Yearly Archives: 2019


SMTP Relay on Azure using SendGrid

In this blogpost I’m going to explain how you can still be able to send SMTP from your IaaS server running on Azure. As you might already know since Nov 15th of 2017 it’s no longer always possible to send SMTP on port 25 (I dig into that later).

In that case Microsoft recommends that Azure customers employ authenticated SMTP relay services (typically connected via TCP port 587 or 443, but often support other ports too) to send e-mail from Azure VMs or from Azure App Services.  These services specialize in sender reputation to minimize the possibility 3rd party e-mail providers will reject the message.

Such SMTP relay services include but are not limited to SendGrid.  It is also possible you have a secure SMTP relay service running on premises that can be used. Use of these e-mail delivery services is in no way restricted in Azure regardless of subscription type.

Enterprise Agreement Customers

For Enterprise Agreement Azure customers, there is no change in the technical ability to send e-mail without using an authenticated relay.  Both new and existing Enterprise Agreement customers will be able to attempt outbound e-mail delivery from Azure VMs directly to external e-mail providers with no restrictions from the Azure platform.  While Microsoft cannot guarantee e-mail providers will accept inbound e-mail from any given customer, delivery attempts will not be blocked by the Azure platform for VMs in Enterprise Agreement subscriptions.  Customers will have to work directly with e-mail providers to resolve any message delivery or SPAM filtering issues with the specific provider.

Pay-As-You-Go Customers

For customers who signed up before November 15th, 2017 using the Pay-As-You-Go or Microsoft Partner Network subscription offers, there will be no change in the technical ability to attempt outbound e-mail delivery.  Customers will continue to be able to attempt outbound e-mail delivery from Azure VMs in these subscriptions directly to external e-mail providers with no restrictions from the Azure platform.  Again, Microsoft cannot guarantee e-mail providers will accept inbound e-mail from any given customer and customers will have to work directly with e-mail providers to resolve any message delivery or SPAM filtering issues with the specific provider.

For Pay-As-You-Go or Microsoft Partner Network subscriptions created after November 15, 2017, there will be technical restrictions blocking e-mail sent directly from VMs in these subscriptions.  Customers that need the ability to send e-mail from Azure VMs directly to external e-mail providers (not using an authenticated SMTP relay) can make a request to remove the restriction.  Requests will be reviewed and approved at Microsoft’s discretion and will be only granted after additional anti-fraud checks are performed.  To make a request, open a support case with the issue type Technical –> Virtual Network –> Connectivity –> Cannot send e-mail (SMTP/Port 25).  Be sure to add details about why your deployment needs to send mail directly to mail providers instead of going through an authenticated relay.

Once a Pay-As-You-Go or Microsoft Partner Network subscription gets exempted, VMs in that subscription only will be exempted going forward.  Microsoft reserves the right to revoke this exemption, should we determine a violation of our terms of service has occurred.

MSDN, Azure Pass, Azure in Open, Education, BizSpark, and Free Trial Customers

Customers who create MSDN, Azure Pass, Azure in Open, Education, BizSpark, and Free Trial subscriptions after November 15, 2017 will have technical restrictions blocking e-mail sent from VMs in these subscriptions directly to e-mail providers to prevent abuse.  No requests to remove the restriction can be made as they will not be granted.

Customers using these subscription types are encouraged to use SMTP relay services as outlined above.

Cloud Service Provider (CSP)

Customers that are consuming Azure resources via Cloud Service Provider (CSP) can create a support case with their Cloud Service Provider (CSP) of choice and request the CSP to create an unblock case on their behalf if a secure SMTP relay cannot be used.

SendGrid

SendGrid is a cloud-based email service that provides reliable transactional email delivery, scalability and real-time analytics along with flexible API’s that make custom intergation easy. Ideal for Azure!

First Step Configure your network security group (NSG)

You must allow your VM to send mail through port 587 (of 25). Therefore it’s a small task to allow that :

  1. Go to the networking pane of your Virtual Machine
  2. And choose to add an outbound port rule

NSG Port 587

Second step… create a SendGrid Account

Azure customers can unlock 25.000 (!) free emails each month. These 25.000 free monthly emails will give you access to advanced reporting and analytics and all API’s (Web, SMTP, Event, Parse and more).

