Azure WAF failed to remove the rule. The referenced resource was not found.

The WAF is a very nice solution, but sometimes you have strange problems. Today I had a strange one. While updating and creating rules in a WAF, I got the following error.

Error: Resource

/subscriptions/GUID/resourceGroups/waf-rg/providers/Microsoft.Network/applicationGateways/waf-01/httpListeners/HTTPS_dev-domain-com_Listener

referenced by resource

/subscriptions/GUID/resourceGroups/waf-rg/providers/Microsoft.Network/applicationGateways/waf-01/redirectConfigurations/HTTP_dev-domain-com was not found.

Please make sure that the referenced resource exists, and that both resources are in the same region.

The issue happens when I delete some rules. I had one rule that was a HTTP listener with a redirector to HTTPS listener. Once the HTTP rule was deleted, the redirector link was not removed. This created a problem as the HTTPS listener could not be deleted.

The fix was to use PowerShell to remove the redirection rule. This was not an option in the Azure Portal.

First, we get the WAF. Then use that to get the rules.

$waf = Get-AzureRmApplicationGateway -Name waf-01 -ResourceGroupName waf-rg

Get the rules and verify they match the redirect rule from the error.

Get-AzureRmApplicationGatewayRedirectConfiguration -ApplicationGateway $waf -Name HTTP_dev-domain-com

Get-AzureRmApplicationGatewayHttpListener -ApplicationGateway $waf -Name HTTPS_dev-domain-com_Listener

Next, remove the redirection configuration rule and the problem listener.


 

remove-AzureRmApplicationGatewayRedirectConfiguration -ApplicationGateway $waf -Name HTTP_dev-domain-com

Remove-AzureRmApplicationGatewayHttpListener -ApplicationGateway $waf -Name "HTTPS_dev-domain-com_Listener"

 

Finally, we update the WAF.

 


$UpdatedAppGw = Set-AzureRmApplicationGateway -ApplicationGateway $waf

How to update ADFS Certificate in Windows 2012 R2

Over the last week I had to change some certificates on a few ADFS solutions. They servers were all built with internal certificates for testing, but now need production 3rd party certificates.

The steps to change a certificate with IIS are simple, however the new ADFS no longer requires IIS.

The following process outlines the steps to change the SSL on ADFS without IIS.

First we need to have the correct SSL certificate. The SSL certificate must have the following;

Valid domain name:

The FQDN must be valid in the certificate for the ADFS site. You can use a wildcard certificate if required.

The FQDN must be valid in the certificate for the ADFS site. You can use a wildcard certificate if required.

Private Key:

ADFS need to have the private key to function correctly.

Once we have your certificate, the next step is to import it into the correct store on the machines hosting ADFS. Here I will only import the certificate into one server, this need to be done on all servers hosting ADFS.

Open a Powershell prompt with administrator rights on the ADFS server and type the following;

$mypwd = ConvertTo-SecureString “P@ssw0rd” -AsPlainText -Force

 

Import-PfxCertificate –FilePath .\$ServerCertHostName.pfx cert:\localMachine\Root -Password $mypwd

 

Example:

PS C:\Windows\system32> $mypwd = ConvertTo-SecureString “P@ssw0rd” -AsPlainText -Force

 

 

PS C:\Windows\system32> Import-PfxCertificate –FilePath .\$ServerCertHostName.pfx cert:\localMachine\Root -Password $mypwd 

 

To view the certificates installed in your server’s local store, run the following commands in the Powershell prompt. Check that your certificate is there and it has the private key.

Get-ChildItem -Path cert:\LocalMachine\my | fl -Property FriendlyName, HasPrivateKey, GetCertHashString, subject, Thumbprint, Issuer, NotAfter, NotBefore

Example:

 

FriendlyName  : Go Daddy Wild Card SSL

HasPrivateKey : True

Subject       : CN=*.domain.test, OU=Domain Control Validated

Thumbprint    : D3561AD0AD3831BE2231B97CB40AC5EF21F5C919

Issuer        : SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O=”GoDaddy.com, Inc.”,

                L=Scottsdale, S=Arizona, C=US

NotAfter      : 28/01/2015 5:11:40 PM

NotBefore     : 23/01/2014 9:49:03 AM

 

Next, we need to add the certificate to ADFS. On the ADFS server open a PowerShell prompt and run the following;

