Quick tips with Azure Site-to-Site VPNs

It’s been awhile sense I’ve setup an Azure VPN for a customer and I had to relearn the process – particularly with ARM.  So I thought I’d share some tips on getting this setup without any hassles.

  1. Be sure to check the endpoint Azure will connect to is on the supported list.
  2. Make sure you VPN Gateway is the right type “PolicyBased” or “RouteBased” (use the device list to be sure which one is right for your config)
  3. When planning out the Virtual Networks…be sure to use a big enough “address space” to host the subnet for the Azure VMs and the “Gateway” subnet.  So you could use an Address Space of (you won’t use all those addresses) and create a default subnet of and a Gateway subnet of  The Gateway subnet is NOT overlapping with the “default” network but is part of the “Address Space.
  4. Use Security Groups to lock down the access – of course we want security

Happy building



Publishing Remote Desktop Gateway with Azure App Proxy – The Easy Way

After reading that Azure can support Application Proxy, I began to think of ways I could use this to expand the configuration of my lab. My lab is hosted in my closet and brought to the Internet via AT&T fiber. So I only have a single IP which limits what I can do/publish externally. So my remote access (via Remote Desktop Gateway) was using the sole IP address.

What I have now is depicted below:

The key items to note here:

  • Single Server – hosting ALL RDS Roles(Gateway Role, WebApp Role, Session Host, Connection Broker)
  • RDS Server ALSO hosts Application Proxy Connector
  • DNS name pointing to Azure (not using “xxxx.cloudapp.net”)
  • Need TWO Published Applications
    • One for RDWEB (webapp page)
    • One for RPC (for RDP or HTTPS)


On Prem-

  1. Install Windows Server 2016
  2. Add RDS – I used “Quick Start”….give collection and external name
  3. Import certificate and configure RDS


  1. Create new application – select Azure AD/Enterprise Applications/ + New Application/All/On-Premise Application

    Configure like below (note the ending of url “/rdweb/”):

  1. Create new application (again) – select Azure AD/Enterprise Applications/ + New Application/All/On-Premise Application

    Configure like below (note the ending of url “/rpc/”):

Other items to note:

  • You’ll need at least ONE user with an Azure Active Directory Basic license to publish an application ($1 per month)

Shift is the key/fix for the crazy image resizing in Office 365

I write a lot of documents for the customers I work with.  And often I end up creating documents with screenshots.  Lately I’ve notice a CRAZY behavior with resizing images within Word (and I assume other Office apps would do the same).

When I resize the image (usually to make it smaller to fit better on the page) Word ends up flipping it upside down! This was driving my crazy (maybe you too).

What is now working for me is to press the SHIFT key while doing the resizing and Word adjusts to the desired size and nothing funky happens.

Maybe you found another solution?  Let me know.



Nano – drivers and drive setup

@Foxdeploy and I were chatting about my Nano/Lab setup and he asked me if I had any driver issues with my setup and Nano. The short answer is no…not with this build. But earlier builds (TP1 I think) I did have issues. Here’s how I dealt with that:

I dual boot (as stated in my previous post) to a FULL version of Windows Server 2016 – I consider that my “get out of jail” card just in case things don’t go as planned (as they sometimes do). With a full OS installed I can then use the Device Manager to clearly see what driver is not working properly. With my first build of Nano in the lab I had a NIC driver (ugh). In the early builds of Nano you had to use full OS and Device Manager to get the driver’s inf and other data to import the driver via dism:

dism\dism /Add-Driver /image:.\mountdir /driver: C:\Windows\System32\DriverStore\FileRepository\nic.inf_amd64_23224432324

Luckily that is not needed any longer 🙂 . To add “custom drivers” to a Nano build simply add the option “DriversPath” to the New-NanoServerImage command and point the option to the appropriate folder for the driver(s) you needed add.

As for setting up a dual boot – here’s the method I used:

I booted my system with Windows install media and at the “Windows Setup” screen press Shift+F10

Type diskpart and use the commands listed below
List disk ….and verify which disk you intend to install the OS onto (usually “0”…in the example below I only have a single disk)
  • Select disk 0
  • clean
  • create partition primary
  • format quick fs=ntfs label=boot
  • create vdisk file=c:\Win2016.vhd maximum=50000 type=expandable
  • attach vdisk
  • exit (to exit diskpart) then exit (to exit command prompt)
  • Now continue with Windows Setup and when prompted select “Custom: Install Windows only (advanced)”
  • The drive (vdisk) previously created is displayed – Click Next to install
  • Complete the install as normal

Now that the GUI OS is installed, the Nano VHDX can be added to the boot configuration:

  • Mount the Windows Server 2016 ISO and note the drive letter (in my case it was F:)
  • From an elevated PowerShell console run the following commands
    Import-Module f:\NanoServer\NanoServerImageGenerator -Verbose
    New-NanoServerImage -Edition Standard -DeploymentType Host -MediaPath f:\ -BasePath D:\temp -TargetPath D:\Temp\Nano.vhd -ComputerName Nano -OEMDrivers -Compute
    #Create an djoin file:
    djoin.exe /provision /domain thenewtonlab.com /machine "Nano" /savefile c:\temp\objBlob

    The above command will prompt for an administrator password to assign to the new VHDx image

    • Copy the VHDX over to the server and place on the “Boot” partition created earlier
    • From an elevated command prompt create a new boot entry via BCDEDIT (the last command set the new entry as the default boot entry):

Bcdedit /copy {current}

Copy the GUID that is returned

bcdedit /set {GUID} device vhd=[c:]\NanoServer.vhd

bcdedit /set {GUID} osdevice vhd=[c:]\NanoServer.vhd

bcdedit /set {GUID} path \windows\system32\boot\winload.exe

bcdedit /default {GUID}

Next step in the process is to finalize the Nano configuration:

Logon as Administrator with the password assigned during the New-NanoServerImage command.

Configure the IP and firewall:

Enter administrator for user and the appropriate password:

Press Select Networking and press Enter

Press Enter to configure the NIC

Select F11 and then F4 to toggle DHCP off and then enter a static IP

Press Enter to save the configuration and then ESC back to the main menu

Next the server needs to added to the domain – within PowerShell run the following:

$ip = ""
Set-Item WSMan:\localhost\Client\TrustedHosts $ip
$user = “thenewtonlab\dan”
Enter-PSSession -ComputerName $ip -Credential $user
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=yes
$ifa = Get-NetAdapter -Name Ethernet
netsh interface ipv4 add dnsserver "Ethernet" address= index=1

Copy the djoin blob file:

#map drive
net use z: \\\c$
copy c:\temp\objBlob z:\temp\objBlob
#reboot the server
shutdown /r /t 5

We now have a dual boot system that is ready to host Hyper-v guests.  While the overall process might seem tedious, it is a process the is done very seldom (gratefully). I hope you find this information helpful.  Do you have a test lab?  How do you like to setup your lab?  I’d love to hear how others are working these issues out.

Regards and happy labbing,