Add the SendGrid Resource to your Azure account

  1. Sign in to the Azure portal.
  2. In the menu on the left, click Create a resource.

opdracht-balk-nieuw

3. Click Add-ons and then SendGrid Email Delivery.

sendgrid-opslaan

  1. Complete the signup form and select Create.
  2. sendgrid-maken
  3. Enter a Name to identify your SendGrid service in your Azure settings. Names must be between 1 and 100 characters in length and contain only alphanumeric characters, dashes, dots, and underscores. The name must be unique in your list of subscribed Azure Store Items.
  4. Enter and confirm your Password.
  5. Choose your Subscription.
  6. Create a new Resource group or use an existing one.
  7. In the Pricing tier section select the SendGrid plan you want to sign up for.sendgrid-prijzen
  8. Enter a Promotion Code if you have one.
  9. Enter your Contact Information.
  10. Review and accept the Legal terms.
  11. After confirming your purchase you will see a Deployment Succeeded pop-up and you will see your account listed in the All resources section.

    alle-resources
    After you have completed your purchase and clicked the Manage button to initiate the email verification process, you will receive an email from SendGrid asking you to verify your account. If you do not receive this email, or have problems verifying your account, please see this FAQ.

    beheren

    You can only send up to 100 emails/day until you have verified your account.

    To modify your subscription plan or see the SendGrid contact settings, click the name of your SendGrid service to open the SendGrid Marketplace dashboard.

    instellingen

    To send an email using SendGrid, you must supply your API Key.

To find your SendGrid API Key

  1. Click Manage.beheren
  2. In your SendGrid dashboard, select Settings and then API Keys in the menu on the left.API-sleutels
  3. Click the Create API Key.
  4. algemene-api-sleutel
  5. At a minimum, provide the Name of this key and provide full access to Mail Send and select Save.toegang
  6. Your API will be displayed at this point one time. Please be sure to store it safely.

To find your SendGrid credentials

  1. Click the key icon to find your Username.sleutel
  2. The password is the one you chose at setup. You can select Change password or Reset password to make any changes.

To manage your email deliverability settings, click the Manage button. This will redirect to your SendGrid dashboard.

beheren

You automatically will be logged on to the SendGrid page :

SendGrid Interface

Now go to settings, API keys to create an API key for SMTP relay. The API key is the password you need to authenticate. The SMTP server address is smtp.sendgrid.net:587 and the user is called apikey.

(Use these settings in your mailserver)


Altaro Office 365 Backup (for MSPs)

There’s a common misconception that Microsoft fully backs up Office 365 Mailbox. Microsoft is responsible for providing the O365 service, but do you know it’s your (!) responsibility to protect your (customer’s!) O365 data?

Microsoft has limited possibilities to help you with unexpected data loss or damage. Therefore it’s very important to have a solid backup solution in place!

My sponsor Altaro has a great product called Office 365 Backup! It’s a central multi-tenant solution for keeping your O365 data safe! You pay per mailbox, per month covering back up, storage, use of their management console and support! You don’t have to pay for contracts or anything else. Their service/solution is ideal for you as MSP!

There is a minimum of 30 mailboxes and you don’t need their VM Backup product to manage it. (Volume discounts possible) You can restore O365 data to the original mailbox, another mailbox or into a zip file. (Full restore or single/multiple items)

You can browse through the backup files and select the items you wish to restore.

You also don’t need any local storage and/or software. You can self decide what the monthly fee is you charge your customers! Have the flexibility to add and/or remove mailbox as needed. You only pay for the mailboxes you’ve backed up the last month!

Download the fact sheet here.
Sign up for your 30-day trial here.


How to check your Office 365 tenant for auto-forward rules

Use the following steps to check for any Office 365 auto-forward rules to external email addresses.

In this blogpost I’m using Powershell to check for any existing auto-forward rules to external email addresses.

