Quantcast
Channel: Azure Management Portal forum
Viewing all 4189 articles
Browse latest View live

azure terraform questions? are you able to answer basic questions.

September 27, 2019, 5:33 am
$
0
0

azure terraform questions?   are you able to answer basic questions.

Where do we place the OS image for terraform to associate with with directory where the *tf file is located?

Will *tf file overwrite any changes already in the OS image? These can be either Images in Microsoft market place or custom images.

If you cannot answer this question please provide a link or a resource on who can answer azure terraform questions that is recommended?,.. a good blog?   Does microsoft have a blog for azure terraform?

dsk



In this link below there are references to a OS image D v2class. Do we need to provide a path to the image? What is reference to Ubuntu storage_image_reference? Why this reference to Ubuntu when there is also a window D v2 image.
Search

Databricks resource locking breaks deployment of tags

October 21, 2019, 1:20 am
$
0
0

Hi,

some of our folks are using Databricks in Azure. The deployment of this service is extremely bad as it is creating a second locked resource group.

Even we as subscription and tenant admins cant delete this read-only lock? Is there really ANY reason why this is prohibited? A simple application shouldn't be able to lock itself down in a way even the tenant admin cannot undo this.

This resource-locking-thing breaks down ALL policies we carefully deployed, including resource owner tags we use to divide the occuring costs.

Did I miss something or is there really no solution to this?

Best regards,

Hendrik

Azure AD B2C fails

October 21, 2019, 5:00 am
$
0
0

We are using Azure AD B2C for user management for our application. It was working fine and suddenly it stopped working. It started working fine after 1 hour or so. We have checked in the app insights logs but there are not many details. This is the exception message - Exception Message:An internal error has occurred., CorrelationID:09d2d010-1ef2-4b27-bf0a-61beddf30761

We do not have any clue as what happened and why it started working again. Appreciate your help if you can provide any details.

Thanks,

Srinivas

“Inconsistent” behaviors when a ReadOnly lock is placed on a Storage Account

September 26, 2019, 8:22 am
$
0
0

Hey, I posted this thread in another site a while ago, but didn’t get any reply. I apologize if you saw this before.

Azure resource locks can be used to prevent accidentally deleting or modifying resources. ReadOnly lock means authorized users can read a resource, but they can't delete or update the resource. Resource Manager locks apply only to operations that happen in the management plane. The locks usually don't restrict how resources perform their own functions in the data plane.

However, applying ReadOnly can lead to unexpected results because some operations that seem like read operations actually require additional actions. For example, placing a ReadOnly lock on a storage account prevents all users from listing the keys. (https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources). But depending on your working history in the Portal, your experiences might be different. If you just listed the access keys of a storage account before placing a ReadOnly lock on the storage account, you could still be able to see the keys for a while. Is this because the keys are cached? However, if you start a new Portal session after placing the ReadOnly lock, you would get the message “The resource is locked”. That means you can list the access keys in one Portal session while getting denied from another Portal session at the same time.

You will also see different behaviors when accessing different storage account services. From the Portal session where you can still list the keys, you can still access Blob, File, Table and Queue services; and you can upload blobs to blob containers. However, in the new Portal session where the keys are no longer available, you can’t access File, Table and Queue services. Although you can still access Blob service, you can’t access blob containers. Of course, it is impossible to upload or download blobs/files.

It seems that eventually the “cached” keys would time out. (I don’t know how long it would take.) And the access keys become unavailable in both old and new Portal sessions. At that time, it is impossible to upload/download blobs/files to/from the storage account from the Portal. However, you can still perform data transfer by using Azure Storage Explorer as long as a connection had been established before the ReadOnly lock is placed, or you copied down the access key and set up a new connection.

Placing a ReadOnly lock to a storage account should not prevent data operations with the storage. But it seems in the Portal accessing different storage services needs the access keys. ReadOnly lock prevents getting the keys if it is not “cached” yet. Therefore, you may or may not be able to perform data transfer operations in the Portal.

I don’t know if my guess is correct or not. Hope someone can provide some real explanations. Is there a way to enforce the lock behavior, at least within the Portal, i.e. once the ReadOnly lock is placed on a storage account, we would get the same behavior, whether the operation is allowed or denied, in all existing or new Portal sessions?

What can Microsoft Authenticator / Azure access on your phone?

October 21, 2019, 8:02 pm
$
0
0

Hi,

What data can Microsoft Authenticator / Azure access on your phone?

I did search and check this, but didn't see anything specific to this app. Just making sure it doesn't have access to texts, photos, emails, etc. Thank you. 

Problem in Azure portal

September 6, 2019, 3:12 am
$
0
0

Hi,

I cannot view anymore the "Select All" view for the resource group field.

Is it something that Azure has changed?

How to resize tiles in Dashboards?

