You may notice the following error on an Azure VM in the event log under Applications and Services Logs, Microsoft, Windows, Kernel-EventTracing, Admin:

Log Name: Microsoft-Windows-Kernel-EventTracing/Admin
Source: Microsoft-Windows-Kernel-EventTracing
Event ID: 2
Task Category: Session
Level: Error
Keywords: Session
User: SYSTEM
Computer: CLJul8WS08R2A
Description:
Session "WindowsAzure-GuestAgent-Metrics" failed to start with the following error: 0xC0000035

This error can be safely ignored. In scenarios where you are monitoring for event log errors and want to prevent the error from being logged, you can use the following steps.

Run the following commands from an elevated PowerShell prompt.

1. Set the MetricsSelfSelectionSelected value in the registry to 2.
    
   New-ItemProperty -path HKLM:\SOFTWARE\Microsoft\GuestAgent -name 'MetricsSelfSelectionSelected' -value 2 -type dword –force
     
2. Restart the Windows Azure Telemetry Service service.
   
   Restart-Service WindowsAzureTelemetryService
    
3. Stop the WindowsAzure-GuestAgent-Metrics event trace session.
    
   logman stop 'WindowsAzure-GuestAgent-Metrics' -ets
     

Note that setting MetricsSelfSelectionSelected to 2 in the registry and stopping the WindowsAzure-GuestAgent-Metrics event trace session has no impact on the normal functioning of the VM agent.

The logman command achieves the same as clicking Stop on the WindowsAzure-GuestAgent-Metrics under Event Trace Sessions in Performance Monitor:

The Windows Azure Import/Export Service enables you to move large amount of data in or out of your Microsoft Azure storage accounts. It does this by enabling you to securely ship hard disk drives directly to our Microsoft Azure datacenters. Once we receive the drives we’ll transfer the data to or from your Microsoft Azure Storage account.

For more information on Windows Azure Import/Export Service please refer to this article: http://azure.microsoft.com/en-us/documentation/articles/storage-import-export-service/

For each hard drive that you prepare with the Azure Import/Export tool, the tool will create a single journal file. You will need the journal files from all of your drives to create the import job. The journal file can also be used to resume drive preparation if the tool is interrupted.

You might come across the following error when you are adding a journal file while creating a new import job using the Azure Management Portal.

“Error: The provided file doesn’t contain valid drive information”.

This issue is caused due to incorrect date format in the journal file. When the .jrn file is opened in a text editor, you will find the date format is different from the expected format. The date format in the journal file will be “2014.07.06 11:52:53.704” but the expected date format is “2014/07/06 11:52:53.704”. The date format by default on Windows machine has “/” for the separator but this could be changed in the Regional Settings. If you have made changes in the regional settings to the date format then you may see this error.

We are aware of this issue and are working towards a fix. As a workaround edit the journal file using a text editor to find and replace all the dates in incorrect format from 2014.07.06 to 2014/07/06 format.

You can set up AutoScale for your Cloud Services, Virtual Machines, Web Sites from the Azure Management Portal. For Virtual Machines, autoscale can be configured for each availability set. You can setup AutoScale for your availability set only if:

• You have only‘Standard’ VMs in your Availability Set. Basic VMs cannot participate in AutoScaling.
• Your ‘Standard’ VMS are of same size.

Currently the Portal doesn’t allow you to configure AutoScale for the AvailabilitySet if you have a ‘Basic’ VM in the Cloud Service, even if that ‘Basic’ VM is not present in this AvailbilitySet for which you are configuring AutoScale. This is already identified as a problem, and our teams are working to fix it sooner in the Portal. I’ll update this blog post once this is resolved.

However, you can easily configure AutoScale for the Virtual Machines using the Service Management REST APIs. You can programmatically use the REST APIs, and pass in the necessary parameters, or you could any tool that’s capable of creating a simple HTTP(S) request, attaching a client certificate. To use the REST API, you need to pass in the client certificate that is already uploaded to your Azure Subscription.

Here are the brief steps:

Create a new self-signed Certificate, and upload to the Azure Management Portal

You can follow this article to create a new certificate. Once you execute the makecert command mentioned, the certificate will be created at user’s personal store. You need to then export the certificate as a .cer file, and then upload it to the Azure Management Portal (Settings –> Management Certificates).

Use Fiddler to generate the REST API Request, and pass the right parameters

AutoScale REST API is documented here. To set up AutoScale, we need to use the ‘Update Autoscale settings’ operation. This is a PUT request with the right parameters. URI Parameter to the endpoint would be resourceId=/virtualmachines/<cloudservice>/availabilitySets/<availability-set>. The documentation page has the structure of request body.

Let’s use Fiddler to craft this HTTPS request, with the client certificate.

1. Place the exported .cer file under C:\Users\<username>\Documents\Fiddler2 naming it as ‘ClientCertificate.cer’.
2. Run Fiddler, and you can stop the capture (File –> Capture Traffic). Else you will see all the outgoing HTTP(S) traffic from this machine on the Fiddler.
3. In the right hand side, choose “Composer” tab.
4. Use the below settings:

Above is an example setting that would scale based on the timings. Day time (9AM to 6PM PST), it scales to 2 instances by default, and in the night time, it reduces the instance size to just 1. You could use the various other parameters documented in this page to alter the request body to choose the right setting.

Tip : You could also do a GET operation to the same endpoint, and get the scale setting. For example, since you are not able to configure it via the portal if you have a Basic VM in your Cloud service, you could create a test Cloud Service, and add standard VMs, and configure the AutoScale from the Portal. Then, do a GET operation to that using Fiddler, or any other tool, and use the JSON output in the PUT operation.

Hope this helps!

Azure Service Management REST API is used by all the public tools provided by Microsoft to manage your Azure Subscription – Portal, New Portal, Powershell, X-Plat CLI. You can use the same APIs to build your own tools that would manage your Azure Subscription. Sometimes, it is little difficult to bring up all the necessary information needed to be passed on to the REST API call. MSDN documentation of all these REST APIs has all the information that you need. And, there are sometimes, you might need more help.

Azure Powershell, and Azure xplat CLI tools, both use the same REST API endpoints to manage the subscription. You could take help from them as well. They have their own debug switch that shows up the REST API endpoint, and the parameters that needs to be passed.

For example, if you want to list all the VMs, from Azure Powershell, you run Get-AzureVM. You can pass in -Debug switch to any Azure Powershell cmdlet, and that’ll emit the debug information which includes the REST API endpoint, and the parameters passed in.

Typically, you are always good in any GET operations, since you only have to pass in the right URIs. Any create/update operation is tricky, since that typically involves you sending an request body as an XML, or JSON. Try -Debug for any command, and you will be able to see the entire request payload that goes.

And, for Azure Cross Platform CLI, it is the –vv switch.

Hope this helps!

For Azure Virtual Machines, we document storage limits of 500 IOPS per disk, and the guidance to not place more than 40 highly used VHDs in any single storage account since there is a 20,000 IOPS limit per storage account.

By default, each subscription can have up to 20 storage accounts containing up to 500 TB each. The limit of 20 storage accounts per subscription can be increased to up to 50 by contacting Microsoft support.

The risk of storage account throttling having a negative performance impact on your VMs exists once you have more than 40 highly used disks in a single storage account. And with more than 40 disks in a single storage account, each disk wouldn't need to be hitting the 500 IOPS limit for the entire storage account to be hitting the 20,000 IOPS limit.

Determining the Number of Disks in a Storage Account

You can get a count of disks per storage account manually by looking in the portal under Virtual Machines, then select Disks. Disks in the same storage account will have the same first label of the DNS name under the Location column. For example, the location of https://clnorthcentralusstorage.blob.core.windows.net/... indicates the disk resides in the storage account named clnorthcentralusstorage.

