P2V, V2V and Migrate Vmware to Azure With One Tool–Microsoft Virtual Machine Convertor 3.0

We just posted several blog at parent site (www.ms4u.info). Feel free to check out below for

• Physical to Virtual Machine Conversion
• Vmware VM to Hyper V VM Conversion
• Migrate Vmware to Microsoft Azure

The above jobs completed by using Microsoft Virtual Machine Convertor 3.0

Error : The input object cannot be bound because it did not contain the information required to bind all mandatory parameters

 

Encountered above error message when try to create a container in a storage account.

“The input object cannot be bound because it did not contain the information required to bind all mandatory parameters”

Initially though related to management certificate. However I’ve created and uploaded management certificate. Yet still failed. After using google for a while, managed to locate a similar case. Credit to Stephel Owen (Microsoft MVP).

Here is the solution:-

1. Use Get-AzureSubscription cmdlet. Found missing “currentStorageAccountName” and not bind to Azure Subscription

2. Type Get-AzureStorageAccount cmdlet. It listed the result and it is exist.

Resolution:-

Set-AzureSubscription -SubscriptionName "Converted Windows Azure  MSDN - Visual Studio Premium" ` -CurrentStorageAccountName (Get-AzureStorageAccount).Label -PassThru

Verify by typing cmdlet- Get-AzureSubscription. Azure Storage Account Name has bind to Azure Subscription and we can proceed to create a container in Azure Storage.

Configure Active Directory Federation Services (ADFS) and Web Application Proxy

 

We have look on how to use AAD Connect (Azure Active Directory) to configure

• AAD Password Sync
• AAD Single Sign On

However the tool is still under preview 1 and not suitable for production use. Well, in this post let look into the supported configuration on configure Active Directory Federation Services (ADFS) and Web Application Proxy for single sign-on purpose.

[Pre-requisite]

1.Create the Distribution Services KDS Root Key using Windows Powershell in Windows Server 2012 DC.

Add-KdsRootKey –EffectiveImmediately

Wait 10 hours or longer depend on DC replication.

2.Create Group Manage Service Account.  A security group to hold ADFS server has created. Example:- ADFSGroup.

New-ADServiceAccount –Name MyAdminAccount –DNSHostname myAdminAccount.ms4u.local –PrincipalsAllowedToRetrieveManagedPassword “ADFSGroup”

Command format:-

New-ADServiceAccount -name <ServiceAccountName> -DNSHostName <fqdn> -PrincipalsAllowedToRetrieveManagedPassword <group>

Patient and wait ! Do not configure ADFS first!!!  Wait few hours till Managed Service Account appear from Active Directory Administrative Center.

3. Install the certificate to ADFS server farm and Web Proxy. (We are using fs.ms4u.local) . You can refer to here if you want to setup for lab purpose by using Internal CA.

[ Add roles ]

• ADFS VM – install Active Directory Federation Services
• Web Proxy – install Web Application Proxy from Remote Access roles
• MUST separate both roles into two different VMs. Do not put ADFS and Web Proxy into the same VM.

[ Configure ADFS –1st farm ]

After install ADFS roles, next step is start the wizard from Server Manager. Follow below simple step

• Select Create 1st federation
• Select Domain Admin ID that has permission on AD
• Select public certificate that you’ve generated and installed
• Define the Group Managed Service Account that you’ve defined in earlier step
• Select database. For small scale, you can select Windows Internal Database. Meanwhile, for more than 5 servers, it is recommended to setup SQL Server

[Add 2nd ADFS Server to server farm]

On subsequent ADFS Server Farm, select Add a federation server to a existing federation server farm.

• Specify domain admin account
• Enter your  primary Federation Server info
• Select the same public certificate that you’ve installed on 1st server
• Select the same Group Managed Service Account

[ Configure Web Application Proxy ]

Web Application proxy provides proxy functionality for Active Directory Federation Services (ADFS) to help system administrator secure access to an ADFS.

• In the Federation service name box, enter the fully qualified domain name (FQDN) of the AD FS server; for example, fs.ms4u.local
• Define local admin right on the federation server
• Select the same public certificate used by federation server

Voila !. That’s all the configuration. Now you’ve ADFS server farm and Web Application proxy server setup in your production environment.

Hope this simple guide assist and provide you a simple step to more forward.

Good luck on your setup!

Azure Active Directory Connect (AD Connect)with Single Sign On

 

In previous post, we have talked about AD Connect with Password Sync. This round, we are going to look at “Single Sign On” option. To do so, you’re require to prepare virtual machine

• Windows Server 2012 R2 for federation server
• Windows Server 2012 R2 for the Web Application Proxy
• An SSL certificate for the federation service name you intend to use. (for example: fs.ms4u.local)

Just to recap about AAD Connect :

AAD Connect streamlines the experience of extending your local directories into Azure AD so that fewer tools are required to install; it guides you through the entire experience so you are not required to read many pages of documentation; and it reduces the on-premises footprint because you are not required to deploy many servers.

AAD Connect is a single wizard that performs all of the steps you would otherwise have to do manually for connecting your Windows Server Active Directory to Azure Active Directory:

• It downloads and installs pre-requisites like the .NET Framework, Azure Active Directory PowerShell Module, and Microsoft Online Services Sign-In Assistant
• It downloads, installs and configures Dirsync (or AAD Sync), and enables it in your Azure AD directory.
• It configures either the password sync or the single sign-on scenario, depending on which sign-on option you prefer, including any required configuration in Azure.
• It checks to make sure that your configuration is working!

[Configuration]

• Select Sign On

• Enter a domain administrator account to connect to local domain

• Select features :- Exchange hybrid and password write cache

• Select how user should be identified in your on-premise directories

• Select to connect to existing ADFS Farm or build a new ADFS farm. Enter your certificate file with private key and password

• On ADFS and Web Proxy VM , execute winrn quickconfig

• Enter your ADFS server farm and Web Application proxy. Here you can enter multiple server that you would like AAD Connect to build

• Enter a domain user account which has local admin right on the federation server

• Create a group managed service account or use an existing domain user account

• Select the domain that you would like to be federated

Lastly review the summary and click Install to deploy. AAD Connect will start to deploy

• DirSync on existing VM that you have installed AAD Connect
• Install and Configure ADFS
• Install and Configure Web Application Proxy
• Start the initial synchronization

That complete the entire process. Easy right by using this tool. Well do bear in mind that at this moment AAD Connect is under Preview 1 and only can use in lab environment.

More related post:-

• Azure AD Connect with Password Sync

Happy New Year 2015

We (www.ms4u.info and www.ms4ucloud.info) would like to wishing our reader “Happy New Year 2015”. Thank you for being an important part of 2014 ! The passing year has been full of challenges and big victories. Here are some accomplishments from 2014:

• We had launched a new child site : www.ms4ucloud.info which focusing on Hybrid Cloud Solution
• We had posted total of 157 blog articles (www.ms4u.info) and 19 blog articles (www.ms4ucloud.info)
• We had selected by Packt Publishing and reviewed 2 books and 1 video
  • Hyper-V Network Virtualization Cookbook (Book)
  • Hyper-V Security (Book)
  • Building and Managing a Virtual Environment with Hyper-V Server 2012 R2 (Video)
• Renewal of blog sponsor from Veeam, Altaro, Starwind and Backup Chain.
• New blog sponsor from Savision

We look forward to 2015 with our sponsor and reader !