I'm trying to configure Azure Pack to use Service Bus for Windows Server 1.1 with Custom DNS. All runs on one virtual machine (Windows Server 2012 R2) in Windows Azure.
I following this post:
http://roysvork.wordpress.com/2014/06/14/developing-against-service-bus-for-windows-1-1/
Replace FramDNS "servicebus" to "mymachine.cloudapp.net", and create certificate:
SelfSSL /N:CN=mymachine.cloudapp.net /V:1000 /T
On Windows Azure Virtual Machine:
SelfSSL /N:CN=mymachine.cloudapp.net /V:1000 /T
PowerShell:
Stop-SBFarm –Verbose
Set-SBFarm -FarmDns 'mymachine.cloudapp.net'
Update-SBHost –Verbose
Start-SBFarm –Verbose
New-SBAuthorizationRule -NamespaceName ServiceBusDefaultNamespace -Name MainRule -Rights Manage, Send, Listen
Afther that i can connect to my ServiceBusDefaultNamespace with SAS:
const string sharedAccessKeyName = "MainRule";
const string sharedAccessKey = "<key>";
var sasTokenProvider = TokenProvider.CreateSharedAccessSignatureTokenProvider(sharedAccessKeyName, sharedAccessKey);
string token = sasTokenProvider.GetWebTokenAsync("https://mymachine.cloudapp.net:10355/ServiceBusDefaultNamespace","NotUsedWithSAS", false, TimeSpan.FromSeconds(15)).Result;
var existingTokenProvider = TokenProvider.CreateSharedAccessSignatureTokenProvider(token);
var namespaceManger = new NamespaceManager("https://mymachine.cloudapp.net:10355/ServiceBusDefaultNamespace", existingTokenProvider);
var result = namespaceManger.TopicExists("DefaultTopic");
It's work perfect. But, When I try to create Service Bus Namespace from Azure Pack Tenant portal - in Log an Exception:
Namespace Provisioning Exception. TrackingId: . SystemId: . Namespace: SomeNamespace. Method: Activating. Exception: System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
And status of namespace - Activating.
Please help!
I found the Solution and wrote post about Configure Service Bus for Windows Server On-Premise with Custom DNS, 'Black Jack' & etc. Post in Russian language, but many screenshots and code/script samples included:
http://habrahabr.ru/post/254059/
Description:
It is difficult to answer briefly, without explain full configuration process.
Basically, problem in Certificates:
On VM with Service Bus:
1) Generate access certificate with Command Line Utility makecert.exe:
(C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin)
makecert.exe -r -pe -n "CN=hello-habr-sb.cloudapp.net, CN=hello-habr-sb" -e 11/11/2022 -eku 1.3.6.1.5.5.7.3.2 -ss My -sr "LocalMachine" -sky Exchange -a sha256 -sy 24 -len 2048 "hello-habr-sb.cloudapp.net.cer"
Import it on Server an Client to Certificates – Local Computer (Trusted Root CA).
2) Change DNS with PowerShell:
Get-SBFarm
Stop-SBFarm –Verbose
Set-SBFarm -FarmDns 'hello-habr-sb.cloudapp.net'
Update-SBHost –Verbose
Start-SBFarm –Verbose
3) Set SAS-Key with PowerShell:
New-SBAuthorizationRule -NamespaceName ServiceBusDefaultNamespace -Name MainRule -Rights Manage, Send, Listen
Output looks like this:
KeyName : MainRule
PrimaryKey : ylF6GWmH6rlZg1ekQMQrLQnht4kwVFWHAfyB8HkrZvM=
SecondaryKey : ZYBpdiCYgZNfwOC37x6DEDLxhv+qan6CJZT0vG3GvTk=
Rights : {Manage, Send, Listen}
CreatedTime : 3/22/2015 12:53:23 AM
ModifiedTime : 3/22/2015 12:53:23 AM
ConnectionString : Endpoint=sb://hello-habr-sb.cloudapp.net/ServiceBusDefaultNamespace;
StsEndpoint=https://hello-habr-sb.cloudapp.net:10355/ServiceBusDefaultNamespace;
RuntimePort=10354;
ManagementPort=10355;
SharedAccessKeyName=MainRule;
SharedAccessKey=ylF6GWmH6rlZg1ekQMQrLQnht4kwVFWHAfyB8HkrZvM=
4) Add link to hosts:
(C:\Windows\System32\drivers\etc)
127.0.0.1 hello-habr-sb.cloudapp.net
On VM with Azure Pack:
1) Generate certificate with Command Line Utilities makecert.exe и pvk2pfx.exe:
(C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin)
For Server:
makecert -r -pe -n "CN=WAP Portals" -ss CA -a sha1 -sky signature -cy authority -sv WAPPortals.pvk WAPPortals.cer
makecert -pe -n "CN=hello-habr-wap.cloudapp.net" -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -ic WAPPortals.cer -iv WAPPortals.pvk -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -sv WAPLocalServer.pvk WAPLocalServer.cer
pvk2pfx -pvk WAPLocalServer.pvk -spc WAPLocalServer.cer -pfx WAPLocalServer.pfx
For Client:
makecert -pe -n "CN=WAPMainDeveloper" -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.2 -ic WAPPortals.cer -iv WAPPortals.pvk -sv WAPClient.pvk WAPClient.cer
pvk2pfx -pvk WAPClient.pvk -spc WAPClient.cer -pfx WAPClient.pfx -po HelloHabr2015
2) Import WAPPortals.cer in Certificates – Local Computer (Trusted Root CA) on server.
