Crying Cloud

#Unsupported

Changing Azure Stack’s DNS and AD Domain to something other than AzureStack.local

powershellad.png

This is another installer modification for Azure Stack TP1 PoC, that unfortunately will require editing more than one file.  I find the fact this edit is necessary, puzzling; once again we will start by mounting MicrosoftAzureStackPOC.vhdx. We will start within PocDeployment\Test-AzureStackDeploymentParameters.ps1 at line 68:

[powershell]$ADDomainName = "AzureStack.local"[/powershell]

Why is this not a parameter? We will also ignore the fact we are editing signed scripts and go ahead and make it one, first deleting that line and subsequently modifying the parameter block (leaving the default as azurestack.local).

[powershell] [CmdletBinding()] Param ( [string] [Parameter(Mandatory = $true)] $PackagePath,

[SecureString] [Parameter(Mandatory = $false)] $AdminPassword,

[PSCredential] [Parameter(Mandatory = $false)] $AADCredential,

[string] [Parameter(Mandatory = $false)] $AADTenant,

[PSCredential] [Parameter(Mandatory = $false)] $TIPServiceAdminCredential,

[PSCredential] [Parameter(Mandatory = $false)] $TIPTenantAdminCredential,

[Parameter(Mandatory = $false)] [Nullable[bool]] $UseAADChina,

[String] [Parameter(Mandatory = $false)] $NATVMStaticIP,

[String] [Parameter(Mandatory = $false)] $NATVMStaticGateway,

[String] [Parameter(Mandatory = $false)] $PublicVLan = $null,

[Parameter(Mandatory = $false)] [string] $ProxyServer,

[Parameter(Mandatory = $false)] [string] $ADDomainName = "AzureStack.local",

[Switch] $Force ) [/powershell]

We will also update yet another hard coded value this time in PocDeployment\Invoke-DeploymentLogCollection.ps1. Look to line 106 and you will find a line like this:

[powershell] ('PublicIPAddresses','GatewayPools','GateWays','loadBalancers','loadBalancerMuxes','loadBalancerManager/config','networkInterfaces','virtualServers','Servers','credentials','macPools','logicalnetworks','accessControlLists') | % { JSONGet -NetworkControllerRestIP "NCVM.azurestack.local" -path "/$_" -Credential $credential | ConvertTo-Json -Depth 20 > "$destination\NC\$($_ -replace '/','').txt" } [/powershell]

Replace the hard coded azurestack.local value with the existing!!! parameter:

[powershell] ('PublicIPAddresses','GatewayPools','GateWays','loadBalancers','loadBalancerMuxes','loadBalancerManager/config','networkInterfaces','virtualServers','Servers','credentials','macPools','logicalnetworks','accessControlLists') | % { JSONGet -NetworkControllerRestIP "NCVM.$($parameters.ADDomainName)" -path "/$_" -Credential $credential | ConvertTo-Json -Depth 20 > "$destination\NC\$($_ -replace '/','').txt" } [/powershell]

Finally we need to modify the main installer script (in duplicate).  DeployAzureStack.ps1 is located both in the root of the Azure Stack TP1 zip file you downloaded and the Installer directory within MicrosoftAzureStackPOC.vhdx.  You can modify the file once and copy it to the other location in whatever order you choose. We are going to start by adding a parameter, $ADDomainName, for the Active Directory DNS name (again leaving the default as azurestack.local):

[powershell] [CmdletBinding()] param ( [SecureString] [Parameter(Mandatory = $false)] $AdminPassword,

[PSCredential] [Parameter(Mandatory = $false)] $AADCredential,

[string] [Parameter(Mandatory = $false)] $AADTenant,

[PSCredential] [Parameter(Mandatory = $false)] $TIPServiceAdminCredential,

[PSCredential] [Parameter(Mandatory = $false)] $TIPTenantAdminCredential,

[Parameter(Mandatory = $false)] [Nullable[bool]] $UseAADChina,

[String] [Parameter(Mandatory = $false)] $NATVMStaticIP = $null, #eg: 10.10.10.10/24

[String] [Parameter(Mandatory = $false)] $NATVMStaticGateway = $null, #eg: 10.10.10.1

[String] [Parameter(Mandatory = $false)] $PublicVLan = $null, #eg: 305

[String] [Parameter(Mandatory = $false)] $ProxyServer,

[String] [Parameter(Mandatory=$false)] $ADDomainName="azurestack.local",

[Switch] $Force,

[Switch] $NoAutoReboot ) [/powershell]

