Creating a site-to-site Azure VPN with PFSense

First I need to create a Azure Virtual Network and Subnet.  I go to All services image and find Virtual networks

I add a Virtual network called EastAzureVnet with a Subnet called EastServerSubnet and leave the defaults.  (Make sure this address space doesn’t overlap with your on-prem network)

image

Now I open my Virtual network I just created called EastAzureVnet and click Subnets and click Gateway subnet

image

Leave the defaults and click OK

image

Virtual Network Gateway

I need to create a Virtual Network Gateway.  I go to All services and find Virtual network gatewaysimage

I set the following values and click Create(Note: This will take about 15 minutes, so go have a Beer Mug on Google Android 9.0 or a Hot Beverage on Google Android 9.0)

Name: EastAzureVngVPN

SKU: Basic  (If this were for production I would choose VpnGw1 or higher)

Virtual network: EastAzureVnet

Public IP address: EastAzureIpVPN

image

Local network Gateway

Next we need to create a Local Network Gateway. I go to All services and find Local network gateways  image

I use my on-prem network information. 


My lab uses IP address range 192.168.2.1 – 192.168.2.255 (aka 192.168.2.0/24)

My Example External IP is 67.37.217.79

image

After it is created click on the Local Network Gateway called EastAzureLngVPN and click Connections,  Then click Add

image

I use the following information and Click OK.  Create and save your shared key as you will need this when setting up the PFSense side. (You will want your Shared key to be more complex then the example)

image


PFSense

In Azure go back to Virtual Network Gateways and get your public IP Address for your Azure VPN

image

Next I go over to my On-Prem PFSense Firewall and click VPN, IPSec

image

Click Add P1, I changed the following settings

For Remote Gateway use your Public IP Address from your Azure Virtual Network Gateway

For Pre-Shared Key use your Pre-Shared Key

image

image

Click Save

Then Apply Changes

image

Now Click Show Phase 2 Entries, and click Add P2

image

For P2 (Edit Phase 2).  I go back to Azure to get the address space.

image

Set the Remote network address to the address space in Azure.   (Not the Subnet)

image

Click Save, and Apply Changes.

Now if we go to Status, IPsec

image

I can see we have Established a connection

image


Lastly I need to create a firewall rule.  I go to Firewall, Rules.  The select IPsec and click Add

image

Change Protocol to Any.  You can lock this rule down to suit your needs.

image

Click Save and Apply

To get DNS working correctly. (So you can Add VMs to your Domain) 

I set you DNS server for your Virtual Network to my local On-Prem DNS server.

image


One note.  Azure blocks much of ICMP traffic.  So to test, create a VM with a Public IP Address of None.  Then connect with Remote desktop.

image

For general information on Azure Site-to-Site VPNs see https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal

Continue Reading

Quickly fix SCOM scripts from Exported Management Packs with Transform Tool

Quick Download: https://gallery.technet.microsoft.com/Fix-SCOM-from-Exported-e011ab52
Source: https://github.com/timmcfadden/SCOM-Transform-Tool

Have you ever exported a MP with a script and tried to run it on the command prompt and it fails yet seems to work fine when SCOM runs it.

If I export the MP from SCOM using PowerShell.

Then open it up in NotePad++ and search for the script name. In my case it is DiscoverSQL2014FileGroups.js

Now I copy the script to a file of its own and try to run it on my SQL 2014 server. I use the command line from above

But I get a script error.

The issue is the exported mp changes some of the characters in the script. So we need to change the characters back so we can run it manually.

With the Transform Tool I copy and paste the script. Then I hit Unescape.

I copy the updated code and take a look at it. I can see that it changed the characters back to what they should be.

I run the script on the SQL server and it now works.

Continue Reading

Are you annoyed when working in the SCOM console and the console window disappears to the background?

Working in the SCOM console, when closing a window the console will occasionally disappear.  You have to go to the task bar to find it and re-select the window.