A simpler way to get a count of disks per storage account is with Azure PowerShell using the Get-AzureDisk cmdlet. In the example below, the clnorthcentralusstorage account has 46 disks. If all of those disks were highly utilized at the same time, the storage account would be at risk for being throttled due to the 20,000 IOPS limit for a single storage account, and some of the disks would see performance lower than the 500 IOPS per-disk limit.

Get-AzureDisk | Where-Object { $_.AttachedTo } | Group-Object {$_.Medialink.Host.Split('.')[0]} –NoElement

Count Name
----- ----
 46 clnorthcentralusstorage

Monitoring for Storage Account Throttling

To monitor for storage account throttling, in the Azure management portal, select Storage on the left, select the storage account you want to monitor on the right, the select the Configure tab and under the Monitoring section, change Blobs from Off to Minimal (Verbose will work also, but is not necessary to monitor just for storage account throttling).

Now switch to the Monitoring tab, select Add Metrics at the bottom of the page, and under Select Metrics to Monitor, select Throttling Error and Throttling Error Percentage, then click OK.

Now you can view minimum, maximum, average, and total values for those metrics for either 6-hour, 24-hour, or 7-day timeframes. 

Additionally you can configure alerts to get email notification when those metrics hit a defined threshold.

To configure an alert, on the Monitor tab for a storage account, select the metric you want to alert on, then click Add Rule at the bottom of the page. Provide a display name for the alert rule, and then define the alert threshold.

Make sure to select Send an email to the service administrator and co-administrators so you are notified via email when the alert threshold is hit. Additionally, you can select Specify the email address for another administrator if you want to send to an email address other than one for the service admin and co-admins for the subscription.

Once the rule is created, you can click through on 1 rule configured on the far right column, or go to Management Services in the left navigation pane of the portal and select Alert, then select the rule to view the alert details and recent alert history (last 20 occurrences).

When the metric hits the defined threshold and triggers the alert, if email notification is enabled on the alert, you will get an email with a subject line similar to this: 

[ALERT ACTIVATED] - PercentThrottlingError GreaterThan 0 (percentage) in the last 60 minutes

And when the metric falls below the threshold, you will get an email indicating the alert was resolved:

[ALERT RESOLVED] - PercentThrottlingError GreaterThan 0 (percentage) in the last 60 minutes

Here is an example of the mail when an alert is activated:

More Information

• Azure Subscription and Service Limits, Quotas, and Constraints
• Create Alert Rule (API reference for programmatic creation of alert rules)
• SOSP Paper - Windows Azure Storage: A Highly Available Cloud Storage Service with Strong Consistency
• Performance Best Practices for SQL Server in Azure Virtual Machines
• Virtual Machine and Cloud Service Sizes for Azure

Windows Azure is an ever evolving Microsoft cloud platform. You may find it tough to stay updated with all the latest features, current news and technical know how’s. To help you stay updated with all thing Azure, we have put together a list of websites, blogs and other resources that you can follow to stay updated with all things Windows Azure.

 Blogs

Twitter

RSS Feed

Podcast

Windows Azure Documentation

Don't forget to check out  Windows Azure Learning Resources for loads of resources to help you learn, understand and leverage Windows Azure cloud platform.

Microsoft has loads of resources to help you learn, understand and leverage Windows Azure cloud platform. This is our effort of listing the resources that are available to help you learn about the Windows Azure architecture, security, features and implementation.

Architecture

•          Inside Windows Azure: The Cloud Operating System
•          Introduction to Windows Azure: The Cloud Operating System
•          Windows Azure Internals
•          Windows Azure, Cloud Operating Systems and Platform as a Service

Features and Offerings

•          http://www.windowsazure.com/en-us/services/
•          Windows Azure Book for IT PRO

Implementation Guide

•          Moving Applications to the Cloud, 3rd Edition
•          Windows Azure Documentation
•          MSDN Windows Azure Library

Understanding IaaS

•          IaaS on Windows Azure: Virtual Machines and Virtual Networks with Mark Russinovich
•          Hybrid Networking Offerings in Windows Azure
•          Best Practices from Real Customers: Deploying to Windows Azure Infrastructure Services (IaaS)
•          Building Your Lab, Dev, and Test Scenarios in Windows Azure (IaaS)
•          Hosting a Microsoft SharePoint 2013 Farm on Windows Azure
•          Achieve High Availability with Microsoft SQL Server on Windows Azure Virtual Machines
•          Performance Tuning Microsoft SQL Server in Windows Azure Virtual Machines
•          Designing and Building Disaster Recovery Enabled Solutions in Windows Azure
•          Getting the Most out of Windows Azure Storage

Windows Azure Security

•          Technical Overview of the Security Features in the Windows Azure Platform
•          Windows Azure Security Overview
•           Security Best Practices for Developing Windows Azure Applications
•          Windows Azure Data Security (Cleansing and Leakage)
•          Windows Azure Security Notes
•          Crypto Services and Data Security in Windows Azure
•          Windows Azure: Understanding Security Account Management in Windows Azure
•          Securing and Authenticating a Service Bus Connection
•          Scenarios and Solutions Using Windows Azure Active Directory Access Control
•          Security Guidelines for SQL Database

Windows Azure Training Kit

•          Windows Azure Training Kit

Demo

• Windows Azure Friday- Trusted voices at the center of the Enterprise and Cloud computing

• Tuesdays' with Corey- Corey Sanders answers your questions about Windows Azure

Microsoft Virtual Academy

• These Windows Azure courses cover key technical topics, including VM, Virtual Networks, and PaaS.

Hope this post was informative!!

If you don’t already have a Windows Azure account, you can sign-up for a free trial and start using Windows Azure.

Special thanks to Sri Harsha for reviewing this post!!

 In this post we will look at:

• Why Windows Azure updates the host OS?
• How does the host OS update take place?
• What are availability sets?
• How does creating availability sets make your application highly available?
• Resource to help you create and manage highly available applications in Windows Azure Virtual Machines
• More Information

Why Windows Azure updates the host OS?

Windows Azure deploys updates to the host OS approximately once per month. This ensures that Windows Azure provides a reliable, efficient and secure platform for hosting your applications.

How does the host OS update take place?

The host OS update on the Windows Azure platform is different when compared to how you update your PCs or servers running on Windows OS. In case of Windows Azure a new image which contains all the latest updates and fixes is deployed to all the servers and the Fabric Controller will instruct these servers to restart and boot from the newly deployed image. So unlike a Windows update which could take considerable amount of time to complete, the Windows Azure host OS update just involves booting from a new image. Typically this Host OS update process will take 15 to 20 minutes to complete.

What are availability sets?

When you have two or more VMs that perform the same task (Example: two or more web servers) you create an availability set with those two VM. Creating this availability makes your application highly available and also makes you eligible for the 99.9% uptime SLA.

How does creating availability sets make your application highly available?

When you create an availability set you are instructing the Fabric Controller that all the VM in an availability set perform the same function and  must not be taken down at the same time for scheduled maintenance.

Behind the scene what happens is, the Fabric Controller will intelligently place these VMs on different update domains (UD). These UDs are logical classification which will help the FC to ensure that all VMs in the same AS are not taken down at the same time during any scheduled maintenance. This will ensure that there are VMs which are always available to process requests.

Note:

1.   Test/monitor to make sure a reduced VM count running the workload provides sufficient performance so your service is not negatively impacted during planned maintenance while one or more VMs are unavailable.
2. If you are using end point to allow incoming traffic from the outside world ensure that it is load balanced. (See “Creating Highly Available Workloads with Windows Azure” below.)

