Создание образа для Azure Virtual Desktop

 Сегодня сталкнулся с проблемами при создании образа Windows 10 для Azure Virtual Desktop

Create or Update Virtual Machine Extension

{\"code\":\"ResourceDeploymentFailure\",\"message\":\"The resource operation completed with terminal provisioning state 'Failed'.\",\"details\":[{\"code\":\"VMExtensionProvisioningError\",\"message\":\"VM has reported a failure when processing extension 'MicrosoftMonitoringAgent'. Error message: \\\"The Microsoft Monitoring Agent failed to install on this machine. Please try to uninstall and reinstall the extension. If the issue persists, please contact support. (MMAEXTENSION_ERROR_AGENTNOTINSTALLED)\\\"\\r\\n\\r\\nMore information on troubleshooting is available at https://aka.ms/VMExtensionMMAWindowsTroubleshoot \"}]}}",

Проблемы скрываются в самом образе виртуальной машины и решаеются в несколько шагов:

1. Должен быть чистый образ без сохранных профелей пользователей: 

проверьте профили пользователей запустив: SystemPropertiesAdvanced (не относится к ошибке выше)

2. Удалите из образа Microsoft Monitoring agent

3. Удалите из образа Dependency agent

4. Запустите c:\WindowsAzure\GuestAgent_%Version%\RemoveOldGuestAgentInstallation.exe

5.1 Удалите HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Azure\HandlerState\Microsoft.Azure.Monitoring.DependencyAgent.DependencyAgentWindows_%Version%

5.2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Azure\HandlerState\Microsoft.EnterpriseCloud.Monitoring.MicrosoftMonitoringAgent_%Version%

5.3 Удалите extension MicrosoftMonitoringAgent, DependencyAgentWindows

5.4 Активируйте Insights на виртуальной машине снова

6. Установите параметры TimeZone (не относится к ошибке выше): 

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v fEnableTimeZoneRedirection /t REG_DWORD /d 1 /f
tzutil /s "FLE Standard Time" 

 Configure read-scale for an Always On availability group

https://docs.microsoft.com/en-us/sql/database-engine/availability-groups/windows/configure-read-scale-availability-groups?view=sql-server-2017

On Primary node:

On powershell : Enable-SqlAlwaysOn -ServerInstance <server\instance> -Force

SELECT @@version;
SELECT @@servername;
ALTER EVENT SESSION  AlwaysOn_health ON SERVER WITH (STARTUP_STATE=ON);
GO
CREATE MASTER KEY ENCRYPTION BY Password = 'password';
CREATE CERTIFICATE dbm_certificate WITH SUBJECT = 'dbm';
BACKUP CERTIFICATE dbm_certificate
TO FILE = 'c:\Program Files\Microsoft SQL Server\MSSQL14.SQL001\MSSQL\DATA\dbm_certificate.cer'
WITH PRIVATE KEY (
FILE = 'c:\Program Files\Microsoft SQL Server\MSSQL14.SQL001\MSSQL\DATA\dbm_certificate.pvk',
ENCRYPTION BY PASSWORD = 'password'
);
Create login dbm_login with password = 'password';
Create user dbm_user for login dbm_login;
CREATE ENDPOINT [Hadr_endpoint]
AS TCP (LISTENER_IP = (0.0.0.0), LISTENER_PORT = 5022)
FOR DATA_MIRRORING (
ROLE = ALL,
AUTHENTICATION = CERTIFICATE dbm_certificate,
ENCRYPTION = REQUIRED ALGORITHM AES
);
ALTER ENDPOINT [Hadr_endpoint] STATE = STARTED;
GRANT CONNECT ON ENDPOINT::[Hadr_endpoint] TO dbm_login;
CREATE AVAILABILITY GROUP [ag1]
    WITH (CLUSTER_TYPE = NONE)
    FOR REPLICA ON
        N'vm-sql100' WITH (
            ENDPOINT_URL = N'tcp://vm-sql100:5022',
    AVAILABILITY_MODE = ASYNCHRONOUS_COMMIT,
    FAILOVER_MODE = MANUAL,
    SEEDING_MODE = AUTOMATIC,
                    SECONDARY_ROLE (ALLOW_CONNECTIONS = ALL)
    ),
        N'vm-sql200' WITH (
    ENDPOINT_URL = N'tcp://vm-sql200:5022',
    AVAILABILITY_MODE = ASYNCHRONOUS_COMMIT,
    FAILOVER_MODE = MANUAL,
    SEEDING_MODE = AUTOMATIC,
    SECONDARY_ROLE (ALLOW_CONNECTIONS = ALL)
    );
ALTER AVAILABILITY GROUP [ag1] GRANT CREATE ANY DATABASE;
-- Create database
CREATE DATABASE [db1];
ALTER DATABASE [db1] SET RECOVERY FULL;
BACKUP DATABASE [db1]
   TO DISK = N'c:\Program Files\Microsoft SQL Server\MSSQL14.SQL001\MSSQL\DATA\db1.bak';
-- Add replica
CREATE DATABASE [dbread];
ALTER DATABASE [dbread] SET RECOVERY FULL;
BACKUP DATABASE [dbread]
   TO DISK = N'c:\Program Files\Microsoft SQL Server\MSSQL14.SQL001\MSSQL\DATA\dbread.bak';
   ALTER AVAILABILITY GROUP [ag1] ADD DATABASE [dbread];
--Check database 
SELECT * FROM sys.databases WHERE name = 'db1';
GO
SELECT DB_NAME(database_id) AS 'database', synchronization_state_desc FROM sys.dm_hadr_database_replica_states;


