Windows Azure Pack: Customize the URLs

Now that you are familiar with Windows Azure Pack, it’s time to change the default URLs and Ports of the different WAP Sites to use your own settings. In the following post, I will share my experience with you, but before starting, I recommend you to check the followings three posts about the same topic:

Flemming Riis: http://flemmingriis.com/windows-azure-pack-publishing-using-sni/
Marc Van Eijk: http://www.hyper-v.nu/archives/mvaneijk/2013/10/windows-azure-pack-changing-the-default-urls/
Anders Ravnholt: http://blogs.technet.com/b/privatecloud/archive/2013/12/10/windows-azure-pack-reconfigure-portal-names-ports-and-use-trusted-certificates.aspx

Ideally, you should use an official SSL certificate and running the sites on port 443. The company Gandi is selling Wildcard SSL Certificate for about 120€/year (https://www.gandi.net/ssl/standard#wildcard), which is really not expensive from what I could see. In my lab (which is running in a hoster datacenter), I’m already using the port 443 for the Remote Desktop Gateway, so I have no other choice that using another port. As this is a lab environment, it’s not really a big deal to not use the 443, so I decided to use the port 444.

Below a summary table of the current and future setup:

When you defined the new URLs, the first step is to create these records to your local and public DNS servers. In my Active Directory domain, I added the following 4 records pointing to my WAP server.

New Tenant Site record:

New AuthSite record:

New AdminSite record:

New WindowsAuthSite record:

When you did it locally, you have to update your DNS at your registrar. Below my Public DNS configuration:

I bought an Wildcard certificate named *.vnextlab.be that I will use for the different WAP Sites.

To import your certificate SSL to your IIS Server, you could follow this guide.
http://www.digicert.com/ssl-certificate-installation-microsoft-iis-7.htm

When imported, your IIS certificate store should looks like below:

Tenant Portal

It’s time to update the Tenant Sites with the new URLs.
In the IIS manager, select the MgmtSvc-TenantSite, do a right click and select Edit Bindings…


Click on Edit:

Follow the steps below:

  1. Change the port.
  2. Specify the site url you defined earlier.
  3. Check the box Require Server Name Indication.
  4. Select your SSL Certificate.


Do the same steps for the MgmtSvc-AuthSite, below my configuration:

Now that IIS has been configured, we need to configure Windows Azure Pack Tenant portals with the new URLs. Start the Windows Azure Pack Administration PowerShell prompt.


Adapt and execute the following commands:

Set-MgmtSvcFqdn -Namespace “TenantSite” -FullyQualifiedDomainName “portal.vnextlab.be” -Port 444 -Server sql001

Set-MgmtSvcFqdn -Namespace “AuthSite” -FullyQualifiedDomainName “portalauth.vnextlab.be” -Port 444 -Server sql001

Set-MgmtSvcRelyingPartySettings –Target Tenant –MetadataEndpoint ‘https://portalauth.vnextlab.be:444/FederationMetadata/2007-06/FederationMetadata.xml‘ -ConnectionString “Data Source=sql001.vnextlab.be;User ID=sa;Password=*****”

Set-MgmtSvcIdentityProviderSettings –Target Membership –MetadataEndpoint ‘https://portal.vnextlab.be:444/FederationMetadata/2007-06/FederationMetadata.xml‘ -ConnectionString “Data Source=sql001.vnextlab.be;User ID=sa;Password=*****”


We will now test the tenant portal with the new URL, just start IE and type the URL.

You will be redirected to the Tenant Authentication Portal.

When the authentication occurred, you are redirected to the tenant portal.

Admin portal

Now that the Tenant portals (Tenant and Tenant Authentication) have been configured and tested, we will update the Admin Portals with the new URLs.

In the IIS manager, select the MgmtSvc-WindowsAuthSite, do a right click and select Edit Bindings.

Follow the steps below:

  1. Change the port.
  2. Specify the site url you defined earlier.
  3. Check the box Require Server Name Indication.
  4. Select your SSL Certificate.


