Azure Site-To-Site TrafficSelectorPolicy is not working - azure-virtual-network

We are trying to set up a site-to-site VPN on Azure. The problem is that we have a larger virtual network subnet say 10.0.0.0/16 and the VPN should only be able to access 10.0.1.0/24 within that range. We set up the connection and it fails due to "Traffic Selector Mismatch".
I set up the connection from PowerShell as follows:
$ResourceGroup = [SomeResourceGroup]
$Location = [SomeLocation]
$OnsitePublicIp = [onsite public ip]
$OnsiteSubnet = [onsite accessable subnet]
$LocalNetworkGatewayName = [SomeNetworkGatewayName]
$ConnectionName = [SomeConnectionName]
$AzureAddressRange = "10.0.1.0/24"
$VirtualNetworkGatewayName = [SomeVirtualNetworkGatewayName]
$IpSecPolicy = New-AzIpsecPolicy XXXXXXXXXXXXX
$LocalNetworkGateway = New-AzLocalNetworkGateway -Name $LocalNetworkGatewayName -ResourceGroupName $ResourceGroup -Location $Location -GatewayIpAddress $OnsitePublicIp -AddressPrefix $OnsiteSubnet
$IpsecTrafficSelectorPolicies = New-AzIpsecTrafficSelectorPolicy -LocalAddressRange $AzureAddressRange -RemoteAddressRange $OnsiteSubnet
$VirtualNetworkGateway = Get-AzVirtualNetworkGateway -Name $VirtualNetworkGatewayName -ResourceGroupName $ResourceGroup
New-AzVirtualNetworkGatewayConnection -Name $ConnectionName -ResourceGroupName $ResourceGroup -VirtualNetworkGateway1 $VirtualNetworkGateway -LocalNetworkGateway2 $LocalNetworkGateway -Location $Location -ConnectionType IPsec -UsePolicyBasedTrafficSelectors $True -IpsecPolicies $IpSecPolicy -SharedKey $SharedKey -TrafficSelectorPolicy $IpsecTrafficSelectorPolicies
The connection is still rejected and after running troubleshooting on the connection i see the full range is still being referenced.
Proposed Traffic Selector payload will be- [Tsid 4e4 , ]Number of TSIs 1: StartAddress 10.0.0.0 EndAddress 10.0.255.255 ......
We have multiple setups on the gateway appliance and they work as expected, however this one does not work due to the "Traffic Selector Mismatch".
Should the Traffic Selector Policy not have filtered the published range to 10.0.1.0 to 10.0.1.255?
I will appreciate any help to get this sorted out. Am I approaching this issue completely incorrectly? Is there a better way of doing this?