To reproduce this;  First make sure the SCOM Console is full screen.  Then click on an alert created by a rule.  In the alert details, open up the rule by clicking on it.

Then click Configuration, and View.

Then close both windows.

The SCOM Console will disappear.

According to Kevin Holman there is a workaround that “everybody knows” except for me 🙂

The Workaround

Don’t have any windows in the background full screened when SCOM is full screen.  What happens is the SCOM console is moved behind any windows you have full screen.

The Long term fix.

Go to the SCOM User Voice and Up-Vote this;

https://systemcenterom.uservoice.com/forums/293064-general-operations-manager-feedback/suggestions/34145605-make-the-scom-console-windows-stop-disappearing

Continue Reading

Windows Server Driver Updates in the New Windows Admin Center are Awesome

Have you ever setup a lab machine running Windows Server and realized you are missing a bunch of drivers?  This can greatly affect disk I/O and overall performance of the server.  If you setup that same server running Windows 10 all the drivers and driver updates come down automatically (If Group Policy Allows it).

With the new Windows Admin Center you can now see and install driver updates in Windows Server 2016!

If I look at Windows Update on my Hyper-V Server.  I can see that there are no updates available.

But if I pull this same server up in Windows Admin Center.  I can see all the driver updates as well.

This makes using Windows Core or Server 1709 for my Hyper-V Host server a real possibility.  I no longer have to hunt down and create a custom ISO to install 1709 with the correct drivers.  All I need is the NIC drivers and I am golden.

Continue Reading

SCOM Self Service Portal

Imagine a world where server and application admins can install and maintain their SCOM agents themselves.  Imagine if they could quickly and easily create their own groups and then create new monitors and rules against them.  Imagine if they could create their own maintenance schedules and instantly put servers into maintenance mode with a click of a button.

This is all possible with the new SCOM Self Service Portal.

The new portal is built with HTML 5 and the latest web technologies and works with SCOM 2012 R2, SCOM 2016, and SCOM 1801.
Features:

  • Users can install, repair, uninstall, delete and reset agents. No longer do you have to be a SCOM admin to do this basic functionality.  Users are empowered to maintain their agents; the SCOM admin will no longer have to perform these tedious and time-consuming activities.
  • Users can create and maintain their own groups. With these groups they can then build their own event, service, and performance monitors.  They can also build their own performance collection rules.  All the difficult concepts to teach a user how to author their own monitors and rules is removed.
  • Users can create and maintain their own maintenance schedules from a website. Users can instantly put servers into maintenance mode without using or installing the console.  They can easily call the website from a script to use with their maintenance process.
Download Now

Install Agents

A user with local admin privileges to a server, types in their username, password and the server they want to push to.  The agent and the latest installed update roll-up are pushed from SCOM to their server.

Delete Agents

An application or server admin can now delete their servers out of SCOM after they have decommissioned their server.  No longer having to get the SCOM admin involved.

Create Groups

Users can now create their own groups of servers.  They can use these groups for targeting monitors and rules.

When a group is created.  A new management pack, class, and basic views for Alerts, Performance and State are created automatically following management pack best practices.

Create Event Monitors

A user can create an event monitor by selecting the group of servers they want the event monitor to run on.  Then they type in the information from the event they want alerted on.

Create Service Monitors

A user can create a service monitor by simply picking the group and typing in the name of the service.

Schedule Computers for Maintenance Mode

A user can schedule future maintenance on their servers.

 

Instant Maintenance Mode

This solution makes it easy for IT staff to put a server into maintenance mode without having to go to the SCOM console. On any server, the administrator can visit the Instant MM website.

Creating a shortcut on the desktop of the servers can make it even easier.  With one click a server will be put instantly into maintenance mode.

Help Screens on every page

Anytime a user is confused or needs help.  They can click the help button on any screen to get detailed help.

 

Any ideas, problems, bugs, or issues please e-mail: support@scom2k7.com  or visit the user voice site https://scom2k7.uservoice.com

 

 

 

 

Continue Reading