Categories
it

Migrate Azure Virtual Machine to On-Premise VMware Environment

We recently updated a customer’s On-Premise infrastructure. He now has new Servers and Storage for his VMware ESXi 7.0 environment. 

After moving all virtual machines to the new hardware (we used Veeam for this part of the migration), we also wanted to move one VM from Azure to the On-Premise infrastructure. This particular VM used to cause problems on the old infrastructure, and because of that, we moved it to Azure. We made this migration to Azure also with Veeam. But Veeam didn’t have an option to move the VM back from Azure to the new VMware environment. 

So after some searching, I found a free tool that could migrate the VM back to VMware. The tool is called StarWind V2V Converter. It can also convert different virtual disk formats. The VM has to be powered off, which means the migration back would cause some downtime. But the VM was not critical, so that shouldn’t be a problem.

So here is a step-by-step guide on how to migrate a VM from Azure to VMware ESXi 7.0.

Prepare Azure
The following steps prepare Azure for the access of the StarWind V2V Converter application. We register an application to access our Azure instance and give it the appropriate rights to migrate the VM. We also need to increase the time a token is valid in Azure because of the time it takes to migrate the data.

  1. Log in to the Azure Portal
  2. Go to the Virtual Machine section in Azure and power off the virtual machine you want to migrate.
  3. Go to the Azure Active Directory
  4. On the left navigation pane, select “App registration”
  5. Click “New Registration”
Azure Active Directory - App registration
Azure Active Directory – App registration
  1. Give the App a name, I named mine “StarWind V2V Converter” and hit “register”
  2. Copy the “Application (client) ID” and the “Directory (tenant) ID”, you will need them later
  3. On the left navigation pane, select “Certificates & secrets”
Azure Active Directory - App registration details
Azure Active Directory – App registration details
  1. Add a new client secret, copy the client secret, you will need it later
Azure Active Directory - App registration - Certificates & secrets
Azure Active Directory – App registration – Certificates & secrets
  1. Now go to the subscription section
  2. Select the subscription that contains the VM you want to migrate
  3. On the navigation menu on the left select “Access control (IAM)”
  4. Add a role assignment, as Role select “Contributor” and from the list below, select your previously created application and click save. In my case, I searched the name “StarWind V2V Converter”.
Azure Subscription - Access control (IAM)
Azure Subscription – Access control (IAM)
  1. After this, we have to increase the time an authentication token is valid in Azure. Otherwise, the migration will fail because the token expires if the migration takes longer then an hour. To do that, we use Powershell and enter the following commands:

With this command, we connect to the Azure. You will get asked the login credentials for your Azure account.
# Connect-AzureAD -Confirm

And now, we increase the access token lifetime to 3 hours with this command.
# New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1, "AccessTokenLifetime":"03:00:00"}}') -DisplayName "OrganizationDefaultPolicyScenario" -IsOrganizationDefault $true -Type "TokenLifetimePolicy"

If you want more information about Azure tokens and their lifetime settings read the Microsoft docs.

Local Computer
The local computer is the staging area for the migration. Make sure that the computer has access to the Azure Cloud and the ESXi Server.

  1. Install the StarWind V2V Converter
  2. Start the newly installed software and on the first screen, select Azure and click next
  3. Now you need to fill in the IDs and secrets you created before on Azure. For the Tenant ID, insert the value from “Directory (tenant) ID”. For the client ID, insert the value from “Application (client) ID”. For the Client secret, insert the secret you created before.
  4. After inserting the information, click “Get subscription”, now your Azure subscription should show up in the list below
  5. Select your Azure subscription and click next
StarWind V2V Converter – Azure connection parameters
  1. Now you can select the VM you want to migrate. After choosing the VM, click next 
StarWind V2V Converter – Azure virtual machine selection
  1. Now you can choose the destination of the migration, in this case, chose “Remote VMware ESXi Server” and click next
  2. Enter the IP and the login credentials for the ESXi server you selected as a destination and click next
  3. Now you can input a data store for the virtual machine on the ESXi server, select a name for the VM and configure the OS type and network. You also have to select the VM’s OS Disk. In Azure, the OS Disk usually contains the string “osDisk” in its name. After this, you hit the “Convert” button, and the VM starts migrating. The conversion may take some time, depending on the size of the VM.
StarWind V2V Converter – New virtual machine settings
  1. After the conversion is finished, you can log on to vSphere and power on the VM. When I did this the first time, the mouse pointer didn’t work correctly and was jumping around. If you encounter the same problem, you may have to do some extra steps explained in the steps 11-15

