Azure Roadshow 2016–Colombo

Azure Cloud technology is no doubt going to be the next biggest technology roadmap to Microsoft Partners and also to customers. As a Microsoft Gold Partner in Cloud technology we all believe it’s our responsibility to share the updates with peer members and also with our customers.

With that intention we started our first Azure Roadshow align with Global Azure Bootcamp on 2015. This year we took the same step inviting all the local MVP’s to share their experience with Azure technology and how it can help customers.

Group photoDSC_0820DSC_1033DSC_0870DSC_0818DSC_0999DSC_0913DSC_0948DSC_0824DSC_0834DSC_0893DSC_0900DSC_0835

System Center Universe 2016 @ APAC

One of the best System Center summit happening around the world. As a Infront employee I’m happy to announce our company did host the event for the third time in APAC region. This time in Malaysia soon after that in Australia. All the well known System Center experts in one room sharing their knowledge. I’m glad that I got the opportunity to be among those experts and carry out two sessions.

Azure becoming key topic for developers and IT Professionals. How we can save time be leveraging templates. This is where we can leverage Azure Resource Manager Templates. Carried out a session to show how ARM really can help for IT Professionals in their journey.

Disaster recovery can be taken to next level by leveraging the Azure cloud. Delviered another session covering how Microsoft extend their love to protect VMWare customers as well Smile In this session we covered about Azure Site Recovery for HYPER-V, VMWare & Physical servers. We also demo what is “Enhanced mode for VMWare” and what that is so cool.


Linux Integration Services Version 4.1 for Hyper-V


Microsoft released the latest Linux Integration Services (LIS) for the guest Linux VM’s running on HYPER-V. With this latest update following improvement has been introduced.

•Expanded Releases: now applicable to Red Hat Enterprise Linux, CentOS, and Oracle Linux with Red Hat Compatible Kernel versions 5.2, 5.3, 5.4, and 7.2.
•Hyper-V Sockets.
•Manual Memory Hot Add.
•Uninstallation scripts.

You can get the latest LIS from here.

Cannot upgrade SCOM 2012 R2 for UR7

This is another quick update which I came across during the field job (yes I’m back on the roots apart from sitting and designing solutions J). We’re in the process of making SCOM 2012 R2 environment updated to n-1 UR update. At this stage latest version is 8 and we decided to apply UR 7.

When I ran the command  greeted with following errors J

Msg 1105, Level 17, State 2, Procedure fn_AlertViewChanges, Line 2

Could not allocate space for object ‘sys.syscolpars’.’clst’ in database ‘OperationsManager’ because the ‘PRIMARY’ filegroup is full. Create disk space by deleting unneeded files, dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the filegroup.

Msg 1105, Level 17, State 2, Procedure fn_AlertViewChangesNoContext, Line 2

Could not allocate space for object ‘sys.sysobjvalues’.’clst’ in database ‘OperationsManager’ because the ‘PRIMARY’ filegroup is full. Create disk space by deleting unneeded files, dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the filegroup.

Msg 1105, Level 17, State 2, Procedure p_EffectiveMonitoringWorkflow, Line 3

Could not allocate space for object ‘sys.sysobjvalues’.’clst’ in database ‘OperationsManager’ because the ‘PRIMARY’ filegroup is full. Create disk space by deleting unneeded files, dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the filegroup.

Msg 1105, Level 17, State 2, Procedure p_GroomTypeSpecificLogTables, Line 2

Could not allocate space for object ‘sys.sysobjvalues’.’clst’ in database ‘OperationsManager’ because the ‘PRIMARY’ filegroup is full. Create disk space by deleting unneeded files, dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the filegroup.

Msg 1105, Level 17, State 2, Procedure p_InstallTypesAndReltypes, Line 3

Could not allocate space for object ‘sys.sysmultiobjrefs’.’clst’ in database ‘OperationsManager’ because the ‘PRIMARY’ filegroup is full. Create disk space by deleting unneeded files, dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the filegroup.

Msg 1105, Level 17, State 2, Procedure p_DiscoverySourcesEligibleForDeletionDueToOverridesProcedure, Line 2″

Looking carefully at the error messages it’s very clear disk full is the culprit. But again SCOM DB server having enough free storage. Problem related to low storage capacity define in the “OperationsManager” DB. Once the value has been modified UR7 upgrade ran smoothly.

Normally Log files capacity should be 50% of the size of Operations Manager DB J

Azure Active Directory Domain Services

When it comes to identity management Active directory have a long history plus many Enterprise companies rely on it. With the shift towards cloud based solutions and public cloud wave customers and Microsoft both has to think about how they manage their end user identities.

Right now Active Directory can be extending to cloud in couple of ways,

  1. Extend Active Directory to Azure by deploying DC in Azure and replicate with on premise Domain controller
  2. Extend on premise Active Directory with Azure Active Directory.

