none
Join a web app to a VPN in Azure through PowerShell script RRS feed

  • Question

  • Hello, did anyone try to join a web app into a VPN in Azure through a Point to site connection through PowerShell Scripts? Given that the apps and the VPN are already there and created, how can you establish the Point to site connection through PowerShell?

    Both the web app and the VPN live in the same subscription.


    Ahmed IG

    Sunday, January 24, 2016 11:19 PM

Answers

  • Hello,

    Took me a while, but here goes.

    First you need an existing VNet with P2S configured as per my post at http://www.techdiction.com/2016/01/12/creating-a-point-to-site-vpn-connection-on-an-azure-resource-manager-virtual-network/

    Then use the below PowerShell to connect the AppService to the VNet using P2S VPN:

    $subscription_id = "<Subscription_ID>"
    $NetworkName = "<Network_Name>"
    $location = "<Region>"
    $netrgname = "<Resource_Group_VNet_is_in>"
    $AppServiceName = "<AppService_Name>"
     $props = @{
          "vnetResourceId" = "/subscriptions/$subscription_id/resourcegroups/$netrgname/providers/Microsoft.ClassicNetwork/virtualNetworks/$NetworkName";
          "certThumbprint"= "<Client_cert_thumbprint>";
          "certBlob"= "<Base64_Cert_Data>";
          "routes" = $null;
          }
    
    New-AzureRMResource -ResourceName "$AppServiceName/$AppServiceName-to-$NetworkName" -Location $location  -ResourceGroupName MarcusWebsites -ResourceType Microsoft.Web/sites/virtualNetworkConnections -PropertyObject $props -ApiVersion "2015-08-01" -force 
    
    
    
    You can configure custom routes if you require by modifying the routes property. Let me know how you get on and if it resolves the situation please mark this post as the answer.

    Marcus

    Thursday, February 4, 2016 7:28 AM
    Moderator

All replies

  • Hi Ahmed,

    Is this creating a P2S VNET connection for a Classic Deployment or an ARM deployment?
    You could refer the following link for assistance with creating a P2S connection using PowerShell for your Resource Manager Deployment:
    https://azure.microsoft.com/en-in/documentation/articles/vpn-gateway-howto-point-to-site-rm-ps/

    For a classic deployment you could check if the following link helps:
    http://stackoverflow.com/questions/32835374/how-to-connect-azure-webapp-to-an-existing-vnet-using-powershell

    Regards,
    Malar.

    Monday, January 25, 2016 9:51 AM
  • Hello @Nagamalar,

    The Resource manager deployment link that you provided me is about creating a V2 VNet which is not suitable for a web app to connect to it even manually through the portal. Only classic VNets are supported until the moment.

    For the classic link, I cant find any example joining a web app to a VNet. The answer provided there is only about creating the VNet as well.

    Thanks for your help!


    Ahmed IG


    Monday, January 25, 2016 12:44 PM
  • So here is the code that am using to create the P2C connection, and am getting the error below.
    $vnet = New-AzureRmResource -Name "$($Configuration.WebAppName)/$($Configuration.VnetName)" -ResourceGroupName $Configuration.WebAppResourceGroup -ResourceType "Microsoft.Web/sites/virtualNetworkConnections" 
                -PropertyObject @{"VnetResourceId" = "/subscriptions/$($Configuration.VnetSubscriptionId)/resourceGroups/$($Configuration.VnetResourceGroup)/providers/Microsoft.ClassicNetwork/virtualNetworks/$($Configuration.VnetName)"} 
                -Location $Configuration.WebAppLocation -ApiVersion 2014-04-01
    


    Am getting this error:

    [DBG]: PS C:\Windows\system32>>

    New-AzureRmResource :

    At **************************************************************************************:148 char:13

    +     $vnet = New-AzureRmResource -Name "$($Configuration.WebAppName)/$ ...

    +             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        + CategoryInfo          : CloseError: (:) [New-AzureRmResource], ErrorResponseMessageException

        + FullyQualifiedErrorId : BadGateway,Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceCmdlet


    Ahmed IG

    Thursday, February 4, 2016 1:06 AM
  • Hello,

    Took me a while, but here goes.

