Avatar of Florent

by Florent

[Azure] Server Management Tools

March 8, 2016 at 7:00 am in Azure, Microsoft, Nano Server by Florent

One month ago, Microsoft has released a new feature in Azure, Server Management Tools.

This feature will give you the possibility to manage, via web browser, your windows server servers.

I will show you how to deploy this new feature. For this demo, I have 2 servers (on Azure). One Nano server and one Windows Server 2016 Server TP4. Server on Windows Server 2016 TP4 will be the gateway server, where the server management tools feature will be installed. These 2 servers are in the same virtual network, so if you have a Site2Site VPN, you can have your gateway server on your on-premises network. Here is a quick overview from Technet:

We will start by deploying a new Service Management Tools instance. Navigate to Marketplace > Management > More > Server management tools:

image

Fill in information, with the computer name of your managed computer (hostname), your subscription, a resource group, a service management tool gateway (in my case, it will be a new one) and the location (only available in US when this blog post is written):

image

When the deployment is done, click on Browse > Server management tools connections:

image

If the gateway is not configured, you will have a notification message to configure it. Click on it to start the configuration:

image

Choose if you want to install update automatically and click on the button Generate a package link to create a link where sources of the gateway tool will be available. Copy this link in a safe location:

image

On your gateway server, download the archive with the link generated previously and extract it:

image

You have 2 files in this folder. A json file with your gateway parameter and the software. Here is a quick view of your json file:

SNAGHTML10fce0ae

Execute the software package to install the gateway tool:

image

image

image

You have a new service in the gateway server:

image

If you go back to the Azure Portal, in Server management tools gateway, the status is now OK and you will have information of your server:

image

Go back to Server management tools connections. If your gateway is registered correctly, the notification message will ask you credentials of an Admin account of the VM:

image

image

The connection is done:

image

You can use the following tools, directly in the Azure portal:

  • Device Manager: You can see drivers, connected hardware, etc
  • Event Viewer: You can check your logs
  • PowerShell: You can manage your computer via PowerShell
  • Processes: You have the list of processes that are running in your server
  • Registry Editor: You can manage your registry key
  • Roles and Features: You can show which features are installed
  • Services: You can start/stop/pause/resume service

Below some screenshots of these features:

image

image

image

image

image

Before adding your nano server, because I’m in a workgroup, I need to add the host name of my Nano server to the WinRm Trusted list of my gateway. Execute the following command, by replacing by your hostname:

Set-Item -Path WSMan:\localhost\client\TrustedHosts -Value ‘NANO01′ –Force

image

I will now add my Nano Server and link it to my exisiting gateway:

image

I will add credentials that has admin right to manage my nano server by clicking on Manage as:

image

image

I can connect to it through Azure:

image

If you want to connect with the Administrator account, on the target machine, execute the following command to allow remote connection with the administrator account:

REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1

And if the server that you will add is not in the same subnet than the gateway, execute the following command to open port 5985 in the firewall:

NETSH advfirewall firewall add rule name=”WinRM 5985″ protocol=TCP dir=in localport=5985 action=allow

I hope this article will help you Sourire

Avatar of Florent

by Florent

[Azure Stack] White Paper about installation and configuration

March 3, 2016 at 6:00 am in Azure Stack, Microsoft, TP1 by Florent

HighLevel_Architecture

Hello everyone,

I have the pleasure to annouce that I released today my first WhitePaper. This document we help you to understand, install and use the first version of Azure Stack, TP1.

The link to download the document: https://gallery.technet.microsoft.com/Implement-Azure-Stack-and-56c05f85

This document has been written in English.
Don’t hesitate to give me your impressions and your remarks  Sourire

Avatar of Florent

by Florent

[Azure Stack] Deploy an Extension via GUI

February 24, 2016 at 4:03 pm in Azure Stack, Microsoft, TP1 by Florent

Currently, on Azure Stack, the only way to deploy an extension is via PowerShell. It’s why I had the idea to create a quick interface to deploy an extension on a VM. You can find the script on the TechNet Gallery: https://gallery.technet.microsoft.com/Deploy-extension-on-Azure-49857cf0

I tried the script for BGInfo and VMAccess extensions. I will try other extensions quickly.

Don’t hesitate to contact me if you find bugs.