Latest option is AADDS (Azure Active Directory Domain Services). Think this is as Active Directory born purely in cloud. Your Azure virtual machines can be joined to Azure born Active Directory service. If you’re purely cloud born company and focus on clod based application this is ideal startup for you. Apart from that still you can import your on premise directory focus application to the cloud. Azure Active Directory Domain Service provided Windows Server Active Directory compatible set of API’s and protocols, delivered as a managed Azure service. This means as part of Azure AD you can now turn on support for all the critical directory capabilities your application and server VM’s need, including Kerberos, NTLM, Group Policy and LDAP.

So with this new AADDS you’ll get the ability to take any on-premises application that depends on Windows Server Active Directory and run it in Azure Infrastructure Services without having to worry about running, maintaining or patching Active Directory Domain Controller VMs. Those tasks will be taken care from Microsoft Azure team. (Isn’t this sound cool?)

Ok let’s have a high level steps how we can enable this new service.

  1. Create a Directory Service in the Azure portal,

    Make sure your domain name is a unique name.

  2. Create the ‘AAD DC Administrators’ group – Using the Azure management portal, create a group called ‘AAD DC Administrators’ and add all users who need to be administrators on the managed domain to it. These administrators will be able to join machines to the domain and to configure group policy for the domain.

  3. Select / Create the Azure virtual network in which to enable Azure AD Domain Services – you’ll need to create Azure virtual network to be associate with the AADDS. Ensure you pick a virtual network that satisfies the following criteria:


  • The virtual network belongs to a region supported by Azure AD Domain Services. See the region page for details.
  • Ensure the virtual network is a regional virtual network and doesn’t use the legacy affinity groups mechanism.
  • Ensure your workloads deployed in Azure Infrastructure services are connected to this virtual network.

  1. Enable Azure AD Domain Services for your Azure AD tenant – Enabling Azure AD Domain Services for your Azure AD tenant is a simple process. Navigate to the Azure AD tenant and click on the ‘Configure’ tab of your directory. You will notice a new section titled ‘Domain Services’.

    During this time make sure to select the correct virtual network you’ve created in the Step 3. You can also select custom domain name if you’ve already completed that step previously.

    Once the provision completed from Azure side you’ll see two Azure ADDS IP address will be available for you. Don’t be surprised if you don’t see two IP address at once. It can take 20-30 minutes for the first IP address to be displayed and another 20-30 minutes for the second IP to be available.

  2. Update DNS settings for the Azure virtual network – At this point, you can set these IP addresses as the DNS servers for the virtual network in which you had enabled Azure AD Domain Services. This enables virtual machines within that virtual network to ‘see’ the domain and connect to it for domain join, LDAP, authentication etc.

  3. Enable synchronization of legacy credential hashes to Azure AD Domain Services – This is an important step that you need to complete in order to use the domain you have just created. By default, Azure AD does not store the credential hashes required for NTLM/Kerberos authentication. You need to populate these credential hashes in Azure AD so users can use them to authenticate against the domain. The steps involved in populating these hashes Azure AD Domain Services are different for cloud-only and synced tenants.


    Cloud-only tenants – If your organization is a cloud-only Azure AD tenant, users that need to use Azure AD Domain Services will need to change their passwords. This step causes the legacy credential hashes required by Azure AD Domain Services for Kerberos and NTLM authentication to be generated in Azure AD and populated into Azure AD Domain services. You can either expire passwords for all users in the tenant that need to use Azure AD Domain Services or instruct these end-users to change their passwords.


    Users can use Azure AD’s self-service password change mechanism from the Azure AD Access Panel page in order to change their passwords. After users change their password, the hashes will be populated into Azure AD Domain Services. After the population is complete, users can then login to the domain using their newly changed password. Note that this is a one-time process and subsequent password changes will work automatically with Azure AD Domain Services.

  4. Going further you’ve completed most of the steps to use the ADDS service. If you’re creating the a new VM in the creation process you can select which virtual network VM should be provision. This will help the VM to receive the relevant DNS details.

    That’s about it! Azure AD Domain Services should be configured for your Azure AD tenant. Next step is to try out few scenarios in your new tenant like adding Azure VM to domain, importing on premise application…etc. You can get few scenario ideas from here.

Talk about pricing Azure AD Domain Services are available for all SKUs of Azure AD – i.e. Free, Basic and Premium. Azure Active Directory Domain Services usage is charged per hour, based on the total number of objects in your Azure Active Directory tenant, including users, groups, and domain-joined computers. Each tier supports a certain average user workload, 

Tier/Number of directory objects 1, 2

Approximate supported user workload

Preview price 2

General availability price 2

Less than 5,000

~1,250 users

Tier not available in preview


5,001 to 25,000

~6,250 users



25,001 to 100,000

~25,000 users

Tier not available in preview


Greater than 100,000

Contact us

Tier not available in preview

Contact us

Security is part of Microsoft bloodline

Two weeks back Microsoft CEO highlighted how they improve security and their over 1 billion annual investments on security solutions. He clearly iterates security is not a separate component but integral part of Microsoft solutions. Looking closely at Microsoft current business model it is very clear this statement stands true due to their expansion on cloud based solutions.