Do the same for the MgmtSvc-AdminSite, below my configuration:

When done, we need to update the WAP configuration with the new URLs that we just configured in IIS.

Adapt and execute the following command:

Set-MgmtSvcFqdn -Namespace “AdminSite” -FullyQualifiedDomainName “manage.vnextlab.be” -Port 444 -Server “SQL001”

Set-MgmtSvcFqdn -Namespace “WindowsAuthSite” -FullyQualifiedDomainName “manageauth.vnextlab.be” -Port 444 -Server “SQL001”

$ConnectionString = ‘Data Source=SQL001;Initial Catalog=Microsoft.MgmtSvc.Config;User ID=sa;Password=XXXX’

Set-MgmtSvcRelyingPartySettings -Target Admin -MetadataEndpoint ‘https://manageauth.vnextlab.be:444/FederationMetadata/2007-06/FederationMetadata.xml‘ -ConnectionString $ConnectionString

Set-MgmtSvcIdentityProviderSettings -Target Windows -MetadataEndpoint ‘https://manage.vnextlab.be:444/FederationMetadata/2007-06/FederationMetadata.xml‘ -ConnectionString $ConnectionString


Configuration done, it’s time to test the connection to the Admin portal.
Just go to your Admin Portal, you will be prompted for your Domain Credentials. You notice that the authentication is requested by the Authentication Site.

Authentication in progress.

Authentication done and redirection for the Admin Site.

Everything is now working as expected and your portals are using your new URLs.

I hope this help, ping me if you have any question.

Christopher

Tweet about this on TwitterShare on FacebookShare on LinkedInShare on Google+Email this to someoneShare on TumblrPin on PinterestDigg thisShare on RedditFlattr the authorBuffer this pageShare on StumbleUpon

About Christopher Keyaert

Christopher Keyaert is a Consultant, focused on helping partners to leverage the System Center and Microsoft Azure cloud platform. He is also a Microsoft Most Valuable Professional (MVP) for Cloud and Data Center Management and a Microsoft Certified Trainer (MCT).
This entry was posted in Uncategorized. Bookmark the permalink.

One Response to Windows Azure Pack: Customize the URLs

  1. Juan Quesada says:

    Need some help here please.

    I get an error on the Tenant Site while running:

    Set-MgmtSvcRelyingPartySettings –Target Tenant –MetadataEndpoint ‘https://xxxauth.com:443/FederationMetadata/2007-06/FederationMetadata.xml‘ -ConnectionString “Data Source=xxx;User ID=sa;Password=xxx”

    Error is:

    Set-MgmtSvcRelyingPartySettings : CData elements not valid at top level of an XML document. Line 1, position 3.
    At line:1 char:1
    + Set-MgmtSvcRelyingPartySettings –Target Tenant –MetadataEndpoint ‘https://xxx …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [Set-MgmtSvcRelyingPartySettings], XmlException
    + FullyQualifiedErrorId : System.Xml.XmlException,Microsoft.WindowsAzure.Config.PowerShell.Claims.SetRelyingPartyS
    ettings

    as a note, the following run fine:

    Set-MgmtSvcFqdn -Namespace “TenantSite” -FullyQualifiedDomainName “xxx.com” -Port 443 -Server “xxx.priv”

    Set-MgmtSvcFqdn -Namespace “AuthSite” -FullyQualifiedDomainName “xxx.com” -Port 443 -Server “xxx.priv”

    Set-MgmtSvcIdentityProviderSettings –Target Membership –MetadataEndpoint ‘https://xxx.com:443/FederationMetadata/2007-06/FederationMetadata.xml‘ -ConnectionString “Data Source=xxx;User ID=sa;Password=xxx”

    aditional notes:
    created host records to resolve IPs for external records (since i havet publish via Public IP until i get everything working internally)
    Windows Azure Pack v2

    thanks in advance

Leave a Reply

Your email address will not be published. Required fields are marked *