Modify line 102 to accomodate the parameter we’ve created in this and Test-AzureStackDeploymentParameters.ps1. The original line will look like this:

[powershell] $Parameters = & "$DeploymentScriptPath\Test-AzureStackDeploymentParameters.ps1" -PackagePath $PSScriptRoot -AdminPassword $AdminPassword -AADCredential $AADCredential -AADTenant $AADTenant -TIPServiceAdminCredential $TIPServiceAdminCredential -TIPTenantAdminCredential $TIPTenantAdminCredential -UseAADChina $UseAADChina -NATVMStaticIP $NATVMStaticIP -NATVMStaticGateway $NATVMStaticGateway -PublicVLan $PublicVLan -ProxyServer $ProxyServer -Force:$Force [/powershell]

Add the ADDomainName parameter:

[powershell] $Parameters = & "$DeploymentScriptPath\Test-AzureStackDeploymentParameters.ps1" -PackagePath $PSScriptRoot -AdminPassword $AdminPassword -AADCredential $AADCredential -AADTenant $AADTenant -TIPServiceAdminCredential $TIPServiceAdminCredential -TIPTenantAdminCredential $TIPTenantAdminCredential -UseAADChina $UseAADChina -NATVMStaticIP $NATVMStaticIP -NATVMStaticGateway $NATVMStaticGateway -ADDomainName $ADDomainName -PublicVLan $PublicVLan -ProxyServer $ProxyServer -Force:$Force [/powershell]

Unmount the VHD and install to a new domain if you so desire.

[Unsupported]

Modifying Azure Stack POC Install Constraints

powershell.jpg

Azure Stack’s specific hardware requirements, specifically RAM and Storage, may prevent one from being able to install on available kit.  This is a pretty well known “hack”, however this is enterprise IT so redundancy is a good thing. The constraints are pretty simple to modify for your particular situation.

Once again, we’ll start by mounting the MicrosoftAzureStackPOC.vhdx (I won’t bother covering how to do that).

All of the hardware constraints are enforced through functions in PocDeployment\Invoke-AzureStackDeploymentPrecheck.ps1.

If you look at line 62 within the function CheckDisks you will find a statement that looks like this:

[powershell]$physicalDisks = Get-PhysicalDisk | Where-Object { $_.CanPool -eq $true -and ($_.BusType -eq 'RAID' -or $_.BusType -eq 'SAS' -or $_.BusType -eq 'SATA') }[/powershell]

You can choose to add another allowed bus type e.g. ISCSI, or if you are really adventurous just remove the entire AND clause.

[powershell]$physicalDisks = Get-PhysicalDisk | Where-Object { $_.CanPool -eq $true -and ($_.BusType -eq 'RAID' -or $_.BusType -eq 'SAS' -or $_.BusType -eq 'SATA' -or $_.BusType -eq 'ISCSI') }[/powershell]

or

[powershell]$physicalDisks = Get-PhysicalDisk | Where-Object { $_.CanPool -eq $true}[/powershell]

 

To modify the RAM contraints look further down, and at line 98 with CheckRAM you will find a very simple test:

[powershell]</p> <p>if ($totalMemoryInGB -lt 96) {<br>&nbsp;&nbsp;&nbsp; throw "Check system memory requirement failed. At least 96GB physical memory is required."<br>}</p> <p>[/powershell]

Modify the value as appropriate:

[powershell]</p> <p>if ($totalMemoryInGB -lt 64) {<br>&nbsp;&nbsp;&nbsp; throw "Check system memory requirement failed. At least 64GB physical memory is required."<br>}</p> <p>[/powershell]

Unmount the VHD, and you are done.  It is worth reiterating that these constraints exist for a reason, and in adjusting or bypassing you should have appropriate expectations for performance and/or stability.

[Unsupported]

Disable Windows Defender & Windows Update in Azure Stack TP1

defeder-logo.jpg

If you have been installing or working with Azure Stack TP1 you may have noticed some high process consumption from the windows defender process. Whether you're running on recommended hardware or not you may want to switch this process off during the Technical Preview time frame. Depending on how often you're installing Stack having this automatically done after installation is a great time saver. Additionally Windows update is disabled on some servers but not all servers. Depending whether you want unscheduled reboots or not you may want to ensure windows update is disabled on all servers. Open and Edit Stack Settings 1) In the Stack installer folder find the MicrosoftAzureStackPOC vhdx and mount so you can edit the VHD content. The installer script mounts the VHDX in read only mode, eject it and either right click in explorer and mount or use Powershell.

