We recently migrated our VMWare 3-node plus SAN cluster to a 2-node hyperconverged Hyper-V setup, and after reviewing a few options for backing the thing up I decided on Azure Backup Server.
Our previous setup involved Veeam doing the local backups, then Cloudberry transferring all this into an Azure storage account periodically. I like this setup but want to simplify it (and save money). Best thing here is Azure Backup Server is essentially free – you’re just paying for the data transfer and storage costs in Azure – which I am already paying for anyway. It will do local backups, i.e. Disk-to-disk, but also allow you to back up to Azure (hence the name), i.e. Disk-to-disk-to-cloud. Perfect.
I’ve recently replaced my servers with some nice HPE ProLiants with iLO 4 Advanced. One of the first steps I wanted to get sorted was replacing the self-signed SSL certificates so I don’t have to sit through the warning messages every time I open the web interface. I’ve already got an Active Directory Certification Authority set up so thought I’d use that, given that the root CA certificate is already installed and trusted on all devices.
A while ago we accidentally deleted a leaving staff member’s account instead of disabling it – and pure bad luck means this particular member of staff came back a week later to cover a staff illness. Not wanting to have to re-create the account I discovered that the Active Directory Recycle Bin had not been enabled in the forest – oh no! Luckily we can still get the account back. Objects deleted in AD are tombstoned for 180 days (by default). Continue reading “Active Directory: Recovering Deleted Items”
We had re-imaged all devices to Win 10 Edu 2004, after testing everything worked in a couple of rooms. All good, then the first day with teachers back and we get multiple calls about computers crashing with BSOD while the interactive whiteboards are being used.
Whilst the user reported multiple crashes, when I went in person I wasn’t able to cause it to crash so couldn’t just look at the “What failed” bit on the Win 10 BSOD screen.
A quick look at the system event log on one of the computers in question shows nothing useful – just “the computer has rebooted from a bugcheck”. You can get the error code here too but no pointer as to what actually caused this.
There’s a lot of apps in the Windows Store, and one of the best bits about them is we don’t have to worry about managing their updates. Luckily we can deploy these through MEMCM and it is fairly easy to do.
You will need a subscription which creates an Azure tenancy (e.g. Office 365) to link MEMCM with the Microsoft Store for Business (or Microsoft Store for Education) – the Business and Education versions are pretty much the same just with different phrasing in places. Continue reading “Deploying Apps from the Windows Store”
I don’t like things that can’t be automated. I started looking at School Data Sync (SDS) last year, however the templates provided by iSAMS, which is our school Management Information System, just gave a set of CSVs and you had to manually click to get them, then click to upload them into SDS. Since iSAMS has an API, I thought this was a bit of a silly way of doing things – who wants to go through a manual process every time a pupil changes class? So instead I wrote my own powershell to pull the data through the iSAMS API, then run through the New-Team cmdlet to create a team per class, and populate it with teachers and students.
As we’re a school we need our new teams to be running the Edu_Class template, but the template parameter on New-Team only exists in the preview (and in Graph, on the beta endpoint) where it has much harsher limitations on how often and fast you can call it – a nightmare trying to call it in a loop. Anyway with the addition of “Start-Sleep 30” in the loop I eventually got them all created. However this time I am having another look at SDS and using Power Automate (previously known as Flow) to make the process completely automatic.
If you are moving any of your local network services into Azure it’s likely you don’t want to have to access them over the Internet and would rather have a VPN, and “private” IP addresses assigned to each of your Azure Virtual Machines. Here I go through how to set this up using my home lab and Azure tenancy as an example. Continue reading “Creating a VPN from your on-site network to Azure”
In-place upgrade of Windows 2016 Azure VMs to Windows 2019 is not officially supported but still something we occasionally need to do. While I’d recommend you spin up a new 2019 VM and migrate your workload if at all possible, it’s a bit long winded but you can do an in-place upgrade.
If you’re lucky it’s as simple as copying the files off the ISO and running through the upgrade wizard, however if it brings up any prompts or messages you need to connect to the console to view you’d not get very far with a service like Azure where you cannot view the console, and this is one of the reasons why it is unsupported directly on Azure.
I’ve done two upgrades so far, one the following way and one just running the ISO. Both methods have worked out fine for me.
First of all you will need access to Azure with permission to manage the Virtual Machine in question, access to a storage account (or permission to create one), a local system running Hyper-V (this can just be a powerful PC running Windows 10), the Server 2019 ISO (or other installation source) and, if you don’t want a very long wait, a decent Internet connection.
One of my C# projects is an application to create guest accounts for the school wireless network. The wireless network is set up with 802.1X authentication, so we can log in using Active Directory user accounts.
The main parts of this system are:
Pass Generator application (C#) – creates the user accounts and prints tickets with instructions
Epson T88 based receipt printers – either USB or networked – to print the tickets
So I’ve been trying to get the new Edge to open, sign in automatically with the current user’s Azure AD credentials and then turn on sync, without any screens to click through or anything like that.
I’ve got about as close as is possible – user opens the browser, it signs them in and asks if they want to sync or not.
To get this to work we have the UserPrincipalName of all our accounts identical to the Office 365 primary email address (and sign-in name). The devices are all hybrid Azure AD domain joined (see here if you thought you couldn’t set this up as it wants a forest level SCP) Continue reading “Edge Chromium (almost) perfect configuration”
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.