Microsoft is continuously improving and fixing issues on the Azure Connected Machine agent for Azure Arc Enabled Servers.
Before you make your Servers in your datacenter Hybrid with Azure Arc Connected Machine Agent, you can have a look at Security first when you want to be in Controle of the Azure Arc extensions. For example, who can install Azure Arc Extensions? and which Extensions should be installed and which not. Or in the latest Azure Connected Machine Agent Version 1.35 of October 2023 No Extensions allowed to install on this Server.
With Azure Arc Connected Machine Agent version 1.35 you can configure the extension manager to run, without allowing any extensions to be installed, by configuring the allowlist to “Allow/None”.Ā This supports Windows Server 2012 ESU scenarios where the extension manager is required for billing purposes but doesn’t need to allow any extensions to be installed.
Users and applications grantedĀ contributorĀ or administrator role access to the resource can make changes to the resource, including deploying or deletingĀ extensionsĀ on the machine. Extensions can include arbitrary scripts that run in a privileged context, so consider any contributor on the Azure resource to be an indirect administrator of the server.
TheĀ Azure Connected Machine Onboarding role is available for at-scale onboarding and is only able to read or create new Azure Arc-enabled servers in Azure. It cannot be used to delete servers already registered or manage extensions. As a best practice, we recommend only assigning this role to the Microsoft Entra service principal used to onboard machines at scale.
Users as a member of theĀ Azure Connected Machine Resource Administrator role can read, modify, re-onboard, and delete a machine. This role is designed to support management of Azure Arc-enabled servers, but not other resources in the resource group or subscription.
Identity and Access Management (IAM) in Azure to Configure Roles.
Azure Arc Portal Agent version.
With AZCMAGENT CLIĀ command, you can see more information from the Arc enabled Server and is handy for
the Administrator to know:
azcmagent check
azcmagentĀ Config get config.mode
azcmagentĀ show
azcmagentĀ logs
in ProgramData you will find the Azure Arc Connected Machine Agent Logs
Guest config logs of Azure Arc extensions
The Azure Connected Machine agent command line tool, azcmagent, helps you configure, manage, and troubleshoot a server’s connection with Azure Arc. I just showed you some azcmagent commands I use for troubleshooting or to just get the right information.
Here you find the complete Azure Connected Machine Agent Command line reference
Hope this information is useful for you and keep your azcmagent up-to-date for fixes and new innovated features!
GitHub has become the central location for open-source projects, samples, and even content ā but primarily focused on developers. This new repository will focus on you: The ITPro/Ops person managing the environment in your company, keeping the lights on, supporting end-users or other IT teams.
The Microsoft Modern Infrastructure Cloud Advocates are responsible for the content on this repo, but sharing your handy script samples on this repo would be Awesome to manage Modern Azure Infrastructure, Azure Stack HCI, Windows Servers, Hyper-V, Containers and more. Have a look at the announcement on Microsoft tech community, Sharing together to make IT Better š
I like to thank you Community for Supporting, Sharing and Reading New Microsoft technologies on my Blog, Twitter, Facebook and
LinkedIn Community Groups š I wish you all happy Holidays, Merry Christmas and a Healthy New Year 2023 may the Best Wishes comes true ! šš„
I’m very proud and HonoredĀ on the Microsoft Global MVP Awards 2022-2023 !
MVP Award for Cloud and Datacenter Management
MVP Award for Windows Insiders
MVP Award for Azure Hybrid
Thank you MicrosoftĀ Product Groups, MVP Award Program, Windows Insider Team, Azure Hybrid Team, Windows Server and Azure Stack HCI Team for all your support, NDA PGI sessions, and for the Awesome software, Features, solutions you are building š
Wish you all Happy Holidays, Merry Christmas and a Healthy New Year 2023 may the Best Wishes comes true ! šš„
Here are some Great links for Reading and Sharing :
JOIN these LinkedIn Community Groups for free and Share New Microsoft Technologies Together:
I have made a new MVPLAB with Microsoft Windows Server Insider Preview Build 25158 to install Services and Features for learning but also to give Microsoft feedback about the products. When the MVPLAB domain and Clusters are ready in basic then I can use new Microsoft Azure Hybrid solutions as well, like Azure Arc Kubernetes services and Azure Cloud Defender for Servers and SQL.
Before we start, you need to become a Windows Server Insider so that you can download the newest Windows Server Insider Builds ISO.