$CertificateFriendlyName = “Go Daddy Wild Card SSL”

$CertificateThumbprint = (Get-ChildItem -Path cert:\LocalMachine\my | Where-Object {($_.FriendlyName -eq $CertificateFriendlyName) }).Thumbprint

 Set-AdfsCertificate -CertificateType Service-Communications -Thumbprint $CertificateThumbprint

Set-AdfsSslCertificate -Thumbprint $CertificateThumbprint

Example:

PS C:\Windows\system32> $CertificateFriendlyName = “Go Daddy Wild Card SSL”

$CertificateThumbprint = (Get-ChildItem -Path cert:\LocalMachine\my | Where-Object {($_.FriendlyName -eq $CertificateFriendlyName) }).Thumbprint

Set-AdfsCertificate -CertificateType Service-Communications -Thumbprint $CertificateThumbprint

 

WARNING: PS0038: This action requires a restart of the AD FS Windows Service. If you have deployed a federation server farm, restart the service on every server

 in the farm.

 

PS C:\Windows\system32> Set-AdfsSslCertificate -Thumbprint $CertificateThumbprint

 

 

PS C:\Windows\system32>

 

Finally, restart your ADFS service

In the PowerShell prompt type;

Restart-Service adfssrv

Get-Service adfssrv

Example:

PS C:\Windows\system32> Restart-Service adfssrv

Get-Service adfssrv

 

WARNING: Waiting for service ‘Active Directory Federation Services (adfssrv)’ to start…

 

Status   Name               DisplayName                          

——   —-               ———–                          

Running  adfssrv            Active Directory Federation Services 

 

Once all has been completed, open a browser and try with the following URL;

https://<youradfssitefqdn>/adfs/ls/idpinitiatedsignon.aspx

Azure/WAP: System.MethodAccessException: Attempt by security transparent method

 

While working on a Windows Azure Pack Web Sites, I found a problem publishing MVC5 site. When you attempt to upload a MVC5 web application to Windows Azure or Windows Azure Pack you may see the error “‘System.Web.WebPages.Administration.SiteAdmin.RegisterAdminModule()’ to access security critical method ‘System.Web.WebPages.ApplicationPart..ctor(System.Reflection.Assembly, System.String)’ failed.

 

I had to perofrm the following steps to resolve;

1.       Install the package

From the Package management console run the following command:

Install-Package -Id  Microsoft.AspNet.WebHelpers

2.       Change the deployment options to remove additional files.

image

 

Complete Error:

Attempt by security transparent method ‘System.Web.WebPages.Administration.SiteAdmin.RegisterAdminModule()’ to access security critical method ‘System.Web.WebPages.ApplicationPart..ctor(System.Reflection.Assembly, System.String)’ failed.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.MethodAccessException: Attempt by security transparent method ‘System.Web.WebPages.Administration.SiteAdmin.RegisterAdminModule()’ to access security critical method ‘System.Web.WebPages.ApplicationPart..ctor(System.Reflection.Assembly, System.String)’ failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.


Stack Trace:

 

[MethodAccessException: Attempt by security transparent method ‘System.Web.WebPages.Administration.SiteAdmin.RegisterAdminModule()’ to access security critical method ‘System.Web.WebPages.ApplicationPart..ctor(System.Reflection.Assembly, System.String)’ failed.]

   System.Web.WebPages.Administration.SiteAdmin.RegisterAdminModule() +44

   System.Web.WebPages.Administration.PreApplicationStartCode.Start() +22

 

[InvalidOperationException: The pre-application start initialization method Start on type System.Web.WebPages.Administration.PreApplicationStartCode threw an exception with the following error message: Attempt by security transparent method ‘System.Web.WebPages.Administration.SiteAdmin.RegisterAdminModule()’ to access security critical method ‘System.Web.WebPages.ApplicationPart..ctor(System.Reflection.Assembly, System.String)’ failed..]