Optional steps

  1. Power off the migrated VM
  2. Create a new VM and make sure to select the correct OS when asked. Don’t create a new disk for this VM
  3. After creating the VM attach the disks of the migrated VM
  4. Set the boot option for the new VM to BIOS
  5. Power on the new VM. Now everything should work as expected.

After the migration finishes, you can delete the app registration we created when we prepared Azure.

About the Author

Hello my name is Loris Scandurra and I am an engineer and project manager based in Switzerland. I write about issues I encounter during my work and other stuff that would be useful or entertaining to document. If you want to write me an E-Mail do so at ls@lorisscandurra.com

Categories
it

Printer deployment with Group Policy Preferences and error 0x80070bcb

TL;DR

If you get the error 0x80070bcb when deploying your printers follow the instructions below.
Enable and configure these two GPO’s for all clients you want to deploy the printers to:

Computer Configuration > Policies > Administrative Templates > Printers > Package Point and print - Approved servers

Computer Configuration > Policies > Administrative Templates > Printers > Point and Print Restrictions

Configure them as follows:

In the Policy Package Point and print - Approved servers I had to add the FQDN of the print server.

For the Policy Point and Print Restrictions I had to check the checkbox Users can only point and print to these servers and add the FQDN of the print server. The security prompts I configured as follow:

When installing drivers for a new connection: Do not show warning or elevation prompt

When updating drivers for an existing connection: Show warning only


This week we migrated an old print server from Windows Server 2008 R2 to Windows Server 2019. And we changed the way we deployed printers. Before the change, the user had to select the printer by himself, and there was no automatic deployment. So every employee who wanted a printer gad to go to the printer settings and added the printer. This implementation resulted in many calls to the IT office because the user doesn’t know the nearest printer’s name. So to avoid this situation, we decided to deploy printers using Group Policy Preferences (GPP). GPP’s are like regular Group Policy Objects (GPO), and you can configure the same way. To learn more about the differences, I recommend this article

After configuring the deployment for all printers, most deployed successfully, but a few printers seem to have difficulties. When I wanted to see the GPO result with the command gpresult, I saw the error 0x80070bcb with all printers that didn’t successfully deploy.  This problem seems to be a Windows 10 User Account Control (UAC) problem that exists since Windows Vista.
To resolve this error, I had to enable and configure the two following GPO’s for all Computers that I wanted to deploy the printers too.

Computer Configuration > Policies > Administrative Templates > Printers > Package Point and print - Approved servers

Computer Configuration > Policies > Administrative Templates > Printers > Point and Print Restrictions

In the Policy Package Point and print - Approved servers I had to add the FQDN of the print server.

For the Policy Point and Print Restrictions I had to check the checkbox Users can only point and print to these servers and add the FQDN of the print server. The security prompts I configured as follow:

When installing drivers for a new connection: Do not show warning or elevation prompt

When updating drivers for an existing connection: Show warning only

After having configured these two GPO’s, I forced a GPO update with gpupdate /force, and the printers that didn’t appear before appeared now with no errors.