Here you get more information for the Windows Server Insider Program registrationĀ
After the free registration you can download the new Microsoft Windows Server Insider Builds here :
To Build your Test and innovation LAB with the newest Microsoft technologies, you need a platform to Build on. Of course Microsoft Azure Cloud Services is Awesome to work with and Great to make test environments but I like to make a Azure Hybrid scenario with Azure Cloud and On-premises datacenter services like for example a Microsoft SQL Cluster with Cluster resources / Instances.
So my MVPLAB will be Azure Hybrid and for On-premises I use Windows Server Hyper-V to make virtual servers.
It’s Great when your hardware provider like Dell is Microsoft Azure Stack HCIcompliant to build your Hyper Converged Infrastructure in your on-premises datacenter.
Microsoft Azure Stack HCI Solution
When you work with Microsoft Azure and Azure Stack HCI, you really need Windows Admin Center for Hybrid IT Management.
This is a Great Administrator tool for managing your Windows Servers, Clusters, Azure Stack HCI, and Azure VM’s in a Hybrid environment.
Windows Admin Center Cluster Overview
Now that we have everything and Hyper-V is running, we will build the Following Windows Servers with the Insider Preview Build:
MVPDC01 ( the first domain controller for mvplab.local domain )
MVPStore01 ( ISCSI Target Host for deploying ISCSI Virtual Disks to my Cluster)
MVPFS01 ( Cluster Node 01 of Cluster MVPCL01 )
MVPFS02 ( Cluster Node 02 of Cluster MVPCL01 )
I install all the virtual servers with 50GB local harddisk for OS and start with 4GB of Dynamic Memory and a Nic.
Only the Cluster nodes get two Nics (One for Heartbeat of the Cluster)
This is for my MVPLAB, but for Production environments I always start with 3 Nics ( 1 = Production 2 = Heartbeat 3 = Storage )
In Hyper-V we make a New Virtual Machine with these specifications and we attach the Windows Server Insider Preview Build ISO.
We install Windows Server Insider Preview Build default and after the installation we set the NIC IP-Address on static and gave the Server the name MVPDC01. Then I installed all the Windows Updates, and after that I started Server Manager to install the Active Directory Feature :
Active Directory just follow the wizard and don’t forget to run DCPromo to
build your domain.
Active Directory and DNS is running locally like
mvplab.local
So now is my domain and DNS running in my MVPLAB, but what do I need more first to build a Windows Server Insider Cluster?
We need Shared storage, so we build a Windows Server Insider ISCSI Target Host to provision Shared VHD’s via ISCSI Initiator to the Cluster Nodes.
The Next member Windows Server Insider is MVPStore01.mvplab.local joined in our new domain. Here I installed the iSCSI Host features:
Start Server Manager and the Add Server role : – iSCSI Target Server – iSCSI Target Storage Provider
Click on Install
In Hyper-V Settings of the Virtual Machine MVPStore01, I have installed a extra disk of 25GB so that we can use that for iSCSI Target Host which is now running on this Server. Now we can provision storage when the new Windows Server Insider Cluster MVPCL01.mvplab.local is installed with the iSCSI Initiator to get Cluster storage. So now we are first going to build a Windows Server Insider Cluster and after that we will provision the Cluster Storage.
Installing a Windows Server Cluster with Insider preview Build 25158.
I deployed two member servers MVPFS01.mvplab.local and MVPFS02.mvplab.localĀ into the new domain. they have static IP-Address and are working fine with DNS resolving. On both Servers I installed the Feature Failover Clustering
Failover Clustering Installed.
from here we are going to install the new Windows Server Insider Cluster MVPCL01.mvplab.local
Start Failover Cluster Manager.
Create Cluster.
Click on Next
select the two new Cluster Nodes
Click on Next
Select Yes, run configuration validation tests
Click on Next
Click on Next
Run all tests
Click Next
Confirmation
Click Next
Type in the new Cluster name => mvpcl01
IP-Address => 192.168.2.43
Click Next
Confirmation
Click on Next
Creating Cluster….
We now have a Cluster mvpcl01.mvplab.local running, but without storage and without the witness disk. the iSCSI initiator is running on both Cluster nodes, so now we have to provision storage to the Cluster via the iSCSI Target Host MVPStore01.mvplab.local.
iSCSI Storage provisioning to Windows Server Insider Cluster
via the Server Manager of the iSCSI Target host, we are going to create a new iSCSI Virtual Disk for both Cluster Nodes :
Click on New iSCSI Virtual Disk
iSCSI Virtual Disk Name
Click on Next
Type in the Size I’m using 20GB of 24,9 because I need also a Quorum disk for the Cluster.
