Moving to SSL / HTTPS–PART 2

On this Part 2: We are going to get our CER and PFX to be used for Azure.

Create Certificate Signing Request

There is a tool available thru Digicert website or you can do it manually over IIS. Since my target is to install this in Azure, I chose to use the tool they provided.

1

Lets use a Windows PC. So I will not have IIS Manager access to my Azure Website so we need to generate the certificate and then install it.

2

Download the tool, extract and run.

3

4

Click the SSL Certificate tab and click Create CSR.

image

This reminds me of the IIS Manager Create Certificate Request action but it should be straight forward. Click SSL and then make sure that your info is correct. Then click Generate.

6

Then copy the result to a notepad or clipboard can be enough.

7

Login back to your Digicert account and click the status of your order. There should be a Pending CSR there.

8

This opens up a pane and you can paste the CSR here.

9

I chose IIS 10 and then clicked continue.

10

Then viola, CSR Completed. This will then trigger an email where your .CER will be attached.

11

12

Unzip this to get the .CER and some instructions.

13

Go back to the DigiCert certificate tool and then import the CER. You need to get the *PFX out of this CER.

14

Once you clicked next, just enter your friendly name and then finish. It should show on the utility.

15

Like this:

16

Now lets export the PFX, just highlight the certificate and then click Export.

17

Export the private key, use PFX and all path if possible. Click Next.

18

Yes, like the MMC, you need to provide a password since you are exporting the private key as well.

19

Then save the PFX File to a location where you will pick up to install in AZURE.

20

You can now close this tool. Thanks DigiCert!

22

Advertisements

Moving to SSL / HTTPS–PART 1

Certificate Authority

For my CA I got DIGICERT (https://www.digicert.com) thru the MVP Program and got the SAN Certificate that can be used on multiple domains. 

A free alternative will be Let’s Encrypt (https://letsencrypt.org/) however you may need to use an Azure Site extension for this. 

I got started with Digicert by signing-up and then do the verifications. For me I was asked with only two requirements:

  • I have a currently active government issued photo ID (Suggest you don’t black out the address) that has your name, address and expiration date.
  • That you have control or ownership of the domain – They will send a link thru your postmaster emails. Be sure to check if these are active.

admin@<YOURDOMAIN.COM>
administrator@<YOURDOMAIN.COM>
webmaster@<YOURDOMAIN.COM>
hostmaster@<YOURDOMAIN.COM>
postmaster@<YOURDOMAIN.COM>

I must mention that they have a phenomenal customer service and will follow-up thru phone and email on your certificate order and help you on the requirement.

After the verification they will send you an emails confirming the verification. Got a personal email from an Engineer and the automated email. Mine just took a few hours after I did the requirements and I was able to continue with creating a CSR.

image_thumb[7]

How to apply license on SCOM 2016(fwlink 74446)

Today I had a chance to revisit my SCOM Lab. But after booting everything, I noticed that even if all services are running including SQL and SCOM, the Ops Manager console throws an error on connecting.

TL;DR; My trial license is expired. Use Powershell to apply license:

  • Import-Module OperationsManager
  • Set-SCOMLicense –ProductId “<YOUR PRODUCT KEY>”
  • Restart-Service OMSSDK
  • New-SCOMManagementGroupConnection
  • Get-SCOMManagementGroup | Format-List –Property SkuForProduct, SkuForLicense, Version, Name, TimeOfExpiration

Long story, so will I reinstall today? So normal troubleshooting after seeing the error, restarting the services including SQL Server and nope, no joy there.

Going back to the console, thankfully there is a stack trace there. So lets read thru the errors, mostly access denied exception but there was the ex.message.toString there. So we have hopes here.

It seems that there was an access denied exception but the inner message is saying “You have exceeded the evaluation period of this product. Please upgrade to the retail version to continue using the product” Aha! I followed the link and it seems that it only redirects to a generic product page. Still no joy.

image

There are a few TechNet and Support articles out there, but there’s one problem. License IS expired already.

https://support.microsoft.com/en-ph/help/2699998/how-to-add-a-product-key-to-the-eval-version-of-system-center-2012-ope

https://technet.microsoft.com/en-us/library/hh966734(v=sc.12).aspx

Problem is we cant connect to the management group, because, yes we have an exception. Yikes.

image

I think the article is a little off, since applying SCOM licenses are thru registry access so it shouldn’t require any connection.

So first, run PowerShell as an administrator on the server where SCOM is installed.

Apply the license key that you have for retail. (See TLDR section for Copy-Paste PS> commands)

Also remember also to restart the System Center Data Access Service after applying the license. Included in TLDR.

image

Try out the new connection and try and poke the management group and get the license details.