Avatar of Florent

by Florent

[Azure Stack] Reset a VM Password

February 22, 2016 at 7:00 am in Azure Stack, Microsoft, TP1 by Florent

image

Today, I tried to connect to my VM, but I received the error message to the effect that my password is incorrect:

imageimage

I decided to reset it from the portal, but the feature is not yet implemented:

image

So, the only way is to do it through PowerShell. Be sure to have the VM Access extension installed. If you don’t have, install it with the following PowerShell script, by changing the first 3 variables and execute it:

# Add the Microsoft Azure Stack environment
[net.mail.mailaddress]$AadFullMailAddress="whitepaper@azurelabdvo.onmicrosoft.com"
$RGName = "Compute"
$vmName = "WS2012R2"
$AadTenantId=(Invoke-WebRequest -Uri (‘https://login.windows.net/’+($AadFullMailAddress.Host)+’/.well-known/openid-configuration’) -UseBasicParsing|ConvertFrom-Json).token_endpoint.Split(‘/’)[3]
# Configure the environment with the Add-AzureRmEnvironment cmdlt
Add-AzureRmEnvironment -Name ‘Azure Stack’ `
            -ActiveDirectoryEndpoint ("https://login.windows.net/$AadTenantId/") `
            -ActiveDirectoryServiceEndpointResourceId "https://azurestack.local-api/"`
            -ResourceManagerEndpoint ("https://api.azurestack.local/") `
            -GalleryEndpoint ("https://gallery.azurestack.local/") `
            -GraphEndpoint "https://graph.windows.net/"
# Authenticate a user to the environment (you will be prompted during authentication)
$privateEnv = Get-AzureRmEnvironment ‘Azure Stack’
$privateAzure = Add-AzureRmAccount -Environment $privateEnv -Verbose
Select-AzureRmProfile -Profile $privateAzure

$extensionName = "VMAccessAgent"
$publisher = "Microsoft.Compute"
$version = "2.0"
Set-AzureRmVMExtension -ExtensionName $extensionName -Publisher $publisher -Version $version -ExtensionType $extensionName -Location local -ResourceGroupName $RGName -VMName $vmName –Verbose

image

After few minutes, your extension is installed:

imageimage

You can now reset the VM Password. Execute the following script, with your account name:

$cred = Get-Credential "Florent" –Message "Name of the current account and the new password"
Set-AzureRmVMAccessExtension -ResourceGroupName $RGName -VMName $vmName -Name $extensionName -UserName $cred.GetNetworkCredential().Username -Password $cred.GetNetworkCredential().Password -Location local

image

After 2 minutes, the password reset is finished:

image

You can now connect with your new password:

image

image

Avatar of Florent

by Florent

[Azure Stack] Deploy a custom WebApp

February 16, 2016 at 7:00 am in Azure Stack, Microsoft, TP1 by Florent

During my test of Azure Stack, I tried to deploy a custom Web App directly with Visual Studio. With Azure and Visual Studio, you have the option to connect to your account, and choose your subscription.

At this moment, with Visual Studio, you can’t do this directly on Azure Stack, because if you connect with your tenant account, you will have no subscription. To deploy your custom web app, start by creating a new Web App in Azure Stack:

image

Now, you need to get the publish settings file, by clicking on Get publish profile. It will download a file:

image

image

On the ClientVM, open your project in Visual Studio. Click on Build > Publish WebApp:

image

On the new window, click on Import:

image

Choose the publish settings file downloaded previously:

image

It will fill each text box. Click on Validate Connection to be sure that the connection is OK:

image

If you want to open the website after the deployment, copy the url from the web app and modify the Destination URL in Visual Studio:

image

image

Click on Publish. Your empty Web App is now with your custom Web site Sourire

image

Avatar of Florent

by Florent

[Azure Stack] Orchard Web App deployment error

February 15, 2016 at 5:43 pm in Azure Stack, Resource Provider, TP1 by Florent

Today, when I tried to deploy the Orchad CMS, I had an error and the website was down. So I looked the log on the File Server for this website, appManagerLog.xml:

image

After a quick look, the problem is that a server in the WebSite RP car resolve sqlrp. It’s normal, these servers are not in the domain. After a quick try, it’s the Web Worker VM role (WW0-VM, WW1-VM, etc…) who need a DNS to resolve this name. You have 2 solutions (the second is a better solution).

The first one is to modify the host file, by adding the sqlrp vm with the public IP:

image

The second one is to modify the DNS suffix for the network car:

image

Relaunched the deployment, and now, it will works:

image

image

Enjoy Sourire

Avatar of Florent

by Florent

[Azure Stack] Deploy the Web App Resource Provider

February 12, 2016 at 6:00 am in Azure Stack, Resource Provider, TP1 by Florent

After the first article on how to deploy the MySQL RP of Azure Stack, and the second on how to deploy the SQL RP of Azure Stack, I will explain to you how to install the Web App RP.