Acknowledgment:

Thanks a lot to this article that directed me in the right direction:
https://www.adamfowlerit.com/2017/07/deploying-printers-windows-10

About the Author

Hello my name is Loris Scandurra and I am an engineer and project manager based in Switzerland. I write about issues I encounter during my work and other stuff that would be useful or entertaining to document. If you want to write me an E-Mail do so at ls@lorisscandurra.com

Categories
it

How to upgrade your MacBook Pro 13″ 2019 to a 2020 Model for free (Not Clickbait)

So last year, I bought myself a new MacBook Pro 13-Inch 2019 Model in April 2019. My MacBook Air served me well, but it was time for an upgrade because I was getting more into programming, and I just needed the extra power.
Later this year, during quarantine, I upgraded my Home Office setup by getting a 49-Inch ultrawide monitor. It was the DELL U4919DW monitor to be specific. The great thing about it was that the monitor had an integrated USB-C docking station. I could now power my MacBook and transfer the video with just one cable plugged into it. This setup should look super clean.
After the new monitor arrived, I plugged my MacBook into it, but to my surprise, it just gave me a 3840x1080px resolution. That resolution was just horrible on that ultrawide monitor. I thought maybe some settings on the monitor were wrong, or I had to do some settings on my MacBook. Because officially, the 2019 MacBook should support up to 5K [read the specs]. After some digging, I found an Apple support forum post about the problem [read the post]. It seemed that you needed a MacBook with a dedicated graphics card to drive this monitor. But 13-Inch MacBooks don’t have dedicated GPUs. The other option would be, buying an external GPU, but I wasn’t willing to spend another 800CHF (about 800USD) for an eGPU. Mainly because my MacBook should support this monitor.
So I tried all the suggestions of the forum, really hacky stuff, but it never worked. The only workaround that worked for my was using the Picture-by-Picture (PBP) mode. This way, the 49- Inch monitor behaved like two 27-Inch monitors, but I also had to plug in two cabled into my MacBook to make it work. This setup wasn’t satisfying to me. And to add injury to insult, the MacBook seemed to work with the monitor when you installed Windows. So it was a driver problem and not a hardware problem.
I was upset with Apple, and how they dealt with the situation, the 5K support worked fine if you bought an LG UltraFine 5K. But the UltraFine is in the same price range as the Dell monitor but only 27-Inch big.
So I decided to call Apple support and get help with the monitor. I told them that my MacBook didn’t output the correct resolution on my new monitor. The tech support made me do the usual NVRAM and SMC reset. After that didn’t work, the support investigated for a bit until he came back and said that he didn’t know what the problem was. I told him about the forum post, and the most likely cause for the problem is a bad driver from Apple. He said I should wait for an update from Apple. I told him that the post is open since the end of 2018, and I don’t think that Apple will fix the problem.
So I asked for a full refund of the already one-year-old MacBook. He asked me where I bought it. I said in the Apple online store, and then he directed me to the right number to call to return my MacBook. I called them, and to my surprise, they let me return my MacBook for a full refund. With the refund secured, I ordered the freshly released MacBook Pro 13-Inch 2020 with the new 10th Gen. Intel CPU, which should support the monitor’s full resolution. I ordered the new MacBook with 32GB of RAM; the previous one only could go up to 16GB. The total was 100CHF (about 100 USD) less than the refund, so I saved money and got a free upgrade.
After the new MacBook arrived, I plugged it into the USB-C of the monitor, and it displayed my desktop at its full glory with a 5120x1440px resolution.
And this is how I got a free MacBook upgrade after a year of using my MacBook.

PS. In the forum, some people mentioned that they tried the same thing as me, and it didn’t work for them. I figured that the people it didn’t work for purchased their MacBook not directly from Apple, so Apple refuted their refund.

About the Author

Hello my name is Loris Scandurra and I am an engineer and project manager based in Switzerland. I write about issues I encounter during my work and other stuff that would be useful or entertaining to document. If you want to write me an E-Mail do so at ls@lorisscandurra.com

Categories
it

Exchange 2016 Hybrid setup false password/username

TL:DR

Don’t copy and paste the credentials. Type them in manually, and the setup will proceed normally.


