Windows Azure Pack: Customize the URLs

April 7, 2014 at 10:17 pm in Uncategorized by Christopher Keyaert

Now that you are familiar with Windows Azure Pack, it’s time to change the default URLs and Ports of the different WAP Sites to use your own settings. In the following post, I will share my experience with you, but before starting, I recommend you to check the followings three posts about the same topic:

Flemming Riis: http://flemmingriis.com/windows-azure-pack-publishing-using-sni/
Marc Van Eijk: http://www.hyper-v.nu/archives/mvaneijk/2013/10/windows-azure-pack-changing-the-default-urls/
Anders Ravnholt: http://blogs.technet.com/b/privatecloud/archive/2013/12/10/windows-azure-pack-reconfigure-portal-names-ports-and-use-trusted-certificates.aspx

Ideally, you should use an official SSL certificate and running the sites on port 443. The company Gandi is selling Wildcard SSL Certificate for about 120€/year (https://www.gandi.net/ssl/standard#wildcard), which is really not expensive from what I could see. In my lab (which is running in a hoster datacenter), I’m already using the port 443 for the Remote Desktop Gateway, so I have no other choice that using another port. As this is a lab environment, it’s not really a big deal to not use the 443, so I decided to use the port 444.

Below a summary table of the current and future setup:

When you defined the new URLs, the first step is to create these records to your local and public DNS servers. In my Active Directory domain, I added the following 4 records pointing to my WAP server.

New Tenant Site record:

New AuthSite record:

New AdminSite record:

New WindowsAuthSite record:

When you did it locally, you have to update your DNS at your registrar. Below my Public DNS configuration:

I bought an Wildcard certificate named *.vnextlab.be that I will use for the different WAP Sites.

To import your certificate SSL to your IIS Server, you could follow this guide.
http://www.digicert.com/ssl-certificate-installation-microsoft-iis-7.htm

When imported, your IIS certificate store should looks like below:

Tenant Portal

It’s time to update the Tenant Sites with the new URLs.
In the IIS manager, select the MgmtSvc-TenantSite, do a right click and select Edit Bindings…


Click on Edit:

Follow the steps below:

  1. Change the port.
  2. Specify the site url you defined earlier.
  3. Check the box Require Server Name Indication.
  4. Select your SSL Certificate.


Do the same steps for the MgmtSvc-AuthSite, below my configuration:

Now that IIS has been configured, we need to configure Windows Azure Pack Tenant portals with the new URLs. Start the Windows Azure Pack Administration PowerShell prompt.


Adapt and execute the following commands:

Set-MgmtSvcFqdn -Namespace “TenantSite” -FullyQualifiedDomainName “portal.vnextlab.be” -Port 444 -Server sql001

Set-MgmtSvcFqdn -Namespace “AuthSite” -FullyQualifiedDomainName “portalauth.vnextlab.be” -Port 444 -Server sql001

Set-MgmtSvcRelyingPartySettings –Target Tenant –MetadataEndpoint ‘https://portalauth.vnextlab.be:444/FederationMetadata/2007-06/FederationMetadata.xml‘ -ConnectionString “Data Source=sql001.vnextlab.be;User ID=sa;Password=*****”

Set-MgmtSvcIdentityProviderSettings –Target Membership –MetadataEndpoint ‘https://portal.vnextlab.be:444/FederationMetadata/2007-06/FederationMetadata.xml‘ -ConnectionString “Data Source=sql001.vnextlab.be;User ID=sa;Password=*****”


We will now test the tenant portal with the new URL, just start IE and type the URL.

You will be redirected to the Tenant Authentication Portal.

When the authentication occurred, you are redirected to the tenant portal.

Admin portal

Now that the Tenant portals (Tenant and Tenant Authentication) have been configured and tested, we will update the Admin Portals with the new URLs.

In the IIS manager, select the MgmtSvc-WindowsAuthSite, do a right click and select Edit Bindings.

Follow the steps below:

  1. Change the port.
  2. Specify the site url you defined earlier.
  3. Check the box Require Server Name Indication.
  4. Select your SSL Certificate.


Do the same for the MgmtSvc-AdminSite, below my configuration:

When done, we need to update the WAP configuration with the new URLs that we just configured in IIS.

Adapt and execute the following command:

Set-MgmtSvcFqdn -Namespace “AdminSite” -FullyQualifiedDomainName “manage.vnextlab.be” -Port 444 -Server “SQL001″

Set-MgmtSvcFqdn -Namespace “WindowsAuthSite” -FullyQualifiedDomainName “manageauth.vnextlab.be” -Port 444 -Server “SQL001″

$ConnectionString = ‘Data Source=SQL001;Initial Catalog=Microsoft.MgmtSvc.Config;User ID=sa;Password=XXXX’

Set-MgmtSvcRelyingPartySettings -Target Admin -MetadataEndpoint ‘https://manageauth.vnextlab.be:444/FederationMetadata/2007-06/FederationMetadata.xml‘ -ConnectionString $ConnectionString

Set-MgmtSvcIdentityProviderSettings -Target Windows -MetadataEndpoint ‘https://manage.vnextlab.be:444/FederationMetadata/2007-06/FederationMetadata.xml‘ -ConnectionString $ConnectionString


Configuration done, it’s time to test the connection to the Admin portal.
Just go to your Admin Portal, you will be prompted for your Domain Credentials. You notice that the authentication is requested by the Authentication Site.

Authentication in progress.

Authentication done and redirection for the Admin Site.

Everything is now working as expected and your portals are using your new URLs.

I hope this help, ping me if you have any question.

Christopher