It is common knowledge now that Microsoft has released Azure services in Australia to both Sydney and Melbourne. Microsoft’s documentation however is still coming up to speed even months after the announcement.
One such pieces of documentation are Export Database and Import Database REST API guides, where a list API endpoints is listed by region. In order to import/export SQL Azure databases in Australia East or Australia Southeast to/from blob storage though though, this document will leave you hanging.
I have however been able to confirm that the baseUri for Australia East or Australia Southeast are as follows.
- Australia East – https://aueprod-dacsvc.azure.com/dacwebservice.svc
- Australia Southeast – https://auseprod-dacsvc.azure.com/dacwebservice.svc
I hope this helps a few people out. This info can great help improve automation in Azure.
A few weeks ago I made the terrible mistake of losing track of where I was up to in my notes, skipped ahead a little before getting back on track. The timestamp on the email prompt I left myself to blog about this was 10:17 PM, I recall I was still in the office and tired.
You know how when you add a new disk or partition to Windows, Windows will automatically give excessively high permissions to read and write new content to a fresh disk? One of the first tasks I usually do is wipe these via Advanced Permissions leaving only:
- Administrators with Full Control
- SYSTEM with Full Control
- That’s it!
On an empty disk, I force inheritance on child objects which affects a few system locations only. This goes a long way in hardening the disk from attack in the future after sensitive data has been added.
Recently, I made the stupid mistake of doing the above on a Windows Server 2012 R2 Hyper-V host with VMs running on it. The permission structure of the “vms” directory is quite vast and unique to the virtual machines. Without spending hours (that I didn’t have) on research trying to understand how the giant jigsaw puzzle of explicit permissions were applied, I was in a spot of trouble.
The purpose of this post is to shout out to Mike J McGuire and an elegantly explained blog post he has written on recovering lost Hyper-V permissions. Not only was it well explained, he provided scripts to dynamically generate the permissions required for my problem server. Credit where credit is due Mike, well done on a fantastic post and thank you for your help!
A link to Mike’s post can be found below:
Restoring All Lost Hyper-V Permissions. Wipe Them Out… All Of Them.
Consider the following scenario
- You’re using Microsoft Azure Recovery Services to backup a Windows Server
- The new vault credentials file is less than two days old or is allowed to “reregister”
- There are no known status issues with Azure
- When attempting to install the Azure Backup agent, with the correct credentials you receive an error message “Invalid vault credentials provided. The file is either corrupted or does not have the latest credentials associated with recovery service. (ID: 34513) We recommend you download a new vault credentials file from the portal and use it within 2 days.”
My scenario included trying to backup a server with a RAID controller on it’s last legs. The host server had crashed and only just been restored. Attempts to use the Azure Backup Agent failed when attempting to contact the vault (with certificate authentication). I uninstalled the agent and reinstalled and continued to get the following error message:
Invalid vault credentials provided. The file is either corrupted or does not have the latest credentials associated with recovery service. (ID: 34513) We recommend you download a new vault credentials file from the portal and use it within 2 days.
The problem was that the time on the Windows server was incorrect. The VM host had crashed, stumbled back online and the time within the VM was many hours out.
To force a sync with the existing time servers I used the following in an administrative command prompt:
If the above doesn’t work, continue to try it several times to cycle through a list of servers. If the problem is with a virtual machine where the host provides time synchronisation, it is important you resolve the issue on the host and not the individual virtual machine.
If the VM is a domain controller on a virtual machine, the DC should be ignoring the time of the host and getting it from an external, reliable and authoritative source. I prefer to use pool.ntp.org project servers when given the option due their relationship with the Network Time Protocol (NTP) project.
In this case the following would be my preferred option:
w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org”
Note NTP servers are found in many zones based on continents. If time accuracy is important (e.g. you’re running your country’s nuclear program) then you may like to consider a zone closer to you for greater accuracy.