So today we’re talking about another step forward from Microsoft with the introduction of Azure Security Center (Preview version).

Image taken from here.

With Azure security center you can get,

  • Understand the security state of your Azure resources
  • Take control of cloud security with policies that let you recommend and monitor security configurations
  • Easily deploy integrated Microsoft and partner security solutions from Barracuda, F5, and Trend Micro and soon from Fortinet, Check Point, Cisco, Imperva, Incapsula, and CloudFlare
  • Get alerted to threats detected using advanced analytics, including machine learning and behavioral profiling, and Microsoft’s vast global threat intelligence assets

So in a nutshell this is Microsoft solution offering for total security protection for your cloud hosted applications and services. Interesting part is security is never ending story. So keep an eye on latest improvements happening on this section.

More information can be found here

Active Directory Replication Status Tool #ADServer #ITPro

Microsoft released new tool for System Administrators to monitor the Active Directory replication. This reminds me the good old command line “repadmin”. This tool will go beyond that and provide more information than what given by CSV file output. Apart from that one of the tool I really love when it comes to AD monitoring is Quest tools which acquired by Dell.

The Active Directory Replication Status Tool (ADREPLSTATUS) analyzes the replication status for domain controllers in an Active Directory domain or forest. ADREPLSTATUS displays data in a format that is similar to REPADMIN /SHOWREPL * /CSV imported into Excel but with significant enhancements.

Specific capabilities for this tool include:

Expose Active Directory replication errors occurring in a domain or forest

Prioritize errors that need to be resolved in order to avoid the creation of lingering objects in Active Directory forests

Help administrators and support professionals resolve replication errors by linking to Active Directory replication troubleshooting content on Microsoft TechNet

Allow replication data to be exported to source or destination domain administrators or support professionals for offline analysis

Considering the detail level information provided by this tool I would say this is must for System Administrators J

Microsoft Azure Virtual Machine Readiness Assessment #azure #cloud


This is not a latest news but thought sharing with you all an myself J.

Once you download and setup the tool it will scan the environment and provide you reports on the assessment. Reports can provide in details level descriptions as well. This tool work across physical and virtual machine environment.

Automated Assessment

  • This tool will provide a high level checklist and a detailed report.
  • The checklist outlines areas which are ready to move and areas which may need additional configuration or design changes.
  • The detailed report offers expert guidance and advice tailored to your environment.
  • Expert Advice


Your report shows areas that are ready to move and areas that need additional configuration or design changes.

Click into each area to get expert guidance and advice tailored to your specific situation.

Right now not all workload are scan and provided reports but I expect and improvement will come in the future. You can find detail instruction of the tool from here.

Nested Virtualization in Hyper-V

Finally, we’re hearing the god news from HYPER-V team we’ve been waiting for. HYPER-V on Server 2016 Preview version (Build 10565) is supporting nested virtualization. Now if you’re newbie on this then let me explain as much as possible by using general terms J

Nested virtualization means you’re running HYPER-V inside a HYPER-V vm ok? Well I guess that is not enough J

  1. You take a computer install server 2016 Preview with Build 10565
  2. You enable HYPER-V role in the host
  3. Create a Virtual Machine (Let’s say another server 2016)
  4. Go and enable HYEPER-V role in that VM (Yes now you can J)

There you go now you’ve nested virtualization. Very cool if you want to enable HYPER-V cluster and do testing. You can find more information about this news from here.

HYPER-V Production checkpoints

I already assume you’re aware and having Hyper-V experience knows the convenience / advantages of being able to take snapshots of VMs state before implementing a potentially disruptive change. But you also know the dangers of snapshotting for workloads such as domain controllers (DCs), Exchange Servers and SQL Servers: If you apply a checkpoint to a VM that’s replicating with others, it’s effectively sent back in time. That can cause AD corruption, password mismatches, missing group memberships and other data loss. But if you’re a developer then snapshot is a blessing for you to re-produce bugs…etc

With Server 10 (aka Server vNext) Microsoft is introducing new types of snapshots, called “Production Checkpoints”


It uses the Volume Snapshot Service (VSS) from within the VM, because the VM is aware that it happened (it’s more like a backup operation), applying a checkpoint won’t disrupt workloads. Basically machine will boot in normal boot process be restoring the previous snapshot data. Enterprise level applications (SQL, Exchange) will be aware about this restore process. This is an option you can enable and if you still prefer previous snapshot method in your demo environment you can switch back. With production checkpoint enabled Microsoft has taken HYPER-V customers to whole new level.


You can find entire list of Server vNext improvements in here