I am currently doing a general infrastructure update for a customer. During this process, we migrated all Users from Exchange 2010 to Office 365 Mailboxes. But due to how Microsoft (sadly) designed their Office 365 with an On-premise Active Directory environment, you still need a local Exchange Server to manage the Exchange attributes in your On-Prem Active Directory [read the doc]. And because we didn’t want to leave an old Exchange Server with Windows 2008 R2 running in the network, we decided to install a new Exchange Server.
You don’t need to pay for a new Exchange License for this, because the new Exchange Server will only be a Hybrid Server that doesn’t contain any mailboxes itself. So for this, Microsoft provides a Hybrid License for an Exchange Server 2016. After setting up a VM with Windows Server 2016, I started the Exchange installation. The Exchange installation detected a Hybrid setup and asked me to insert the user credentials of an Office 365 Admin. So I did just that, I copied the credentials and pasted them into the setup screen, but it told me that the credentials were wrong. And I knew that couldn’t be because I just copied them like I always do. And I also couldn’t move forward with the installation without providing the credentials.
After some research on the Internet, I found the error [read the forum post]. The problem was that I copy/pasted the credentials. If you do this, the installer will tell you that your credentials are wrong. So I had to copy them manually. After that, the installation proceeded successfully.

About the Author

Hello my name is Loris Scandurra and I am an engineer and project manager based in Switzerland. I write about issues I encounter during my work and other stuff that would be useful or entertaining to document. If you want to write me an E-Mail do so at ls@lorisscandurra.com

Categories
it

Essential tools for engineers

In this post, I will list some tools I use daily, explain why I use them, and provide a link to download/use them. I will regularly update this post if I find new tools or when they get discontinued.

Security

1Password
Great tool for iOS and macOS users to save passwords (it’s also available for other platforms). I would strongly suggest using a good password manager and not reuse passwords because the reuse of passwords is a serious security issue! 1Password is a paid tool, but there are also free options on the market like KeePass.
Link: 1password.com

KeePass
KeePass is another password manager. The big advantage of KeePass is that it’s opensource and therefore free. It’s a great tool that supports all major platforms, but if you want to have your password synchronized between different devices, you have to synchronize the password file yourself (for example, with Google Drive or Dropbox).
Link: keepass.info

ProtonVPN
This is an excellent VPN service. It’s based in Switzerland (which has robust privacy laws), but it has servers worldwide. Also, it has a clean interface and some excellent features to protect your privacy. ProtonVPN was created from the makers of ProtonMail, which is a privacy-focused mail service. I don’t use ProtonMail, but if I wanted to be sure that my mails are stored and transmitted safely, I would use it.
Link: protonvpn.com

Have I been pwned
Or “Have I been owned” is a website to check if your password/data has been leaked. You can type in your email address on the site, and the website will tell you if your email address was found in any known data leak in their database. If the website tells you that you have been affected, it’s recommended to change your password for the affected service, and everywhere you use the same password (I strongly recommend using a password manager and to never reuse passwords).
Link: haveibeenpwned.com

Hasso-Platner-Institut
Another website to check if your password/data has been leaked. It’s basically the same as “Have I been pwned”, you type in your email and get a report if your data has been leaked from a known data breach. I found that this tool has a more up to date data breach database, then “Have I been pwned”. Nonetheless, I recommend using both tools to check if your data has been leaked.
If your data has been leaked, you should change your password for the affected service, and everywhere you use the same password (I strongly recommend using a password manager and never reuse passwords).
Link: sec.hpi.de/ilc/

Coding & Engineering

VisualStudio Code 
I have to hand it to Microsoft, they managed to create an excellent tool for developers. It is easily expandable through its many plugins, which makes it a superb all-rounder for many developers. I use it mainly for web development, but you can use it for a lot more. It has some great features and a well build IntelliSense that can make you a productive developer.
Link: code.visualstudio.com

PgAdmin
A tool for engineers that work with PostgreSQL database servers. It’s a tool you can install on your computer and use it to manage PostgreSQL databases. It gives you a graphical interface instead of a CLI to manage your database, which can be convenient sometimes (especially if you have to look up all CLI/SQL commands, which wastes your time).
Link: pgadmin.org

