Solving Just About Every Azure Login Problem That Exists

Oh. My. God. I recently rolled off of one project and onto another. Any other consultants out there know that this is no small walk in the park. You have to close up all your duties for one client, take care of all the interim stuff like feedback and resume updates and skills assessments, and then start gearing up for the next gig. In my case, I didn't just find myself in a war zone... I was smack dab in No Man's Land during trench warfare.

And yes, you continually update your resume as a consultant. It's a lot like your job is to keep finding new jobs. You make yourself as marketable as you can while trying to prove yourself when it counts so the right people later say the right things. The smart ones race against the learning curve so that they can one day catch up to it and then start defining it. Okay, maybe it's not that much different from any other job after all.

I came across something I just had to share. I was tearing my hair out trying to get Azure's PowerShell module to start working... again. It was working without any sort of problem. Then, while I still had the shell open, I start seeing this:

Text: Your Azure credentials have not been set up or have expired, please run Add-AzureAccount to set up your Azure credentials.

Okay. I'll run the cmdlet I ran to get started in the first place even though you could just grow some eyeballs and look about 10 lines above you to see that I already have an account! And so I do...

Microsoft Accounts Really, Really Suck at Being Completely Awesome

Microsoft came out with this brilliant idea that you could have one single account for all of your Windows devices where all your common settings are saved and shared automatically. It's honestly a fantastic idea. I'm not sure if Google Chrome's account sharing features came first or second, but Microsoft envisioned that it would be like that--which it is--and that it would be that great--which it isn't. 

The problem that they ran into is that they were also ramping up their cloud services platforms and wanted to roll those all into the MS Account as well. That wasn't all, either... they just started lumping any and all Microsoft-related accounts under the same credential umbrella. As it stands right now, I use the same email address to access my organizational account for Office 365 and whatnot, to log into my personal account which also happens to be attached to MSDN and Azure, and also for certifications.

Add to this the confusion that all your old accounts that you used to log into Microsoft environments with suddenly became Microsoft accounts. Gmail, Yahoo, Hotmail (which became Outlook.com and is actually quite awesome), and even random Exchange addresses all magically became unified. Not to each other, mind you, but in a confusing mish-mash of spiderwebs that remarkably never touch each other.

Russian Roulette with Your Sanity

Every once in a while, I'll boot up PowerShell ISE to work on my script that endlessly provisions new Azure virtual machines and configures them any which way I want. But then I discover that the game's over before it started.

After you get the error message I showed above, you'll try to add an Azure account to your Azure PowerShell configuration. But the problem is that you already have done that. In fact, chances are that you can run these two cmdlets and the output will be correct for both:

Get-AzureAccount

Get-AzureSubscription

If you decide to run Add-AzureAccount again, it might just work, honestly. I had it work 2 or 3 times before it went insane. It would pop up and say, "You're already logged in, dude. Why are you trying to log on again?" 

I'd click "Remain logged in with this account" and then it would prompt me for my password. When I put in my password, I would get a message on my Microsoft Account mobile app asking me to approve the request. This is first machine I ever configured for access to the two-factor authentication and it's never had an issue otherwise. So, I approve the request, and then it tells me, "Dude. You again? I just told you, you're already logged in. Just remain logged in with..."

And you get the point. Eventually, it just started cycling between asking for email AND password and pinging my phone once a second to approve the requests. I had to just re-install the app because of how badly my PC was misbehaving. 

Man... I hope someone finds this post and I can save them some frustration. This one had me wanting to unlearn computers.

Enough of This -- Let's Fix Every Azure Login Issue

Just do this. Instead of logging in with an email address each time, it stores a very long hash. It's like it gives it a nickname. Just imagine that Azure is cozying up to your Microsoft Account.

You still have to log in the first time -- and I'm not promising that problems won't come up ever again -- but this is quick.

1. Get-AzureSubscription | Remove-AzureSubscription


If you have a whole bunch of accounts and they're all working for you, don't run this. It clears out all your Azure subscriptions from cache. It DOES NOT affect anything on your account:

You might want to clear all your subscriptions, honestly. This method of configuration was designed specifically for this purpose.

2. Get-AzureAccount

Just check to see what's still hanging around. It shouldn't display anything. You can pipe that cmdlet to, you guessed it, Remove-AzureAccount if you want to clear everything and start fresh.

3. Get-AzurePublishSettingsFile

This opens up a webpage which immediately prompts you to save a file. Put it anywhere you want, but do yourself a favor and copy the path while you're there. You'll be finding it within PowerShell. Or just put it somewhere like C:\PS so you don't have to type a lot.

Don't bother reading the instructions on that page. They aren't really applicable right now.

4. Import-AzurePublishSettingsFile "<File location>"

Once you get that .publishsettings file imported, you'll see that your account is now much harder to remember than your email address. Mission accomplished!

But seriously, now run an Azure cmdlet like Get-AzureVM. Viola.

If you ever run into again, just do step 1 and step 4 again. You don't need get a new file each time. Heck, you could just modify $PROFILE so that it clears it each time you open PowerShell. But that's probably not necessary.

SQLync Cheatsheet, or The Quick Rundown on SQL Server and Lync Server 2013

SQL Server and Lync Server 2013. Back-end and front-end. The yin and the yang of Lync infrastructure functionality.

And yet... there is very little documentation out there for all the questions people might have about how these two systems work together. Well, it's out there... it's just spread out like not enough marmalade on far too much toast. Consequently, I'm going to throw together a little cheat sheet for people first diving into their Lync Server 2013 install.