Select Fixed Size.
Click on Next.
New iSCSI Target
Click on Next
Give the iSCSI Target a Name
Click on Next
Add the Access Servers via iSCSI Initiator
Click on Next
Here you can set Authentication if you want.
Click on Next
Confirmation
Click on Create
the iSCSI Virtual Disk is successfully created.
the iSCSI Target VHD is not connected yet.
Now we connect with iSCSI Initiator from the Cluster Nodes.
The work on iSCSI Taget Host MVPStore01.mvplab.local is Done.
When you start the iSCSI Initiator it will set the services and the firewall settings on the Server.
You have to do this on both Cluster nodes.
First we add the Target portal and that is our iSCSI Taget Host MVPStore01.mvplab.local with
IP-Address 192.168.2.46 with port 3260.
This is under the discovery tab.
Select Targets tab
you see the Target mvpstore01 Inactive.
Select and click on Connect.
If you had Multi-path IO running, you could enable Multipath too.
Click on Ok
The iSCSI Taget Virtual Disk is connected.
On the iSCSI Target Host MVPStore01.mvplab.local is the target now also in Connected status.
You now can now bring the 20GB disk Online via Disk Management and give it a drive letter
for the Cluster.
Then you can add the 20GB disk via Storage of Cluster Manager tool.
You can make Cluster Shared Volume.
I made a Cluster for a SQL Instance and I made
a 2GB iSCSI Taget VHD for the Witness Disk.
So Now we have Cluster storage running and failovers are working, now we need to configure Quorum witness disk via
Failover Cluster Manager.
Go to more actions on the Cluster.
Configure Cluster Quorum
Click on Next
Select the quorum witness
Click on Next
You can configure your witness on different locations.
I will select our 2GB witness disk on our Cluster
Select the Quorum disk
Click on Next
Confirmation
Click on Next
You have successfully configured the quorum settings for the Cluster
Click on Finish
Witness disk is running.
So my Microsoft Windows Server Insider Cluster is ready for workloads, if you want to you can run a Cluster validation to see
if everything is okay. Now my MVPLAB is ready for the next installation on my Cluster and that is :
Installing the Newest SQL Server 2022 CTP2.1 on my Windows Server Insider Cluster.
But that will be a next Blogpost : Installing SQL Server 2022 CTP2.1 on a Windows Server Cluster š
Follow me on Twitter : @Jamesvandenberg
System Center Operations Manager: Monitor health, capacity, and usage across applications, workloads, and infrastructure.
System Center Orchestrator: Automate your datacenter tasks; efficiently create and execute runbooks using native PowerShell scripts.
System Center Virtual Machine Manager: Deploy and manage your virtualized, software-defined datacenter with a comprehensive solution for networking, storage, compute, and security.
System Center Service Manager: Automated service delivery tool for incident resolution, change control, and asset lifecycle management.
System Center Data Protection Manager*: Protect your data with backup, storage, and recovery for private cloud deployments, physical machines, clients, and server applications.
*System Center Data Protection Manager will be available on a later date on May 1st, 2022.
Packet monitoring allows you to diagnose your server by capturing and displaying network traffic through the networking stack in a log that is filtered, organized, and easy to follow and manipulate.ā
Join Microsoft and the Community November 2ā4, 2021 to explore the latest tools, training sessions, technical expertise, networking opportunities, and more. You can register here
Here you find some great MSIgnite guidance on Microsoft Tech Community :
With Windows Admin Center you can remotely manage Windows Server running anywhereāphysical, virtual, on-premises, in Azure, or in a hosted environment.
The tool, available with your Windows Server license at no additional charge, consolidates and reimagines Windows OS tools in a single, browser-based, graphical user interface.
At Microsoft Ignite 2021 Global Virtual Event they launched Windows Admin Center version 2103. Here you find the download.
Set Proxy Server in Windows Admin Center Settings.
Open in a Separate Window
This is a Separate Window on my Second Screen, this works Awesome!
Windows Admin Center Virtual Tool improvements š
Conclusion
Microsoft is working hard to make Hybrid IT Management better for Administrators to manage Hybrid Cloud datacenters. Windows Admin Center is a must have for managing
Windows Server Core, AzureStack HCI, and Cluster Services. I can say: I love to work with Windows Admin Center š