Azure

Azure WAF failed to remove the rule. The referenced resource was not found.

Craig Azure, PowerShell

The WAF is a very nice solution, but sometimes you have strange problems. Today I had a strange one. While updating and creating rules in a WAF, I got the following error.

Error: Resource

/subscriptions/GUID/resourceGroups/waf-rg/providers/Microsoft.Network/applicationGateways/waf-01/httpListeners/HTTPS_dev-domain-com_Listener

referenced by resource

/subscriptions/GUID/resourceGroups/waf-rg/providers/Microsoft.Network/applicationGateways/waf-01/redirectConfigurations/HTTP_dev-domain-com was not found.

Please make sure that the referenced resource exists, and that both resources are in the same region.

The issue happens when I delete some rules. I had one rule that was a HTTP listener with a redirector to HTTPS listener. Once the HTTP rule was deleted, the redirector link was not removed. This created a problem as the HTTPS listener could not be deleted.

The fix was to use PowerShell to remove the redirection rule. This was not an option in the Azure Portal.

First, we get the WAF. Then use that to get the rules.

$waf = Get-AzureRmApplicationGateway -Name waf-01 -ResourceGroupName waf-rg

Get the rules and verify they match the redirect rule from the error.

Get-AzureRmApplicationGatewayRedirectConfiguration -ApplicationGateway $waf -Name HTTP_dev-domain-com

Get-AzureRmApplicationGatewayHttpListener -ApplicationGateway $waf -Name HTTPS_dev-domain-com_Listener

Next, remove the redirection configuration rule and the problem listener.



 




remove-AzureRmApplicationGatewayRedirectConfiguration -ApplicationGateway $waf -Name HTTP_dev-domain-com

Remove-AzureRmApplicationGatewayHttpListener -ApplicationGateway $waf -Name "HTTPS_dev-domain-com_Listener"



 


Finally, we update the WAF.


 








$UpdatedAppGw = Set-AzureRmApplicationGateway -ApplicationGateway $waf



Advertisement
					

		
		
	




			
				


	

		

					
How to update ADFS Certificate in Windows 2012 R2

								

								 Craig
															Azure					
					, , 							

					


				

			
Over the last week I had to change some certificates on a few ADFS solutions. They servers were all built with internal certificates for testing, but now need production 3rd party certificates.


The steps to change a certificate with IIS are simple, however the new ADFS no longer requires IIS.


The following process outlines the steps to change the SSL on ADFS without IIS.


First we need to have the correct SSL certificate. The SSL certificate must have the following;


Valid domain name:


The FQDN must be valid in the certificate for the ADFS site. You can use a wildcard certificate if required.


The FQDN must be valid in the certificate for the ADFS site. You can use a wildcard certificate if required.


Private Key:


ADFS need to have the private key to function correctly.


Once we have your certificate, the next step is to import it into the correct store on the machines hosting ADFS. Here I will only import the certificate into one server, this need to be done on all servers hosting ADFS.


Open a Powershell prompt with administrator rights on the ADFS server and type the following;




$mypwd = ConvertTo-SecureString “P@ssw0rd” -AsPlainText -Force


 


Import-PfxCertificate –FilePath .\$ServerCertHostName.pfx cert:\localMachine\Root -Password $mypwd 


 


Example:


PS C:\Windows\system32> $mypwd = ConvertTo-SecureString “P@ssw0rd” -AsPlainText -Force


 


 


PS C:\Windows\system32> Import-PfxCertificate –FilePath .\$ServerCertHostName.pfx cert:\localMachine\Root -Password $mypwd  


 


To view the certificates installed in your server’s local store, run the following commands in the Powershell prompt. Check that your certificate is there and it has the private key.


Get-ChildItem -Path cert:\LocalMachine\my | fl -Property FriendlyName, HasPrivateKey, GetCertHashString, subject, Thumbprint, Issuer, NotAfter, NotBefore 


Example:


 


FriendlyName  : Go Daddy Wild Card SSL


HasPrivateKey : True


Subject       : CN=*.domain.test, OU=Domain Control Validated


Thumbprint    : D3561AD0AD3831BE2231B97CB40AC5EF21F5C919


Issuer        : SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O=”GoDaddy.com, Inc.”, 


                L=Scottsdale, S=Arizona, C=US


NotAfter      : 28/01/2015 5:11:40 PM


NotBefore     : 23/01/2014 9:49:03 AM


 


Next, we need to add the certificate to ADFS. On the ADFS server open a PowerShell prompt and run the following;




$CertificateFriendlyName = “Go Daddy Wild Card SSL”