September 21, 2019, 2:31 am
$
0
0


Whenever I want to pin my Log Analytics query to a dashboard, the results are underwhelming.

How can I properly resize this? Every time I customize the tile size, half of the tile's space is taken up by margins or white space.

Azure Analysis Services Admin

September 30, 2019, 11:30 pm
$
0
0

Just wondering if this is a bug or a limitation? When you want to add a user or security group to the Azure Analysis Services Admin via SSMS this is allowed. Same goes for adding a user to the Azure Analysis Services Admin via the portal. However, when you want to add a security group via the portal nothing happens. You can click Add, select the group but when you add it it's not reflected and cannot be saved. Therefor I need to start SSMS and connect to each Analysis Service to add the security group.

The below image shows "obj:e84..."which is a security group normally named something like "MSC-SEC-GROUP" which I've added via SSMS, so the correct naming isn't used for groups as well within the portal.

So two things:

- I cannot add a security group to Analysis Services Admin via the portal

- The name of the security group added via SSMS isn't displayed correctly in the portal's Analysis Services Admins view

Search

The portal is having issues getting an authentication token. The experience rendered may be degraded.

October 22, 2019, 2:50 am
$
0
0
Hi all,
I am getting below error in Azure portal. 


Experiencing authentication issues
The portal is having issues getting an authentication token. The experience rendered may be degraded.

Additional information from the call to get a token:
Extension: microsoft_aad_protectioncenter
Resource: self
Details: Too Many Requests
------------------------------------------
Experiencing authentication issues
The portal is having issues getting an authentication token. The experience rendered may be degraded.

Additional information from the call to get a token:
Extension: microsoft_azure_support
Resource: self
Details: Too Many Requests

Any experience with this here? 
What may be the reason?

Export all that have Contributor role access

October 22, 2019, 1:26 pm
$
0
0
Anyone have a powershell cmd that will export all that have "Contributor" role access in Home\Subscriptions\Production - Access control (IAM)?

SSL offloading considerations for basic (sku) LB versus standard (sku) LB versus other 3rd party LB ( F5, IGINX) for azure cloud.

October 23, 2019, 2:26 pm
$
0
0

We have a couple application/web servers which we are currently using a single F5 with a certificate for these app/web servers.

The app/web servers are for internal users only ( no public access ).   Would the web functionality require a public IP or an internal IP?   These servers are also receiving information from an external vendor?,... how would we configure this as well?,... maybe we could separate out the web and app functions into separate VMs but this seems inefficient use of resources.

If we want to replace the F5 with a basic (sku) LB which does not allow certificates to be attached how do work around this inability to have a web certificate on this LB?   Do we have to create a web certificate on each server?   However the basic LB has a single IP point for ingress/egress and certificate usually have just one IP on it with other associated names.   How is a certificate configured for this?,...

When I examined standard (sku) LB a certificate can be added however it does not allow *.cert to be configured on the LB??  I created a standard LB and did not see a place to configure a web cert (SSL).  Is the Standard LB able to offload SSL traffic to the web server end points?   

I am confused by the terminology of "API gateway" versus standard load balancer?  They seem to refer to both as the same?   If standard LB is at layer 7 (SSL) do you have steps on how to configure this?   Recall a long time ago that is wanted to configure something other than *.cert?,... or maybe just unclear how to configure this?   

Do we need to use F5 or IGINX for SSL offloading?

dsk



What happens to the guest object, when a company gets federated?

October 24, 2019, 6:11 am
$
0
0

Dear Community,

Our client has a scenario, where they will have the following type of users:

  • Internal users (Members of client)
  • Guest users (Users invited for the tenant)
  • Azure B2B customers (Users that are federated into the AD)

What happens to a guest user / object in the AD, if the company (For example: Google. All users with @google.com in their emails) gets federated with their own Azure AD through Azure AD B2B? Will the user simply be able to login with their @google.com account, and all the access rights will stay the same, or will a new object be created?

// Peter

AzureAD Backup

October 24, 2019, 3:52 pm
$
0
0
Guys, how to protect against rouge/dumb global admin deleting app assignments etc? Is there any way to back this stuff up other than script an inventory?

