ARM Template – Deployment Error “[Subscription().SubscriptionId]” The request is invalid…

Error

Recently I authored some ARM stuff in Visual Studio and I had a need for getting the current subscription ID the template is being deployed to.  So there is a helper function you can call like this…

“subscriptionId”: “[subscription().subscriptionId]”

I used it in the template like this…

2

…but as soon I tried to deploy the template, I hit this error all the time…

“code”: “BadRequest”, “message”: “{\”Message\”:\”The request is invalid.\”,\”ModelState\”:{\”variable.properties.value\”:[\”Invalid JSON primitive: 328de222-1a51-458a-96be-6770259e84c0.\”]}}”

3

I am not sure why this happen, but I figured out a workaround. If I concatenate the entire subscription id, it would work like this…

1

I hope this saves you some headache!

Experts Live Europe – Speaker

ExpertsLive_EUROPE_pos_blue_rgb

Once more I am very excited to be part of one of the best IT conferences in Europe – Experts Live Europe. The 3 conference days are taking place from August 23 – 25 in the Berlin Congress Center in Berlin Germany and will bring together the Microsoft IT Pro Community from all over the world, including a large quantity of Microsoft MVPs and (former) Microsoft employees. You will get the latest about datacenter, cloud and workplace trends. This also includes many vertical topics such as security, identity management and much more.

I will have several sessions / discussion panels / demos:

Azure TestDev Labs – What the heck is it?
Wednesday, August 23 • 10:45am – 11:45am
In this session we, my wingman MVP Stefan Johner and I, show you how you can use Azure DevTest Labs to build your own lab and keep control of cost and resources.

Discussion Panel: Insights and Analystics
Wednesday
, August 23 • 3:15pm – 4:15pm
Discussion panels allow you to meet a group of experts and discuss your questions. In this panel my buddy MVP Kevin Greene and I would like to discuss about OMS monitoring and mainly about Insights and Analytics.

The best of the SCOM community (+whisky tasting)
Wednesday, August 23 • 4:45pm – 5:45pm
If you haven’t been to this famous Squared Up session in the past years, you definitely missed something. Squared Up will present their latest and greatest news about their products surrounded with delicious whisky tasting. There will be some room for community presentations about their recently released PowerShell MP. I will also have a short entertaining demo, what you can do with this MP and PowerShell.

Azure Monitor & Co
Friday, August 25 • 8:00am – 9:00am
Monitoring Azure is getting more and more important. This session will give you an overview of Azure Monitor and its best buddies. I will show you the basics and how you could make sense out of your data.

On-premise automation using SCSM, SMA and PowerShell
Friday, August 25 • 2:00pm – 3:00pm
Everyone is talking about automation. But what does that mean if business processes or IT infrastructures are automated on-premise? Microsoft offers System Center Service Manager (SCSM), Service Management Automation (SMA) und PowerShell as core components to achieve the goal. MVP Stefan Roth and Jonas Feller talk about what problems you could face and what impact does it have starting such a project. In addition we show you a current real-world case and talk about experiences we have made in the past.

me2

I am convinced that this will be another legendary edition of Experts Live Europe and I hope to see you there. If you are not familiar with Experts Live Europe at all read MVP Marcel Zehner’s blog post.


OMS – Azure Scheduler Solution

Bildergebnis für Azure Scheduler logo

UPDATE 07.08.2017 21:51: I found a bug in the ARM template which made the dashboard not appearing. I fixed it just now, in case you deployed the solution, just redeploy it. Sorry for that hassle.

Currently I am doing some more OMS stuff and therefore I also took a deeper dive at building ARM templates to deploy an OMS solution. I was looking for a simple Azure service to gather data from, which I could ingest into OMS. My goal was, to have a use case, where I only need to provide the minimal parameters necessary and the rest should be done by the ARM template.

How does it work?

Well, basically there is Azure Automation which runs a PowerShell script on an hourly schedule to collect data from Azure Scheduler service. If there are any collections and jobs in Azure Scheduler it will ingest the data into OMS via API.

The OMS solution will contains the following views:

  • Jobs with errors
  • Status of the jobs
  • Jobs and how many times it has been executed
  • How many jobs a collection contains
  • Some useful queries

OMSAzureScheduler

How do I deploy it?
Go to my https://github.com/stefanrothnet/AzureScheduler

image

You need to provide the credentials to access Azure Scheduler service, these will be saved in the Azure Automation account. Make sure the credentials have permission to access the subscription you are accessing. In addition you need to provide a schedule link GUID. Because there is no function in ARM template to generate a GUID, we need manually to provide a GUID. This GUID is needed to link the Azure Automation schedule to the Azure Automation runbook. Use PowerShell cmdlet New-Guid to generate a GUID and paste it into to the settings.

