Disaster Recovery Plan: Why you need to take a look at Azure Site Recovery

If like me you’re responsible for your company’s IT infrastructure then I hope you already have a disaster recovery solution in place, if you do then I have a few questions for you.

  • Are you confident in it?
  • When was the last time you did a test run?
  • Could it be improved?

If you don’t have full confidence in your current solution, or it has been too long since you tested it then you should take a look at Azure Site Recovery as it is a robust system that is straightforward to set up and easy to test a failover with also it is probably cheaper than you think.

If you don’t have a DR solution in place then you should absolutely without question start using Azure Site Recovery.

In this series of blogposts I’m going to take you through why you should consider using ASR to planning, setting it up and then topics such as how to run a test failover.

First an anecdote regarding my own journey to how and why I started using Azure Site Recovery.

If like me you’ve investigated Disaster Recovery as a Service solutions in the past and been shocked at the cost then you might be pleasantly surprised by ASR. Several years ago I was looking at improving my then employer’s solution and decided that to meet the business requirements we needed a warm start solution with continuous replication from our primary site. The quotes I received from different suppliers all massively exceeded my budget and in some cases would have cost most of my entire department budget for the year!

I decided to roll my own solution by reusing a recently retired host server, a site-to-site VPN, VMware vSphere Replication and a co-location provider, and saved tens of thousands of pounds. The main problem with this solution was the maintenance of the host server, it was never easy to patch the host server without breaking replication and replacing failed components meant a long drive and negotiating access to the datcenter. Five years later and the server was very old and long past the point when we should have replaced it., I decided to take a look at Azure Site Recovery as a replacement solution.

I ran the Azure Site Recovery Deployment Planner and calculated that for basically the same cost that the datacentre was charging for co-location I could a have a fully functional DRAAS with Microsoft Azure. I thus saved the cost of an entire new host server every 5 years plus the time, money and stress associated with the ongoing hardware maintenance.

In my case Microsoft’s claim that you can reduce your infrastructure costs was completely accurate.

Reduce infrastructure costs
Reduce the cost of deploying, monitoring, patching, and maintaining on-premises disaster recovery infrastructure by eliminating the need for building or maintaining a costly secondary datacenter. Plus, you pay only for the compute resources you need to support your applications in Azure.

It is not all about money though, as you will see in later posts Azure Site Recovery is simple to deploy and manage. Whether you are wishing to replicate from an on-premises VMware system or another Azure region there is a straightforward process that I will explain to you to get your workloads securely replicated into Azure. In addition you can ensure compliance by testing your disaster recovery plan without impacting production workloads or end users with the simple Test Failover functionality of ASR.

How To Remotely Enable Remote Desktop On A Windows Computer

You have just set up a Windows Server and realise that you need to start a remote desktop session to install some software for example, but you forgot to configure Remote Desktop.

Although remote desktop is disabled by default fortunately on Windows Server from 2012 onwards PowerShell Remoting is enabled by default. So with just a couple of lines of PowerShell you can enable Remote Desktop. Using Invoke-Command we are going to run a couple of commands (they could be combined in the same ScriptBlock but for clarity I have separated them).

Invoke-Command -ComputerName server01 -ScriptBlock {
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'
-Name fDenyTSConnections -Value 0}

Invoke-Command -ComputerName server01 -ScriptBlock {
Enable-NetFirewallRule -DisplayGroup 'Remote Desktop'}

The first modifies a registry key to toggle the flag that is set to Deny TS connections and the second modifies the Windows firewall to enable the built-in rule to open the port for RDP.

Produced with TechSnips.io

Running FreeFTPd as a service (the reality)

I wrote earlier about how easy it is to install FreeFTPd to run as a service.

However running it as a service is in practice a major pain in the neck. In order to edit the settings and add new accounts you need to launch the application from the desktop or start menu which will then run as a separate instance running under your user account.

Any changes made here should be transferred to an instance that runs as service.

Getting it to work reliably means doing the following.

  1. Open up services.msc and stop the FreeFTPd service.
  2. Launch FreeFTPd from Start Menu
  3. Reconfigure and make sure that you Apply and Save changes.
  4. Open Task Manager and stop the FreeFTPd process that is running under your user account.
  5. Start the FreeFTPd service in the Services mmc.
  6. Test connection to server.
  7. Repeat the above steps until it actually works.

Installing FreeFTPd to run as a service

FreeFTPd is a fantastic lightweight FTP and SFTP server that runs on Microsoft Windows. Download it from here https://www.freesshd.com/index.php?ctt=download

The installer is under 1MB in size and installation to run as a service is extremely simple. Just click through the installation wizard and once it has installed and private keys have been generated it will prompt you ‘Do you want to run FreeFTPd as a system service?’

How to block a Windows Update from reinstalling in Windows 10

With the best will in the world due to the complexity of the Windows installations and installs of third party software there will be occasions that Microsoft releases a Windows update that breaks something.

A recent security update to Microsoft Office broke a VBscript Word Macro that we use in the business so until we can find a developer that understands it well enough to fix it we need to disable the Windows update. This is not as simple in Windows 10 as security updates are now set to install automatically.

There is a troubleshooter available for download that makes the task very straightforward.

When you click on the download link, you will be prompted to open or save wushowhide.diagcab.