BACKUP DATABASE [AdventureWorks2017]
   TO DISK = N'c:\Program Files\Microsoft SQL Server\MSSQL14.SQL001\MSSQL\DATA\adv2017.bak';
   ALTER AVAILABILITY GROUP [ag1] ADD DATABASE [AdventureWorks2017];

On Secondary node:

On powershell : Enable-SqlAlwaysOn -ServerInstance <server\instance> -Force

SELECT @@version;

SELECT @@servername;

CREATE MASTER KEY ENCRYPTION BY Password = 'password'

Create login dbm_login with password = 'password';

Create user dbm_user for login dbm_login;

CREATE CERTIFICATE dbm_certificate 

AUTHORIZATION dbm_user 

FROM FILE = 'C:\Program Files\Microsoft SQL Server\MSSQL14.SQL002\MSSQL\DATA\dbm_certificate.cer'

WITH PRIVATE KEY (

FILE = 'C:\Program Files\Microsoft SQL Server\MSSQL14.SQL002\MSSQL\DATA\dbm_certificate.pvk',

DECRYPTION BY PASSWORD = 'password'

);

-- Create enpoint

CREATE ENDPOINT [Hadr_endpoint]

AS TCP (LISTENER_IP = (0.0.0.0), LISTENER_PORT = 5022)

FOR DATA_MIRRORING (

ROLE = ALL,

AUTHENTICATION = CERTIFICATE dbm_certificate,

ENCRYPTION = REQUIRED ALGORITHM AES

);

ALTER ENDPOINT [Hadr_endpoint] STATE = STARTED;

GRANT CONNECT ON ENDPOINT::[Hadr_endpoint] TO dbm_login;

ALTER AVAILABILITY GROUP [ag1] JOIN WITH (CLUSTER_TYPE = NONE);

ALTER AVAILABILITY GROUP [ag1] GRANT CREATE ANY DATABASE;

SELECT * FROM sys.databases WHERE name = 'dbread';

GO

SELECT DB_NAME(database_id) AS 'database', synchronization_state_desc FROM sys.dm_hadr_database_replica_states;

Access to cdx.transform.microsoft.com

 

cdx Oops! It looks like you do not have permissions to access this page.

This solution didn't solve my problem

Last week I ran into a strange access error at https://cdx.transform.microsoft.com/.

Analysis of the Azure Active Directory logs resulted in the error: Sign-in error Application Modern Workplace Tools, Modern Workplace Tools (Service) and I was very annoyed that I could not solve a simple problem that one user had.

After analyzing the logs, I was prompted by this article: OnBehalfOfParameters, what if the problem is in the browser and in the storage location of localStorage keys and values, sessionStorage keys and values, and my user is using chrome and incognito mode.

The solution came: use microsoft edge or mozilla for the first login without incognito mode, do not forget to clear the cache, cdx cookies, etc., etc.

It's time to read about incognito mode