   System.Web.Compilation.BuildManager.InvokePreStartInitMethodsCore(ICollection`1 methods, Func`1 setHostingEnvironmentCultures) +556

   System.Web.Compilation.BuildManager.InvokePreStartInitMethods(ICollection`1 methods) +132

   System.Web.Compilation.BuildManager.CallPreStartInitMethods(String preStartInitListPath, Boolean& isRefAssemblyLoaded) +102

   System.Web.Compilation.BuildManager.ExecutePreAppStart() +153

   System.Web.Hosting.HostingEnvironment.Initialize(ApplicationManager appManager, IApplicationHost appHost, IConfigMapPathFactory configMapPathFactory, HostingEnvironmentParameters hostingParameters, PolicyLevel policyLevel, Exception appDomainCreationException) +516

 

[HttpException (0x80004005): The pre-application start initialization method Start on type System.Web.WebPages.Administration.PreApplicationStartCode threw an exception with the following error message: Attempt by security transparent method ‘System.Web.WebPages.Administration.SiteAdmin.RegisterAdminModule()’ to access security critical method ‘System.Web.WebPages.ApplicationPart..ctor(System.Reflection.Assembly, System.String)’ failed..]

   System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +9885044

   System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +101

   System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +254

 


Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.34009

Windows Server 2012 Now Available in the Windows Azure Virtual Machine Gallery

Windows 2012 has been added to the Azure platform. Check out the below link for more info.

http://blogs.msdn.com/b/windowsazure/archive/2012/08/16/windows-server-2012-now-available-in-the-windows-azure-virtual-machine-gallery.aspx

Windows Azure Training Kit – June 2012

The Windows Azure Training Kit includes a comprehensive set of technical content including hands-on labs and presentations that are designed to help you learn how to use the latest Windows Azure features and services.

The June 2012 update includes 42 step-by-step hands-on labs and 20 presentations covering the new Windows Azure features.  Some of the updates in this version include:

· 12 new hands-on labs for Windows Azure Virtual Machines

· 11 new hands-on labs for Windows Azure Web Sites

· 2 new hands-on labs that demonstrate Windows Azure with Windows 8 Metro-style applications

· New hands-on labs for Node.js and PHP using Mac OS X

· Updated content for the latest Windows Azure SDKs, tools, and new Windows Azure Management Portal

· New and updated presentations designed to support individual sessions to a full 3 day training workshops

Download Now

You can download the training kit from the download center here:  http://bit.ly/WATKJune2012

 

The Windows Azure Training Kit – June 2012 update includes technical content that can be used on Windows 7, Windows 8, or Mac OS X. The Windows and .NET hands-on labs are designed for use with either Visual Studio 2010 or the Visual Studio 2012 Release Candidate.

After installing the trainining kit, please refer to the setup instructions and prerequisites for each individual hands-on lab for more details

Announcing Windows Azure SQL Reporting General Availability

The Microsoft BI Team has announced SQL Reporting on Azure!

 

Read more here:

http://blogs.msdn.com/b/microsoft_business_intelligence1/archive/2012/06/12/announcing-windows-azure-sql-reporting-general-availability.aspx

 

With SQL Reporting on Azure, developers can use familiar tools such as the Business Intelligence Development Studio and SQL Server Data Tools to author reports, just as they do today when running SQL Server Reporting services on-premises. SQL Reporting on Azure provides consistent APIs to view, execute and manage reports along with rich formatting and data visualization options.

Additional capabilities of SQL Reporting on Azure include:

Elastic scale and high availability

  • The SQL Reporting scales as your requirements grow with easy self-provisioning.
  • The Service has built-in high availability and fault tolerance. SQL Reporting is available across Microsoft Data centers around the world.

Report Formats

  • With SQL Reporting, you have the ability to export reports to various popular file formats including Excel, Word, HTML, PDF, XML, and CSV.

Secure access

  • The rich authentication and authorization model in SQL Reporting gives secure access to reports and underlying data. It keeps your data secure while offering access to even more users.

SQL Reporting on Azure offers a fully backed SLA and enables you to publish reports to the cloud or embed reports directly within on-premises applications that can be accessed via your browser, mobile devices or desktops.

 

clip_image002

Poster showing SQL Azure Federation features, process, and key terms

Microsoft has releases a poster explaining the federation process for Azure.

http://www.microsoft.com/en-us/download/details.aspx?id=29213

Overview

The poster explains the federation process, including creating the federation root database, creating the scheme, and then using the split operation to partition the federation member into two partition members by row. It also explains the database infrastructure and includes sample T-SQL statements.

image

http://www.microsoft.com/en-us/download/details.aspx?id=29213