The prerequisites for this RP are:

Go to the ClientVM, start PowerShell ISE as Administrator and download the following package. Extract it:

image

On a PowerShell window, execute the script Deploy-SqlServerDSC.ps1. It will ask you your Azure AD directory name, a password for the admin account (used to connect to the VM and to the SQL Instance) and an account that is Global Admin of Azure AD and Admin of Azure Stack:

image

image

The SQL VM will be deployed on a RG named WebsitesSQL:

image

During the deployment, get the private IP address of the SQL VM, 10.0.2.4 in my case:

image

The SQL VM is now deployed (it took approximatively 45 minutes in my case):

image

It’s now time to install the WebApp RP. Start by downloading the appservice.exe tool, on the ClientVM. Start it with an admin account. Click on Deploy using Azure Resource Manager:

image

Accept the license:

image

Approve the license for all products that will be deployed:

image

After that, create a new storage account for the deployment, in the Default Provider Subscription:

image

When it’s done, get the storage account name and the key to access to it:

SNAGHTML35ebfe4

Provide these information in the next screen of the App Service installer:

image

The download of each product is in progress and after that, it will be uploaded:

SNAGHTML360308b

The deployment has been completed successfully. A new button appear, Deploy to Azure Stack. Click on it:

image

On the popup click No. It’s important because by clickin on No, all commands that will be executed will be copied to your clipboard. These information could be retrived directly from your storage account. They will be used to deploy the WebApp RP. Paste them on NotePad:

image

image

It’s now time to deploy our WebApp RP. You have 2 solutions here. By Powershell with ARM or with the Web interface. I will explain to you with the web interface (for PowerShell, it’s explained here). Open the second URL that you have in your notepad:

image

Here, you need some information:

1 – The name of the storage account, webappstorage for example
2 – The admin username for each VM
3 – The password for each admin username
4 – A suffix to access to the WebApp, for example webapps.azurestack.local
5 – The SQL Server IP address that you get previously, in my case 10.0.2.4
6 – The sysadmin account, sa
7 – The password for the sysadmin account, it’s the same that the local admin account of the SQL Server

image

You can adapt value for each VM after. I will use juste 1 instance for each VM, but I will change the size to Standard_A2:

image

It is very important to deploy this WebApp RP to the same resource group that the SQL Server. In my case, WebsitesSQL. Click on create to start the deployment of each virtual machines:

image

The deployment is starting:

image

It will deploy 6 VMs:

  • CN0-VM: This VM is the primarry controller, to manage the WebApp infrastructure
  • FS-VM : It’s the file server, where binaries are stored and binaries of your client will be stored
  • WW0-VM: This VM is the Web Worker, where you will provide your resources for your Web Site deployed by your clients
  • MN0-VM: This VM is used for the Hosting Management
  • FTP0-VM: It’s the publisher VM
  • FE0-VM: It’s the front-end VM

The deployment is finished correctly (40 minutes in my case):

image

We will now create the DNS entry for the *.webapps.azurestack.local. The IP address is the IP of the load-balancer FrontEndServersLoadBalancer, in my case, 192.168.133.28:

image

The DNS entry (type A) associated:

image

This * will create a folder named webapps in your DNS:

image

Get the IP address of the ManagementServerLoadBalancer, in my case 192.168.133.29:

image

Create a new DNS record (type A) with the name management. It will be used to register the WebApp in Azure Stack:

image

We will setup the wildcard certificate. If you already installed the SQL RP, you have this certificate. If you don’t install it, follow the beginning of this article. Connect to management.azurestack.local virtual machine and copy the wildcard pfx certificate to your desktop:

image

Open it and choose the Local Machine:

image

Check the 2 last boxes to export the private key at a later time and include all properties:

image

Choose the first option, automatically:

image

Import it:

image

The import has been done correctly:

image

We will install this certificate on the VM CN0-VM. Get his IP address in the portal:

image

You can connect to this IP in RDP through the management VM. Copy the certificate from the management VM and paste it in C:\Temp of the controller VM:

image

Execute the following PowerShell script by adapting the password variable your the password of the PFX and the Uri of the last command with the URL of the management server:

