microsoft

Azvise

ResourceNotTopLevel error when trying to move resources – Azure

When you transfer Azure resources between subscriptions, you might get the following error: “ResourceNotTopLevel“.

This is caused by the fact that you only have to select top-level resources for the move, and the dependencies will be moved automatically.

For example, say you selected both a Network Watcher Extension and the relative VM you want to move. You will just need to move the VM object, and the extension will come with the server.

Example of an error code:


{
                "code": "ResourceNotTopLevel",
                "message": "Identifier '/subscriptions/0000000000000000000/resourceGroups/MoveResource/providers/Microsoft.Compute/virtualMachines/VMtobeMoved/extensions/AzureNetworkWatcherExtension' is not a top level resource. Please include only the top-level resource for this child resource in the move request. A child resource would be moved along with its associated top-level resource.\""
            }

From the error code, you’ll get that you just have to move the following resource, being the top-level one:

/subscriptions/0000000000000000000/resourceGroups/MoveResource/providers/Microsoft.Compute/virtualMachines/VMtobeMoved

It’s good to remember that if dependent resources are distributed across different resource groups, you’ll first have to move them into one resource group and then attempt the migration.

Azvise

Cancel downloaded updates in Windows Server

If the server has downloaded automatically an update (such as the SharePoint ones), which you don’t want to install, try following these steps to delete the queue:

  • Open an elevated PowerShell, then run the following command
Stop-Service -Name "wuauserv"
  • Open an elevated PowerShell, then run the following commands to make a backup of the folders we’re going to delete.
cd C:\

'backupwinupdate', 'backupdatastore' | %{New-Item -Name "$_" -ItemType "Directory"}

Copy-Item -Path "C:\Windows\SoftwareDistribution\Download" -Destination "C:\backupwinupdate" -Recurse
Copy-Item -Path "C:\Windows\SoftwareDistribution\DataStore" -Destination "C:\backupdatastore" -Recurse
  • Check that the backup has been created, then proceed to delete the content of the original folders:
Get-ChildItem -Path C:\Windows\SoftwareDistribution\Download” -Include * -File -Recurse | foreach { $_.Delete()}
Get-ChildItem -Path C:\Windows\SoftwareDistribution\DataStore” -Include * -File -Recurse | foreach { $_.Delete()}
  • After clearing the content, you can proceed to start Windows Update:
Start-Service -Name "wuauserv"

You’ll need to reboot at the end of this procedure.

Be sure to clean up the backup folders C:\backupwinupdate and C:\backupdatastore

Azvise

ASR Kernel modules fail to load while installing the Mobility Service (VMware) – Azure

If some kernel modules fail to load (such as in the example below) while installing the Mobility Service agent, please check:

  • If the kernel is supported in your Configuration Server version
  • If secure boot is enabled
#EXAMPLE using SUSE 15 SP2
exampleserver0:/tmp/ASR # sudo ./install -d /usr/local/ASR/ -r MS -v VmWare -q
All product pre-requisties are met.
Generating the certificate.
[...]

Filter driver kernel module is not loaded. Attempting to load it, please wait...
insmod /lib/modules/[kernelversion]-default/kernel/drivers/char/involflt.ko 
Filter driver could not be loaded successfully.
Check the log file /var/log/ua_install.log for detailed diagnostic messages or installation success/failures...
Vx agent installation exit code : 208.
Check the log file /var/log/ua_install.log for detailed diagnostic messages or installation success/failures...
Installer exiting with code: 208

Check the following page to see if the kernel version is supported:

https://docs.microsoft.com/en-us/azure/site-recovery/vmware-physical-azure-support-matrix#ubuntu-kernel-versions

If it’s supported try launching the following command: 

mokutil --sb-state

If it’s enabled you should get something along the lines of: 

SecureBoot enabled

Please note that SecureBoot is not supported at the moment with VMware DR in ASR:

https://docs.microsoft.com/en-us/azure/site-recovery/vmware-physical-azure-support-matrix#storage

To disable SecureBoot proceed as following:

  • Click on the virtual machine in vSphere (or vCenter)
  • Shut down the VM
  • Click on Edit Settings
  • Go in VM Options, then Boot Options
  • Deselect the Secure Boot check box
  • Click on OK
  • Start the VM



Azvise

IdFix – Pre AdConnect assessment for your on-prem AD

IdFix is a tool to discover and remediate identity problems pre synchronization to Azure Active Directory.

To use IdFix you will need:

  • A domain joined computer / server
  • A user account with at least read access to the AD objects

The process is really straightforward.

Get IdFix from here:

Install and open IdFix, then click on “Query”.

After the process has been completed you will be shown all the problems you might have with your environment, if any.

Screen shot of the tool running
Image from https://microsoft.github.io/idfix/operation/

If no errors are shown, or you are confident you can work around them, you can begin the synchronization.