Related

Payara asadmin command to monitor a specific resource

Does anyone know the asadmin command line equivalent to display the Resource data as shown in the image below (ie the Resource __TimerPool)?
I'm using Payara 4.1.1.171.1.
I typed asadmin monitor --help and it provided this as
monitor [--help]
--type type
[--filename filename]
[--interval interval]
[--filter filter]
instance-name
The type field only accepts "httplistener", "jvm" and "webmodule" as inputs.
So I can't use a "resource" or "jdbcpool" as a type.
Oddly enough in the old glassfish 2.1 https://docs.oracle.com/cd/E19879-01/821-0185/gelol/index.html you can select "jdbcpool" as the type
Any help is appreciated.
I couldn't really find the answer on the payara documentation https://docs.payara.fish/documentation/payara-server/monitoring-service/monitoring-service.html
But using part of the glassfish documentation https://docs.oracle.com/cd/E18930_01/html/821-2416/ghmct.html#gipzv I was able to get what I needed.
The command is asadmin get --monitor server.resources.__TimerPool.*
This then returns (this is a partial output):
server.resources.__TimerPool.numconnused-highwatermark = 2
server.resources.__TimerPool.numconnused-lastsampletime =
1559826720029 server.resources.__TimerPool.numconnused-lowwatermark =
0 server.resources.__TimerPool.numconnused-name = NumConnUsed
server.resources.__TimerPool.numconnused-starttime = 1559823838730
server.resources.__TimerPool.numconnused-unit = count
server.resources.__TimerPool.numpotentialconnleak-count = 0
server.resources.__TimerPool.numpotentialconnleak-description = Number
of potential connection leaks
server.resources.__TimerPool.numpotentialconnleak-lastsampletime = -1
server.resources.__TimerPool.numpotentialconnleak-name =
NumPotentialConnLeak
server.resources.__TimerPool.numpotentialconnleak-starttime =
1559823838735 server.resources.__TimerPool.numpotentialconnleak-unit =
count server.resources.__TimerPool.waitqueuelength-count = 0
server.resources.__TimerPool.waitqueuelength-description = Number of
connection requests in the queue waiting to be serviced.
server.resources.__TimerPool.waitqueuelength-lastsampletime = -1
server.resources.__TimerPool.waitqueuelength-name = WaitQueueLength
server.resources.__TimerPool.waitqueuelength-starttime = 1559823838735
server.resources.__TimerPool.waitqueuelength-unit = count
Command get executed successfully.
It's important to add the .* at the end of the asadmin command in asadmin get --monitor server.resources.__TimerPool.*
If you neglect that and just enter asadmin get --monitor server.resources.__TimerPool it'll return
No monitoring data to report.
Command get executed successfully.
To see thelist of resources you have available to you to monitor type /asadmin list --monitor server.resources.*

SSAS Processing Cubes - Won't work in powershell but works in Visual Studio

I'm attempting to process cubes and dimensions in powershell. It has been working for awhile but all of a sudden it stops. I can process the dimensions and cubes in visual studio but processing them with a powershell script in the same order gives me a duplicate attribute key error.
Powershell Script:
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.AnalysisServices")
$serverAS = New-Object Microsoft.AnalysisServices.Server
$serverAS.connect("SERVER")
$db = $serverAS.databases["ANALYSIS DB"]
$db.cubes | select name, storagemode, lastprocessed
$db.dimensions | select name, isparentchild, lastprocessed, storagemode
Foreach ($c in $db.dimensions) {$c.process("ProcessFull")}
Foreach ($c in $db.cubes) {$c.process("ProcessFull")}
You need to ignore the key errors like this:
## Set up the Error Configuration so that Key Errors are ignored
$errorConfig = New-Object `
Microsoft.AnalysisServices.ErrorConfiguration("D:\ProcessLogs\")
$errorConfig.KeyNotFound = "ReportAndContinue"
$errorConfig.KeyErrorAction = "ConvertToUnknown"
$errorConfig.KeyErrorLimit = -1
and then process with this error config parameter:
## Process the current database
$c.Process("ProcessFull", $errorConfig)
Reference and Example:
http://www.biadmin.com/2012/07/bi-admin-scripts-process-ssas-database.html
Thanks for the response. I was actually able to get around this by using SSDT and Integration Services to process Dimensions and Cubes.

Renci SSHNet not working properly

I m working on script which will let me know running status (running/stopped) of desired application on remote desktop (windows server)
my code is doing fine until I have logged in on remote desktop (using "Remote Desktop Connection").. if I close it without logging off.. it continue work fine.. but as I log off from there .. it just stop working .. here one thing I note.. even after logging off when I run command on ssh client... it gives some successful acknowledgement
I do get desired output when remote desktop connection for that server is on from any other computer in network
ALL FOWWLOWING CODE AND OUTPUT IS WHEN I LOG OFF FROM REMOTE DESKTOP CONNECTION
string runCommand = "wmic process call create "TestClient.exe";
SshCommand command = ssh.RunCommand(runCommand);
string myData = command.Result;
after this myData will have
Executing (Win32_Process)->Create()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
ProcessId = [some pid in numeric]; //when I be logged off, this field would not be there.. (case of problem)
ReturnValue = [some numeric];
};
but after doing this when I check status of test client by following code..
string rumCommand = "wmic process where "TestClient.exe" get ProcessID, ExecutablePath";
SshCommand command = ssh.RunCommand(rumCommand);
string myData = command.Result;
but there will not any running app listed in myData !!!
Connecting ssh client as per follow..
string pass = "password";
PasswordAuthenticationMethod PasswordConnection = new PasswordAuthenticationMethod("user_name", pass);
KeyboardInteractiveAuthenticationMethod KeyboardInteractive = new KeyboardInteractiveAuthenticationMethod("user_name");
ConnectionInfo connectionInfo = new ConnectionInfo(serverIP, port, "user_name", PasswordConnection, KeyboardInteractive);
SshClient ssh = new SshClient(connectionInfo);
if (!ssh.IsConnected)
ssh.Connect();
yeh, It was very simple problem to solve, but was in corner as well. As I had made test client (which I was testing whether they r running or not) running through task scheduler and forgot to tick on checkbox which suggest that it will be running even after Logoff.. checking this checkbox.. All Fine