Getting Connection Timeouts while trying to get metric data aginst resources through Microsoft Insights API

October 24, 2019, 11:29 pm
$
0
0 
when we try to get Azure monitoring data against SQL databases and storage accounts and few other resources we are facing the issue with connection timeout and SSL timeouts. This issue is not specific to one type of resource. Providing sample urls which we use to get monitoring data

/subscriptions/*******/resourceGroups/******/providers/Microsoft.Compute/virtualMachines/******

/subscriptions/******/resourceGroups/******/providers/Microsoft.Sql/servers/*****/databases/*****

/subscriptions/******/resourceGroups/*****/providers/Microsoft.Web/sites/*****
Azure Insights Rest API, Failed to collect the metrics for /subscriptions/******/resourceGroups/*****/providers/Microsoft.Compute/virtualMachines/****,
org.apache.http.conn.HttpHostConnectException: Connect to management.azure.com:443 [management.azure.com/52.165.174.129] failed: Connection timed out (Connection timed out)
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:156) ~[httpclient-4.5.9.jar:4.5.9]
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374) ~[httpclient-4.5.9.jar:4.5.9]
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393) ~[httpclient-4.5.9.jar:4.5.9]
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) ~[httpclient-4.5.9.jar:4.5.9]
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) ~[httpclient-4.5.9.jar:4.5.9]
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) ~[httpclient-4.5.9.jar:4.5.9]
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) ~[httpclient-4.5.9.jar:4.5.9]
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) ~[httpclient-4.5.9.jar:4.5.9]
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.9.jar:4.5.9]
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) ~[httpclient-4.5.9.jar:4.5.9]
    at com.vistara.util.http.HttpUtil.processGetRequest(HttpUtil.java:102) ~[vistara-core-util-5.4.0-SNAPSHOT.jar:?]
    at 
Caused by: java.net.ConnectException: Connection timed out (Connection timed out)
    at java.net.PlainSocketImpl.socketConnect(Native Method) ~[?:?]
    a
t java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399) ~[?:?]
    at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242) ~[?:?]
    at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224) ~[?:?]
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:403) ~[?:?]
    at java.net.Socket.connect(Socket.java:591) ~[?:?]
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:368) ~[httpclient-4.5.9.jar:4.5.9]
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) ~[httpclient-4.5.9.jar:4.5.9]
    ... 19 more

Transform email address with Azure SSO to user.onpremisessamaccountname ??

October 25, 2019, 9:06 am
$
0
0

I am running into an issue with configuring Azure SSO to connect to a third party application(oracle). Since we log into our Azure SSO with email address, it continues to send our email through as the login. This would work fine, but we have some staff that do not use email, and instead use their SAMAccountname to log in. I have tried everything I can think of to get the user.onpremisessamaccountname to be the login, but looking at trace logs, its still sending email address.

 

I have tried pretty much ever combination of transformation that I can think of.

 

Any ideas??

Search

When ASR (Azure Site Recovery) is used will the primary (source) be preserved (ie IaaS) so that you can RDP to the source machines.

October 28, 2019, 9:10 am
$
0
0

When ASR (Azure Site Recovery) is used will the primary (source) be preserved (ie IaaS) so that you can RDP to the source machines (VMs)?

Once the failover occur to the secondary (destination site) will you be able to access (RDP) the primary site (source) machines (VMs)?  We want to be able to revert to the primary site after failover via ASR?

Is ASR failover a ARM function (button) or is this a conceptual cut off the connections manually (outside the ARM) action?


dsk

Coadmin but can't access all resources

October 28, 2019, 9:47 am
$
0
0

Hi,

One of our customer set me as coadmin into an Azure account but I can't access AppService resources.

In IAM, I see my account as coadmin but in many sections, I see I don't have enough privileges....

Thanks for your help

Chris

Exporting a subset of resources from a resource group as a template doesn't work anymore

October 28, 2019, 10:26 am
$
0
0

Hi,

For a few months now, we have been using ARM (Azure Resource Manager) templates to deploy a set of resources from one resource group to another. However, in recent weeks, the behavior has changed when I try to export a template from the resource group after selecting multiple Logic Apps: instead of including only the selected resources in the exported template, it includes what appears to be the entire collection or a large proportion of all Logic Apps in the resource group.

https://imgur.com/a/HXDarUt (since I'm not allowed to post pictures)

Can we expect this behavior to be fixed? If not, what might be a workaround? Using a resource group that contains only the relevant resources is probably out of the question, for certain reasons.

Thanks!


What is the actual data collected by microsoft using Azure AD Connect

October 29, 2019, 2:01 am
$
0
0
I need to know what is the data that AD connect is collecting from my on-premises servers, I have a client with sensitive data and he would like to know what is actual data are collected by AD connect to make sure that AD connect deployment will not violate the company data privacy policy 

Transfer Subscription from CSP to Pay As You Go

August 23, 2019, 4:59 pm
$
0
0

I have scoured the internet on how to transfer our Azure subscription from a CSP to pay as you go but I do not see any way to make this happen.

My CSP doesn't know how to transfer the account to us either so I am at a loss. We want to take ownership of our Azure portal and be able to open support tickets directly with MS. Can anyone help me on this process?

If this is not possible, how do I setup a new subscription for the same domain name and migrate all resources to the new subscription? I have not performed an Azure migration before so I am at a loss again here.

Thanks.

Viewing all 4189 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>