Create a Simple Azure Web App with PowerShell

Hello, this post will show you the steps to create a free, very simple web app in the Microsoft Azure platform using PowerShell.

You will need an existing subscription or sign up for a new one to follow this post. The app service plan selected is the free tier so you will not be charged / count against your Azure credits.

Visio diagram of azure resource group, app service plan and web app

Use must have Azure PowerShell installed. You can get it from the Azure Microsoft site.

azure-powershell

Authenticate to Azure using Azure Resource Manager:

You can list your subscriptions with the following command (the command on the second line will output just the subscription names):

Select the subscription you want to use:

Create a Resource Group:

Tags are a great way to manage resources and are created in PowerShell using a hashtable.

Create an App Service Plan:

Create a Web App:

Note: The web app name must be globally unique. Creating the web app will create the URL: http://webappname.azurewebsites.net.

If your deployment fails, check for the error message: New-AzureRmWebApp : Website with given name simple-web-app134 already exists.

Change the name of the web app or add a random number onto the end.

That’s it. You should now be able to browse to the default template by entering the URL: yoursitename.azurewebsites.net.

Browsing to the newly created site in google chrome http://simple-web-app134.azurewebsites.net/

To delete all of the resources (warning, this will delete everything in the resource group, make sure you are targeting the correct resource group). Add the -Force switch parameter if you don’t want the confirmation prompts:

This is handy when using the app service plans that cost money. I sometimes create a standard plan for trying out deployment slots, so I will use it while testing, then delete it afterwards. If I need it again, I’ll simply run the PowerShell commands again.

I’ve scripted this out and put it on github with variables if you’re interested in taking a look.

That’s it for now, cheers.

Azure Active Directory Connect Unable to connect to the Synchronization Service

Error message when trying to run Azure Active Directory Connect = Unable to connect to the Synchronization Service. Some possible reasons are: 1) The service is not started. 2) Your account is not a member of a required security group. See the Synchronization documentation for details.

Unable to connect to the synchronization service

Check Service

First check the service is running. Use services.msc or PowerShell.

If it’s stopped, start it.

Run the Synchronization Service as administrator

From Taskbar

Right click Synchronization Service icon

Right click Synchronization Service

Select Run as administrator

run as administrator from taskbar

From Apps menu

Right Click on Synchronization Service

Select Run as administrator

runas administrator from apps menu

 

 

WordPress stuck in maintenance mode

I was updating a couple of plugins in this WordPress site, which I usually do when I get update notifications with no issues. This time however the message in the screenshot below appeared and would not go away.

Briefly unavailable for scheduled maintenance. Check back in a minute.

To fix this, you need to rename or delete the .maintenance file.

cPanel

Login to cPanel and click on File Manager

cPanel file manager

Click on the public_html directory

The file is hidden (it’s preceded with a .), so to view hidden files click on Settings on the top right of the page.

cPanel settings, checked show hidden files (dotfiles) check box

Check the Show hidden files box and click save

You will now see the .maintenance file, rename or delete it and you should be able to access your site again.

 

 

 

Azure backup server, SMTP with anonymous authentication

While configuring an Azure backup server, I was trying to set the SMTP settings with anonymous authentication to email notifications, but kept getting the following error:

ID: 2013
Details: The user name or password is incorrect

ID: 2013 Details: The user name or password is incorrect

Quick Fix

Create a local user (with stupidly long and complex password). Add the user to the Adminstrators group. Use these details for the Username (servername\username) and Password.

Overview

To configure the SMTP server settings go to Management on the left hand side

Azure backup management menu

The click Options in the tool bar across the top.

Azure backup options button

Ideally, I did not want to enter any details here because there because it technically there aren’t any (our SMTP server is provided by our ISP and is authenticated by our IP address). I kept getting the ID 2013 error. When I used a domain user, I still got the error. Creating a local user and using those details, the same error. It was only when I made the user a member of the local Administrators group was I able to send a test email successfully.

Azure backup SMTP server settings

Despite it saying “The username entered should domain account name of person whose “From” address is mentioned above, otherwise notification delivery will fail” it didn’t matter. A local server account was fine as long as it was in the Administrators group… not ideal but at least notifications will work.

This issue is in Data Protection Manager (DPM) and thanks to this post, Anonymous SMTP for DPM  which gave me the solution of adding the local user to the Administrators group (number 2 on the page, deleting the registry keys as described in solution 1 did not work for me).

 

Cheers.

Unblocking Files downloaded from the Internet

First off, make sure you trust the source of where you downloaded the files from, only download from legitimate sites you trust and check the SSL certificate if needs be.

Browse to the excellent Sysinternals page on Microsoft’s technet site. Right click the Download Sysinternals Suite link and select “Save link as…” and choose a location to save it to your PC.

If you were to right click on the download zip file and extract the contents and run the programs or view the help files, you will get the Open File – Security Warning dialogue box pop up each time you run it and the help files will not have any contents.