$CertificateThumbprint = (Get-ChildItem -Path cert:\LocalMachine\my | Where-Object {($_.FriendlyName -eq $CertificateFriendlyName) }).Thumbprint 


 Set-AdfsCertificate -CertificateType Service-Communications -Thumbprint $CertificateThumbprint


Set-AdfsSslCertificate -Thumbprint $CertificateThumbprint 




Example:


PS C:\Windows\system32> $CertificateFriendlyName = “Go Daddy Wild Card SSL”


$CertificateThumbprint = (Get-ChildItem -Path cert:\LocalMachine\my | Where-Object {($_.FriendlyName -eq $CertificateFriendlyName) }).Thumbprint


Set-AdfsCertificate -CertificateType Service-Communications -Thumbprint $CertificateThumbprint


 


WARNING: PS0038: This action requires a restart of the AD FS Windows Service. If you have deployed a federation server farm, restart the service on every server


 in the farm.


 


PS C:\Windows\system32> Set-AdfsSslCertificate -Thumbprint $CertificateThumbprint


 


 


PS C:\Windows\system32> 


 


Finally, restart your ADFS service


In the PowerShell prompt type;




Restart-Service adfssrv


Get-Service adfssrv 




Example:


PS C:\Windows\system32> Restart-Service adfssrv


Get-Service adfssrv


 


WARNING: Waiting for service ‘Active Directory Federation Services (adfssrv)’ to start…


 


Status   Name               DisplayName                           


——   —-               ———–                           


Running  adfssrv            Active Directory Federation Services  


 


Once all has been completed, open a browser and try with the following URL;


https://<youradfssitefqdn>/adfs/ls/idpinitiatedsignon.aspx

					

		
		
	




			
				


	

		

					
Azure/WAP: System.MethodAccessException: Attempt by security transparent method

								

								 Craig
															Azure					
					, , 							

					


				

			
 


While working on a Windows Azure Pack Web Sites, I found a problem publishing MVC5 site. When you attempt to upload a MVC5 web application to Windows Azure or Windows Azure Pack you may see the error “‘System.Web.WebPages.Administration.SiteAdmin.RegisterAdminModule()’ to access security critical method ‘System.Web.WebPages.ApplicationPart..ctor(System.Reflection.Assembly, System.String)’ failed.


 


I had to perofrm the following steps to resolve;


1.       Install the package


From the Package management console run the following command:


Install-Package -Id  Microsoft.AspNet.WebHelpers


2.       Change the deployment options to remove additional files.




image 


 


Complete Error:


Attempt by security transparent method ‘System.Web.WebPages.Administration.SiteAdmin.RegisterAdminModule()’ to access security critical method ‘System.Web.WebPages.ApplicationPart..ctor(System.Reflection.Assembly, System.String)’ failed. 


Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 


Exception Details: System.MethodAccessException: Attempt by security transparent method ‘System.Web.WebPages.Administration.SiteAdmin.RegisterAdminModule()’ to access security critical method ‘System.Web.WebPages.ApplicationPart..ctor(System.Reflection.Assembly, System.String)’ failed.


Source Error: 








An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. 









Stack Trace: 








 


[MethodAccessException: Attempt by security transparent method ‘System.Web.WebPages.Administration.SiteAdmin.RegisterAdminModule()’ to access security critical method ‘System.Web.WebPages.ApplicationPart..ctor(System.Reflection.Assembly, System.String)’ failed.]


   System.Web.WebPages.Administration.SiteAdmin.RegisterAdminModule() +44


   System.Web.WebPages.Administration.PreApplicationStartCode.Start() +22


 


[InvalidOperationException: The pre-application start initialization method Start on type System.Web.WebPages.Administration.PreApplicationStartCode threw an exception with the following error message: Attempt by security transparent method ‘System.Web.WebPages.Administration.SiteAdmin.RegisterAdminModule()’ to access security critical method ‘System.Web.WebPages.ApplicationPart..ctor(System.Reflection.Assembly, System.String)’ failed..]


   System.Web.Compilation.BuildManager.InvokePreStartInitMethodsCore(ICollection`1 methods, Func`1 setHostingEnvironmentCultures) +556


   System.Web.Compilation.BuildManager.InvokePreStartInitMethods(ICollection`1 methods) +132


   System.Web.Compilation.BuildManager.CallPreStartInitMethods(String preStartInitListPath, Boolean& isRefAssemblyLoaded) +102


   System.Web.Compilation.BuildManager.ExecutePreAppStart() +153


   System.Web.Hosting.HostingEnvironment.Initialize(ApplicationManager appManager, IApplicationHost appHost, IConfigMapPathFactory configMapPathFactory, HostingEnvironmentParameters hostingParameters, PolicyLevel policyLevel, Exception appDomainCreationException) +516


 


[HttpException (0x80004005): The pre-application start initialization method Start on type System.Web.WebPages.Administration.PreApplicationStartCode threw an exception with the following error message: Attempt by security transparent method ‘System.Web.WebPages.Administration.SiteAdmin.RegisterAdminModule()’ to access security critical method ‘System.Web.WebPages.ApplicationPart..ctor(System.Reflection.Assembly, System.String)’ failed..]