image

The template does the following steps:

  • Creates a resource group
  • Creates an Azure Automation account
  • Deploys the PowerShell runbook / script to collect Azure Scheduler data
  • Creates an Azure Automation schedule to run the runbook to collect the data. It starts every one hour starting at deployment.
  • Creates an Azure Automation variables for OMS workspace and key
  • Creates an Azure Automation  variable for the current subscription id
  • Creates an Azure Automation credential with username and password
  • Updates the AzureRM.Profile and AzureRM.Scheduler modules
  • Installs the OMSIngestionsAPI module
  • Deploys an OMS workspace and installs the solution into the workspace

If you have tried to create such a solution before or any other ARM project, you know, there are many problems you will face.

So what is the current state of this solution?

  • All the necessary components are being deployed and are working (I tested it only in the West Europe Azure location!)
  • There are some parts with the OMS dashboard I need to update and adjust, but for the moment it works and offers a good demo case for an OMS solution.
  • Be aware, it is not a production ready product, it is made for learning and testing. I tested it only briefly and I am not an Azure Scheduler MVP 😉 .

If you encounter any problems or things that don’t appear the way they should, let me know. Have fun!

SCOM – Certificate Missing Enhanced Key Usage EventID 20050

missing

If you want to monitor a server which does not belong to a domain you need to use a certificate, which has special requirements. You will find many posts how to handle SCOM certificates using a Microsoft PKI on the internet. An example is the detailed post from Tyson Paul. One of the essential requirements for the certificates is to provide the Enhanced Key Usage properties for Client Authentication (OID 1.3.6.1.5.5.7.3.2) and Server Authentication (OID 1.3.6.1.5.5.7.3.1). If you do not provide these properties you will receive an error in the Operations Manager event log…

image

A problem you could face in the real world is, that some customers won’t allow you to create the certificates for SCOM and they might have “generic” certificates for other use cases. Usually YOU provide the request file and provide the configuration for the certificates. Under certain circumstances this might not be the case. This means, that you might certain properties will be missing on the certificate itself. In case of SCOM, you can add the missing properties on the certificate. Just go to the Details of the certificate after you imported it into your computer. Click Edit Properties and select the purpose in the dialog, like this…

image

Having this option in place, let’s you successfully monitor the workgroup servers.

This will probably save you some headache 🙂 .

OMS – Disconnect Azure Storage Account from Workspace

Whereisit

In OMS you are able to collect data from storage account? Why is this useful? Well, there times where you want to store data from different Azure sources for a longer time than provided by Azure itself and then dig into the data using OMS. For example you are able to store IIS Logs, Windows Events, Syslog (Linux), Windows Tracing Logs (ETW Logs) or Service Fabric Events. In the past days you could just configure the settings within the OMS portal itself.

StorageAccount

In the current OMS portal you simply see something like this…

image

…the documentation link does not provide much help in terms of connecting or removing these accounts. Therefore go to the new Azure portal, select your workspace and select “Storage account logs” and click Add

Continue reading

Power BI – AAD Activity Logs App: The credentials provided for the AADData source are invalid

Power BI used to have Content Packs which were a way to package up your dashboards, reports, Excel workbooks and datasets for Power BI. Microsoft changed it now to so called Apps, probably to be consistent with their Azure terms.

There is an interesting App for Azure Active Directory to analyze the Activity Logs.

image

If you try to install this App, you need to provide the tenant name and in the next screen you need to authenticate against AAD, but it could be that you receive this error…

AAD1

The reason was, that I had to switch my Azure Active Directory edition to Premium…

AAD2

…after this upgrade I the connection worked perfectly and I could analyze my data…

image

It seems that there is a Premium license required to use this powerful Power BI App. I haven’t found anything on the internet, so I hope it helps you getting this report up and running.

Microsoft MVP Award 2017

image

Yes I got it again, awesome! Today I received an e-mail from Microsoft, that I am re-awarded for another year as Most Valuable Professional (MVP). This is my 3rd year as an MVP and it still feels like –WOW! I got the award in the Cloud and Datacenter Management space for my expertise and community work. Why is this so awesome?

  • Because I get the chance to address any issues to Microsoft program manager directly.
  • Invitation to the yearly MVP summit which takes place once a year in Redmond.
  • Connect to other bright MVP minds and technology leaders.
  • Getting special opportunities to speak at conferences world wide.
  • Having access to the latest product information and releases from Microsoft.
  • and so much more…

I would like to thank my employer itnetX which is supporting me in the best possible way, all the SCOM/OMS/PowerShell/System Center guys worldwide, many Microsoft MVPs (just a great community) and of course all the Microsoft employees. If you want to get more information about the MVP award or you want to become a MVP visit the MVP award site here.