The one thing I won't go into is SQL redundancy or high availability. This is just enough marmalade to get you going.

In typical fashion, this post turned into a behemoth. Seriously, there's so much juicy information right after the jump.

Which SQL Server Versions Should I Use?

You can use these:

• SQL Server 2012
• SQL Server 2008 R2

Note that "SQL Server 2008" is not listed there. It is not compatible with Lync Server 2013.

Just use whichever one you have access to. 2012 is going to be better overall for a lab and production, but there won't be any loss of functionality or power using 2008 R2 for Lync in a homelab.

How Many SQL Servers Do I Need?

You need 1 server for each Front End pool. If you have 3 FEs spread across 2 Front End pools, then you need 2 separate SQL servers. If you have 13 Standard Edition servers and 23 Enterprise Front End servers spread across 17 pools, then you need 17 SQL servers.

Can I virtualize SQL Server?

Yes. SQL Server 2012 is going to support the fancier virtualization technologies that sprouted up in Hyper-V version 3, but it won't necessarily run much faster than SQL Server 2008 R2.

Which Ports Need to Be Opened? What About Windows Firewall?

• UDP
• 1434
• TCP
• Any statically defined ports
• 1433 if using default instance

If you're just using Windows Firewall or also using it on top of a more illustrious security solution, be sure to allow the SQL applications through. Create a new program-specific rule for each of the paths below and set it to "Allow This Connection."

• C:\Program Files\Microsoft SQL Server\MSSQL<Version#>.<MyInstanceName>\MSSQL\Binn\sqlservr.exe
• C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

The second one on that list I'm not 100% on. I've heard that leaving it as is can lead to very frustrating problems down the road. Yes, it is "x86" even though you installed a 64-bit program.

How Should I Handle Service Accounts?

3 options here, which can be summarily labeled the "easy way," the "slightly harder way," and the "awesome way."

Easy Way

Just click next when you see the permissions. It's really not much harder to do the other two ways, so I don't recommend this. If things start breaking, you're taking a lot of power out of your own hands. So, unless you want to screw over Future You, don't do this.

Slightly Harder Way

Manually create an account in Active Directory to use on the Service Accounts screen. It doesn't need any particular permissions. Make sure to remember the password! Also, don't let it expire! If you don't want to mess with all that, see the Awesome Way below.

Awesome Way

This creates an Active Directory Managed Service Account (MSA) that you can set and forget.

Use this way to never have to change a password, manage permissions, or basically remember anything. And it's way tighter security. You can use the same MSA for all your instances (1 account per server, though) or very easily use the first one as a template to create another.

From the SQL Server, run Powershell as a Domain Admin. If the AD module is not yet installed (or if you're not sure), type:

Install-WindowsFeature RSAT-AD-PowerShell

Then type:

New-ADServiceAccount -Name <SQL MSA Name> -Enabled $true

Then:

Add-ADComputerServiceAccount -Identity <SQL Server Hostname> -ServiceAccount <SQL MSA Name>

Finally:

Install-ADServiceAccount <SQL MSA Name>

When you are specifying the Service Accounts during installation, here's what you put for the Account Name:

Leave the password blank. Make sure to put that dollar sign at the end! The MSA that I'm using looks like this:

hyperi2\SQLMSA01$

And that's it! MSAs are super fun! 

Should I Use the Default Insta--

No. Don't use the default instance. Create individual named instances.

If you messed up and used the default instance, it will still work. No need to reinstall. Just keep it in mind when things go wrong. The default instance works differently than named instances. Be sure to open TCP port 1433 in your firewall if you've set things up this way.

How Many Instances Do I Need?

1 as a "base", which most people call "RTC", that you point your Front End and mediation services at
1 for Persistent Chat, if deployed (CANNOT be colocated with another instance)
1 for Archiving, if deployed*
1 for Monitoring, if deployed*

* You can get away with colocating these. I have an ARCMON instance within my lab.

What Exactly Should I Install?

Boom. You need:

• Instance Features
• Database Engine Services
• Shared Features
• Management Tools - Basic
• Management Tools - Complete

If you are setting up archiving and monitoring, also install "Reporting Services - Native" for that instance only.

Which Port Is My Instance Using?

You can find this by opening SQL Server Configuration Manager, then:

1. Expand "SQL Server Network Configuration"
2. Click "Protocols for <MyInstanceName>"
3. On the right side, double-click "TCP/IP".
4. Click the "IP Addresses" tab. You're now looking for the line that says "TCP Dynamic Ports" that isn't blank and does not just have a 0. You may have to scroll down a bit.

I should note that this port will be auto-negotiated by Lync Server 2013 (over UDP port 1434). However, if that's not working and you're troubleshooting, you may need to open this up.

This, of course, does not apply when the port has been statically configured to something else, but you should see another line in the properties for this.

"Windows detected a hard disk problem" - Do I go into too much detail?

People have told me many times in my life that I am way too wordy when I write. That's not exactly how they say it. They'll say, "It's very detailed!" or "Can we maybe trim this section down?"

Well, I'm sorry. Actually, I'm sorry I'm not sorry. No, I was not trying to bore the external auditor to death. It is his job to read boring stuff all day. If I could actually bore a man like that to death, I would quit my job and be on C-SPAN within 6 months.

So, this will be a short post.

Windows detected a hard disk problem

Text: Windows detected a hard disk problem
Back up your files immediately to prevent information loss, and then contact the computer manufacturer to determine if you need to repair or replace the disk.

This means you need a new hard drive.