. Click Next to continue the installation.
On the Features selection of setup wizard select the database engine feature and the installation path, you can also select the other features as you need. For this demonstration, we are only focused on the installation of a database engine, select the database engine feature, and click Next.
On the Instance configuration, we either go with default instance, or you can name the instance as you want. The default instance name is MSSQLSERVER, to make administration simple, we are going to select the default instance and click Next to continue.
Service accounts are utilized to make the SQL server database engine services more secure. You must create service access on Active Directory if you are in a domain environment and provide that service account here with the credentials. We leave the service account no utilized and click Next to continue.
On the database engine configuration, you can select an access-mode which is suitable for your need. There are two authentication modes on the SQL server. The Windows authentication mode is allowed authentication happens only with the Windows credentials, for example, Active Directory environment. In contrast, Mixed Mode will give you the ability to authenticate using Windows authentication as well as the SQL server authentication. You can change the authentication mode on the SQL server properties after the SQL server installation. Add current logged in user as a SQL server administrator and select relevant mode and click Next to continue, in this demonstration we stick with Windows Authentication.
Verify the features selected for installation, if you are not happy with the features you may always go back and change the selected by adding or removing features and come back here and click install to start the installation.
The installation progress screen helps you check the progress of the installation, and you should wait until the installation shows 100% completed.
Once the status of features installation complete, you can close out the installation wizard.
Install SQL Server Management Tools
The next step in setting up the SQL server is to install SQL Server Management Tools. Go back to the installation center and remain on the installation tab on the left side navigation and select SQL Server Management tools. You will get to the download page of SQL Server Management tools.
On the download page will open on the web browser of Microsoft site. Click on download SQL Server management studio, which will download the latest version of SQL Server management tools binaries.
On the Install page of SQL server management studio, either leave the default installation path, or if you want to install other installation, you need to specify here. Once the installation path has been pointed, click Install to start the installation.
The Microsoft SQL Management Studio installation progress will give you the status of installation and the progress of the installation.
Once the installation is completed, you will get a message saying setup completed. Click close to closeout the installation wizard.
The SQL server management studio can be accessed from the Start menu of the Windows server. The management tools can also be installed on a desktop computer installed with Windows client operating system such as Windows 10.
The SQL Server Management Studio will prompt for administrator login as in the screen below. It will use the currently logged in user to access the database engine on the windows server. Click connect to open SQL server database engine.
Once the object explorer of the SQL server opened on the SQL Server Management Studio, you can access the various SQL server management features to control and configure them.
Conclusion
In this article, we have demonstrated the installation of SQL Server and SQL server management tools. We have gone through the installation elements one by one, and the primary selection is SQL server edition and features.
We have posted a lot of other Windows server roles and server products on the Blog site here. You may have some questions or feedback to share with me, please click the comments below and share your thoughts. I am so happy to answer your questions.
Folder redirection is a group policy setting which used to store user data on the profile, usually Documents, Desktop, and so on stored on a server share. By using these policy settings, the domain users assigned to the folder redirection will get the same data when they log in from a different computer. So, the users can move from one computer to another computer and retain the data stored on the profile. Folder redirection is also helpful to back up the user’s data at the server level, so the user’s data will not be scattered and lost when the user computer is down or disk problem. Let’s get to how to Redirect Folders in Windows Server 2019
In this article, I have demonstrated the folder redirection setup with redirect folder shared on the domain controller and applied group policy to a domain-joined client computer.
The following key points demonstrated and explained to setup folder direction on your environment.
Create a security group and add test user as a member
Create a folder to store the redirected file
Configure security settings and share the folder
Create group policy and link it to company users OU
Redirect documents folder with offline access
Test folder redirection policy with Windows 10 client computer
Create a security group and add test user as a member for Folder Redirection
We are going to create a security group in Active Directory and add a test user as a member to it assign permission for redirect folder shared on the server and filter the group to permit group policy settings to apply. To create a security group, we need to launch Active Directory Users and Computers from the tools menu of the Server Manager.
The security group can be created on the OU that is relevant to your environment. In this demonstration, there is an OU called Users under Company OU. Right-click on Users OU and point to New and click group.
Type a descriptive group name, her I named Folder-redirect-Users, and leave the group scope to Global and group type to security and click OK.
Right-click on the group just created, and go to properties to add members to the security group.
Go to Members tab and click add to add members to the group.
I have added a test user for this demonstration, once users are added click OK and close out the Active Directory Users and Computer management snap-in.
Create a folder to store the redirected file
The folder redirection needs a shared folder on the server. Share it with the security group so that the user’s data will be stored in that folder. On windows explorer, go to the home tab and click New folder to create a folder. You can right-click on the windows explorer pane and create a new folder as well.