I want to copy a file from host to guest while spinning a vm .. any pointers?

Since network is not setup on my cluster ..I figured i just copy the unxibench gzip to benchmark the vm.
But what i fail to understand is how do i copy the gzip tp vm while creating the vm ? I am using this script to create vms
server = nova.servers.create(name = vmName, image = image.id, flavor = flavor.id, nics = nics, availability_zone = availability_zone , userdata = user_data, key_name = key_pair.name )
https://kimizhang.wordpress.com/2014/03/18/how-to-inject-filemetassh-keyroot-passworduserdataconfig-drive-to-a-vm-during-nova-boot/
file injection might work
nova boot –flavor 1 –image cirros –nic
net-id=d58bbcac-1908-4cda-a9da-a13cfbbf4e77 –file
/fileinject=/root/keystonerc vm-file-inject

Access to the path is denied && Attempted to perform an unauthorised operation

I tried to create a client side named pipe program connected to server piped program but it encountered to have this problem.
"Access to the path is denied"
clientpipe = New System.IO.Pipes.NamedPipeClientStream
("192.168.1.1","soohhead",Pipes.PipeDirection.InOut, Pipes.PipeOptions.None)
clientpipe.connect()
-When I tried to modify the code as below, It will return me another error message as
"Attempted to perform an unathorized operation".
clientpipe = New System.IO.Pipes.NamedPipeClientStream
("192.168.1.1","soohhead",Pipes.PipeDirection.InOut, Pipes.PipeOptions.None)
clientpipe.connect()
ps = New PipeSecurity()
ps = clientpipe.GetAccessControl()
ps.AddAccessRule(New PipeAccessRule("NT AUTHORITY\NETWORK SERVICE",
PipeAccessRights.Write, AccessControlType.Allow))
clientpipe.SetAccessControl(ps)
In return My client pipe still unable to connect to server pipe program, Appreciate thanks to anyone's help.
I'm pulling your solution out of the question and placing it here for future assistance to other users.
Server Pipe:
ps = New System.IO.Pipes.PipeSecurity
ps.AddAccessRule(New System.IO.Pipes.PipeAccessRule("Users",
System.IO.Pipes.PipeAccessRights.FullControl, AccessControlType.Allow))
ps.AddAccessRule(New System.IO.Pipes.PipeAccessRule("CREATOR OWNER",
System.IO.Pipes.PipeAccessRights.FullControl, AccessControlType.Allow))
ps.AddAccessRule(New System.IO.Pipes.PipeAccessRule("SYSTEM",
System.IO.Pipes.PipeAccessRights.FullControl, AccessControlType.Allow))
serverpipe = New System.IO.Pipes.NamedPipeServerStream("soohhead",
Pipes.PipeDirection.InOut, 10, Pipes.PipeTransmissionMode.Message,
Pipes.PipeOptions.None, 4024, 4024, ps)
Client Pipe:
clientpipe = New System.IO.Pipes.NamedPipeClientStream
("192.168.1.1","soohhead",Pipes.PipeDirection.InOut, Pipes.PipeOptions.None)
clientpipe.connect()