Import-Module Websites

$password="pfxPassword"
Set-WebSitesConfig -Type Global -ManagementServerCertificateFileName "C:\Temp\Certificate.pfx" -ManagementServerCertificatePassword $password
Set-WebSitesConfig -Type Global -ArmEndpoint "https://api.azurestack.local"
Set-WebsitesConfig -Type Global -ArmResourceProviderUri ‘https://management.azurestack.local/’

SNAGHTML3e6dda7

Execute now this script:

Get-WebSitesServer -ServerType ManagementServer | Repair-WebSitesServer
Get-WebSitesServer -ServerType LoadBalancer | Repair-WebSitesServer
Get-WebSitesServer -ServerType WebWorker | Repair-WebSitesServer

image

The finish is closed. We will register the WebApp RP in our Azure Stack environment. Connect to the ClientVM and navigate to https://portal.azurestack.local .Then go to Resource Providers and click on Add:

image

Now, fill in each text box:

1 – The name of your deployment
2 – The management URL, https://management.azurestack.local/
3
– The username of the vm, admin
4 – The password of the VM
5 – The location, local
6 – A resource group, WebAppsRG

image

The register is done:

image

The deployment is done, we can add this RP to a plan:

image

We will now add a server, to be able to use the Standard pricing. I deployed a new WS 2012 R2 VM with a biz size to be able to purpose the 3 types (small, medium and large) of service app. This VM is connected to the same network that other WebApp VM and on the same RG:

image

Connect to this VM and add the same account that your WebApp farm. For me, it was admin/password. This account must be local admin:

image

Execute the following PowerShell command to be able to log in remotely with account that are not in this computer:

Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name LocalAccountTokenFilterPolicy -Value 1 -Force

Now, go on your Web-apps RP:

image

Click on Roles:

image

As you can see, currently, customers can only create WebSites on a Shared infrastructure. We need to add a server for the Small/Medium/Large instances. Click on Add Role Instance and provide the IP address of the VM that you just created and choose the size where you want to associate:

image

image

If you go on the controller VM, and open the shortcut Web Cloud Management Console on the desktop, you can see that the server is configuring to be able to receive Web sites:

image

The server is now ready to receive instances (it took 30 minutes in my case):

image

My customer can now deploy a Web App. Click on New > Web + Mobile and choose a site:

image

I will deploy a WordPress. For the App Service, because I just added a Standard-Medium, I will choose this one:

image

With an existing MySQL database:

image

image

After few minutes, I can navigate to my website:

imageimage

Django:

image

And for .Net Nuke, with a sql database:

image

image

image

If you have any questions, just ask me Sourire

Avatar of Florent

by Florent

[Azure Stack] Deploy the SQL Server resource provider

February 11, 2016 at 6:00 am in Azure Stack, Resource Provider, TP1 by Florent

After the first article on how to deploy the MySQL RP of Azure Stack, I will explain to you how to install the SQL Server RP. Before starting, be sure to have to have a Windows Server 2012 R2 Datacenter image with the framework 3.5 (prerequisite for SQL Server) and the IE Enhanced Security Configuration disabled. To start, connect to the ClientVM and disable the IE Enhanced Security Configuration for the Administrator and User. It’s necessary to be able to authenticate on Azure AD without any problem:

image

On the ClientVM, install the last version of Azure PowerShell (version 1.2.1), that you can find here:

image

It’s now time to create a wildcard certificate to authorize the communication between your Resource Provider and your Azure Resource Manager. Connect to the PortalVM and open the IIS Console:

image

Here, navigate to PORTALVM > Server Certificates and click on Create Domain Certificate. Give to the common name the value *.azurestack.local. Give the same name for the friendly name. Other parameters can be fill in by you:

image

image

We will export the certificate. Open an MMC and connect to the local computer. In the Personal store, you will have you wildcard certificate:

image

Export this certificate with the private key:

image

Choose the extensions Export all extended properties and Include all instances in the certificate path if possible:

image

Give a password to protect the certificate:

image

Choose where to store the certificate:

image

Copy this certificate to \\SOFS\Share\Certificates\Wildcard :

image

Go back to your ClientVM and download the SQL Resource provider with this link and extract it. Rename the file AzureStack.SqlRP.Deployment.*.nupkg to AzureStack.SqlRP.Deployment.*.zip. On the D drive, create a folder named SQLRP and extract the content of the zip file in it:

image

Copy the file AzureStack.SqlRP.Setup.*.nupkg to D:\SQLRP\AzureStack.SqlRP.Deployment.5.11.61.0\content\Deployment:

image

On this folder, create a new folder named Certificate and copy the wildcard certificate on it. Rename it to Certificate.pfx it is very important because the script is using this certificate name:

image

Go back to the Deployment folder and go in Templates. Edit the file InstallSqlRpComplete-Parameters.json. Fill in the value adminPassword with the admin password that you will use for your SQL RP and the certPassword with the password of your PFX. You can close your file.