Links:

Set up synchronization:

https://docs.microsoft.com/en-us/microsoft-365/enterprise/set-up-directory-synchronization?view=o365-worldwide

Microsoft guide on how to use IdFix:

https://microsoft.github.io/idfix/operation/

Azvise

Enable Known Folder Move using regedit – OneDrive

Known Folder Move is a “new” functionality in OneDrive that enables you to seamlessly recreate the same user experience across multiple devices .

Expecially useful in a Windows Virtual Desktop / VDI environment, it automatically syncs all the “Known Folders” (Desktop, Documents, Pictures etc.) when a user logs in.

To enable it via Registry Editor you’ll first have to get your tenant ID. Find it here under “Directory ID”:

https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Properties

Then you can proceed to create a new string value in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\OneDrive

Name: KFMSilentOptIn

Value: Insert your Office 365 Tenant ID

Azvise

How to cancel a reservation – Azure

To cancel a reservation you have to have specific permissions on the reservation order. The permissions are not inherited from the subscription, so… contact who created the reservation (or just open a ticket with the Azure Engineers).

Once you have the right account, (or you’ve been given the permissions) go to the reservations tab in the Azure Portal. It’s best to have at least a couple of people who have permissions on the resource. To get to the reservations tab follow the link below:

https://portal.azure.com/#blade/Microsoft_Azure_Reservations/ReservationsBrowseBlade

Select the reservation you want to cancel and click on the name of the resource.

From the top click on “Refund”

Click on return reserved instances once you see the “Refund subtotal” pop up

Please refer to the following docs for additional informations:

https://docs.microsoft.com/en-us/azure/cost-management-billing/reservations/exchange-and-refund-azure-reservations

https://docs.microsoft.com/en-us/azure/cost-management-billing/reservations/manage-reserved-vm-instance#add-or-change-users-who-can-manage-a-reservation

Azvise

VM has reported a failure when processing extension ‘joindomain’ – AVD

If you encounter this error while creating a new VM from the host pool wizard, try following these suggestions to solve the issue, or at least drill down on the problem:

  • Check whether you can resolve your domain from your VNET
  • Check what DNS Servers are configured on your VNET, correct accordingly (follow this guide: Change VNet DNS Servers)
  • Check if you have permissions to join the domain using the credentials you provided
  • Check if the specified credentials are correct
  • Check if the domain to join (and the OU), specified in the wizard, is correct (parameters in the JSON: domainToJoinouPathexistingDomainUPNexistingDomainPassword).
  • Try to join a VM to the domain from the same network and subnet

If all the above are met, you should be able to join the VM successfully to the domain. If not, at least you should have more context to further troubleshoot the issue.

Azvise

Microsoft Assessment and Planning (MAP) Toolkit – Minimum user requirements to run a scan

To scan the servers / PCs using the MAP Toolkit, you will need an AD user with administrative privileges on all the components to scan.


This will be enough if you need a report of what’s installed on a series of servers/clients, their roles, and all “local” related queries, or basic AD queries.

For Exchange related queries, you will need an Exchange Admin or Domain Admin.
Please refer to the following TechNet page for the full requirements:


https://social.technet.microsoft.com/wiki/contents/articles/17807.map-toolkit-credentials-required.aspx

Azvise

Enable SMTP AUTH for a mailbox – Office 365

If you try to set up a printer / external device with SMTP you might encounter an authentication error.

This is caused by the fact that Microsoft now disables SMTP AUTH for the tenant and the new mailboxes created on Office 365 by default.

To enable SMTP AUTH for a mailbox follow this steps:

  • Go into Users
  • Click Active Users
  • Select the user
  • Click Mail
  • Click Manage email apps
  • Enable Authenticated SMTP by flagging it
  • Save

This might take a couple of hours before it’s activated.

To check where it’s enabled use the following command:

Get-CASMailbox

If it returns False under SmtpClientAuthenticationDisable, then it’s enabled.

To enable it for the whole organization send the following PS command:

Set-TransportConfig -SmtpClientAuthenticationDisabled $true

Azvise

Quick troubleshooting for generic OneDrive issues

Here are some common troubleshooting steps that can be used if you are experiencing issues with OneDrive:

  1. Exit the OneDrive Desktop App and open it again
  2. Check for Disk space in the local PC. Check if the storage quota on OneDrive has been reached
  3. Check if the file path has exceeded the 255 characters quota or the 15 GB quota
  4. Right click the OneDrive icon, then go under Settings, Office and deselect “Use Office to sync Offices files that i open”. Save, exit, then enable it again.
  5. Reset OneDrive using the following command. No data will be lost: %localappdata%\Microsoft\OneDrive\onedrive.exe /reset
  6. If after the reset you don’t see any folder listed as synchronized on the device start the synchronization again from SharePoint. After you synchronize the first one the others will pop back up in the synchronized folders tab.