Enabling local machine or domain controller for windows Azure Connect.
After post of Enabling Azure Connect for VM Role, today, I will discuss about enabling local machine or domain controller for windows Azure Connect.
To enable local machines to connect to your Windows Azure roles, you need to install the connect endpoint software (connect agent). Login to local machine which you want to use for Azure Connect and follow al the steps mentioned below –
1. IPv6 configuration –
Before installation make sure that you have not disabled IPv6 on the local machine. To check if IPv6 is enabled or not, open “Run” window and type “ncpa.cpl” command and click OK. Window named as “Network Connections” will open. Right click- go to properties and enable checkbox against IPv6. Then restart the machine to take effects.
2. Firewall Settings –
For connect agent to work properly, we need to configure the firewall settings as per our need. Make sure that, firewall in ON and its TCP port 443 outbound is open. To enable this port in firewall go to “Run” window and type “firewall.cpl”. This will open firewall window. If be default firewall is OFF then make it ON for “Domain network location settings”, “Private Network” and “Public Network”.
Click on “Advance settings” and select “outbound rules”. Select “New Rule” in right hand panel. Select radio button “Port” and click “Next” to proceed. Select “TCP” and enter 443 in the textbox against label “Specific Remote Ports”. Click “Next” to proceed. Select “Allow Connections” radio button. Click “Next” to proceed.
Select all checkboxes named as “Domain”, “Public” and “Private”. Click “Next” to proceed.
In the name type “Firewall Outbound 443 – For Azure Connect” and give appropriate description as “For Azure Connect” this port is opened. Click “Finish” to create the rule.
3. This step is specific to domain controller machine. If your local machine is not domain controller then skip this step and go to 4.
Now if your local machine for which you are enabling Connect is domain controller then you need to consider following steps.
Azure Connect requires a domain controller with an AD – Integrated DNS server running on the same machine. The DNs server should be configured to listen on all IP address. You can verify this by going to DNS manager, right click on your machine – select “Properties” as shown below –
I recommend you create a separate Organization Unit (OU) in the domain. Follow the steps as mentioned below –
Login to domain controller machine and select “Active Directory Users and Computers” option from “Administrative Tools” as shown –
Then right click on domain name and select “New” – “Organization Unit”.
Provide name as “AzureMachines”. Uncheck the checkbox option of “Protect container from accidental deletion” and click OK to create OU.
4. Installing Local Endpoint Connect agent
In the management portal, select windows azure subscription for which Connect has been activated, and then click the “Install Local Endpoint” button on the ribbon. In the dialog box that pops up (see below), copy the installation link – we will need it in next steps.
Using the above link install Connect endpoint on all of the local machines that you wish to connect. Before installation you should make sure there are no pending updates or reboots from windows update. If there are, you should first install the updates or reboot prior to proceeding with Connect Endpoint installation. The installation wizard will look as follows –
Repeat the procedure from 1 to 4 on all local machines you want to Connect. After Connect Endpoint is installed, it will automatically “activate” itself with the Connect service which should take around 10 to 30 seconds. Once a local machine is activated, it will appear in the virtual network of the Management Portal when you select the “Activated Endpoints” node or the “Groups and Roles” node.