Azure Load Balancer Default Probe

I’ve had a case open with Microsoft support around load balancers in Azure, specifically around how the probes for the default probe work. There’s little information in the Azure MSDN documentation on exactly how the probes work. I did find this blog post on MSDN blogs by Kevin Williamson from 2013 that provides some details on exactly how they work, and confirmed with MS support that they do still function in this manner. In a nutshell, the default probe will perform probes against the Azure VM Agent on the server over HTTP and TCP to determine if the node is healthy or not, removing it from the LB if it does not get a successful TCP connection or HTTP 200 response. It’s disappointing that MS doesn’t provide more details on this in their Azure documentation, hopefully this is something they pull out of the blogs and add to their official MSDN docs.


Managing Jobs On SQL Server AlwaysOn Availability Groups

SQL Server AlwaysOn Availability groups are one of the best things to happen to SQL Server over the past few years, and open the door to a high availability SQL Server architecture in a virtualized environment and more flexibility in your overall HA/DR plan. One of the challenges that this presents however, is in the area of SQL Server job management. Because the two (or more) instances in an AAG are truly separate instances, you have to account for this in your SQL Server Agent job management strategy. The same jobs need to be created on all nodes in the AAG that the database could failover to and they need to account for the fact that there are multiple nodes servicing the databases. One way of accomplishing this is by wrapping your job within code to determine if the node is the primary or secondary node in the AAG.

The following code (credit to this StackExchange post) can be used in your job to determine if it’s on the primary replica, and then execute a stored procedure (or whatever you need it to do) if it is. If it’s not, it simply prints a message and exits. You’ll want to replace <AAG_Listener_Name> with the name of your AAG Listener.

-- Check to see if this is the primary replica in the AAG
IF (SELECT ars.role_desc FROM sys.dm_hadr_availability_replica_states ars
INNER JOIN sys.availability_groups ag
ON ars.group_id = ag.group_id
WHERE = '<AAG_Listener_Name>'
AND ars.is_local = 1) = 'PRIMARY'
-- This server is the primary replica
exec stored_procedure_to_execute
-- This server is not the primary replica
PRINT 'This server is not the primary replica, bypassing job execution'

There are other ways to accomplish this, but this is a simple, straightforward approach that has worked well in my experience.

Remote Desktop Session Host Certificate

I was setting up a Remote Desktop Web Access environment on Windows 2008 R2 and was getting a prompt for login to the RD Session Host, even though I was using certs the whole way through and had configured it to pass through credentials. I finally found where the missing setting was. If you pull up the RD Session Host configuration on the RD Session Host, right click RDP-TCP and select properties you’ll see an option where you can select a certificate. Note that this pulls from certificates stored in the local computer certificate store, so you’ll need to ensure it’s imported there if it’s not already. Once set, and provided you have all other SSL settings properly set up, you can use the credentials used at the Remote Desktop Web Access site to get on to your RD Session Host servers, allowing a single logon for users.

RDSH Config

RDP-TCP Properties

Southwest Airlines Powershell Checkin Script

If you’ve ever flown Southwest Airlines you know that getting checked in as soon as you can is key to not getting stuck at the end of boarding group C and ending up in a middle seat in the back of the plane. This awesome Powershell script (courtesey of Bill Grauer) allows you to set a scheduled task to automatically check in your flight for you, so you don’t have to mess with calendar reminders or forgetting it entirely.

The script takes 3 parameters: First, Last, and Conf. Schedule it to run 1 minute before your checkin time and it will loop through for a few minutes or until you’re checked in. I also updated the log location to be my Dropbox folder, allowing me to validate that the check-in was successful from my mobile device (or anywhere else with Dropbox access).

COM+ Settings Automation

Recently, while trying to automate a Citrix XenApp installation I came across an issue documented in Citrix KB CTX134504, causing the IMA service to fail to start. Adjusting the COM+ settings in this case allows IMA to start, but I don’t like clicking boxes and prefer to automate as much as possible. After some online searching, I came across this blog post from Rikard Alard that has details on how to automate COM+ settings through PowerShell. This had the code that I was looking for. The ApplicationAccessChecksEnabled value corresponds to the “Enforce access checks for this application” checkbox. A quick test and this did the trick.

$comAdmin = New-Object -comobject COMAdmin.COMAdminCatalog
$apps = $comAdmin.GetCollection("Applications")
$app = $apps | Where-Object {$_.Name -eq "CitrixLogServer"}
# Disable the Enforce access checks for this application option
$app.Value("ApplicationAccessChecksEnabled") = 0

I still need to get to the root of the issue of why it was failing in the first place, but this allowed me to get a workaround in place to keep the IMA service running.

First Post

So this is my blog. I’ll be throwing things on here of interest to me, and if you’ve found you’re way here there might be something of interest to you. Mostly tech, with some spattering of everything else thrown in.