Windows Update Issues – Clearing the Windows Update Cache

Reason for TSG: Issues/ errors when applying Windows Updates NOTE: This should be used ONLY as a last resort. It is not generally recommended to manually modify any contents on the C:\Windows drive. Please use this fix at your own risk only after you have gone through all other options to get the Windows Updates to apply…

2

Troubleshoot a Broken Azure VM using Nested Virtualization in Azure (Managed Disk)

Please note that 3rd party virtualization software(s) for Windows 2016 Nested Virtualization feature is not supported. Only Hyper-V is currently supported. Also note that as of right now, Nested Virtualization is only available in the following geographic locations: US -West 2 -East Europe -West Asia Pacific -Southeast Reference Links: Nested Virtualization in Azure New DV3 and EV3…

4

Troubleshoot a Broken Azure VM using Nested Virtualization in Azure (ARM)

Please note that 3rd party virtualization software(s) for Windows 2016 Nested Virtualization feature is not supported. Only Hyper-V is currently supported. Also note that as of right now, Nested Virtualization is only available in the following geographic locations: US -West 2 -East Europe -West Asia Pacific -Southeast Reference Links: Nested Virtualization in Azure New DV3 and EV3…

2

Windows Boot Error 0xC0000001 (ARM)

Reason for TSG:  The VM screenshot shows error 0xC0000001. This is due to a BCD corruption Suggested Fix: 1) Delete the broken VM and attach it to a recovery machine 2) Open up an elevated CMD and gather the current booting setup info and document it on the case. You will see that on the…

0

How to delete a VM and attach the OS disk as a Data Disk to a Recovery VM (ARM)

1) Delete the VM from the Azure Portal choosing to keep all attached disks 2) Create a new recovery VM in the Azure Portal. This VM will need to be in the same Region and Resource Group as the broken machine 3) Once the recovery machine is created select it 4) Select Disks -> Add…

0

How to Remote PowerShell to Azure VM (DIP to DIP)

Enter a PowerShell session from inside another VM located inside the same Vnet and run the following: $Skip = New-PSSessionOption -SkipCACheck -SkipCNCheck Enter-PSSession -ComputerName “HOSTNAME” -port 5986 -Credential (Get-Credential) -useSSL -SessionOption $Skip If the above does not work try the following instead: $Skip = New-PSSessionOption -SkipCACheck -SkipCNCheck Enter-PSSession -ComputerName “HOSTNAME” -port 5985 -Credential (Get-Credential) -SessionOption…

0

How to Add an NSG Rule to an Azure VM (ARM)

1) Navigate to the Azure Portal 2) Select  Virtual Machines 3) Click on the impacted VM 4) Click on Network Interfaces 5) Click Network Security Group 6) Select the Network security group listed 7) Click Inbound Rules 8) Click Add 9) Click on the Advanced Settings 10) Name the new rule 11) Set the Priority…

0

How to Rebuild from an Existing Managed Disk

If Azure PowerShell is not installed, please install it from http://azure.microsoft.com/en-us/downloads/ then modify and run the following script: # To login to Azure Resource Manager Login-AzureRmAccount # To view all subscriptions for your account Get-AzureRmSubscription # To select a default subscription for your current session Get-AzureRmSubscription –SubscriptionID ‘SUBSCRIPTONID’ | Select-AzureRmSubscription #Fill in all variables $subid…

0

How to Check for NSGs & Route Tables on a Subnet level

1) Navigate to the Azure Portal 2) Click on Virtual Networks 3) Select the Vnet you want to check 4) Click on Subnets 5) Select the Subnet you want to check 6) Click Network Security Group 7) If a network security group is selected, change it to none 8) If a route table is select,…

0

Unable to RDP to Azure VM Scenarios

Generally when we have an Azure Virtual Machine we think of it as being unavailable in a few different ways: 1) Non-Boot 2) Isolated 3) VM Responding In order to better use the guides on this blog we need to clarify what each of these scenarios are and how you can use the scenario to…