Then try and connect using the Console. Yes its working, but my apps are not.

image

So there ya go, and I’m back to my DevOps management group. I’m trying out the new MP for .NET APM with Application Insights. This is going to be fun. Well after we fix DB01. Should blog about it later.

Usapang Ulap: Microsoft Bot Framework, LUIS and DevOps

Thank you all for attending our Usapang Ulap! And we are exited to show you the latest with Microsoft’’

17361608_10208716937583087_7470288327236261044_n

There are more practical use of the new bots and artificial intelligence services such as using Microsoft Bot and LUIS to do development operations. In this live demo, we saw that using bots, we can control our continuous integration services from build, deploy and test.

17353584_1257908540924516_1583235151990719465_n

 

I would probably do a detailed blog on how to integrate these services and API together so please do check my blog out. But for now, I used the Microsoft Bot Framework and Visual Studio TFS Online authenticated API’s.

Here’s our full line up:

Microsoft Bot Framework – Jon Limjap
Microsoft Language Understanding Intelligent Service (LUIS) – Allan Spartacus Mangune
Using bots in DevOps – John Delizo
Bot Framework with Sentiment Analysis – Eduardo Lorenzo
PowerBI – Argelo Royce Baustista
17352475_10208716937823093_7307387412118475744_n17352520_10208716937743091_8853133980558445344_n17361958_10208716937503085_2437104987182411869_n17362707_10208716937423083_367270748908997155_n

Hope to see you on our next Azure event!

Am back in UMAK!

So its another Saturday of community work for me and Allan. This time, we got a chance to talk about Windows Server, Microsoft Azure and .NET in the University of Makati’s College of Computer Sciences (CCS). https://umak.edu.ph/ last week (Feb 18)

WP_20170218_10_46_28_Pro

We did a couple of Demo, to start with, Allan did the whole Azure Web App complete with the ASP.NET Core demo. I think this is a highlight of the event, us doing demo especially this .NET MVP doing the end to end scenario in less than an hour, using again limited amount of cellular data.

WP_20170218_11_14_43_Pro

Then to cap off, did a demo on Windows Server 2016 and the installation including the nano server.

Events 2017 - UMAK - Feb 18

Its my 2nd time here in UMAK and hopefully we can be back with student requests for the hands on experience. 

Thank you EARIST Cavite!

Its a busy but fulfilling Saturday for me and Allan driving off to GMA Cavite to conduct a tech talk on Development, Infrastructure and Security with the students of Eulogio “Amang” Rodriguez Institute of Science and Technology (http://earist.edu.ph/) last Feb 04.

Events 2017 - EARST - Feb 18

We had a blast with these enthusiastic students, eager to ask questions even if the computer lab is already jam packed! The drive was really worth it.

WP_20170204_12_50_15_Pro

It was actually fun! So being two geeks with limited amount of cellular data driving around south.

WP_20170204_14_49_44_Pro

image

WP_20170204_14_33_47_Pro

So thanks again EARIST Cavite! Hope we can be back sooner!

Deploying SQL Server 2016 Management Tools

TL;DR SSMS is now a separate 800MB+ download. https://msdn.microsoft.com/en-us/library/mt238290.aspx

Long story (Begin Rant):

As much as I can, I always deploy Windows features and products using either direct to command line or with a configuration XML or INI file. In this case, I am installing SQL Server.

image

On previous version of SQL Server you can use the INI file to indicate what features you are going to install. Syntax is FEATURES=<FEATURE><,><FEATURE>

image

And before you can add the SSMS feature by adding SSMS –or- ADV_SSMS for Management Tool Basic –or- Advanced, respectively.

There seems to be a change with SQL Server 2016 as adding the SSMS will throw an install error.

So I saw the Management Tools now  located in the installation tab and under the new stand-alone link. I remember that in order for me to add SSMS before, it is under the add features to an existing installation. But now it seems that SSMS has its own link. But be warned, it is an actual “HREF” to a webpage. https://go.microsoft.com/fwlink/?LinkId=531355

image

Yes. You guess it right, you have to download SSMS as a separate installer.

image

https://msdn.microsoft.com/en-us/library/mt238290.aspx

That link, Download SQL Server Management Studio (16.5.3): https://go.microsoft.com/fwlink/?LinkID=840946 is 898MB. Surprise!

image

Now using Philippine internet connection: See you after 3 hours or more.

image

So after downloading we can now launch the installer.

image

Next time, I will be using /Install /Quiet as my command line parameters based on the MSDN article here: https://msdn.microsoft.com/en-us/library/bb500441.aspx but for now, lets do a GUI install.

image

Wait for the setup to finish. This will not ask for your install location nor what tool to install – it will install everything on your C:\Program Files so be careful if you have SSD. Hope in the future, since this is a standalone product that we can choose which drive to use. But for now its just a straight forward install.

image

image

So after installation, launch..

image

We now have SSMS back!

image