Do the same in the file InstallSqlRpPackage-Parameters.json.

Change the value of cseBlobStorage with the new version name, AzureStack.SqlRP.Setup.5.11.61.0.nupkg:

image

Open a PowerShell prompt as Administrator and navigate to D:\SQLRP\AzureStack.SqlRP.Deployment.5.11.61.0\Content\Deployment:

image

Run the script SqlRPTemplateDeployment.ps1 with the following parameters, by replacing by your values to start the installation of the RP:

.\SqlRPTemplateDeployment.ps1 -AadTenantDirectoryName azurelabdvo.onmicrosoft.com -packageName "AzureStack.SqlRP.Setup.5.11.61.0.nupkg"

If you have the following error, type Set-ExecutionPolicy Unrestricted:

.\SqlRPTemplateDeployment.ps1 : File
D:\SQLRP\AzureStack.SqlRP.Deployment.5.11.61.0\content\Deployment\SqlRPTemplateDeployment.ps1 cannot be loaded. The
file D:\SQLRP\AzureStack.SqlRP.Deployment.5.11.61.0\content\Deployment\SqlRPTemplateDeployment.ps1 is not digitally
signed. You cannot run this script on the current system. For more information about running scripts and setting
execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170.
At line:1 char:1
+ .\SqlRPTemplateDeployment.ps1
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : SecurityError: (:) [], PSSecurityException
    + FullyQualifiedErrorId : UnauthorizedAccess

image

You will be prompt to give your Global Admin credentials of your Azure AD:

image

The provisionning is in progress:

image

It can take 90 minutes to deploy the SQL RP because the script will deploy a new VM with SQL Server installed on Windows Server 2012 R2 (less than 60 minutes in my case). The deployment is now done:

image

Go on your ADVM and create a DNS entry with sqlrp with the IP address that you can find in the Public IP that the script has created:

image

image

The last step is to register the SQL Resource Provider in MAS. Execute the script Register-SqlRP.ps1 located in the folder D:\SQLRP\AzureStack.SqlRP.Deployment.5.11.61.0\content\Deployment with the following command:

.\Register-SqlRP.ps1 -AadTenantDirectoryName azurelabdvo.onmicrosoft.com

Log in to your Azure AD. For the Windows Credential request, give the following username sqlRpUsername and the following password sqlRpPassw0rd:

image

image

Add the RP to your subscription:

image

Click on New > Data + Storage > Sql Server Database and choose the server created before:

image

image When I launched the deployment, I have the following error:

image

Mark Scholman give me the solution on Twitter. You must add a SQL instance before doing this. To do this, go on the admin portal and navigate to Resource Providers > SQL-LOCAL > SQL Service > SQL Hosting Servers (by clicking on the 0 under Servers) and click on Add. Provide the instance name of the SQL Server, and the login/password to connect to this instance (with th port if needed):

image

image

My SQL database server has been created correctly, and I can connect to it:

image

image

image

Enjoy this new feature of MAS Sourire

Avatar of Florent

by Florent

[Azure Stack] Deploy the MySQL Resource Provider

February 9, 2016 at 7:00 am in Azure Stack, TP1 by Florent

Microsoft released yesterday 3 new services in Azure Stack for the Platform-As-A-Service (PaaS):

  • SQL Server
  • MySQL
  • Web Apps

In 3 different blog posts, I will explain to you how to deploy each resource provider. We will start with the deployment of the MySQL RP. To start, connect to the ClientVM and disable the IE Enhanced Security Configuration for the Administrator and User. It’s necessary to be able to authenticate on Azure AD without any problem:

image_thumb1[1]