0

Disable NLA via Custom Script Extension

Symptoms: When attempting to RDP to your virtual machine you receive an error regarding Network Level Authentication (NLA): Resolution:  Note: The below steps are using Custom Script Extension in the Azure Portal. If that is not an option as the Guest Agent is not responding you can also run the same commands via Remote PowerShell,…

2

Unlock Azure Drive locked via BitLocker (ARM)

1) Create a Recovery VM located in the same Resource Group, Storage Account and Location of the impacted VM. 2) Delete the affected VM via the Azure Portal 3) Open PowerShell ISE as an Administrator 4) Run the following modifying the highlighted sections: Login-AzureRmAccount $vmName = “VirtualMachineName” $vault = “AzureKeyVaultName” # Get the Secret for…

0

Azure VM stuck in Failed State (ARM)

Symptom: VM is stuck in a “Failed” state Resolution: You can attempt to clear this state by updating the VM via PowerShell. This causes no additional downtime and only takes a moment. To do this, open a PowerShell session as an Administrator and run the following modifying as needed # To view all subscriptions for…

1

How to Remove and Regenerate an Expired RDP Certificate using Custom Script Extension

Symptom: Unable to connect to VM corrupt or expired RDP Certificate Resolution:  Open up a Blank Notepad and paste the following into it: #sets the Certificate Store path $path = get-childitem -Recurse ‘Cert:\LocalMachine\Remote Desktop’ #Check the certificate date $path.NotAfter #sets the thumbprint from the cert $thumb = $path |Select-Object -ExpandProperty Thumbprint #pulls just the Machine…

0

Unlock Azure Drive locked with Bitlocker BEK Encryption (ARM)

Symptom: Unable to RDP to Azure VM due to being locked with Bitlocker BEK encryption Unable to gather logs off VM due to OS being locked with Bitlock BEK encryption Resolution: 1) Create a Recovery VM located in the same Resource Group, Storage Account and Location of the impacted VM. 2) Delete the affected VM via…

0

How to Present a new NIC to an Isolated VM (ARM)

Symptoms: Disabled Network Interface Card from inside the OS Disabled DHCP by manually assigning an IP address inside the OS Manually set the VM to use a DNS server by specifying an IP address Resolution: Navigate to the Azure Portal Select the affected Virtual Machine Select Network Interfaces Select the Network Interface associated with your…

0

How to rebuild an Azure VM from an existing OS disk (ARM)

Use the below script to recreate a ARM VM via PowerShell. Modify the highlighted sections only   #Required Variables $subID = ‘SubscriptionID’ $rgname = ‘ResourceGroupName’ $loc = ‘Location’ $vmsize = ‘VirtualMachineSize’ $vmname = ‘VirtualMachineName’ $nic1 = ‘NetworkInterface1Name’ $osDiskName = ‘DiskOSName’ $osDiskVhdUri = ‘DiskOSUri’   #Optional Variables to add additional Network Interfaces #$nic2 = ‘NetworkInterface2Name’ #$nic3…

0

How to Disable the Guest OS Firewall of an Azure VM (ARM)

Mitigation 1: Custom Script Extension 1) Open up a Blank Notepad and paste the following into it: Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile’ -name “EnableFirewall” -Value 0 Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile’ -name “EnableFirewall” -Value 0 Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\Standardprofile’ -name “EnableFirewall” -Value 0 2) Save the file as disablefirewall.ps1 3) Navigate to the Azure Portal 4) Select the impacted VM…

0

How to setup a VM to boot to last good known configuration (ARM)

Symptom: VM stuck in Reboot Loop. Often due to Failed Windows Updates. Resolution: 1) If Azure PowerShell is not installed, please install it from http://azure.microsoft.com/en-us/downloads/ 2) Delete the broken VM. All disks will be kept automatically. 3) Wait for the disk lease to expire. (About 3 mins) 4) Attach the OS disk of the broken…

2