Resource to help you create and manage highly available applications in Windows Azure Virtual Machines

• Use Endpoints to maintain high availability
• Manage the Availability of Virtual Machines
• Creating Highly Available Workloads with Windows Azure

More information

Windows Azure Host OS Updates: Why, When and How: http://blogs.technet.com/b/markrussinovich/archive/2012/08/22/3515679.aspx

Role Instance Restarts Due to OS Upgrades: http://blogs.msdn.com/b/kwill/archive/2012/09/19/role-instance-restarts-due-to-os-upgrades.aspx

Special thanks to our WATS Linux experts- Joao Madureira, Vittorio Franco Libertucci and Patrick Catuncan for reviewing this post.

When you create a VM in Windows Azure you are provided with a temporary storage automatically. This temporary storage is “D:” on a Windows VM and it is “/dev/sdb1” on a Linux VM.  

This temporary storage must not be used to store data that you are not willing to lose.

Windows VM:

Linux VM:

 Note:In any linux distro on Windows Azure, the sdb1 will be the temporary drive to be mounted. The mount point and directory mounted might be different between linux distros.

The temporary storage is present on the physical machine that is hosting your VM. Your VM can move to a different host at any point in time due to various reasons (hardware failure etc.). When this happens your VM will be recreated on the new host using the OS disk from your storage account. Any data saved on the previous temporary drive will not be migrated and you will be assigned a temporary drive on the new host.

What is the size of the temporary storage?

The temporary storage varies with size of the VM that you have selected. Below is the list of VM size and its corresponding temporary disk size.

Temporary disk size may change in the future, always refer to this link for accurate information on the temporary drive size.

Is there any cost associated with temporary storage?

The temporary storage provided with each VM has no extra cost associated with it for storage space as well as for transactions.

What is the purpose of temporary storage?

This temporary storage is used to save the system paging file.

You can also use this drive only to store temporary data, which you can afford to lose at any time.

Like for example: If your workflow involves getting content from the blob, processing it and storing it back to the blob then you could download content to the temporary storage, process the content, then take the processed content and save it back to the blob.

Windows VM:

Linux VM:

Note:

• Keep in mind the /dev/shm uses the swap file on /mnt/resources to do what on windows would be the pagefile.sys.

Reference for /dev/shm

http://superuser.com/questions/45342/when-should-i-use-dev-shm-and-when-should-i-use-tmp

What is the IOPS for temporary storage?

This temporary storage drive is present on the physical machine which is hosting your VM and hence can have higher IOPS and lower latency when compared to the persistent storage like data disk.

When will the data on temporary drive be lost?

When you resize the VM, When you shutdown or restart your VM, when your VM is moved to a different host server(due to service healing, shutdown and restart), when the host is updated, when the host experiences a hardware failure etc.

Is there a way to recover data from the temporary drive?

There is no way to recover any data from the temporary drive.

What should I do to store data that I cannot afford to lose?

You can attach a data disk to the virtual machine to store data that you cannot afford to lose. OS disk and data disks are persistent storage. More information on data disks here.

 So always remember not to store any important data on the temporary storage and use data disks for additional storage requirement.

This post is authored by Lalitesh Kumar, Pradeep M G and reviewed by Avinash Venkat Reddy. Also special thanks to Adam Conkle and Craig Landis for providing the "points to consider from Azure SLB perspective".

FTP may run in active or passive mode. Passive mode is extensively used to solve the issue of the client firewall blocking the FTP server data connection. Detailed information on FTP server modes here.

Setting up a Passive FTP server in Windows Azure VM involves the following steps: 

1. Deploying a Windows Azure VM
2. Installing FTP service on Windows Azure VM
3. Adding the FTP site to IIS Manager on Windows Azure VM
4. Specify the data channel port for passive FTP connection on Windows Azure VM
5. Adding ports specified in the previous step as endpoint to the VM
6. Adding Firewall rules to allow traffic on the added endpoint
7. Verifying that FTP server is using the port previously specified under data channel port
8. Points to consider from Azure SLB perspective

Deploying a Windows Azure VM

1. Log in to the Windows Azure management portal.
2. Create a Windows Azure VM with Windows Server 2012 or Windows Server 2008 image. 
3. Fill in the appropriate details under the Create a Virtual Machine dialog tabs. 
4. Once the VM is provisioned, RDP into the VM.

Note: If you are new to using Windows Azure then here are the detailed steps to provision a Windows Server VM and RDP to it.

Installing FTP service on a Windows Azure VM

1. Open Server Manger and click Add roles and features.

       2. From Installation Type tab select Role based or feature-based installation and click Next.
       3. From Server Selection tab select the server on which you want to enable FTP and click Next.
       4. From Server Roles tabselect Web Server (IIS), you will be presented with the Add Roles and Features Wizard.Click Web Server (IIS) andthen click Add Features.
 

5.       Click Next on the Features and Web Server Role (IIS) tabs.

6.       From Role Services tab select FTP Server and FTP Service and click Next.
 

       7. From Confirmation tab click Install and wait for the installation to complete.

Adding the FTP site to IIS Manager

1. From the Control Panel> Administrative Tools open the IIS Manager.
2. From IIS Manager, in the Connections pane, expand the Sites node in the tree, then right click the Default Web Site. 
3. Now click Add FTP Publishing.
4. Fill the Add FTP Site dialog box as shown in the below figures and click Finish.

Specify the data channel port for passive FTP connection on Windows Azure VM

1. From the Control Panel open the IIS Manager.
2. In IIS Manager, in the Connections pane, click local host.
3. In the Home pane, double-click the FTP Firewall Support feature.
4. In the Data Channel Port Range box specify a Port Range. In this case we have used 1035-1040. The External IP Address of Firewall is the VIP of your VM.

     5. Click Apply. You will be prompted to configure the firewall to allow FTP access.
 

    6. To make sure that FTP server has taken all the setting we added, let's stop and start the FTP service.

    Note: iisreset does not restart the FTP service as it is outside the IIS.
 

Adding ports specified in the previous step as endpoint to the VM

Ports 1035 to 1040 should also be added as endpoint to the Azure VM. You can add multiple ports as endpoint to the VM using Windows Azure PowerShell. Detailed procedure here.

You can also add endpoints using the management portal.Detailed procedure here.

To confirm that the said ports are added to the VM, please check the endpoint list on portal for the said VM.

Note: You also would need add port 21 to the endpoint list which is command port for FTP connection.

Adding Firewall rules to allow traffic on the added endpoint

For ports added as endpoints in the above procedure, no configuration is done automatically to the firewall in the guest operating system. When you create an endpoint, you'll need to configure the appropriate ports in the firewall to allow the traffic you intend to route through the endpoint.

In this case I have disabled the Windows firewall for simplicity. You can refer here to modify the firewall rules to allow traffic on the ports added as end points.

We are now done setting up the passive FTP Server on a Windows Azure VM.

Verifying that FTP server is using the port previously specified under data channel port
 

1. Client connects on the command port, which is usually TCP port 21.
    
2. When the connection on command port is successful, the server sends a port to the client to connect to.
   
   If you are using FileZilla, you will see something like this:
   
   Command:        PASV
   Response:        227 Entering Passive Mode (168,63,240,169,4,14).
   
   Where 168,63,240,169 is the IP address of the VM and 4,14 is the port on which the data traffic is routed (256*4+14=1038).
   
   This is how you determine that a port added in previous steps are actually being used to establish a passive FTP connection.

Points to consider from Azure SLB perspective

When FTP is transferring large files, the elapsed time for transfer may exceed 4 minutes, especially if the VM size is A0. Any time the file transfer exceeds 4 minutes, the Azure SLB will time out the idle TCP/21 connection, which causes issues with cleanly finishing up the FTP transfer once all the data has been transferred.

Basically, FTP uses TCP/21 to set everything up and begin the transfer of data. The transfer of data happens on another port. The TCP/21 connection goes idle for the duration of the transfer on the other port. When the transfer is complete, FTP tries to send data on the TCP/21 connection to finish up the transfer, but the SLB sends a TCP reset instead.