On the ClientVM, install the last version of Azure PowerShell (version 1.2.1), that you can find here:

image_thumb21

When it’s done, download the AzureStackMySQLforWebApps.zip and unzip it to D:\MySql:

image

Launch a command prompt as Administrator and move to D:\MySql. Execute the Bootstrap.cmd tool. It will launch PowerShell ISE with the script Bootstrap.ps1. Execute it:

image

You will now have some new tabs. Move to the tab Prepare MySql Prerequisites and execute the script New-SslCert.ps1 to generate a certificate for your MySQL infrastructure. It will ask you a password for the PFX:

image

image

If you go to D:\MySql\Prerequisites\BlobStorage\Container you will have your certificate to secure communications between your RP and the Azure Resource Manager. Now, execute the script Download-MySqlServer.ps1 (it will download MySQL binaries) and click on Yes to All to approve the license:

image

You have now in D:\MySql\Prerequisites\BlobStorage\Container your 2 MySQL packages:

image

It’s time to execute the script Upload-Microsoft.MySql-RP.ps1. This script will copy sources to a blob storage. Provide your Azure AD name (in my case azurelabdvo.onmicrosoft.com) and provide a Username/Password that is Global Admin of your Azure AD and Admin of Azure Stack:

image

image

Execute now the script Publish-GalleryPackages.ps1. This script will add 2 packages to your Azure Stack Market Place. Give your Azure AD name as parameter:

image

You have normaly these 4 packages now in D:\MySql\Prerequisites\BlobStorage\Container:

image

It’s now time to deploy the MySQL RP. On the ClientVM, Go to Market Place > Resource Providers > MySql Resource Provider 1.0.1.0:

image

Click on it and choose your VM admin username and password:

image

Go down and give the password for the PFX generated in the 1st step. Give a username/password combination that you will use to register your MySQL RP later:

SNAGHTML2e10c036

Create a new Resource Group named MySQL01 and launch the creation:

image

After approximatively 30 minutes, the VMs and the MySQL services are deployed:

image

Go back to PowerShell ISE and move to the tab Deploy MySql provider. Select the runbook Register-Microsoft.MySql-fqdn.ps1 to get the public IP address of the VM and create the associated DNS entry. For this script, you need to provide your Azure AD account:

image

image

To finish, launch the last script Register-Microsoft.MySql-provider.ps1 to register your MySQL RP. Give your Azure AD account and after, give the username/password that you provides during the installation:

image

The MySQL RP is now registered:

image

Go on your Azure Stack interface, and navigate to Plans > YourPlan > Settings > Services > Add New. Choose the Microsoft.MySql provider:

image

Login on your tenant account and click on New > Data + Storage > MySql server/database. Complete information:

image

Deployment is now finished:

image

You have information of your MySql DB:

image

To connect to this instance, use the following command:

mysql.exe -h mysql1.azurestack.local -u florent@mysqldb01 -p

image

Enjoy this deployment Sourire

Avatar of Florent

by Florent

[Azure Stack] Deploy an extension

February 5, 2016 at 2:32 pm in Azure Stack, Microsoft, TP1 by Florent

Like the new Azure version, it’s possible to deploy an extension like BGInfo, DSC, etc. The only problem is, that at this moment, the Add button doesn’t exist. You need to pass through PowerShell. To install BGIndo, execute the following command:

# Add the Microsoft Azure Stack environment
[net.mail.mailaddress]$AadFullMailAddress="florent@azurelabdvo.onmicrosoft.com"
$AadTenantId=(Invoke-WebRequest -Uri (‘https://login.windows.net/’+($AadFullMailAddress.Host)+’/.well-known/openid-configuration’) -UseBasicParsing|ConvertFrom-Json).token_endpoint.Split(‘/’)[3]

# Configure the environment with the Add-AzureRmEnvironment cmdlt
Add-AzureRmEnvironment -Name ‘Azure Stack’ `
    -ActiveDirectoryEndpoint ("https://login.windows.net/$AadTenantId/") `
    -ActiveDirectoryServiceEndpointResourceId "https://azurestack.local-api/"`
    -ResourceManagerEndpoint ("https://api.azurestack.local/") `
    -GalleryEndpoint ("https://gallery.azurestack.local/") `
    -GraphEndpoint "https://graph.windows.net/"

# Authenticate a user to the environment (you will be prompted during authentication)
$privateEnv = Get-AzureRmEnvironment ‘Azure Stack’
$privateAzure = Add-AzureRmAccount -Environment $privateEnv -Verbose
Select-AzureRmProfile -Profile $privateAzure

Set-AzureRmVMExtension -ExtensionName BGInfo -Publisher Microsoft.Compute -Version 2.1 -ExtensionType BGInfo -Location local -ResourceGroupName Compute -VMName W2012R2 -Verbose

image

And in the Azure Stack interface:

image

I tested the following extensions:

  • BGInfo
  • DSC
  • VMAccessAgent
  • CustomScriptExtension

You can find a list of extensions \\SOFS\CRP\GuestArtifactRepository. I don’t know if all of them work.