    First you need an existing VNet with P2S configured as per my post at http://www.techdiction.com/2016/01/12/creating-a-point-to-site-vpn-connection-on-an-azure-resource-manager-virtual-network/

    Then use the below PowerShell to connect the AppService to the VNet using P2S VPN:

    $subscription_id = "<Subscription_ID>"
    $NetworkName = "<Network_Name>"
    $location = "<Region>"
    $netrgname = "<Resource_Group_VNet_is_in>"
    $AppServiceName = "<AppService_Name>"
     $props = @{
          "vnetResourceId" = "/subscriptions/$subscription_id/resourcegroups/$netrgname/providers/Microsoft.ClassicNetwork/virtualNetworks/$NetworkName";
          "certThumbprint"= "<Client_cert_thumbprint>";
          "certBlob"= "<Base64_Cert_Data>";
          "routes" = $null;
          }
    
    New-AzureRMResource -ResourceName "$AppServiceName/$AppServiceName-to-$NetworkName" -Location $location  -ResourceGroupName MarcusWebsites -ResourceType Microsoft.Web/sites/virtualNetworkConnections -PropertyObject $props -ApiVersion "2015-08-01" -force 
    
    
    
    You can configure custom routes if you require by modifying the routes property. Let me know how you get on and if it resolves the situation please mark this post as the answer.

    Marcus

    Thursday, February 4, 2016 7:28 AM
    Moderator
  • Hello Marcus,

    Am getting the below error:

    [DBG]: PS C:\Windows\system32>> 
    New-AzureRMResource : A task was canceled.
    At C:\Create-WebAppInVPN.ps1:173 char:5
    +     New-AzureRMResource -ResourceName "$AppServiceName/$AppServiceNam ...
    +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : CloseError: (:) [New-AzureRmResource], TaskCanceledException
        + FullyQualifiedErrorId : A task was canceled.,Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceCmdlet

    Here is my props variable:

    $props
    
    Name                           Value                                                                                                                                                                         
    ----                           -----                                                                                                                                                                         
    certThumbprint                 9***********************85A61A3FAC                                                                                                                                      
    vnetResourceId                 /subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourcegroups/MyResourceGroup/providers/Microsoft.ClassicNetwork/virtualNetworks/ClassicVNet                        
    certBlob                       -----BEGIN CERTIFICATE-----...                                                                                                                                                
    routes                                                                               

    Here is the website's properties:

    SiteName                  : MyWebAppDemoByBlog
    State                     : Running
    HostNames                 : {mywebappdemobyblog.azurewebsites.net}
    RepositorySiteName        : MyWebAppDemoByBlog
    UsageState                : Normal
    Enabled                   : True
    EnabledHostNames          : {mywebappdemobyblog.azurewebsites.net, mywebappdemobyblog.scm.azurewebsites.net}
    AvailabilityState         : Normal
    HostNameSslStates         : {mywebappdemobyblog.azurewebsites.net, mywebappdemobyblog.scm.azurewebsites.net}
    ServerFarmId              : /subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourceGroups/MyResourceGroup/providers/Microsoft.Web/serverfarms/MyWebAppDemoByBlogServicePlan
    LastModifiedTimeUtc       : 8/02/2016 3:52:21 AM
    SiteConfig                : Microsoft.Azure.Management.WebSites.Models.SiteConfig
    TrafficManagerHostNames   : 
    PremiumAppDeployed        : 
    ScmSiteAlsoStopped        : False
    TargetSwapSlot            : 
    HostingEnvironmentProfile : 
    MicroService              : WebSites
    GatewaySiteName           : 
    ClientAffinityEnabled     : True
    ClientCertEnabled         : False
    HostNamesDisabled         : False
    OutboundIpAddresses       : <some ips="">
    CloningInfo               : 
    Id                        : /subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourceGroups/MyResourceGroup/providers/Microsoft.Web/sites/MyWebAppDemoByBlog
    Name                      : MyWebAppDemoByBlog
    Location                  : australiaeast
    Type                      : Microsoft.Web/sites
    Tags                      : </some>


    Ahmed IG

    Monday, February 8, 2016 3:59 AM
  • Hello,

    Without seeing all your input variable it is hard to see what is wrong. For the certificate just enter the data, between the begin and end markers.

    If you want to email me you input variables you can to marrobi at Microsoft.com

    Thanks,

    Marcus

    Monday, February 8, 2016 7:35 PM
    Moderator
  • Hello,

    Without seeing all your input variable it is hard to see what is wrong. For the certificate just enter the data, between the begin and end markers.

    If you want to email me you input variables you can to marrobi at Microsoft.com

    Thanks,

    Marcus

    Thanks Marcus for your answer. It worked pretty good.

    So my mistake that I described that I didnt remove the Begin Certificate and End Certificate headers in the certificate blob.

    Many thanks for your generous help Marcus, much appreciated.



    Ahmed IG

    Wednesday, February 10, 2016 11:42 PM
  • In case folks are interested we have a doc that gives how to information for both V1 and V2 VNET Integration. 

    https://azure.microsoft.com/en-us/documentation/articles/app-service-vnet-integration-powershell/

    Tuesday, April 12, 2016 12:34 AM