Sourcetree
Sourcetree is a visual Git client. It’s convenient to keep track of all your repositories. Not all Git features are available through the GUI, but it supports more than enough to replace the Git CLI for my daily use.
Link: sourcetreeapp.com

Postman
This tool is useful to quickly test APIs. You can make a different API request and display the returning data in various ways. I like this tool to quickly get the hang of an API, besides using official documentation, I think trial and error is the fastest way to get to know a new API. You can also use it to document your API, but I never tried this feature before.
Link: postman.com

StarWind V2V Converter
The StarWind V2V Converter is a great tool to migrate virtual machines or virtual machine disks. You can convert from Hyper-V Disk to VMware compatible disks. Or migrate a virtual machine from Azure direct to VMware. It’s a great and easy tool to migrate VM’s between different environments. And it’s also free to use.
Link: starwindsoftware.com

Webservices

Cloudflare
Cloudflare is basically an industry-standard CDN and DDoS protection service. And it also features a free tier, which is great for small websites that don’t need the more advanced features. There are other CDN and DDoS protection tools on the market, but Cloudflare is definitely leading it. It is also reasonably easy to use and gives you meaningful insights about the traffic you get on your website or service.
Link: cloudflare.com

iloveimg
This is a great tool for images, it’s ideal for small changes. If you are too lazy to open up an image editor like Photoshop that takes ages to open, just go to iloveimg.com and make the quick change you wish to make.
Link: iloveimg.com

ilovepdf
If you need to make any kind of changes to a PDF, do not look further. This tool can do almost anything with your PDF: merge, split, compress, convert, edit, watermark, and many more things.
Link: ilovepdf.com

forwardemail
If you need to forward emails from one address to another without installing a mail server yourself or paying for one, you can use forwardemail. Some DNS nameserver hoster provide this feature out of the box, but there are some (Cloudflare, for example) that don’t have this feature. With this web service, you can add this feature at zero cost. There are also more advanced features and paid plans available, but I currently don’t use them.
Link: forwardemail.net

pdfgeneratorapi
It’s an API that gives you the ability to create different PDF templates and send data to its interface, which then gives you back a filled-out PDF. It’s a great tool for people that need many different templates, which change often. It gives you a visual template designer, which makes it possible for your end-users to create their templates themself. Which is a great way to make the developer’s workload lighter so that they can focus on more important things than creating PDF templates.
Link: pdfgeneratorapi.com

waymark.io
A simple tool to create Roadmaps and Timelines. It’s a great tool to create those Roadmaps you see on every startup’s website and presentation.
Link: waymark.io

MXToolBox
If you need to do any troubleshooting regarding E-Mail DNS configuration, I would suggest to checkout MXToolBox. MXToolBox offers a wide variety of tools to check E-Mail related DNS entries from MX, SPF, DMARC, and much more. It also provides tools to check if you got on an E-Mail Blacklist and other useful tools like WHOIS lockups.
Link: mxtoolbox.com

System Administration

mRemoteNG
Great tool for system administrators. You can do all in one tool instead of having a lot of different tools to connect to different types of servers. With this tool, you can connect to Linux servers, Windows servers, vCenter servers, and many more. It’s also customizable, so you can connect to pretty much anything you wish. It keeps all your saved connection in a list, so you don’t have to type out the server’s names or IP addresses, and to connect, you just double-click the server. It’s a great tool if you have new employees, so they don’t have to always look for the server names and can just quickly connect on to the servers.
Link: mremoteng.org

Collaboration

Discord
I really like discord to keep up with friends. And given the current Coronavirus pandemic situation, this tool was handy to work together in teams. It gives you all the necessary features to work together, it may lack behind Zoom with its features, but I didn’t really miss any of its features. It may not be well integrated with other apps like Zoom, but that’s because the target audience differs a lot between the two tools.
Link: discord.com

MacOS

Caffeinated
A simple tool that prevents your Mac from going into sleep mode. You can control the app through the menu bar. I like its simplicity because it just does the right thing, nothing more, nothing less.
Link: Caffeinated

Pock
Don’t you know what the touch bar on your MacBook is good for? Well, me neither, but this tool makes it a lot more useful. It gives you more personalization possibilities for your touch bar, like shortcuts for the apps in your dock or controlling your music app. And it doesn’t switch its layout based on the app you are using, which is a big plus for me.
Link: pock.dev

If I missed any tools you think are useful, write me a comment or send me directly a message, so I can check them out too!