2) Ensure you make a copy before editing.  Open this XML file located at Drive:\AzureStackInstaller\POCFabricInstaller\POCFabricSettings.xml. You may want to install an XML editor like Notepad++ to help read the file easier.

Disable Windows Defender 3) Search for CreateVM.ps1, you should find a task named ADVM. Find the closing tag for 'Parameters' and add the code line below, inside the parameter tag. This Powershell command will disable defender.

[xml]<PostSetupCmd>powershell.exe /c "set-MpPreference -DisableRealtimeMonitoring $true"</PostSetupCmd>[/xml]

4) Search again for CreateVM.ps1 and repeat for each server role.

Disable Windows Update 5) To ensure windows update is disabled on all systems, go back to the top of the xml file and search for CreateVM.ps1 again. Ensure this code is Inside the Parameters tag you can add the RegKeys node with the following.

[xml] <RegKeys> <Reg><!-- Disable windows update--> <Operation>Add</Operation> <Path>System\ControlSet001\Services\wuauserv</Path> <Value>Start</Value> <Type>REG_DWORD</Type> <Data>4</Data> </Reg> <Reg> <Operation>Add</Operation> <Path>System\ControlSet002\Services\wuauserv</Path> <Value>Start</Value> <Type>REG_DWORD</Type> <Data>4</Data> </Reg> </RegKeys> [/xml]

6) Search again for CreateVM.ps1 and repeat for each server role.

7) If your using notepad++ you can use it to check your XML syntax is correct. Save the file and try a deployment.

Optional

If you feel that you want to add a little more RAM or CPUs to a VM you can do that as well here.

Example Code

[xml]

<Task> <Name>ADVM</Name> <Cmd>CreateVM.ps1</Cmd> <CleanupCmd>DeleteVM.ps1</CleanupCmd> <Dependency>EnableRemotePS</Dependency> <Dependency>EnableVFP</Dependency> <Dependency>CopyVhdx_Local</Dependency> <Retry>5</Retry> <Weight>400</Weight> <Timeout>3400</Timeout> <Parameters> <Name>ADVM</Name> <VMPath>{[FindFreeDisk]:Path}</VMPath> <ProcessorCount>4</ProcessorCount> <RAM>3</RAM> <MinRAM>3</MinRAM> <MaxRAM>4</MaxRAM> <Disk> <Base>{[FindFreeDisk]:Path}\{[Global]:VHDs.OSVHD}</Base> <Features> <Name>AD-Domain-Services,DNS</Name> </Features> </Disk> <Nics> <Nic> <Name>Nic1</Name> <vSwitch>{[SetupvSwitch]:Name}</vSwitch> <VLAN>{[Global]:InternalNetworkVLan}</VLAN> <DHCP>false</DHCP> <IP>192.168.100.2/24</IP> <GW>{[Global]:InternalGW}</GW> <DNSList> <DNS>{[Global]:InternalDNS}</DNS> </DNSList> </Nic> </Nics> <LocalAccounts> <AdministratorPassword>{[Global]:AdminPassword}</AdministratorPassword> <Account> <Name>AzureStackAdmin</Name> <Password>{[Global]:AdminPassword}</Password> <Group>Administrators</Group> </Account> <Account> <Name>AzureStackUser</Name> <Password>{[Global]:AdminPassword}</Password> <Group>Users</Group> </Account> </LocalAccounts> <RegKeys> <Reg><!-- Disable windows update--> <Operation>Add</Operation> <Path>System\ControlSet001\Services\wuauserv</Path> <Value>Start</Value> <Type>REG_DWORD</Type> <Data>4</Data> </Reg> <Reg> <Operation>Add</Operation> <Path>System\ControlSet002\Services\wuauserv</Path> <Value>Start</Value> <Type>REG_DWORD</Type> <Data>4</Data> </Reg> </RegKeys> <PostSetupCmd>powershell.exe /c "set-MpPreference -DisableRealtimeMonitoring $true"</PostSetupCmd> </Parameters> </Task> <!-- ADVM -->

[/xml]

[Unsupported]