AzurePack: Components for Website Feature failed to install

I had to install a new Frontend and Publishing server for my Web Sites components inside Azure Pack, unfortunately the installation failed so I had to find out what was wrong.

First check on the troubleshooting step by step list is to control the Firewall, which also revealed the problem:

The automatically created Firewall Rule for the “WebFarmAgentService” which is used to install the rest of the components, only enables the rule for “Public interfaces”. So my interface that’s being used, that’s connected to the Domain, did not obviously allow that traffic.

Enabling “Domain” in the Firewall Rule solved the problem, and the installation went through! I can’t see any reason for the devs to make that decision to only enable the rule for Public… But maybe there is some strange reason that you guys can come up with?

 

SCVMM : Automatic Baseline update script

SCVMM (System Center: Virtual Machine Manager) 2012 and 2012R2 can manage the patch compliance on your servers. That’s a great feature but normally involves some manual work as you have to add each update to the Baselines manually.

My colleague Mikael Nyström (MVP)  made a script to handle this automatically, which I’ve developed a bit further.

The script has a few Pre-Requisites;

  • A WSUS Server defined in SCVMM
  • Approved patches for “Windows Server 2012” and “Windows Server 2012 R2” in WSUS
  • Pre-Defined Baselines (you can use Add-Baseline to create them) with these names;
    • Security Updates
    • Critical Updates
    • Updates
    • Update Rollups

That’s it! You can now run the script and automatically import all matching updates.

The following actions will be performed;

  • Synchronize updates with WSUS
  • Check if there are any updates in the Baseline already
    • If the baseline is empty, import ALL matching updates
    • If the baseline is NOT empty, check the Newest 500 updates and import all matching updates
  • Remove inactive updates
  • Repeat for all Baselines
  • Start a compliance scan

The script will not initiate any remediation. And as the script normally only checks the newest 500 updates, it has to be run fairly regular. In my environment, 500 updates is about 1 month of updates. Though to be safe, run it once a week.