About the Author

Hello my name is Loris Scandurra and I am an engineer and project manager based in Switzerland. I write about issues I encounter during my work and other stuff that would be useful or entertaining to document. If you want to write me an E-Mail do so at ls@lorisscandurra.com

Categories
General

My first blog post

Welcome to lorisscandurra.com! This is the first blog post on my new website. This blog is here to document the everyday issues I encounter during my work. This blog should help engineers solve some of their problems and help me remember the solutions I found in the past. I might also post some posts that are out of context about stuff I find interesting or entertaining.

I wanted to use this blog post to introduce myself better. My name is Loris Scandurra, but you can just call me Loris. I am an engineer and project manager. For the past 10 years, I worked in the IT sector, where I solved problems ranging from client/server engineering to front-end/back-end development. But my interest in technology and science began a lot earlier than that. In elementary school, I would enjoy math and physics classes. As soon as I started reading, my favorite books were history and science-related.

After elementary school and high school, I started an apprenticeship as a system engineer. It took me some time to find a position as a system engineer. There were only a few openings and a lot of people interested. But I managed to land an apprenticeship position that opened the gates to the IT world for me. In the beginning, I was overwhelmed by it and even thought that I wasn’t adequate for the job. But after the first year, I managed to wrap my head around it and enjoyed my work. In the third year of apprenticeship, I excelled as a student. I got the highest grade consistently for the entire year. I also participated in the national championship for engineers called SwissSkills, where I got in 5th place (not really what I was aiming at). I competed the following year again and got in 1st place (finally reached my initial goal).

I successfully finished my apprenticeship and started university, where I pursued a Bachelor of Science in Business Information Technology for four years. During my studies, I was working almost full-time as a system engineer. I switched the company I was working for after the first year of university to a more customer-facing company away from an internal IT department. At the new company, I made a lot of experience regarding customer interaction and system engineering for a wide variety of stakeholders with different backgrounds and expectations. In the last year of my studies, I changed the company again to a small consulting company where I worked as a project manager.

Taken on my trip to San Francisco

Two years later, I quit my job as a project manager and went a month to California to experience the west coast lifestyle. I really enjoyed California, I visited Los Angeles, San Francisco, and San Diego. I really liked it there and their way of living (maybe I am doing a blog post on that in the future). After returning to Switzerland, I was a little lost and didn’t know what to next, I didn’t want to do the same thing I did before, I wanted to learn and experience new things. So I applied to the Apple Developer Academy in Naples. While the application process was running, I worked as a front-end engineer at a small developer office in Zurich. I was simultaneously working for a digital retailer where I helped with infrastructure issues and updating old infrastructure.

In August, I received the confirmation that I was accepted at the Apple Developer Academy in Naples and that it would start at the end of September. So mid-September, I went off to Naples to search for an apartment for the next nine months. I found a room in the center of Naples, which was well connected with public transport there. At the academy, I learned a lot about working in a diverse team with developers and designers (a more detailed look behind the scenes of the academy coming soon). I am still attending the academy until the end of June. Still, due to the Coronavirus pandemic, I am back in Switzerland.

And now we reached the present from here on I can’t narrate in detail what’s going to happen. But my ambition to learn and collect more experience in the IT sector is still hungry for more. My plans for the future are to start my own startup and try new things with customers who are willing to take risks and be innovative.

If you want to contact me for any inquiries, do not hesitate, below my contact details:


About the Author

Hello my name is Loris Scandurra and I am an engineer and project manager based in Switzerland. I write about issues I encounter during my work and other stuff that would be useful or entertaining to document. If you want to write me an E-Mail do so at ls@lorisscandurra.com