Step 1 Logon to Office 365 using Powershell

Step 2 Export the mailbox(es) that have either redirect or forwarding

This produces a list of all mailboxes that exist in the organization where the forwaring or redirect flags are enabled

Step 3 Investigate which rules are in use

Step 4 Remove the inbox rule from a specific mailbox

Step 5 Remove all the available inbox rules from all mailboxes (if you prefer)


Howto update ESXi without vCenter (Update Manager)

Use the following steps to upgrade your ESXi version to the latest version without download patches first! We are going to use Putty to talk against the command line 🙂

First step, put your ESXi server into maintenance mode :

Now we are going to check the profile version we are running

Or check the build version using the UI:

Now enable the host firewall rule to allow web traffic

Run the following command to list the online depot profiles available :

When you run into an error using the above command. Check your DNS and Gateway settings. ESXi needs to resolve some information using the internet!

Now let’s install the appropriate update, in my case I found out that I’m currently running 20170601001s. In your situation that can be different!

You can see what version you’re running using the previous command :

Ok, let’s reboot!

After installation I noticed the latest build :

Now set the firewall rule to the previous setting :

Final step exit maintenance mode :


Script to update all Azure Powershell Modules

Use this script to update all your Azure Powershell Modules to their latest versions.


Troubleshooting Visual Studio Code: language client undefined

Recently I ran into the following problem when editing Powershell scripts using Visual Studio Code ;

vscode_error1

First I tried to remove the specific extension. Go to the extenstion tab and check for installed extensions using @installed :

vscode_error4

Click the action/config wheel to uninstall the specific extension and reload and reinstall it. In my case that wasn’t the solution. I found out that the specific extension wasn’t completely removed. My solution was after removing the extension in Visual Studio Code, checking for any leftovers in %userprofile%\.vscode\extensions :

vscode_error2

After deleting the specific folder and reinstalling the extension the error was gone!

vscode_error3

 


Troubleshooting Office (/365) made easy

A collegae asked me for my support with a strange problem using Outlook 2016 (Click 2 Run).. She randomly received errors containing running out of memory resources although there were more then enough resources available… After the default checks (update, scanpst, registry settings max cache value etc) I tried the Office 365 troubleshooting tool (C2R) and that found the solution (issue with video driver and Outlook acceleration).

In this blogpost I describe how easy it is to use this tool and why you want to make use of it! Go to https://portal.office.com/account and go to tools & addins :

Office 365 troubleshooting 1

Choose the first option to download (and install) the Microsoft support assistant.

Office 365 troubleshooting 2

You can use this tool for solving issues with Outlook, Office, Onedrive and other Office-apps (forgive the Dutch screenshots)

After installing the executable you can use the tool. Choose where the tool can help you.

Office 365 troubleshooting 3

I advise you to run the tool on the device you ran into the problem. The tool investigates your environment, specs, eventlogs etc. Depending on the issue the cool could ask you for your (O365) credentials. I choose for the Outlook option and my Outlook stops responding in the second menu. After 2 minutes the tool found the solution and asked me for my approval to fix the issue.

This tool could help you for the first stage of investigation!


Free Azure IaaS Webinar with Microsoft’s Thomas Maurer

Implementing Infrastructure as a Service is a great way of streamlining and optimizing your IT environment by utilizing virtualized resources from the cloud to complement your existing on-site infrastructure. It enables a flexible combination of the traditional on-premises data center alongside the benefits of cloud-based subscription services. If you’re not making use of this model, there’s no better opportunity to learn what it can do for you than in the upcoming webinar from Altaro: How to Supercharge your Infrastructure with Azure IaaS.

The webinar will be presented by Thomas Maurer, who has recently been appointed Senior Cloud Advocate, on the Microsoft Azure Engineering Team alongside Altaro Technical Evangelist and Microsoft MVP Andy Syrewicze.

The webinar will be primarily focused on showing how Azure IaaS solves real use cases by going through the scenarios live on air. Three use cases have been outlined already, however, the webinar format encourages those attending to suggest their own use cases when signing up and the two most popular suggestions will be added to the list for Thomas and Andy to tackle. To submit your own use case request, simply fill out the suggestion box in the sign up form when you register!

Once again, this webinar is going to presented live twice on the day (Wednesday 13th February). So if you can’t make the earlier session (2pm CET / 8am EST / 5am PST), just sign up for the later one instead (7pm CET / 1pm EST / 10am PST) – or vice versa. Both sessions cover the same content but having two live sessions gives more people the opportunity to ask their questions live on air and get instant feedback from these Microsoft experts.

Save your seat for the webinar!

Altaro_Webinar.png

 


Unable to connect to share (System error 1272)

I noticed that I ran into a system error 1272 error to connect to a share residing on my NAS.  In Windows 10, version 1709 and higher (also Windows Server versions 1709 and higher) SMB2 guest access is disabled by default.

SMBv2 has the following behavior in Windows 10, version 1709, Windows Server version 1709, and Windows Server 2019:
  • Windows 10 Enterprise and Windows 10 Education no longer allow a user to connect to a remote share by using guest credentials by default, even if the remote server requests guest credentials.
  • Windows Server 2016 Datacenter and Standard edition no longer allow a user to connect to a remote share by using guest credentials by default, even if the remote server requests guest credentials.
  • Windows 10 Home and Professional editions are unchanged from their previous default behavior.

How to enable SMB2 guest access

If you want to enable insecure guest access, you can configure the following Group Policy settings:
Computer configuration\administrative templates\network\Lanman Workstation
“Enable insecure guest logons”
Note By enabling insecure guest logons, this setting reduces the security of Windows clients.

SMB03


Review Altaro VM Backup V8 2

In this blogpost I’m going to take a closer look to the latest version of Altaro VM Backup.  Altaro is a loyal sponsor of vWorld.nl for some years now and I’m using their product since version 6. Recently Altaro released their latest version (V8) and I thought that would be a great time to post about it!

When you have any questions please leave a comment!

Introduction

Altaro VM Backup was founded in 2009 and was one of the first with a VM Backup product for Hyper-V.  Now 10 years later…, the product has made several improvements and is now used by over 40,000 businesses all over the world. The product supports both Hyper-V and VMware Hypervisors and has backup integrations for Microsoft Azure offsite backup repositories (!). Especially the support for Microsoft Azure offsite storage is a nice feature! There are not many other backup vendors out there who offer this functionality.

More info about how to use Azure for Offsite Cloud Backup in Altaro VM Backup here.

You can find out more about the features of Altaro VM Backup here.

Why Altaro

Altaro simplifies the backup and recovery experience by removing the traditional complexity. The user interface is very easy to use. For example, adding backup repositories is a simple drag and drop process and running backup jobs has been designed so that you simply select the VM’s you would like to back up and click the red button “Take Backup”.

During the version upgrades and the several improvements, Altaro VM Backup keeps their easy to use GUI and doesn’t require extensive support & training. My experience is that any system administrator with simple backup knowledge has enough knowledge to install, configure and troubleshoot Altaro VM Backup.

When you need support, you can easily contact Altaro (telephone/mail/chat) and my own experience is that they respond quickly and adequate. I’m curious about your experiences, please leave a comment!

Pricing

Altaro has an interesting pricing strategy, offering a per host license and not the traditional per CPU license(!). This simplifies the licensing process making it easy for especially SMB customers. The overall cost is of note and could possibly be one of the most affordable backup and recovery products on the market.

  • Standard – per host, but limited to 5 VMs
  • Unlimited – per host no limit on the number of VM’s (Exchange item restore, deduplication, and boot from backup.
  • Unlimited Plus – access to Cloud Management Console, Backup to Azure, Continuous Data Protection (CDP), and WAN-optimized replication.

I’m using the Unlimited Plus license btw 😊😊

Continuous Data Protection (CDP)

One of the most useful features added to Altaro VM Backup is CDP. Since each VM has a different role in IT infrastructure, backing up once a day is not enough in many cases. By enabling t CDP for your ‘vital’ VMs, you can achieve better Recovery Point Objective (RPO) results. The options for taking a backup starts from 12 hours and can be reduced to 5 minutes. Although you can enable CDP for all VMs of a host, it’s best to use it only for those that need it.