A new folder with the name Redirect is created on the data drive, as in the picture below.
Configure security settings and share the folder
We are going to set permission for the folder to store the user’s data with the highest level of security. Right-click the Redirect folder and click properties and go to the security tab and select advanced.
On the advanced properties disable inheritance, you will get a popup window to select a type of permission option you want to have for ease of further permission assignment.
To retain some of the permissions to tweak, select “Convert inherited permissions into explicit permissions on the object.” And click Add to go to permission entry for the redirect folder.
On the Permission entry, select the principal to add the security group that we had created before. In this case, Folder-Redirect-Users is the group name and click OK.
The permission type is Allow and applies to the folder that we are in and its subfolder and files. On the basic permission, leave full control and select all other checkboxes and click OK.
As we have added the security group and disabled inheritance, click OK and go to the Sharing tab on the same property settings.
On the Sharing tab of properties, click advanced sharing to share this folder and give share permissions to the security group.
Remove Everyone share permission and add the security group and check Full Control that will add remaining sharing permission.
Click on the Advanced sharing tab and closeout folder properties. We have set security permission and share permission.
Create group policy and link it to company users OU
The next step in the folder redirection setup is to create a GPO and link it to the OU where the active directory user object resides. To launch the Group policy management console, go to the server manager, click the Tools menu, and select Group Policy management as in the picture below.
Expand the group policy management until the Users OU and click Create a GPO in the domain, and link it here… to create a new Group Policy Object and link it to the Users OU.
Give New GPO a descriptive name and click OK. In this demo, I have given Folder Redirect Policy.
Redirect documents folder with offline access
Once GPO created, right-click and edit the policy to modify the settings of the folder redirection policy settings.
Before going into group policy settings go back to the folder that we had created for folder redirection properties and on the sharing tab take down the Network path to use it on the folder redirection policy settings.
Return to the Folder-redirect-policy GPO and expand the GPO until Folder Redirection policy settings.
The path is User Configuration -> Policies -> Windows Settings -> Folder Redirection
In this demonstration, we are going to see the Folder redirection for the Documents folder. To make it simple and understandable, we are going to set up only one folder here. These settings apply to all other folders and have to go through the same settings to set them up.
Right-click Documents folder and go to properties, and on the target tab, choose a setting basic or advanced, in this demo basic is selected under settings property, that is “Redirect everyone’s folder to the same location.” On the Target folder location, the option “Created a folder for each user under the root path” selected and Root path is the one we have taken down in the previous step, which is the shared folder created earlier. Click Apply and move on to settings.
On the settings tab following option is selected and explained below. The option
Grant the user exclusive rights to Documents – This checkbox is for the user data on the shared folder only exclusively available for the particular user to access, for the administrator to access, the owner’s permission has to be set.
Move the contents of Documents to the new location. This checkbox is for if the folder on the local path has some documents or files in it that will be moved to the respective shared folder.
Redirect the folder back to the local user profile location when the policy is removed. This option is for offline access to the files, and also, when the policy is removed, the user will have the documents on the local profile.
Click OK to accept the settings modified so far.
There will be a warning message popped out as we have not selected the support for the older client operating system. Select yes and closeout the group policy management console, go to Windows 10 client computer to test the folder redirection.
We have returned to Group Policy management editor, so we can either set up other folders as we want or if we have completed, we can close the management edit and management console and test the Windows 10 client.
Test Folder Redirection policy
We are on the Windows 10 client computer and try to login as a test user with credentials.
Once logged on to the Windows 10 client computer, open command prompt window, and type below command.
Gpupdate /force
The command will prompt to logoff and login as the user to apply the policy. Click ‘y’ on the prompt and let the client system logoff.
Now, to confirm folder direction work, right-click documents folder, and click properties.
If you look closely, the location of the documents folder is on the shared drive.
We are going to do one more test whether we can create a file and save them, we have created a test file and save it to the documents folder.
If you goto the network share and the user Redirect folder, you can see the file created in the folder under network share.
Conclusion
In this article, we have gone through the settings of redirect folders in Windows Server 2019 using a group policy object. On demonstrating the concept, we created a folder and shared it with a security group. A new GPO has been created and set up the folder redirection for the documents for the user’s profile data. We also have demonstrated the folder redirection test with Windows 10 client.
If you want to go through my other articles about Windows Server 2019, you can visit the link Get an Admin
You can use this article to setup folder redirection in your environment. You may have some questions or feedback to share with me, please click the comments below and share your thoughts. I am so happy to answer your questions.
