Monthly Archives: October 2016

Migrating a VMware VM to Azure using Azure Site Recovery

This blog post will show how I migrated a VMware virtual machine  to Azure using Azure Site Recovery. A full list of prerequisites for your Azure and on-prem environment can be found here.

My setup:

  • vSphere 5.5 on-prem
  • VMware account with read-only permission (this is what I chose, see here for account roles and what each one does. I do not need to shutdown the on-prem VM automatically)
  • Site to Site VPN in Azure – (no Expressroute yet) I will be failing over my VM into the Vnet associated with this site to site VPN so I can connect to it over private IP.
  • Configuration Server/Process server – A single Windows Server 2012 R2 in VMware with PowerCLI 6.0 installed. More info can be found here

 Creating the Recovery Services vault

In click on More services, then search for Recovery Services vaults. Once in there create the Recovery Services vault.


Give it a Name, and select the Azure subscription, and either select an existing resource group or create a new one, and select the location.


Once the Recovery Vault is created, the Infrastructure will be prepared. In the Settings of the Recovery Services Vault that was created, select Site Recovery under Getting Started, then select Step 1: Prepare Infrastructure.



Microsoft Azure Site Recovery Unified Setup will be downloaded so it can be installed it on the VMware Configuration Server, and the vault registration key will be downloaded.


Installing Site Recovery Unified Setup on Configuration Server

In order to proceed, the Configuration Server in VMware needs to be setup. To do this Site Recovery Unified Setup needs to be installed on the Configuration Server in VMware.


MySQL Community Server will be downloaded and installed.


Browse to the vault registration key which was downloaded earlier


Depending on the environment, a proxy may need to be specified.


Specify a password which will be used for the MySQL database.


VMware machines will be protected. vSphere Power CLI 6.0 is already installed.


The network interface for the VMware virtual machine is selected.


The installation is completed.


Adding the VMware account to Azure configuration server to discover VM’s

On the desktop of the Configuration Server, there is a shortcut for Cspsconfigtool. Open this and specify the VMware service account. This will be used to discover virtual machines. I have created a service account in vSphere with read-only rights.

“A vCenter user account with a read-only role can run failover but can’t shut down protected source machines. If you want to shut down those machines you’ll need the Azure_Site_Recovery role. If you’re only migrating VMs from VMware to Azure and don’t need to failback then the read-only role is sufficient.”


The Configuration Server and vCenter host has been selected (I have greyed mine out)


Select the Azure subscription. I am using Resource Manager for my deployment model. Make sure you have a storage account to where the virtual machines can be replicated to, and a virtual network.


Give the Replication Policy a name and choose the appropriate values.


Select the appropriate capacity planning for your environment.


Installing mobility service on the VM to be replicated and migrated:

For the virtual machine to replicate to Azure, the mobility service needs to be installed. I have chosen to install this manually. The installation files can be copied from the Configuration Server in C:\Program Files (x86)\Microsoft Azure Site Recovery\home\svsystems\pushinstallsvc\repository directory.


Type in the IP address of the Configuration Server. You can get the passphrase by running the command below in the screenshot.


Now that the mobility service is installed, the virtual machine can be replicated. I have greyed out the values below. The source should be the Configuration Server, select Virtual Machines as machine type, vCenter and Process Server should automatically fill in.


Type in the name of the virtual machine which the mobility service as installed on


Type in the target name or leave it as default if it is supported


After the data has been replicated, the virtual machine is now protected.


In order to migrate the virtual machine to Azure, an Unplanned Failover will be performed. I have shutdown the on-prem virtual machine manually because a read-only account was specified for VMware (read-only role can run failover but can’t shut down protected source machines)

More information on Failovers can be found here


The Unplanned Failover is now complete.


On the virtual machine, select More, then select Complete Migration. This will remove the virtual machine from being replicated.


Once the migration has been completed the virtual machine can be seen running in Azure. I have deleted the on-prem VM in VMware and have updated the on-prem DNS to point to the private IP of the VM in Azure.

The virtual machine will be accessed over the site-to-site VPN (or even better if you are using an Expressroute)


Running VPN gateway dianostics in Azure Resource Manager

Recently when setting up an Azure Site to Site VPN, I was having a lot of issues and ran into Keith Mayer’s great blog post about how to run the diagnostics in Azure resource manager for Azure gateways. Most of the older blog post focused on the gateways in the older Azure portal (

Take a look at Keith’s PowerShell script here – Step-by-Step: Capturing Azure Resource Manager (ARM) VNET Gateway Diagnostic Logs

When you run the script and use your admin credentials to login to Azure resource manager ( and the older Azure portal ( you are left with a vpnlog.txt which has diagnostic information.

Examining the vpnlog.txt I was able to find:

Failure type: IKE/Authip Main Mode Failure
Type specific info:
Failure error code:0x0000362c
Policy match error


I was having a policy error. I was trying to set up RouteBased Azure Gateway with an on-prem Cisco ASA fireall. Looking at the Validated VPN devices in Azure, the Cisco ASA is not compatible with RouteBased.

No response from Windows Deployment Services server

When PXE building a machine with SCCM 1602, the machine did not get a response from WDS. It had the error “No response from Windows Deployment Services server“.

When checking smspxe.log there were no errors and even showed the MAC address of the client communicating with the PXE point/WDS.

After troubleshooting, the easiest fix was to simply restart the Windows Deployment Services service and watch the service start successfully by examing the smspxe.log

Once restarted the client could PXE boot fine.

SQL Server 2016 on Windows Server 2016 images now available in Azure

Now that Windows Server 2016 has been released, you can now find SQL 2016 on Windows Server 2016 images in the Azure Marketplace to deploy. You can deploy them from here.

The versions listed are:
SQL Server 2016 RTM Web on Windows Server 2016
SQL Server 2016 RTM Standard on Windows Server 2016
SQL Server 2016 RTM Enterprise on Windows Server 2016




SCCM (version – 1606) Baseline is available on MSDN/VLSC

SCCM Current Branch version 1606 baseline is now available in MSDN and VLSC. This means for new installs, you can directly install version 1606, without having to install the 1511 version baseline then upgrade to 1606. For in-place upgrades you can upgrade directly to 1606 from SCCM 2012 SP2/SCCM 2012 R2 SP1

More information can be read on here Configuration Manager: a progress update on the current branch and a new servicing branch

This is what it looks like for people with an MSDN subscription: