Azure AD Connect - Problem Solved!

We use Office 365 at work for our email, and for authentication we use Azure AD Connect to synhronise our local accounts with Azure AD. This generally works really well, we can control everything from our local domain and very rarely need to do anything within the Office 365 Admin Portal.

Azure AD Connect uses a Windows Service called Microsoft Azure AD Sync in order to periodically perform the synchronisation of Directory objects and user passwords - this occurs roughly every 30 minutes or so, but we were finding that on occasion this service would stop working completely. This resulted in the synchronisation process stopping, which caused problems for people who had to change their password. Initially the quickest way we found to rectify the problem was to just uninstall and reinstall Azure AD Connect - everything worked again for a while after that.

Today I got to the bottom of the issue (hopefully!). When you install the Microsoft Azure AD Sync service it creates a local user on the server you install to at the same time which is used by the service as the account it executes as. Part of the process that creates the user account must also grant the user the 'Log on as a service' user right. I discovered that in our AD we had a Default Policy that superseded the local policy for that user right, and as such would periodically wipe out the assignment of that permission to the local user.

To resolve the issue, I added a local group to the Domain Policy, then added the local user to that group. The service started functioning correctly again and the synchronisation between our local AD and Office 365 was working again.

Success!

Read More

Cake.HipChat AddIn - my first contribution to the community

So I've been using the wonderful Cake build system for a little while now and think it is a great tool. One thing I noticed missing in the list of add-ins though was one for HipChat.

So I made one myself.

This is my first entry into creating something open source, and while it is only a few lines of fairly boilerplate code, I found it a really fun experience. There are so many freely available tools that make spinning up a fully fleshed out CI experience a breeze - I created the add-in itself, build script, continuous integration (Appveyor) and deployment (MyGet + NuGet.org) in around 2 hours (with interruptions). This didn't involve me installing any servers, creating any virtual machines, or even having to pay a single penny or cent on anything. I knew all this stuff was there and available, but it is only when you start playing with it that you really see the true power of it all.

The source is hosted in GitHub https://github.com/scene316/Cake.HipChat and is currently in a very basic state, yet it works pretty well. It used an existing NuGet package, HipChat.Net, to interact with the API, the downside being it appears to only work with v1 of the API, so that will be something to work on.

As would be expected, I created a build script for this project using Cake, and eventually included my own Cake.HipChat AddIn within that build script to send a message to a HipChat room. That dog food tasted good. I used the Cake.Slack and Cake.Twitter add-ins as examples and they really helped  - there is also good documentation but just seeing a project with all the associated bits was helpful.

Once the build script was working locally I set up the Appveyor build - this was really easy as there is rich integration between Appveyor and GitHub - everything just works. All I had to do was set a few environment variables and identify my build script PowerShell bootstrapper. Simple as that and I had a fully functioning CI system in minutes. Builds are quick with a very short queuing time - given this is all for free for open source projects this is incredible.

When the build finishes, pre-release versions are uploaded to a feed I've set up on MyGet. The final step, which I perform manually now, is to then push a proper release version to MyGet and NuGet.org when I've got something to release for real - https://www.nuget.org/packages/Cake.HipChat/.

27 downloads today from NuGet.org - a couple will be my build process, but I'm happy with that!

Read More

TeamCity + Cake

I have been meaning to do it for a while, but finding time to move away from using the built in TeamCity build steps to using a build automation system has always been difficult. While everything was just working fine in TeamCity switching over to external, source controlled, build scripts kept dropping down the priority list.

Well I finally found the time over the last few days, and spent a few hours reproducing all the steps undertaken in TeamCity within a build script. I decided to go with Cake for the build system - I've used psake in the past and while I really like it, I can see a lot of good things happening around Cake. Also, many of the steps I was using in TeamCity, such as MSBuild Runner, NuGet Pack, and Octopus related steps are all available built-in in Cake.

Given that all the projects built in TeamCity use a common build step template, it was very easy to migrate to a fairly common build.cake file. The next step will be to make a truly generic build.cake file, share it between projects, and supplement it with project specific configuration, but for now I'm pretty happy to have fully migrated all the build steps into the build script, along with versioning, which was also previously driven from TeamCity build parameters (now a combination of a version string in source control + TeamCity build counter).

I would definitely recommend checking out http://cakebuild.net/ to see whether you could use it for your .NET build system requirements.

Read More

Azure - DevTest Labs - Add VMs the right way

I've been playing with the DevTest Labs feature recently and in particular yesterday I decided to use the feature to create an environment to match a customer's in order to replicate some issues they've been having.

I've used this feature a few times now and find the additional built in VM scheduling features really useful, as these are the types of environment that really don't need to be up all the time (yes I know there are a bunch of ways to do that with regular VMs too!).