Open or save wushowhide.diagcab

You can save it locally or just open it and run it automatically. The troubleshooter will start, click Next to proceed.
Troubleshoot. Show or hide Windows update

You can choose to either Hide updates or Show hidden updates (useful to then allow installation of the update if the underlying problem is fixed.)
Show or Hide Windows update

Clicking on Hide updates will show all updates that are currently not installed. Tick the boxes of the updates that you wish to block the installation of and then click next.
Hide Windows update

The troubelshooter will then process the request and after a short wait will show that the updates selected have now been blocked.
Troubleshooting has completed

If you decide later that you now wish to unblock the update, simply run the troubleshooter again and then choose the Show hidden updates option. Then select the ones you wish to unblock and click next to proceed.
Show hidden Windows update

Windows 10 – cannot access TCP/IPv4 Properties on a PPTP VPN Connection

There’s been a few little quirks with Windows 10 that I have noticed or people have reported to me but the most annoying one I’ve encountered so far has been not being able to access the TCP/IPv4 Properties on a PPTP VPN Connection.

VPN-TCPIP4 properties

Setting up a VPN connection on Windows 10 has become a quicker process with less configuration, however when you need to adjust the configuration such as adding a DNS suffix it is not at all simple if you cannot access the properties window for the TCP/IPv4 protocol. Regardless of whether the user is an administrator on the machine or not the properties button is completely unresponsive.

All is not lost however as Microsoft have apparently fixed the issue in a Cumulative update for Windows 10 Version 1511 so upgrading to the most recent build of Windows 10 and installing all outstanding updates should resolve the issue. In the meantime a workaround is to copy a working and correctly configured VPN connection from another machine to the affected machine. The file is rasphone.pbk and is located in the following folder

If necessary it can be modified in a text editor.

If you are on Windows 10 Version 1511 already and are experiencing this issue you can download the necessary cumulative update directly from http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB3105211

Windows 10 Roll-out: WSUS, Group Policy and Installation

As a software development company we need to be a little ahead of the curve when it comes to our adoption of new releases of Windows Server and Desktop environments as we need to ensure that our software will continue to function when our clients decide to upgrade to the latest technologies. However until recently due to our customers being large enterprises, which traditionally are slow to adopt new technology, we didn’t need to jump in immediately when a new OS was released. That has changed since we started to gain clients in emerging markets, Kenya and Nigeria specifically, who appear to be quicker to adopt the latest OS as they are experiencing rapid expansion and growth of their infrastructure.

So just over two months since the release of Windows 10 I undertook a pilot program to roll it out to a limited number of developers and create a small number of virtual machines for testing.

Edit: Since first writing this up the number of people that I have rolled Windows 10 out to now encompasses almost a third of the company.

But prior to the actual roll-out there are a couple of tasks that need to be done to ensure that the infrastructure for managing Windows 10 is in place namely WSUS (Windows Server Update Services) and Group Policy.

WSUS was pretty simple as the product list it uses is updated automatically with new entries so it is just a matter of ticking the boxes to receive updates for those products. Open up the WSUS console, click on Options and then Products and Classifications. Tick all the relevant boxes to receive the Windows 10 updates.


Installing the Group Policy Administrative Templates (admx files) was more involved but again was pretty straightforward. I downloaded the ADMX files Microsoft Administrative Templates for Windows 10 I also downloaded the ones for Windows 8.1 and Windows Server 2012 R2 as I’d realized that I’d somehow overlooked these previously.

Logged into one of the Domain Controllers and found the path to the SYSVOL folders location in the Central Store. Please note if you’re following these instructions and do not have a central store in your domain then the SYSVOL location will have different path.

Then opened the msi installer to start the installation of the Administrative Templates. At the Select Installation Folder window I changed the folder from the default to the folder of the SYSVOL folder in the central store that I found previously.


If you have a Central Store for ADMX files, the location should be the same or similar to the path below, just replace with your domain name (domain.com).


Installed both sets of templates and then took a quick look at the Group Policy Settings reference spreadsheet to see what new settings have been added, the total number of settings is now over 3700!

The actual installs of Windows 10 have all gone very smoothly so far. As well as the relatively new developer PCs (1-2 years old) I have carried out Windows 10 upgrades on a variety of different older systems including a 5 year old desktop PC and a 4 year old laptop.

Sharepoint Online login failure. Issue Type: User not in directory

Sharepoint Online login failure

Weird glitch with Office 365 when a user who had returned from a two week long holiday tried to access a document in Sharepoint Online. The error message shows that the user is not in directory, which is incorrect. He couldn’t login to Microsoft Office 365 at all, however Outlook still worked and he could send and receive email.

Resetting his password fixed the problem.

But what was the underlying cause could not be discerned. It wasn’t that he was logged in using his MSDN Microsoft account which has the same email address and therefore the same username as his Office 365 organizational account. A Private Browser session was tried and that failed. Also attempting to login from a completely different Pc failed in the same way.

My best guess is that the Azure Active Directory object associated with his account had been locked due to an expired password or the object had become corrupted in some way. Resetting the password then updated the object’s attributes which allowed the account to become active again.

Microsoft’s Windows 10 hardware event in 9 minutes

Microsoft’s Windows 10 hardware event in 9 minutes.

The Verge have produced a video highlighting the best bits of Microsoft’s hardware presentation.

Unitrends DRaaS: Disaster Recovery as a Service

I use Unitrends Enterprise Backup as part of our disaster recovery system and I’m impressed with it.

Apparently Unitrends also provide a full DRaaS: Disaster Recovery as a Service and currently have a Limited time offer of free 500GB of Forever Cloud for all new customers!