The way around this is to make the client to keep the TCP/21 connection from going idle. If using a 3^rd party FTP client, there may be configuration knobs the user can turn in order to cause the FTP client to send a keepAlive. As an example of how you can set this in FTP client software, in FileZilla, you go to Edit, Settings, Connection, FTP, and check Send FTP keep-alive commands.

If the FTP client is being written in .NET, customers will need to account for this client-side keepAlive in their code. Here is a sample (the keepAlive is highlighted):

        privatevoid button1_Click(object sender, EventArgs e)

        {

            System.Net.ServicePointManager.SetTcpKeepAlive(true, 30000, 20000);

            try

            {

                System.Net.WebClient oFTPDownloadWebClient = new System.Net.WebClient();

                oFTPDownloadWebClient.Proxy = null;

                oFTPDownloadWebClient.Credentials = new System.Net.NetworkCredential("username", "password");

                oFTPDownloadWebClient.DownloadFile(new System.Uri("ftp://contosoFTP.cloudapp.net/LargeFile.Dat"), "C:\\Temp\\Big.dat");

                 return;

             }

            catch (System.Exception ex)

            {

                MessageBox.Show(ex.Message);

             }

        }

Load balanced endpoints are not supported in Azure Passive FTP server

You will be unable to load balance your endpoints when using a Passive FTP server in Azure since there is no session stickiness between the server’s Command Port (21) and the random data ports that get selected when there is data being transferred btw the client and the ftp server.

The client will contact the FTP server (Azure VM) through Port 21 (Server’s Command port), and establish an FTP session. Then as soon as the client tries to download or upload data, the FTP server (Azure) will send a hashed port number to the client (from the list of data ports you select when setting up your FTP service).

It will look like:

ReplyCode: 227, Entering Passive Mode <h1,h2,h3,h4,p1,p2>

Entering Passive Mode (<ftp_svr_ip>, a, b)

The port can be calculated as:

Random Ephemeral Port = (a*256) + b

The server will select a random ephemeral port for every data session that is opened (within the port range specified when setting up the FTP service).

Let’s say you have Azure FTP Servers FTP1 and FTP2 behind the load balancer.

You place FTP1 and FTP2 in the same cloud service;

You load balance Port 21 and all the data ports across these two VM’s;

The client tries to establish an FTP session (through Port 21), and the LB first selects FTP1.

The client then chooses to download a file from FTP1.

FTP1 will respond back to the client and provide a random data port that the client will need to use to access its data channel;

The client then has to set up a new TCP session with that target data port on FTP1, and this request goes through the Load Balancer;

The LB, which is not configured with sticky sessions, and is just a Layer 3 round robin LB, will not keep track of the session previously established with FTP1 and may pick FTP2 instead.

 While this can work with Active FTP (since no endpoint is required for outbound traffic, and since active FTP just uses Src Port 20 to initiate the data channel with the client).

ACTIVE FTP

PASSIVE FTP

Running concurrent traces on the client and the 2 Azure FTP servers will show this.

Conclusion

The first four steps and the fifth step are general steps which you should complete to setup a passive FTP on a Windows server however the 4th step is specific to Windows Azure. Another point to note is that currently Windows Azure only support 150 endpoint. Keep this in mind when adding endpoints. The last step is just a verification step where we trying to conclude that the FTP server is actually using the ports that we specified.

Hope this post was helpful!

UPDATE Mar. 10: This issue is now resolved. The fix has been fully deployed to all Windows Azure hosts. There is no action needed within the VM itself, as the fix was on the Windows Azure hosts.

We recently determined the Storage Spaces feature in Windows Server 2012 R2 is not compatible with the virtual hard drives (VHDs) created by Windows Azure for use as data disks for the Virtual Machines feature (IaaS). Not only will the disks not enumerate in Server Manager, but they will also show up as CanPool=False when enumerated using Get-PhysicalDisk in PowerShell. The same VHDs work fine when used with Windows Server 2012. The root cause of the problem is that the physical disk size advertised by Azure VHDs is not compatible with Windows Server 2012 R2 Storage Spaces. 
  

If you are using the Visual Studio 2013 Gallery image for MSDN subscribers to create an Azure VM and try running SQL Server Configuration Manager without taking additional configuration steps first, you may see the following error message:

Cannot connect to WMI provider. You do not have permission or the server is unreachable. Note that you can only manage SQL Server 2005 and later servers with SQL Server Configuration Manager. Invalid class [0x80041010]

To resolve this issue, right-click the PowerShell shortcut on the taskbar, click Run as Administrator, copy the command below to the clipboard, right-click the PowerShell window to paste it, then hit ENTER to run the script.

C:\ConfigureDeveloperDesktop\Scripts\ConfigureSQLServer.ps1

It will take a few minutes because it is installing SQL Server Developer Edition, but when the script finishes can launch SQL Server Configuration Manager without error.

For more information see Configure SQL Server for SQL and BI development environment (there is a shortcut to that page on the desktop of the Visual Studio images).

Only the minimal LocalDB version is installed in the image by default since that satisfies most local development requirements and most Visual Studio templates choose LocalDB as the default database backend. LocalDB doesn’t require further configuration and should just work after VM creation.

Note that while you may be able to get around the error with the command below (for example, as referenced here), it is recommended that you instead run the PowerShell script referenced above to properly configure SQL Server on VMs created from the Visual Studio gallery images.

mofcomp "C:\Program Files (x86)\Microsoft SQL Server\110\Shared\sqlmgmproviderxpsp2up.mof"

You can use mstsc /admin to work around the following licensing error when attempting to connect with RDP to an Azure VM:

The remote session was disconnected because there are no Remote Desktop License Servers available to provide a license.

Please contact the server administrator. 

Using mstsc /admin disables licensing for that connection only, so you could only ever have a maximum of two connections made with /admin at the same time. But it is helpful in this scenario where the 120-day Remote Desktop licensing grace period has expired and you need to access the VM to install RDS licenses. Note that if you encounter this error and you don’t need more than two RDP connections to the VM at the same time, you can use Server Manager to remove the RDS role so licensing is not enforced and you go back to having a maximum of two administrative connections.

Note that you can also edit the RDP file in a text editor and add /admin to achieve the same thing as running mstsc /admin.

full address:s:MYVM.cloudapp.net:57362 /admin

See also:

Use command line parameters with Remote Desktop Connection
http://windows.microsoft.com/en-us/windows/command-line-parameters-remote-desktop-connection/

The VM agent for Windows Azure Virtual Machines is now installed by default when creating new VMs in the management portal or with Azure PowerShell (February release 0.7.3). Currently the BGInfo extension is enabled by default which displays VM information on the desktop using the BGInfo tool, and additional VM agent extensions are planned for release in the near term.

If you do not want the VM agent installed, you can use the From Gallery method in the portal instead of Quick Create and uncheck the VM Agent check box that is selected by default. To prevent it from being installed if you are creating a VM with Azure PowerShell you would use Add-AzureProvisioningConfig -DisableGuestAgent with New-AzureVM.

The agent is installed to C:\WindowsAzure and extensions are installed in C:\Packages. There is no entry added to Programs and Features for it when it gets installed during provisioning.

An installer package is planned that will allow you to install the agent on existing VMs, but that is not yet available.

Both the New-AzureVM and New-AzureQuickVM cmdlets by default will install the agent.