Anyway, for some reason, probably trying to multitask, I ended up adding a bunch of VMs to the Resource Group directly, rather than via the DevTest blade in the Azure Portal, which resulted in the VMs not really being associated with the DevTest group properly. I guess there might be a way to get them to show up but it didn't seem obvious, so I'll just re-deploy properly. Here is a diagram of where you should add a VM to a DevTest Lab:

Read More

Follow up - UK vote to Leave the EU

So the people have spoken and they've voted to Leave the EU. I am quite surprised at the result to be honest. There is a palpable feeling of uncertainty now and it is quite worrying. We're already seeing commentators struggling to explain exactly what will happen next as nobody seems to have any idea. We could literally have anything from a long drawn out exit, to a new general election being called with a Labour strategy to offer a reversal of the decision, and anything in between.

With all the uncertainty, one thing I do have is hope. We have an engaged society now with strong opinions on a number of topics which our leaders need to tap into in order to keep that engagement strong and to ensure the best possible outcome for our citizens. This result is as much a vote on the dissatisfaction with the political landscape of the UK as it is with membership of the EU. 

The tweet in my last post was spot on - things are feeling VERY weird on this Friday.

Read More

Why I voted to remain in the EU

As I start to write this blog post there is little over an hour remaining on the day the UK decides whether to remain a part of the European Union (EU) or leave and go it alone. After months of indecision I placed my vote an hour ago and I shall now take this opportunity to explain exactly why I ended up voting to Remain.

This was in no way an easy decision. Over the past few months I've found that the more I've read on this topic, from both campaigns, the more confusing I've found things. So many cultivated statistics, contradictions, scare stories, and more than likely downright lies, have made this a very difficult topic to make an informed choice on. There is far more I could have investigated and researched myself, but I think it would have only strengthened a conclusion that I came to some time ago - there is no 'correct' choice and some people will be worse off irrespective of whether we remain or leave, at least it the short term. This may sound terribly pessimistic, however I feel that there are a number of things wrong with the EU that need urgent attention, and that there are so many unknowns with leaving the EU (more on this later), that a large number of people will likely either continue to feel the pain of the issues of being in the EU or will suffer financially from the uncertainty of leaving.

This brings me onto the campaigns. Even though I've been undecided, in the past, I have always felt that leaving would likely be for the best. However, the nature of the leave campaign has been tawdry, vulgar and divisive. It has focused too heavily on immigration, and in a way which at times has made even the thought of voting leave uncomfortable due to some of the perceived connotations associated with it. In addition, the lack of a clear plan - in terms of precisely how our relationship with the EU will evolve, as opposed to a laundry list of vague benefits, following a successful vote to leave has been disappointing. Finally, the incompetence and at times insensitivity of those at the forefront of the leave campaign gave me very little hope that a successful leave decision would be handled efficiently. I found the remain campaign to be far more professional, well thought out, and most importantly, believable. 

Irrespective of the concerns with the leave campaign, I was still close to voting to leave. This was in no small way down to a very well written article by Inside World Football's Matt Scott - his excellent piece should have been a blueprint for the leave campaign; a focus on economic and social benefits rather than the immigration related scaremongering we've become used to.

So I've chosen to remain. It feels safe, and while safe isn't always the way to go, it feels the better option right now. I hope that as a Country this is what we go with, and in time that as a part of the EU we're able to steer it closer to what it ought to be.

As I round off typing this post Big Ben has struck 10 PM - the voting has closed and we have decided - I think the following tweet best sums things up:

Whichever way the referendum goes, I think Friday is going to be a weird day in the UK.

— Jon Skeet (@jonskeet) June 22, 2016

Read More

Azure + Chocolatey curiosity

It has been a long time, I shouldn't have left you, without a fresh blog post to... read? Ok my Timberland impression is over now.

I have been preoccupied with the Euro 2016 coverage and the the EU Referendum lately which is no excuse really for a tech focused blog, but ah well, life happens. I'll post on both topics though in the near future.

This isn't going to be a long post, and would probably be best summarised in a tweet, but here it goes.

So I decided to create 4 identical Windows Server 2008 R2 VMs in Azure. Same size, all on the same virtual network, everything. I install Chocolatey on them as usual. All good there. Then I install the PowerShell package on each of them, to upgrade to PowerShell 5 (if you haven't done so already, do it!). 3 succeed and 1 fails. I didn't bother looking into why, but this kinda weird stuff is a pain. I was able to run the install again for the failed package and it worked perfectly second time around. Maybe is was a mysterious Windows Update or something interfering. 

No moral or point to this story aside from that things go wrong randomly, sometimes with no sensible explanation. Although in most cases trying the same thing again will result in the same outcome, sometimes you don't know all the details of the situation, so unknowns may have changed since the last attempt that could affect the outcome. 

When I get a chance I'll look into why the package failed to install first time round and will write a follow up.

Read More