Open File Security Warning
Open File Security Warning

To remove this warning (you of course got the file(s) from a trustworthy source), you can right click on the downloaded zip file, select “Properties”, check the “Unblock” checkbox and click apply. When you extract the zip file, all the files will be unblocked.

unblock a file
Unblock a file

To do this in PowerShell use the Unblock-File command.

This will have the same effect checking the Unblock checkbox.

If you’ve already extracted the files and forgot to unblock them, use the PowerShell command again with the path to the folder containing the files with \* on the end.

 

Azure PowerShell login and create resource group

I’ve been doing lots of work with Azure recently (especially using PowerShell) so thought I’d dump some of the stuff I’ve learnt along the way here… it’s been a while.

This small guide will show you how to login to Azure using PowerShell, view and select your subscriptions and then create a Resource Group that will be provisioned in the Azure Portal.

I’ve messed about with the classic portal a bit, but Resource Manager (RM) is the way to go… you’ll see Rm in the PowerShell nouns to signify that it is a Resource Manager cmdlet.

First you need to install Azure PowerShell to get all that Azure PowerShell goodness… once you’re done (the instructions are clear and easy to follow) come back here and continue below.

Login to your Azure RM account

Get Azure RM subscriptions

Set your Azure RM subscription to work in (one of mine is called Pay-As-You-Go)

Create an Azure RM resource group

This creates a Resource Group called ps-test in the North Europe region with the tag “Created By Matt”

Go to the portal and you should see the newly created resource group (make sure you have selected the correct subscription if you have more than one).

Azure Resource Group deployed by PowerShell
Azure Portal

 

Tags are great and an excellent way to organise your resources, you can also use them to report on costs and usage.

That’s a simple demo of login into Azure with PowerShell, selecting a subscription and then deploying a resource group which is used as a container to help keep track of resources for VMs, Apps, Databases etc.

Check file hash with PowerShell version 4 & 5

Note: Tested using PowerShell Version 4

A quick way to check the hash of a file is to use PowerShell’s Get-FileHash Cmdlet along with the Compare-Object Cmdlet.

You may want to check the file you’ve downloaded from the Internet hasn’t been changed and websites sometimes have the file hashes to verify this.

In the code below, copy the file hash from the website and paste it in after the ReferenceObject parameter, input the algorithm that was used to produce the hash after the Algorithm parameter and then input the Path to the downloaded file.

Example

After downloading WinDirStat to my C:\Downloads directory, I can check the SHA1 hash by running the following command.

WinDirStat download page
WinDirStat file hashes

Output of Get-FileHash in PowerShell
Output of Get-FileHash

-IncludeEqual

The IncludeEqual parameter is optional. If you don’t use it and the objects match,  PowerShell will return to the command prompt with no output displayed from running the command. The IncludeEqual parameter will display the InputObject, in this case the hash value and two equals signs to show that the objects (hashes in this case) match.

 

Hashes don’t match

If the hashes don’t match, the hash from the file will be displayed along with the hash that was pasted in. The <= shows the first compared object, in this case the pasted hash and the => shows the second compared object, the hash from the file.

For the screenshot below, I changed the end character of the pasted hash value to show what is displayed when the values don’t match.

Output of Get-FileHash in PowerShell, hashes don't match
Output of Get-FileHash, hashes don’t match

 

 

 

Installing Dig on Windows 8.1

This post will show you how to install Dig (Domain Information Groper) on Windows 8.1. Dig is a DNS (Domain Name System) command that gives you lots more information than NSlookup, but is not installed on Windows by default.

Download from https://www.isc.org/downloads/

Under the BIND heading, click the download button of the “Current-stable” release.

Select current stable version
Select current stable version

 

Select your version (32-bit, 64-bit)

Download options of Dig for Windows
Download options of Dig for Windows

Right click on the download, select “Extract All…” and extract the package to your chosen location

Extract All menu
Extract menu

 

I’ve put it in C:\Program Files

extract files location
extract files location

Depending on where you extract the files, you may have to provide administrator permission (check the “Do this for all current items” check box and click Continue).

Give administrator permission to copy files
Confirm administrator permission to copy files

You can now use Dig via the command line by opening a command prompt, changing directory to where you copied the Dig.exe file and running the Dig command.

 

Running Dig straight from the extracted directory
Running Dig straight from the extracted directory

 

Advanced: adding Dig to your Path

If you would like to run the Dig command from anywhere in the command prompt (and you probably don’t want to always have to go to the the directory to just run the command) you have to add it to your Path.

Be careful when doing this.. you’ve been warned!