New-AzureQuickVM syntax:

New-AzureQuickVM -Windows -ServiceName <Service Name> -Name <VM Name> -ImageName <image name> -Password <password> -Location <location> -AdminUsername <admin name> -InstanceSize <instance size>

For example:

New-AzureQuickVM -Windows -ServiceName 'CLFeb19WS12R2A' -Name 'CLFeb19WS12R2A' -ImageName (Get-AzureVMImage | where ImageFamily -eq 'Windows Server 2012 R2 Datacenter' | select -last 1).ImageName -Password $password -Location 'West US' -AdminUsername 'Craig' -InstanceSize 'Small'

To enable the BGInfo extension:

Get-AzureVM -ServiceName <service name> -Name <VM name> | Set-AzureVMBGInfoExtension | Update-AzureVM

For example:

Get-AzureVM -ServiceName 'CLFeb19WS12R2A' -Name 'CLFeb19WS12R2A' | Set-AzureVMBGInfoExtension | Update-AzureVM

Use -Disable to disable the extension:

Get-AzureVM -ServiceName 'CLFeb19WS12R2A' -Name 'CLFeb19WS12R2A' | Set-AzureVMBGInfoExtension -Disable | Update-AzureVM

If you get error below, add -ReferenceName 'BGInfo' after the -Disable parameter.

Update-AzureVM : BadRequest: Invalid update to extension reference for role: <VM name> and reference: MyBGInfoExtension.

For example:

Get-AzureVM -ServiceName 'CLFeb19WS12R2A' -Name 'CLFeb19WS12R2A' | Set-AzureVMBGInfoExtension -Disable -ReferenceName 'BGInfo' | Update-AzureVM

When you enable it, the next time you login you will see the desktop wallpaper includes VM information. If you were already signed in, you would need to sign out and sign back in again to see it.

There are three services/processes relevant to the agent:

• RdAgent service (WaAppAgent.exe)
• WindowsAzureGuestAgent service (WindowsAzureGuestAgent.exe)
• WindowsAzureTelemetryService service (WindowsAzureTelemetryService.exe)

Running netstat -anob will show that WindowsAzureGuestAgent.exe and WaAppAgent.exe are listening on port 80:

 [WindowsAzureGuestAgent.exe]
  TCP    10.79.24.59:49169      10.79.24.70:80         ESTABLISHED     2300
 [WaAppAgent.exe]
  TCP    10.79.24.59:49174      204.79.197.200:80      ESTABLISHED     156

You can see if the agent was installed during provisioning and which extensions are available by expanding the VM property from Get-AzureVM and looking at the ProvisiongGuestAgent and ResourceExtensionReferences.

Get-AzureVM -ServiceName <service name> -Name <VM name> | select -expandproperty VM

For example:

Get-AzureVM -ServiceName 'CLFeb19WS12R2A' -Name 'CLFeb19WS12R2A' | select -expandproperty VM | Format-List ProvisionGuestAgent,ResourceExtensionReferences

ProvisionGuestAgent               : True
ResourceExtensionReferences       : {BGInfo}

Log files:

C:\WindowsAzure\Logs\WappAgent.log
C:\WindowsAzure\Logs\AppAgentRuntime.log
C:\WindowsAzure\Logs\TransparentInstaller.log
C:\WindowsAzure\Logs\Plugins\AggregateStatus.log
C:\WindowsAzure\Logs\Plugins\Microsoft.Compute.BGInfo\1.1\BGInfoLauncher.log
C:\WindowsAzure\Packages\Telemetry\WindowsAzureTelemetryService.InstallLog
C:\WindowsAzure\Packages\GuestAgent\WindowsAzureGuestAgent.InstallLog

C:\WindowsAzure\Logs\Plugins\Microsoft.Compute.BGInfo\1.1\BGInfoLauncher.log file will show the following when you enable the extension:

[00000001] [02/19/2014 21:40:52.12] [INFO]  Starting...
[00000001] [02/19/2014 21:40:52.17] [INFO]  Setting registry key Software\Microsoft\Windows Azure\BGInfo entry DeploymentId to 7d889482b1fa4bdea260427f2a7fa96a
[00000001] [02/19/2014 21:40:52.17] [INFO]  Setting registry key Software\Microsoft\Windows Azure\BGInfo entry PublicIp to 168.62.206.36
[00000001] [02/19/2014 21:40:52.17] [INFO]  Setting registry key Software\Microsoft\Windows Azure\BGInfo entry InternalIp to 10.79.24.59
[00000001] [02/19/2014 21:40:52.17] [INFO]  Setting registry key Software\Microsoft\Windows\CurrentVersion\Run entry BGInfo to "C:\Packages\Plugins\Microsoft.Compute.BGInfo\1.1\BGInfo.exe" "C:\Packages\Plugins\Microsoft.Compute.BGInfo\1.1\config.bgi" /NOLICPROMPT /timer:0 /log:C:\WindowsAzure\Logs\Plugins\Microsoft.Compute.BGInfo\1.1\BGInfo.log
[00000001] [02/19/2014 21:40:52.17] [INFO]  The BGInfo extension is set to be enabled on next login.

C:\WindowsAzure\Logs\WappAgent.log will show:

[00000004] [02/19/2014 21:40:51.20] [INFO]  Driving to new goal state (V:2012-11-30 I:2 M:(ES:Started) C:(ID:f212cae9-b13b-4ea8-8446-d5799bc11dde R:[(ID:7d889482b1fa4bdea260427f2a7fa96a.CLFeb19WS12R2A S:Started),]))
[00000004] [02/19/2014 21:40:51.25] [INFO]  Extension Plugins Found.
[00000004] [02/19/2014 21:40:51.33] [INFO]  C:\WindowsAzure\Config is already set up.
[00000004] [02/19/2014 21:40:51.33] [INFO]  Successfully retrieved transport certificate.
[00000004] [02/19/2014 21:40:51.43] [INFO]  Successfully imported cert Cert0My into the store My
[00000004] [02/19/2014 21:40:51.44] [INFO]  Starting installation of plugins. Incarnation: 2 Plugin size: 1
[00000004] [02/19/2014 21:40:51.46] [INFO]  Downloading version manifest for plugin Microsoft.Compute.BGInfo from http://rdfepirv2by1prdstr01.blob.core.windows.net/bfd5c281a7dc4e4b84381eb0b47e3aaf/Microsoft.Compute_BGInfo_uswest_manifest.xml.
[00000004] [02/19/2014 21:40:51.71] [INFO]  AutoUpgrade for plugin Microsoft.Compute.BGInfo is set to True.
[00000004] [02/19/2014 21:40:51.74] [INFO]  No plugin settings received.
[00000006] [02/19/2014 21:40:51.74] [INFO]  Launching plugin health monitor.
[00000006] [02/19/2014 21:40:51.76] [INFO]  Plugin health monitor: Waiting for the install script of the plugins to exit.
[00000004] [02/19/2014 21:40:51.82] [INFO]  Plugin Microsoft.Compute.BGInfo 1.1 not found in cache.
[00000004] [02/19/2014 21:40:51.84] [INFO]  Starting download of plugin Microsoft.Compute.BGInfo from location: http://rdfepirv2by1prdstr01.blob.core.windows.net/bfd5c281a7dc4e4b84381eb0b47e3aaf/Microsoft.Compute__BGInfo__1.1.
[00000004] [02/19/2014 21:40:51.88] [INFO]  Download finished for plugin Microsoft.Compute.BGInfo 1.1.
[00000004] [02/19/2014 21:40:51.88] [INFO]  Extracting plug-in zip file to folder. Zip file: C:\Packages\Plugins\Microsoft.Compute.BGInfo\1.1\Microsoft.Compute.BGInfo_1.1.zip
[00000004] [02/19/2014 21:40:51.96] [INFO]  Successfully created runtime settings folder C:\Packages\Plugins\Microsoft.Compute.BGInfo\1.1\RuntimeSettings for plugin Microsoft.Compute.BGInfo version 1.1.
[00000004] [02/19/2014 21:40:51.96] [INFO]  Successfully created Status folder C:\Packages\Plugins\Microsoft.Compute.BGInfo\1.1\Status for plugin Microsoft.Compute.BGInfo version 1.1.
[00000004] [02/19/2014 21:40:51.96] [INFO]  Successfully created Log folder C:\WindowsAzure\Logs\Plugins\Microsoft.Compute.BGInfo\1.1 for plugin Microsoft.Compute.BGInfo version 1.1.
[00000004] [02/19/2014 21:40:51.97] [INFO]  Running install command of Microsoft.Compute.BGInfo. command file: C:\Packages\Plugins\Microsoft.Compute.BGInfo\1.1\BGInfoLauncher.exe
[00000004] [02/19/2014 21:40:51.99] [INFO]  Beginning installation of plugin Microsoft.Compute.BGInfo 1.1.
[00000004] [02/19/2014 21:40:52.08] [INFO]  Waiting installer of Microsoft.Compute.BGInfo to finish...
[00000004] [02/19/2014 21:40:52.19] [INFO]  Successfully installed plugin Microsoft.Compute.BGInfo 1.1.
[00000004] [02/19/2014 21:40:52.20] [INFO]  No RuntimeSettings for plugin Microsoft.Compute.BGInfo version 1.1.
[00000006] [02/19/2014 21:40:52.33] [INFO]  Health file does not exist for plugin Microsoft.Compute.BGInfo. It will not be monitored.