Things to consider with CDP:

  • Maximum frequency depends on resource capacity and throughput.
  • Large amounts of change on a virtual machine could cause the CDP frequency to be reduced.
  • Enabling multiple VM’s on high-frequency CDP could result in Hypervisor performance degradation.
  • Storage should be considered when completing more frequent backups (CDP).

Grandfather-Father-Son (GFS) Archiving

GFS now enables you to archive backup versions rather than deleting backups that pass a retention window.

With GFS Archiving enabled, Altaro VM Backup will keep:

  • 1 backup per week for 12 weeks
  • 1 backup per month for 12 months
  • 1 backup per year for 2 years

Point to note, you can still use retention policies, this feature has not been removed. Essentially, you are able to configure three separate backup cycles to store three new backup versions every week, every month and every year. This enables you to retain weekly, monthly and yearly backup versions outside of the retention policy. In previous versions, you were only able to delete old backups not “Archive Old Backups”

Change Block Tracking

The use of Change Block tracking reduces the backup time by scanning the virtual machine for any changes (on block level). This decreases the backup duration from hours to minutes. There have been many improvements resolving the challenge relating to rebooting hypervisors.

CBT v2 for Windows Server 2012 and 2012 R2 leverages Microsoft’s Volume Shadow Copy Service (VSS) on the hosts. VSS has been part of all versions of Microsoft Windows for over a decade and is extremely reliable in maintaining a point-in-time snapshot of a specific volume.

CBT v2 for Windows Server 2012 and 2012 R2 no longer requires the installation of a kernel-mode filesystem driver to track changes. The previous method of using filesystem drivers in VM Backup may affect I/O performance on some systems, and this will now be completely avoided with CBT v2 for Windows Server 2012 and 2012 R2.

With CBT v2 for Windows Server 2012 and 2012 R2, change tracking keeps working reliably across host reboots, system upgrades etc. CBT v2 for Windows Server 2012 and 2012 R2 also fully supports VMs migrating across cluster nodes and there is no longer the need to perform a full scan when a VM migrates or changes state etc.

Boot from Backup

This is an interesting feature… Through the boot from backup section, you can start a VM directly from the backup location without having to restore it using the normal procedure. In this case, there are two types, Verification Mode and Recovery Mode. Using this feature you can quickly be up and running with your VM.

Concurrent Backup and Restore Operations

Parallel backup and restore operations have been added preventing queuing jobs like an offsite backup copy. You can now take offsite copies and restore backups without the delay of any scheduled backup or CDP operations.

WAN-Optimized Replication

Version 8 of Altaro VM Backup introduces WAN-Optimized Replication enabling users to replicate

VM’s (ongoing copy) to a remote site. This allows It admins to failover mission-critical systems to a remote site. This new feature enables businesses to be back up and running with minimal downtime if a disaster strikes or major incident occurs, hence reducing the Recovery Time Objective (RTO) as much as possible.

Things to consider with Replication:

  • You need to have the same version Hypervisor at both the local and remote site.
  • The maximum replication frequency is 5 minutes.
  • You can only use local disks for replication, network shares are not currently supported.
  • 2008R2 Hyper-V hosts are not supported.
  • If the last successful replication version is not equal to the last successful backup version, then recovery is required.

WAN Optimized Replication is currently only available with Hyper-V (VMware support is coming soon)

Summary

Altaro VM Backup has clearly listened to the industry’s backup and recovery pain points and challenges. They have created a product that is simple to use, effective and used by many. The product is feature rich and offers three simple tiers for pricing (Standard, Unlimited and Unlimited Plus).

I have found some product limitations, however, this does not impede the product’s ability to back-up the majority of SMB businesses Hyper-V & VMware infrastructures. Altaro clearly invests heavily into development and I do look forward to seeing features like cloud replication in 2019.

You can download Altaro VM Backup and enjoy forever free backup for your VMs. Any questions, please use the comments box below….

More information

Altaro 10 min setup & configure

What’s new in Altaro VM Backup V8

An Introduction to Altaro VM Backup V8