[WAP] Azure Pack Connector installation and configuration

April 18, 2016 at 6:00 am in Microsoft, WAP, Windows Azure Pack by Florent

7217.Windows-Azure-logo-v_6556EF52

Microsoft has releasd in February the first version of the Azure Pack Connector. This plugin will give you the possibility to deploy and manage VMs in Azure, direclty from the Windows Azure Pack interface. On 5th of April, Microsoft has released the version 1.1 of the plugin. It’s with this version that I will show you how to deploy this plugin.

Before starting, be sure to have a valid Azure subscription and an Azure Active Directory. After, download the Azure Pack Connector: https://github.com/Microsoft/Phoenix/releases/tag/v1.1

Copy sources on servers that will host the following 3 components:

  • CMP Server
  • WAP Tenant Extension
  • WAP Admin Extension

Connect on a server that has IIS Manager and generate a Self-Signed certificate or a enterprise certificate, via a PKI. Export this certificate through IIS and import it on each server that will host the 3 previous roles. Import it on the Current User and on the Local Machine, by including all properties and by choosing automatically the right store. After that, open the MMV and add the Certificates snapin on Local Computer. Open the private key of the certificate and add the Everyone group:

SNAGHTML960daa7

image

This certificate will be used for the encryption.

You must download and install features pack of SQL Server 2014, on each server where the plugin will be installed:

  • Shared Management Objects (SMO)
  • Transact-SQL ScriptDom (SQLDOM)
  • System CLR Types (SQLSysClrTypes)

Restart all servers. We can now start the installation of the plugin. Unzip the archive that you downloaded where the admin extension will be installed and execute the software SetupCMP.exe:

image

Choose to add new features:

image

Here, I will select the 2 following features:

  • CMP Server
  • WAP Admin Extension

image

Accept the license:

image

Choose where you want to install the software:

image

Give the name of the SQL Server that will store the database, with the instance name, for the CMP service:

image

Do the same for the WAP part:

image

I will use a service account to execute the CMP service. This account must be local administrator of the server. Choose the certificate that you generate at the beginning:

image

Here you have a resume of your installation:

image

The installation is done:

image

In IIS Manager:

image

In the WAP Admin Portal:

image

Go now on the server where the Tenant site is hosted and execute the file SetupCMP.exe. The installation is the same, except that you will choose the WAP Tenant Extension:

image

Choose the existing databasee:

image

image

And choose the certificate that you imported:

image

Install the last feature:

image

image

Now go on you SQL instance that hosts the Microsoft.MgmtSvc.Store database (WAP DB) and execute the following request to create a new user and to associate it with the database. You can change the username/password:

USE [master]
GO
CREATE LOGIN [MgmtSvc-CmpWapExtension] WITH PASSWORD=N’pass@word1′, DEFAULT_DATABASE=[master], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
GO
USE [Microsoft.MgmtSvc.Store]
GO
CREATE USER [MgmtSvc-CmpWapExtension] FOR LOGIN [MgmtSvc-CmpWapExtension]
ALTER USER [MgmtSvc-CmpWapExtension] WITH DEFAULT_SCHEMA=[dbo]
ALTER ROLE [db_owner] ADD MEMBER [MgmtSvc-CmpWapExtension]
GO

image

Now, we need to update the connection string of the plugin with the good SQL server name. Go on the server that hosts the CMP extension and open as administrator the Web.config file in the folder C:\inetpub\MgmtSvc-CmpWapExtension. Replace the connection string MicrosoftMgmtSvcStoreContext by the following, adapting with your values:

<add name="MicrosoftMgmtSvcStoreContext" connectionString="Data Source=DEVOC-SQL-001\WAP;Initial Catalog=Microsoft.MgmtSvc.Store;Persist Security Info=True;User ID=MgmtSvc-CmpWapExtension;Password=pass@word1;MultipleActiveResultSets=True" providerName="System.Data.SqlClient"/>

image

Modify the 2 string before by adding after the database, ;MultipleActiveResultSets=True”

image

Do the previous 2 steps on each CMP server. Now, associate the certificate that you used during the installation of the plugin in IIS, on each server:

image

Execute the iisreset on each server to apply modifications. On a server, we will execute the script that will register this new Resource Provider. Go in C:\inetpub\MgmtSvc-CmpWapExtension and execute the script Register-ResourceProvider.ps1. You need to provide the name of the server that hosts the Admin extension and the Tenant extension:

image

In your portal, the RP is registered correctly:

image

Now, download the following script https://github.com/Microsoft/Phoenix/blob/master/tools/Create-AADSPN.ps1 and execute it on a computer that has the AzureRM module. This script will create a custom application in your Azure AD:

SNAGHTML92708a6

We will now add the plugin to a plan. You will need the following information (all of these information are available through the output of th previous script):

  • The subscription number of your Azure (subscriptionId)
  • The number of your Azure AD (tenantId)
  • The key that you provide during the creation of the custom application (appKey)
  • The client id number (App ID)

From the administration portal, add the CMP service to a plan:

image

You will be able to see this, when adding an account:

image

Provide information that you get before:

SNAGHTML93f812d

Click on the button Add Subscription. If all is right, you will have a green success message:

SNAGHTML941ec03

Add the subscription to a plan by clicking on Add Selected Subscription To Plan:

image

Choose which image and size that will be available for this plan and click on Save:

SNAGHTML94378bd

In the client portal, you can deploy a VM on Azure:

image

image

image

image

And the detail:

SNAGHTML972cc38

This new plugin is very interesting to have the possibility to deploy quickly a VM on Azure, but some features are missing, like the possibility to deploy a VM on an Europe datacenter, a Linux VM, etc…

Troubleshooting

Error 1

After the deployment, I had the following error in the event viewer:

Exception in SyncWorker.SynchWithCmp() : Exception in CmpClient.FetchCmpRequests() : Exception in GetAzureContainers() : The underlying provider failed on Open. – Cannot open database "CMP_DB" requested by the login. The login failed.
Login failed for user ‘DOMAIN\DEVOC-WAPTNT-01$’. :

SNAGHTML9468d8f

The 2 computers accounts didn’t have the good rights on the instance that host DBs of the plugin. I added the sysadmin right for each account and the error disappeared.

Error 2

If you have the following error:

Exception in SyncWorker.SyncWithAzure() : Exception in FetchServiceProviderAccountList() : Exception in Decrypt() : Keyset does not exist
:

SNAGHTML96a6121

Be sure to have the good permission on the certificate Everyone with Full rights to manage private key of the certificate.