When you disable the extension, BGInfoLauncher.log will show:

[00000001] [02/20/2014 16:43:09.73] [INFO]  Starting...
[00000001] [02/20/2014 16:43:09.74] [INFO]  Setting registry key Software\Microsoft\Windows\CurrentVersion\Run entry BGInfo to "C:\Packages\Plugins\Microsoft.Compute.BGInfo\1.1\BGInfo.exe" "C:\Packages\Plugins\Microsoft.Compute.BGInfo\1.1\emptyConfig.bgi" /NOLICPROMPT /timer:0 /log:C:\WindowsAzure\Logs\Plugins\Microsoft.Compute.BGInfo\1.1\BGInfo.log
[00000001] [02/20/2014 16:43:09.74] [INFO]  The BGInfo extension is set to be disabled on next login.

And WappAgent.log will show:

[00000004] [02/20/2014 16:43:09.36] [INFO]  Driving to new goal state (V:2012-11-30 I:3 M:(ES:Started) C:(ID:f212cae9-b13b-4ea8-8446-d5799bc11dde R:[(ID:7d889482b1fa4bdea260427f2a7fa96a.CLFeb19WS12R2A S:Started),]))
[00000004] [02/20/2014 16:43:09.36] [INFO]  Extension Plugins Found.
[00000004] [02/20/2014 16:43:09.36] [INFO]  C:\WindowsAzure\Config is already set up.
[00000004] [02/20/2014 16:43:09.37] [INFO]  Successfully retrieved transport certificate.
[00000004] [02/20/2014 16:43:09.45] [INFO]  Successfully imported cert Cert0My into the store My
[00000004] [02/20/2014 16:43:09.47] [INFO]  Starting installation of plugins. Incarnation: 3 Plugin size: 1
[00000004] [02/20/2014 16:43:09.47] [INFO]  Downloading version manifest for plugin Microsoft.Compute.BGInfo from http://rdfepirv2by1prdstr01.blob.core.windows.net/bfd5c281a7dc4e4b84381eb0b47e3aaf/Microsoft.Compute_BGInfo_uswest_manifest.xml.
[00000004] [02/20/2014 16:43:09.58] [INFO]  AutoUpgrade for plugin Microsoft.Compute.BGInfo is set to True.
[00000004] [02/20/2014 16:43:09.58] [INFO]  No plugin settings received.
[00000005] [02/20/2014 16:43:09.58] [INFO]  Launching plugin health monitor.
[00000005] [02/20/2014 16:43:09.58] [INFO]  Plugin health monitor: Waiting for the install script of the plugins to exit.
[00000004] [02/20/2014 16:43:09.58] [INFO]  Plug-in Microsoft.Compute.BGInfo 1.1 found in cache.
[00000004] [02/20/2014 16:43:09.58] [INFO]  Extracting plug-in zip file to folder. Zip file: C:\Packages\Plugins\Microsoft.Compute.BGInfo\1.1\Microsoft.Compute.BGInfo_1.1.zip
[00000004] [02/20/2014 16:43:09.64] [INFO]  Successfully created runtime settings folder C:\Packages\Plugins\Microsoft.Compute.BGInfo\1.1\RuntimeSettings for plugin Microsoft.Compute.BGInfo version 1.1.
[00000004] [02/20/2014 16:43:09.64] [INFO]  Successfully created Status folder C:\Packages\Plugins\Microsoft.Compute.BGInfo\1.1\Status for plugin Microsoft.Compute.BGInfo version 1.1.
[00000004] [02/20/2014 16:43:09.64] [INFO]  Successfully created Log folder C:\WindowsAzure\Logs\Plugins\Microsoft.Compute.BGInfo\1.1 for plugin Microsoft.Compute.BGInfo version 1.1.
[00000004] [02/20/2014 16:43:09.64] [INFO]  Running install command of Microsoft.Compute.BGInfo. command file: C:\Packages\Plugins\Microsoft.Compute.BGInfo\1.1\BGInfoLauncher.exe
[00000004] [02/20/2014 16:43:09.64] [INFO]  Beginning installation of plugin Microsoft.Compute.BGInfo 1.1.
[00000004] [02/20/2014 16:43:09.70] [INFO]  Waiting installer of Microsoft.Compute.BGInfo to finish...
[00000004] [02/20/2014 16:43:09.74] [INFO]  Successfully installed plugin Microsoft.Compute.BGInfo 1.1.
[00000004] [02/20/2014 16:43:09.74] [INFO]  No RuntimeSettings for plugin Microsoft.Compute.BGInfo version 1.1.
[00000005] [02/20/2014 16:43:09.76] [INFO]  Health file does not exist for plugin Microsoft.Compute.BGInfo. It will not be monitored.

Binaries and logs are located in C:\WindowsAzure and C:\Packages:

