link states to select “Quit” option while performing sysprep so that while
provisioning VM based on captured image, it won’t run into timed out error.
This is perfectly fine. However what if even after selecting Quit during
sysprep you run into Provisioning timed out error while creating VM based on
recently ran into such issue. I had selected Quit option during sysprep, and
then I captured the VM image and when I provisioned VM based on this captured
image, I got error as “Provisioning Timed Out”.
interesting fact was that, I was able to make RDP to the machine and all
installed application was working fine on it. Now if I restart this captured
image based Azure VM from Management Portal, VM got into Running status on
portal. This was one of the workaround however not a permanent solution.
raised a support ticket with Microsoft and findings were awesome.
in Feb 2014, Azure Team technical blog posted that, VM agent is now by default
installed on Azure virtual Machines. And guess what, VM agent was the problem
behind Provisioning timed out error for Azure VM.
new VM agent was installed on Azure VM that I was using to capture the image.
Then when I created a new virtual machine based on captured image by default VM
agent tries to get installed again, but as it is already installed may be
monitoring servers will never receive the status as “installation complete”
which they are waiting forand hence
after certain time interval status of VM becomes Provisioning Timed Out.
fix this problem of Provisioning Timed Out, while creating VM’s remember to
uncheck the option “Install the VM agent”.
it you are done and problem of Provisioning timed out error resolved.
I tried to host WCF service using Azure web role with wshttpbinding and custom
username and password validator and access it over http.
is based on ws- security and it is good option to provide authentication
mechanism to WCF service hosted on Azure. Let’s start it right away.
Add Custom username and
password validator -
of all create an Azure cloud service project with one web role and WCF web
role. Then add reference to System.IdentityModel to WCF project so that we can
use our own custom username and password validator based on UserNamePasswordValidator
class. Create a class as shown below in WCF web role project –
/// Validator class to be used for WCF
authentication in case of wsHttpbinding only
You will see that, we
have named the behaviour as CustomValidator. Metadata retrieval is allowed over
HTTP only and not for https. Then most important part is <serviceCredentials>tag. This is where we specify the certificate to be
used and custom username and password validator.
serviceCertificatetag specifies the certificate to be used. Usually
we specify certificates which are issued by certificate authority. As part of
this tutorial I am using self signed certificate which gets generated in IIS 7 itself
during IIS 7 installation. However please be aware that, this certificate
should not be used in production environment.
Open run window and
type “inetmgr” without quotes. This will open IIS. Select the computer name in
left pane and double click Server Certificates in middle pane to open the
feature. You will find that, a certificate named as “IIS Express Development
Certificate” is already present. I will use same certificate for this tutorial.
Import certificate -
During development, this
certificate should be present in Trusted
People Store of current user and Personal store of Local Machine. During production
on cloud service hosting, we need to put the same certificate to some more
places which I will talk later.
For now, to add export
certificate and import in Trusted People store refer to following link –
The link talks about
importing and exporting certificate in Local Machine. Same can be used to
import or export certificate in Local user store which can be opened from run
window and typing “Certmgr.msc” command.
Certificates to Roles -
Next we need to make
sure that; self signed certificate is added for WCF web Role and WebRole1 project.
Right click WCF role in cloud service project and select Properties. Then click
on Certificates option present on left hand side pane. Click on “Add
Certificate”; this will add a row. Provide name as localhost, store location as
localmachine, store name as my. Now open the certificate from personal store of
current user and copy the thumbprint. Add it to the thumbprint section of
certificate added in properties of WCF Web Role. Follow the same steps to add
localhost certificate for Web Role project.
Next tag is userNameAuthentication.
This is where I am specifying my custom class to be used for username and
password validation. In this tag WCFService is the name of namespace in which
my Service1UsernameValidator class exists.
WCF Web role Service Reference locally in Web Role -
we need to start WCF service web role so that service reference can be added in
WebRole1 project. Right click WCF Service and debug to start new instance as
shown below –
we need to add service reference to Web role 1. Righ click WebRole1 project
-> click Add service Reference. A window will appear. Click on Discover
button. WCF Service Service1 started above will get listed. Keep the reference
name as ServiceReference1 only and Click OK to add reference. Open web.config
for Webrole1 project. This web.config we will modify to have wshpbinding. You
will observe that, in <system.serviceModel>tag
basichttpbinding is added.
paste following segment in ServiceModel tag of web.config in WebRole1 project.
have specified binding element as wshttpbinding which is similar to that of WCF
Service. Next we have specified the endpoint behaviour with certificate
validation mode as PeerOrChaintrust. Please refer to the comment mentioned
above the tag certificateValidationMode. Hence while moving the deployment to production make
sure that you have valid certificate issued by CA. In endpoint just replace the
7493 by your
respective port number.
Add sample web form to
consume WCF Web role locally -
add a web form in the WebRole1 project named as SamplePage.aspx and in
page_load event add following code –
username and password specified above are same as the one specified in custom
validator in WCF Service web role. Now right click WebRole1 project and select
Debug->start new instance. First the custom username validator’s validate
method is called making sure that authentication of WCF web role is working
output should show message as “You Entered: 5.”
completes the configuration of Azure WCF Web Role using wshttpbinding over http
in development environment.
now I have hardcoded the username and password in custom validator class. In
real scenario, it may be read from database.
Configure port and
endpoint for Roles in cloud service -
next step is to configure WCF Web role in Azure cloud service using
ServiceDefinition.csdef file and make sure that the WCF Web role endpoint is
configured for http and port 8080 where as Webrole1 is configured for http port
Add certificate to
cloud service on Azure Management Portal -
here assume that, you already have a cloud service, storage account created in
Azure subscription. Open the cloud service from Azure Management portal and
upload certificate localhost.pfx file used in this project. I hope you already
have exported the certificate by following the steps mentioned in blog link
using localhost certificate here however in real world, using self signed
certificate for production deployment is a measure threat. This is only for
demo purpose. For production deployment consider a certificate issued by
Change WCF End point of
WebRole to cloud Service URL -
we need to change the endpoint address in WebRole1 project as now it should
refer to azure cloud service hosted WCF web role URL. As described above we have
marked port 8080 for Azure WCF Web role and my cloud service URL let’s say –
kunalwcfdemo.cloudapp.net then my WCF web role URL will be – http://kunalwcfdemo.cloudapp.net:8080/Service1.svc
is the URL of my endpoint and it should be added in web.config file of WebRole1
project ad comment the localhost URL. So modify the client tag of web.config of
Webrole1 project as follows –
it might be possible that, the ServiceReference1 might be still pointing to
localhost url of WCF web role. Therefore right click
localhost certificate to Trusted Store of Web Role Instance VM -
the cloud service project. Make sure that you enable remote desktop for the both
roles while publish. We will need to make RDP to Web Role machine NOT WCF Role
machine and we will need to add localhost certificate in Trusted People store
of current user, local machine on Web Role instance virtual machine. So copy
localhost.pfx to the desktop of web role instance.
should be already present in Personal Store of Local Machine. Add it to Trusted People of Local Machine
and trusted People of Current User.
Please note that we are
not making any change in WCF Web role VM.
in Web role VM is required because we are using PeerOrchainTrust and
certificate is self signed. If we are using certificate issued by trusted
authority and certificate validation mode ChainTrust then this step may not be
required. As this tutorial is for demo purpose and we are using self signed
certificate we have to add certificate manually by making RDP to web role
Set the SamplePage.aspx
as start page for Webrole1 –
you wish to set any .aspx page as start page of your web role project then
please follow the instruction given at this link –