OK, funny story. A Windows Azure virtual network with the name MDS-vNET1; no problem. A Windows Azure cloud service with a production deployment slot associated with a virtual network with the name MDS-vNet1; no problem. Try to combine those two; problem. So let me give you a few more details. Everything in this setup was …
Author Archives: Morgan Simonsen
App Controller and Azure HighMemory SKUs
We are all aware of the lag between the evolution of the Windows Server platform and the System Center suite. It always takes some time from when a new feature in Windows Server is released, before it is supported in the System Center products. Now, it seems, this applies to Windows Azure as well. Consider …
Active Directory Domain Controllers and certificate auto-enrollment
Introduction to auto-enrollment Auto-enrollment is a useful feature of Active Directory Certificate Services (AD CS). It allows the administrator to configure subjects to automatically enroll for certificates, retrieve issued certificates, and renew expiring certificates without requiring subject interaction. The subject does not need to be aware of any certificate operations, unless you configure the certificate …
Continue reading “Active Directory Domain Controllers and certificate auto-enrollment”
How to manage multiple Windows Azure subscriptions with PowerShell
You can have several Windows Azure subscriptions defined in Windows Azure PowerShell. This lets you easily manage several subscriptions from the same PowerShell console. These are the steps required to add a new Windows Azure Subscription to your Windows Azure PowerShell profile: Generate a management certificate: makecert.exe -pe -n “CN=<certificate subject>” -ss My –r <certificate …
Continue reading “How to manage multiple Windows Azure subscriptions with PowerShell”
What does the “This certificate has an invalid digital signature.” message actually mean?
I recently got a new Asus RT-N66U Dark Knight. One of my main reasons for selecting this router was its ability to run the DD-WRT custom firmware. DD-WRT offers a host of cool features, among these is the ability to do web based administration on the router’s WAN interface. Basically you can fire up your …
How not to improve the security of your ADFS deployment
Introduction I was involved in an ADFS deployment recently where the customer wanted to restrict access from the Internet to their ADFS proxy servers, located on their DMZ. They used ADFS to federate with Windows Azure Active Directory so they only wanted to allow traffic from the Microsoft Online Security Token Service (STS) servers into …
Continue reading “How not to improve the security of your ADFS deployment”
New PowerShell module for Windows Azure Active Directory
A new version of the PowerShell module for Windows Azure Active Directory is available. This module was previously know as the Microsoft Online PowerShell module. The cmdlets all have the word MSOL in them, and the modules are called MSOnline and MSOnlineExtended. The version is still 1.0.0 as were the previous module. New in this …
Continue reading “New PowerShell module for Windows Azure Active Directory”
Understanding X.509 digital certificate thumbprints
Introduction I got an interesting question about X.509 certificate thumbprints today from a colleague. Specifically, he wanted to know if you could renew a certificate and keep the thumbprint. The answer is no, unfortunately. So I thought I would explain why you can’t. Certificate storage The X.509 standard was first issued in 1988 and is …
Continue reading “Understanding X.509 digital certificate thumbprints”
Norwegian content: How to integrate your on-premise Active Directory with Windows Azure Active Directory
I have published a 5 part blog series on the Norwegian Microsoft TechNet Blog, with step by step instructions for setting up integration between your on-premise Window Server Active Directory Directory Service and Windows Azure Active Directory. It covers concepts, single-sign on with ADFS, Directory Synchronization with the DirSync Tool and troubleshooting. So if you …
App Controller to SQL firewall requirements
So here’s a quick one… App Controller needs the following services/ports open on the SQL server it is configured to talk to during install: SQL (duh!) (Port TCP 1433) Remote Service Management (RPC SCManager UUID 367ABB81-9844-35F1-AD32-98F038001003) Windows Management Instrumentation (WMI) If these are open the App Controller installer can automatically detect the SQL instance and …
Continue reading “App Controller to SQL firewall requirements”