C:\WINDOWSAZURE
+---Config
|       7d889482b1fa4bdea260427f2a7fa96a.7d889482b1fa4bdea260427f2a7fa96a.CLFeb19WS12R2A.1.xml
|       7d889482b1fa4bdea260427f2a7fa96a.7d889482b1fa4bdea260427f2a7fa96a.CLFeb19WS12R2A.2.xml
|      
+---Dumps
|       WindowsAzureGuestAgent.exe.Full.dmp
|       WindowsAzureGuestAgent.exe.Normal.dmp
|      
+---Logs
|   |   AppAgentRuntime.log
|   |   MonitoringAgent.txt
|   |   RuntimeEvents_000001.etl
|   |   TransparentInstaller.log
|   |   WaAppAgent.log
|   |   WaAppAgent_000001.etl
|   |  
|   \---Plugins
|       |   AggregateStatus.log
|       |  
|       \---Microsoft.Compute.BGInfo
|           \---1.1
|                   BGInfoLauncher.log
|                  
\---Packages
    |   CommonAgentConfig.config
    |   dbghelp.dll
    |   Microsoft.WindowsAzure.GuestAgent.ContainerStateMachine.dll
    |   Microsoft.WindowsAzure.RoleContainer.dll
    |   Package.dll
    |   PackageInformation.txt
    |   TransparentInstaller.dll
    |   TransparentInstaller.dll.config
    |   TransparentInstallerWrapper.dll
    |   WaAppAgent.exe
    |   WaAppAgent.exe.config
    |   WindowsAzureEventSource.dll
    |   WindowsAzureTelemetryEvents.dll
    |  
    +---GuestAgent
    |   |   AppAgentRuntime.dll
    |   |   AppAgentRuntime.ini
    |   |   AppAgentRuntime.mcf
    |   |   AzureEvents.man
    |   |   IISConfigurator-Ipv4only.exe.config
    |   |   IISConfigurator-Ipv6andIpv4.exe.config
    |   |   IpAddressAssignment.exe
    |   |   IpAddressAssignment.exe.config
    |   |   Microsoft.WindowsAzure.GuestAgent.AppAgentRuntime.dll
    |   |   Microsoft.WindowsAzure.GuestAgent.ContainerStateMachine.dll
    |   |   Microsoft.WindowsAzure.GuestAgent.EmulatorRuntime.dll
    |   |   Microsoft.WindowsAzure.GuestAgent.IaaSAppAgentRuntimeInterop.dll
    |   |   Microsoft.WindowsAzure.RoleContainer.dll
    |   |   Microsoft.WindowsAzure.RuntimeInstaller.dll
    |   |   Package.dll
    |   |   PluginLauncher.exe
    |   |   PluginLauncher.exe.config
    |   |   ProviderGuids.txt
    |   |   RdCertificateFactory.dll
    |   |   RdCrypt.dll
    |   |   WindowsAzureEventSource.dll
    |   |   WindowsAzureGuestAgent.exe
    |   |   WindowsAzureGuestAgent.exe.config
    |   |   WindowsAzureGuestAgent.InstallLog
    |   |   WindowsAzureGuestAgent.InstallState
    |   |   WindowsAzureTelemetryEvents.dll
    |   |  
    |   \---LegacyRuntime
    |       +---x64
    |       |       rdrtl.dll
    |       |      
    |       \---x86
    |               rdrtl.dll
    |              
    +---Runtime
    |   +---1.8
    |   |   \---base
    |   |       +---x64
    |   |       |       WaHostBootstrapper.exe
    |   |       |      
    |   |       \---x86
    |   |               WaHostBootstrapper.exe
    |   |              
    |   \---2.0
    |       \---base
    |           +---x64
    |           |       WaHostBootstrapper.exe
    |           |      
    |           \---x86
    |                   WaHostBootstrapper.exe
    |                  
    \---Telemetry
            Microsoft.WindowsAzure.GuestAgent.ContainerStateMachine.dll
            Microsoft.WindowsAzure.RoleContainer.dll
            TraceEvent.dll
            WindowsAzureEventSource.dll
            WindowsAzureTelemetryEvents.dll
            WindowsAzureTelemetryService.exe
            WindowsAzureTelemetryService.exe.config
            WindowsAzureTelemetryService.InstallLog
            WindowsAzureTelemetryService.InstallState

C:\PACKAGES
\---Plugins
    \---Microsoft.Compute.BGInfo
        \---1.1
            |   BGInfo.def.xml
            |   Bginfo.exe
            |   BGInfoLauncher.exe
            |   BGInfoLauncher.pdb
            |   config.bgi
            |   config.txt
            |   emptyConfig.bgi
            |   Microsoft.Compute.BGInfo_1.1.zip
            |   PackageInformation.txt
            |   PluginManifest.xml
            |  
            +---RuntimeSettings
            \---Status

[UPDATE 07/17/2014] Make sure you are using version 0.8.5 or later of Azure PowerShell as there was an issue with earlier versions where you could not interact with the extensions when the VM was in an availability set. For more information, see Unable to add VM agent extension to VM.

The Set-AzureVMAccessExtension cmdlet allows you to reset the built-in administrator password of your Azure VM, as well as enable RDP if it was inadvertently disabled. This functionality was first made available in March 2014 in the 0.7.4 release of Azure PowerShell.

The password reset works on domain controllers, member servers, as well as standalone workgroup VMs.

This functionality relies on the VM agent already being installed in the VM. All VMs created from an image (either gallery or custom) after the beginning of March 2014 would have the VM agent installed by default. You can manually install the agent using the available Windows Installer MSI package: 

http://go.microsoft.com/fwlink/?LinkID=394789&clcid=0x409

Currently the portal only exposes the option to not have the VM agent installed (by unchecking Install VM Agent when creating the VM). To use specific VM agent extensions you need to use Azure PowerShell or the REST APIs.

1. First install Azure PowerShell - How to install and configure Windows Azure PowerShell
   
   If you already had it installed, make sure you are on 0.8.5 or later by looking at the Version from the Get-Module azure command or look for Windows Azure PowerShell - July 2014 or later in the Programs and Features control panel.
    
2. Check if the agent is installed on the VM. This command will return True if the agent is installed:
   
   (Get-AzureVM -ServiceName clmar4ws12r2b -Name clmar4ws12r2b).VM.ProvisionGuestAgent
   
   True
     
3. To enable RDP and the necessary Windows firewall rule:
   
   Get-AzureVM -ServiceName clmar4ws12r2b -Name clmar4ws12r2b | Set-AzureVMAccessExtension | Update-AzureVM
   
   OperationDescription                                     OperationId                                              OperationStatus
   --------------------                                     -----------                                              ---------------
   Update-AzureVM                                           3918b55c-da4b-76ee-b9b1-8b0c249f0fee                     Succeeded
    
4. To instead do a password reset of the built-in administrator account:
   
   Get-AzureVM -ServiceName clmar4ws12r2b -Name clmar4ws12r2b | Set-AzureVMAccessExtension -UserName craig -Password $password | Update-AzureVM
   
   You may need to restart the VM for the change to take effect.
   
   Note that you will see Succeeded even if the password reset fails because the password did not meet the password complexity requirements configured within the VM. So if you reset the password, restart the VM, but are not able to logon with the new password, make sure you specify a password that meets the complexity requirements of the VM.

The extension runs VMAccessAgent.ps1 from C:\Packages\Plugins\Microsoft.Compute.VMAccessAgent\<version>\ folder on the VM to enable RDP and set the firewall rule, and also to reset the admin password if you specify a username and password.

It will always enable RDP and enable the firewall rule, both when running Set-AzureVMAccessExtension with no parameters, but also when specifying a username and password.

To enable the firewall rule it runs:

netsh advfirewall firewall set rule group="remote desktop" new enable=Yes

To enable RDP it runs:

set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -Value 0

If you do specify a username and password, it still enables RDP and the firewall rule, but additionally sets the built-in admin account to that new password (if the username matches the current built-in admin account name) or renames the built-in admin account to the specified username is different that the current built-in admin account name.

If the built-in admin account is disabled, it enables it.

If the built-in admin account gets renamed because you specified a different username, it issues a log off.

The operations are logged to C:\windowsazure\logs\Plugins\Microsoft.Compute.VMAccessAgent\<version>\VMAccessAgent.log.

When enabling RDP, the VMAccessAgent.log will show:

2014-03-06 04:52:23 [INFO]: Username/Password not provided. Will only fix the remote desktop connection.
2014-03-06 04:52:23 [INFO]: Enabling the remote desktop firewall rules. Output from netsh command:

Updated 3 rule(s).
Ok.

2014-03-06 04:52:24 [INFO]: Setting registry key to allow remote desktop connections to this machine.

When you reset the password, it will show:

2014-03-06 12:51:04 [INFO]: Reading the credentials.
2014-03-06 12:51:04 [INFO]: Older config does not exist.
2014-03-06 12:51:05 [INFO]: Name of builtin admin is 'craig'. Only changing the password.

If the password reset failed due to password complexity requirements, you'll see:

2014-03-06 12:17:54 [ERROR]: Resetting the password failed with error: {0} Exception calling "Invoke" with "2" argument(s): "The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements.

The MSI package to install the VM Agent on an existing Azure VM is now available for download:

http://go.microsoft.com/fwlink/?LinkID=394789&clcid=0x409

Note that currently we recommend running the MSI from an elevated command prompt due to an issue where it may not prompt automatically for elevation. If you run it without elevating, it may hang during installation, in which case use Task Manager to end task on msiexec.exe, then run it again from an elevated command prompt.

