Site Recovery protection between on-premises VMware virtual machines or physical servers and Microsoft Azure

For this post I will refer to the following Microsoft article here. I didn’t was to just regurgitate the lab, so I will refer to it and add comments where i had issues/difficulties.

This was a large lab, it took me 3-4 days in my spare time. Total Azure spend about $15 (turning servers off at night time automatically see my previous post here).

What servers are required for this lab? Refer here

The only servers that I used were in my lab were the following (all servers were in Azure)

Component My Server Name
Configuration Server ConfigSvr1
Master Target Server WinMasterTarget
Process Server OP-Proc-Svr
Source Server OP-Source-Svr

I did not require domain membership for this lab.

Before you start refer to these requirements here.

Step 1: The first step was to create a vault as outlined here.


Step 2: Deploy the configuration server as outlined here.

Please note that the following VPN selection cannot be changed once set, so choose wisely.


When you come to step 10 of Registering the configuration server in the vault, DO NOT just click ok on the dialog box without recording the Configuration Server Connection Passphrase.


When I went to add an account to Site Recovery I successfully used the following credential format as I had not added my machines to a domain.    .\aaron.whittaker

Manage accounts

Step 3: Deploy the master target server as outlined here with a Windows operating system. You are forced to use certain size virtual machines. My plan was to turn them off and change to smaller machines (to save money) for my lab, but as yet I have not tested this.


Here I used a private IP address as this was all within my Azure network.


Step 4: Deploy an on-premise process server here.

I selected no to protecting VMWare virtual Machines.

Register configuration server

I initially configured my On Premise process server to use a public IP address, but as all my lab was within Azure, this would not work, so later I changed this setting to an internal IP address.


I ignored the message regarding disk space as this will use compression and defragmentation.


Step 5: I downloaded and installed the latest updates here.

Step 6: My on-premise servers were treated as physicals so skipped the step to add vCenter/ESXi hosts here.  My on-premise servers were actually in Azure as I did not have an on-premise lab to use.

Step 7: I created a protection group here.


Step 8: I installed the mobility service on the Virtual Machine that I wanted to protect here.

Step 9: I Set up the machines that I wanted to protect (OP-Source-Svr) here.

Initially I used public IP addresses (below) before switching to internal (see diagnosing suggestions below).

13 14 15  16

When I attempted to enable protection here, it took me a few goes to get it to work.

Try the following if this fails: Disable all firewalls, check the public ports endpoints on the incoming servers in Azure, check the user account, check the ip addresses and the ports that you have used within your lab and the also within the Host Agent Config, if you are using a VPN, or a lab all in Azure instead of using the public ip address you can use the private ip addresses. This is how I got my lab to work.


The server then syncronised automatically (1 hour for a 127 gig vanilla server).


After my first syncronisation occured then I made some configuration settings. By default the replicated virtual machines in Azure aren’t connected to an Azure network. I went ahead and set my Virtual Machine to my Azure network.


Step 10: Create a recover plan and perform a failover here.

21 22

I selected failover.


Here you can check the progress of the job.


From here your new server should show up in Azure with the same name that you originally gave it. Go to Cloud Services to confirm it has worked correctly. You shall see a new cloud service.


The server should also be on the network that you assigned. The name remains the same, DHCP will most likely issue a different IP address to your IP address that you have assigned. As always, recovery from failure or failover is only half the battle, how will existing machines still on premise know that your machine has recovered and is now in a new location with a new IP address? Much planning needs to go into a recovery plan and this will be external to the work shown here in this blog.

My thoughts: Azure Site recovery is great if you recover an entire site or service at once into Azure, if all machines refer to hostnames. Perhaps you could add a host file that is commented out, after the recovery enable the host file until you sort out DNS. Or perhaps you can use Site Recovery to migrate to Azure as a long term plan, when you decommission hardware. Only add complementing machines to the same recovery plan, for example, a financial system and a financial database running on SQL. Here is a great time to remind you to please remember to check your Microsoft licensing mobility restrictions before you start any work (eg. SharePoint and Biztalk).

The steps to fail back from Azure to original Datacenter are here, but if you are at this point with a production workload running on Azure I suggest you contact a Microsoft partner or your friendly Microsoft account manager to discuss your options.