Right click on the windows button (usually bottom right of screen) and select “System”

Right click on Windows button (usually bottom right).
Right click on Windows button

 

Or search for “System” and select the result that just says “System”

Search for system and select system
Use the search function to find system

 

Select “Advanced system settings”

System screen, select Advanced System Settings
System

 

Select “Environment Variables…”

System Properties screen, select environment variables
System Properties screen

 

Under “System variables” select Path then “Edit…”

Select "Path" under System Variables

 

Go to the end of the “Variable value” input box, enter a semi colon directly after the last variable value (no space) followed by the path where you extracted your files. In my example, I have entered ;C:\Program Files\BIND9.10.0-P2.x64

Edit system variable, enter a semi colon then the path to the dig.exe

The end of my variable value text box contains:

C:\ProgramFiles(x86)\ATITechnologies\ATI.ACE\CoreStatic;%systemroot%\idmu\common;C:\ProgramFiles\BIND9.10.0-P2.x64

Click “OK” to close all the dialogue boxes.

You have to close your Command Prompt and open a new one for the
Path to be updated.
Tip: to check what’s in your path, type “path” at your command prompt.

You should now be able to run the “dig” command from any location in the command prompt.

Type dig -h at the prompt and you should see the help file.

Dig installed and added to the path variable

Type dig followed by a domain name to view the information.

 

Permission denied deleting user directories and files Windows SBS

I came across an issue removing user’s directories and files from Windows Small Business Server (SBS) 2011. Even though I was using my account that is in the Domain Administrators group that is an administrator on the server,.

I could delete some of the directories and files but not all of them and was met with a “Folder Access Denied”  advising that “you required permission from the computer’s administrator to make changes to this folder”.

Folder Access Denied. You need permission to perform this action.
Folder Access Denied

On some directories going to the Owner tab and manually selecting a new owner then deleting worked, but this is quite a slow and laborious process and didn’t work for all directories.

In the example below I’ll demonstrate how I overcame this using the command line. This example is for a user in the D:\Users\FolderRedirections directory (your user files may be located in a different area).

Open a command prompt as an administrator.

Navigate to the directory by using the “change directory” command.

D: cd Users\FolderRedirection\username
change directory to FolderRedirection

 

Use the “takeown” command to take ownership of the directories and folders (in this example I show it just for the Downloads directory).

The /F switch indicates the directory

/A gives ownership to the administrators group

/R recurse

/D Y gives the default answer of Y to take take ownership

(Use takeown /? to see full explanation)

takeown

I tried to delete the folders again but was greeted with the same prompt. Viewing the permissions I could see the administrators group had full permission but it still wouldn’t let me delete the files.

Using the command line again to run icacls.exe program command.

icacls-exe

processed file: Downloads Successfully processed 1 files; Failed processing 0 files
icacls result

Note, if you are doing this in PowerShell then you’ll have to hold the icacls parameters in a variable and pass it the the command.

 

Finally I could remove the directories.

I made this into a PowerShell script that I run to remove old user’s directories and files easily which I will post soon.

Note: on one occasion this didn’t work and after running the above process I had to go into the properties of the directory by right clicking and selecting properties and add my user account to full access (even though it was already in there).

 

 

 

 

PowerShell Remoting WinRM

When trying to enter a PowerShell session on a remote PC

you receive the following error:

Enter-PSSession : Connecting to remote server win7-pc01 failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic. At line:1 char:1 + Enter-PSSession win7-pc01 + ~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (win7-pc01:String) [Enter-PSSession], PSRemotingTransportException + FullyQualifiedErrorId : CreateRemoteRunspaceFailed

Go to the client computer and check to see if the WinRM service is running.

Status Name DisplayName ------ ---- ----------- Running WinDefend Windows Defender Running WinHttpAutoProx... WinHTTP Web Proxy Auto-Discovery Se... Running Winmgmt Windows Management Instrumentation Stopped WinRM Windows Remote Management (WS-Manag...

We need to start the WinRM service, run:

After that has completed, check the service is running by:

PS C:\> Start-Service -Name WinRM -Verbose VERBOSE: Performing operation "Start-Service" on Target "Windows Remote Management (WS-Management) (WinRM)". PS C:\> Get-Service -Name WinRM  Status   Name               DisplayName ------   ----               ----------- Running  WinRM              Windows Remote Management (WS-Manag...

Now we have to configure WinRM to recieve remote requested. Run:

Answer Y to the questions. You’ll set the service to start when the PC is booted up, create a listener to “listen” for WinRM requests and configure the Windows firewall to allow the WinRM traffic.

WinRM quickconfig

If you check your inbound connections on your firewall you’ll see the new rules added.
WinRM firewall settings after running winrm quickconfig

We should now be able to remotely connect to the client PC via PowerShell and run all the PowerShell commands on it:

PS C:\> Enter-PSSession -ComputerName win7-pc01 [win7-pc01]: PS C:\Users\administrator\Documents>

Hope this has helped.

Please note
This was done on my test network. Make sure you know the implications of opening up firewall ports and running WinRM on you PC(s).

For this post my test lab consists of a Windows Server 2012 R2 GC DC and a Windows 7 Enterprise client.