Also, if the agent installs successfully but you are unable to get any agent extensions to install, make sure the VM has working internet name resolution. See "Installing extensions on virtual machine..." does not complete on Azure VM for more information on that issue.

After you RDP to the VM and install the MSI (same as you would any other MSI package), use the April 2014 v0.8.0 or later Azure PowerShell release to update the VM property to indicate the agent is installed.

$vm = Get-AzureVM –ServiceName <cloud service name> –Name <VM name>
$vm.VM.ProvisionGuestAgent = $true
Update-AzureVM –Name <VM name> –VM $vm.VM –ServiceName <cloud service name>

Now if you run Get-AzureVM again, the GuestAgentStatus property should be populated instead of blank:

Get-AzureVM –ServiceName <cloud service name> –Name <VM name>

GuestAgentStatus:Microsoft.WindowsAzure.Commands.ServiceManagement.Model.PersistentVMModel.GuestAgentStatus

Note the steps to update the VM property are also on the Manage Extensions MSDN page.

If you have looked up the IP that is assigned to your Microsoft Azure deployments using any of the IP geolocation services then you must have noticed that the IP location and deployment location are shown differently. For example if you have a deployment that is hosted in East US datacenter and when you geo lookup the IP address of this deployment, it might show that the VM is located in Brazil. This is not actually accurate.

Microsoft has quite a lot of IP address space, and it is assigned to new clusters as they come online. It can also be re-used later if we decommission services that used a specific block of IP space and want to reuse that IP space somewhere else later.

The IP address range that you can download from MSDN is the ultimate authority for where the deployment is located.  If you are using one of the several IP geolocation services, be aware that they are not 100% accurate. These services base their information on where the IP address range is registered from. Registration location does not have much to do with where the IP address is being served from.

For instance, there is a range of IP address showing as originating from Brazil using the Geolocation services, however per the downloaded document, this is being served from East US. There are also ranges registered in Redmond that are being served out of the EU. 

We have already updated many major geo-location databases to ensure customers do not experience any confusion in the future. We apologize for any inconvenience this has caused.

Thanks for your patience and understanding.

Related Azure Blog: http://azure.microsoft.com/blog/2014/06/11/windows-azures-use-of-non-us-ipv4-address-space-in-us-regions/

Note: This blog post comes from Manoj Sehgal, Sr. Support Escalation Engineer from Microsoft Azure team.

The following blog post will guide you through the procedure to move your on premises Windows server VM which is running in Hyper-V or VMWare environment to Microsoft Azure, by uploading its VHD.

Steps:

1.      1. Before you upload a VM's VHD to Microsoft Azure, make sure you have the RDP enabled inside the VM.

2.      2. Login to Windows server VM and then enable Remote Desktop Feature.

3.     3. Verify the Remote Desktop feature is enabled in Windows Firewall for both Private and Public Profile.

Note - If machine is part of domain, then make sure RDP is enabled for Domain Profile.

1.      4. Copy the VHD to Microsoft Azure using the below Azure PowerShell command.

$sourceVHD = “d:\source\osdisk.vhd”

$destinationVHD = https://test.blob.core.windows.net/vhds/baseosdisk.vhd

    Add-AzureVhd-LocalFilePath$sourceVHD-Destination$destinationVHD-NumberOfUploaderThreads5

 5.Once the VHD is copied to Azure Storage, create a new disk by clicking on Virtual Machine>Disks>Create

1.      6. Once the disk is created, you can now create a new VM using this disk.

2.      7. Click on New>Compute >Virtual Machine> From Gallery select My Disks and you should see the disk named “TestVHD” (which we uploaded in the previous step), continue to create a VM using this disk.

8. Once the VM is provisioned you will be able to manage this VM through RDP.

Related Article:

This article covers how to create and upload a VHD that contains the Windows Server OS Image.

1. Set Up Windows Azure Powershell .  http://blogs.msdn.com/b/wats/archive/2013/02/18/windows-azure-powershell-getting-started.aspx .

We receive a lot of cases where the customer wants to know why their VM running in Azure was restarted and why they were not pre-notified about the same and in the future can we pre-notify them when there is any maintenance performed.

This blog post is an attempt to answer these questions and shed more light on Microsoft Azure maintenance.

Firstly let’s understand the differences between planned and unplanned maintenance:

Planned maintenance events are periodic updates made by Microsoft to the underlying Azure platform to improve overall reliability, performance, and security of the platform infrastructure that your virtual machines run on. The majority of these updates are performed without any impact to your virtual machines or cloud services. However, there are instances where these updates require a reboot to your virtual machine to apply the required updates to the platform infrastructure.

Unplanned maintenance events occur when the hardware or physical infrastructure underlying your virtual machine has faulted in some way. This may include local network failures, local disk failures, or other rack level failures. When such a failure is detected, the Azure platform will automatically migrate your virtual machine from the unhealthy physical machine hosting your virtual machine to a healthy physical machine. Such events are rare, but may also cause your virtual machine to reboot.

Now that we understand the difference between the both let go about addressing the below questions.

Why did my VM running in Microsoft Azure reboot?

Your VM could have rebooted because of planned or unplanned maintenance events.

Why didn’t we receive any notification for this maintenance?

We may provide pre-maintenance notification to users/customers who have VM’s not running in an availability set. It is expected users/customers who have their virtual machines in an availability set have designed the system to absorb the workload when maintenance is performed.  We do not guarantee all maintenance will be announced this way as there may be emergency system maintenance necessary. These notifications will also not be provided in cases of service healing, movement from bad hardware or movement for load balancing. There is a product plan (wherever possible) to provide this type of information directly to the customer(S). However, this is a future feature

What is this availability set and how does it prevent downtime?

Recommended way to prevent downtime in these unexpected occasions is by using the functionality of availability set. You should use a combination of availability set and load-balancing endpoints to help ensure that your application is always available and running efficiently. The below links has more information on the same.

• ·         http://azure.microsoft.com/en-us/documentation/articles/virtual-machines-manage-availability/
• ·         http://michaelwasham.com/2013/08/13/creating-a-highly-available-workloads-with-windows-azure/ 

IaaS Virtual Machines, are essentially single-instance roles that have no scale-out capability. An important goal of the IaaS feature release was to enable Virtual Machines to be able to also achieve high availability in the face of host updates and hardware failures and the Availability Sets feature does just that. 

Availability Sets have five Update Domains (UDs) by default and support up to twenty. The Fabric Controller (Microsoft Azure Kernel) spreads instances assigned to an Availability Set across UDs. 

This allows customers to deploy Virtual Machines designed for high availability, for example two Virtual Machines configured for SQL Server mirroring, to an Availability Set, which ensures that a host update will cause a reboot of only one half of the mirror at a time as described here - http://blogs.technet.com/b/markrussinovich/archive/2012/08/22/3515679.aspx

Also note that just having a single instance of VM does not qualify for our Service Level Agreement, which requires two or more virtual machines running in the same Availability Set.

Will I receive per-notifications for a single instance VM deployed into an availability set?

We may provide pre-maintenance notification to users/customers who have VM’s not running in an availability set because your virtual machine is running in an Availability Set, you will not be notified via email of upcoming planned maintenance events to help you reduce the impact to your service. We send notification of planned maintenance only for virtual machines that are not inside an Availability Set.  

If you require this virtual machine to run as a single instance, we recommend you remove the virtual machine from the Availability Set so that you can receive notification of planned maintenance. Note that moving a virtual machine in or out of an Availability Set will result in the machine rebooting as we migrate it to a new physical machine.  

Will I receive per-notifications for VMs deployed into an availability set?

We send notification of planned maintenance only for virtual machines that are not inside an Availability Set. 

Hope this information will help you avoid downtime during Microsoft Azure maintenance.