   System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +9885044


   System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +101


   System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +254








 


 


 


Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.34009

					

		
		
	




			
				


	

		

					
Windows Server 2012 Now Available in the Windows Azure Virtual Machine Gallery

								

								 Craig
															Azure					
					, 							

					


				

			
Windows 2012 has been added to the Azure platform. Check out the below link for more info.


http://blogs.msdn.com/b/windowsazure/archive/2012/08/16/windows-server-2012-now-available-in-the-windows-azure-virtual-machine-gallery.aspx

					

		
		
	




			
				


	

		

					
Windows Azure Training Kit – June 2012

								

								 Craig
															Azure					
					, 							

					


				

			
The Windows Azure Training Kit includes a comprehensive set of technical content including hands-on labs and presentations that are designed to help you learn how to use the latest Windows Azure features and services.




The June 2012 update includes 42 step-by-step hands-on labs and 20 presentations covering the new Windows Azure features.  Some of the updates in this version include: 


· 12 new hands-on labs for Windows Azure Virtual Machines


· 11 new hands-on labs for Windows Azure Web Sites


· 2 new hands-on labs that demonstrate Windows Azure with Windows 8 Metro-style applications


· New hands-on labs for Node.js and PHP using Mac OS X


· Updated content for the latest Windows Azure SDKs, tools, and new Windows Azure Management Portal


· New and updated presentations designed to support individual sessions to a full 3 day training workshops


Download Now


You can download the training kit from the download center here:  http://bit.ly/WATKJune2012


 


The Windows Azure Training Kit – June 2012 update includes technical content that can be used on Windows 7, Windows 8, or Mac OS X. The Windows and .NET hands-on labs are designed for use with either Visual Studio 2010 or the Visual Studio 2012 Release Candidate. 


After installing the trainining kit, please refer to the setup instructions and prerequisites for each individual hands-on lab for more details

					

		
		
	




			
				


	

		

					
Announcing Windows Azure SQL Reporting General Availability

								

								 Craig
															Azure, SQL					
					, 							

					


				

			
The Microsoft BI Team has announced SQL Reporting on Azure!


 


Read more here: 


http://blogs.msdn.com/b/microsoft_business_intelligence1/archive/2012/06/12/announcing-windows-azure-sql-reporting-general-availability.aspx


 


With SQL Reporting on Azure, developers can use familiar tools such as the Business Intelligence Development Studio and SQL Server Data Tools to author reports, just as they do today when running SQL Server Reporting services on-premises. SQL Reporting on Azure provides consistent APIs to view, execute and manage reports along with rich formatting and data visualization options. 


Additional capabilities of SQL Reporting on Azure include: 


Elastic scale and high availability 


    

  • The SQL Reporting scales as your requirements grow with easy self-provisioning.

  • The Service has built-in high availability and fault tolerance. SQL Reporting is available across Microsoft Data centers around the world.
    • 



Report Formats 


    

  • With SQL Reporting, you have the ability to export reports to various popular file formats including Excel, Word, HTML, PDF, XML, and CSV.
    • 



Secure access 


    

  • The rich authentication and authorization model in SQL Reporting gives secure access to reports and underlying data. It keeps your data secure while offering access to even more users.
    • 



SQL Reporting on Azure offers a fully backed SLA and enables you to publish reports to the cloud or embed reports directly within on-premises applications that can be accessed via your browser, mobile devices or desktops. 


 


clip_image002

					

		
		
	




			
				


	

		

					
Poster showing SQL Azure Federation features, process, and key terms

								

								 Craig
															Azure, SQL, SQL 2012					
					, , 							

					


				

			
Microsoft has releases a poster explaining the federation process for Azure.


http://www.microsoft.com/en-us/download/details.aspx?id=29213


Overview


The poster explains the federation process, including creating the federation root database, creating the scheme, and then using the split operation to partition the federation member into two partition members by row. It also explains the database infrastructure and includes sample T-SQL statements.


image


http://www.microsoft.com/en-us/download/details.aspx?id=29213