I would appreciate any feedback/suggestions on this article.

profile pic

Aaron @aaronw2003

RIP Microsoft Windows 2003- what now?

Are you still running Windows 2003 workloads? What can you do to remain compliant?

Microsoft has a partner program called COSN (Cloud OS Network). What is it? Accredited partners are able to host these workload within a Hybrid deployment (part VMM, Hyper-V and Azure). The long term vision is for these customers to migrate to newer operating systems.

RIP Windows 2003

To learn more about which partners support hosting Windows 2003 workloads please visit this Microsoft site here.

I will post in the coming weeks webinars outlining customers options.

Aaron Whittaker @aaronw2003

The Microsoft Fire Hose

Last year Microsoft Spent $10.4 Billion in Research and Development, and was ranked 4th in The World.  The cadence of product updates and releases is phenomenal.  As someone who works with a variety of Microsoft technologies, recently I was asked how do I handle the Microsoft Fire Hose? Coincidently Microsoft has a website called The Fire Hose. The purpose of the Fire Hose blog is to inform industry professionals about the latest developments all across Microsoft. The Microsoft Fire Hose summarises leverages the great content from the vast number of company blogs by curating and linking to the best content of the day. This results in short, iterative posts combined with a mix of solid, in-depth articles. The Microsoft Fire Hose is the summary of all blogs.

What other Microsoft blogs are out there, and where does all of this content coming from?  Below is a summarised list, (not the entire list).  Please remember that some products/topics have a dedicated blog in addition to a MSDN blog:

Blog Purpose
MSDN Blog A similar summary to the Fire Hose, citing many blogs.  It has a forum and it also shows the trusted contributor skills (Contributor Points). It has many sub blogs for different products.
Next at Microsoft Provides an insider’s view of Microsoft with a focus on the latest technology and where it’s used inside and outside the company. This blog shows the public who Microsoft is, what they do, how they work, and what’s coming next.
Premier Field Engineer Blog This is great for reading articles from Microsoft staff within the trenches.
Office 365 Blog All things Office 365. There are also more specific blogs such as SharePoint and Excel.
Azure Blog All topics from the wide range to features within Azure.
Microsoft Security Response Center (MSRC) Security related content.
Microsoft on the Issues Gives Microsoft’s perspective on the latest public policy and citizenship news in the tech industry. Other topics include cyber security, online safety and privacy.
Ben Armstrong’s Virtualization Blog Ben is originally from Brisbane and now resides in Seattle. He is the Hyper-V program manager so this is a great blog.
Azure Active Directory Team Blog Alex Simons is the Azure AD Program director and this is all things Azure AD related.
Surface blog All things Surface related.
The Microsoft Dynamics CRM Team Blog All things on Dynamics CRM.
The Microsoft MVP Award Program Blog This blog has a wide variety of content from industry experts (public).
The Official Microsoft Blog Covers and adds context to top-level news from the company.
ScottGu’s Blog Scott has an engineering background and is the executive vice president of the Microsoft Cloud and Enterprise group. He posts lots of Azure related news.
All about Microsoft


This is not an official Microsoft site yet internal Microsoft staff often refer or first read announcements on this site. Microsoft watcher Mary Jo Foley‘s blog covers the products, people and strategies that make Microsoft tick.

That is a lot, and we only scratched the surface. Other blogs for example include Development, Nokia and Storage related (DR, Site Recovery, StorSimple). Most of the blogs now include a Twitter feed by default for updates and some have Facebook sites for social content. Azure Weekly is also a very helpful summary of all things Azure for the week via twitter.

Each of the Microsoft blogs is designed to serve different facets and Microsoft believes The Fire Hose can help in the overarching mission to tell Microsoft’s story to the world. The Fire Hose website has the ability to filter by only technologies you are interested in (at the top). On the right hand side there are two sections Featured Posts, and Popular Posts which may also be of interest. How do you drink from The Microsoft Fire Hose?

profile pic

Aaron Whittaker @aaronw2003

A new Microsoft Office 365 plan E5 is on the way

A new plan E5 is on the way, see here

 says E5 will include the following features “Cloud PBX and Meeting Broadcast; new analytics features, like Power BI Pro and Delve Organizational Analytics; and new advanced security features, such as eDiscovery, Customer Lockbox, Data Loss Protection and Safe Attachments.”

Aaron @aaronw2003