3) Import WAPClient.pfx on server and clients in Certificates – Local Computer and Current User (Personal).
4) Add link to hosts:
(C:\Windows\System32\drivers\etc)
127.0.0.1 hello-habr-wap.cloudapp.net
5) Change FQDN site names for Azure Pack management sites with PowerShell (as Administrator):
TenantSite:
Import-Module -Name MgmtSvcConfig
Set-MgmtSvcFqdn -Namespace "TenantSite" -FullyQualifiedDomainName "hello-habr-wap.cloudapp.net" -Port 30081 -Server "hello-habr-wap\SQLEXPRESS"
Set-MgmtSvcFqdn -Namespace "AuthSite" -FullyQualifiedDomainName "hello-habr-wap.cloudapp.net" -Port 30071 -Server "hello-habr-wap\SQLEXPRESS"
Set-MgmtSvcRelyingPartySettings -Target Tenant -MetadataEndpoint "https://hello-habr-wap.cloudapp.net:30071/FederationMetadata/2007-06/FederationMetadata.xml" -ConnectionString "Data Source=hello-habr-wap\SQLEXPRESS;User ID=sa;Password=HelloHabr2015" –DisableCertificateValidation
Set-MgmtSvcIdentityProviderSettings -Target Membership -MetadataEndpoint "https://hello-habr-wap.cloudapp.net:30081/FederationMetadata/2007-06/FederationMetadata.xml" -ConnectionString "Data Source=hello-habr-wap\SQLEXPRESS;User ID=sa;Password=HelloHabr2015" –DisableCertificateValidation
AdminSite:
Import-Module -Name MgmtSvcConfig
Set-MgmtSvcFqdn -Namespace "AdminSite" -FullyQualifiedDomainName "hello-habr-wap.cloudapp.net" -Port 30091 -Server "hello-habr-wap\SQLEXPRESS"
Set-MgmtSvcFqdn -Namespace "WindowsAuthSite" -FullyQualifiedDomainName "hello-habr-wap.cloudapp.net" -Port 30072 -Server "hello-habr-wap\SQLEXPRESS"
Set-MgmtSvcRelyingPartySettings -Target Admin -MetadataEndpoint "https://hello-habr-wap.cloudapp.net:30072/FederationMetadata/2007-06/FederationMetadata.xml" -ConnectionString "Data Source=hello-habr-wap\SQLEXPRESS;User ID=sa;Password=HelloHabr2015" –DisableCertificateValidation
Set-MgmtSvcIdentityProviderSettings -Target Windows -MetadataEndpoint "https://hello-habr-wap.cloudapp.net:30091/FederationMetadata/2007-06/FederationMetadata.xml" -ConnectionString "Data Source=hello-habr-wap\SQLEXPRESS;User ID=sa;Password=HelloHabr2015" –DisableCertificateValidation
6) Do other stuff:
change bindings in IIS;
select hello-habr-wap.cloudapp.net certificate for WAP Portals;
check Require SSL on IIS;
Finally all works on 3 VMs:
DataBase
https://hello-habr-db.cloudapp.net:1433 - MSSQL Server
Service Bus for Windows Server
https://hello-habr-sb.cloudapp.net:10355 - HttpPort (ManagementPort)
https://hello-habr-sb.cloudapp.net:10354 - TcpPort (RuntimePort)
Azure Pack for Windows Server
https://hello-habr-wap.cloudapp.net:30081 - TenantSite
https://hello-habr-wap.cloudapp.net:30091 - AdminSite
Hope this helps! If you have some mistakes - read my post (disclose sections spoilers):
http://habrahabr.ru/post/254059/
"Настройка виртуальной машины с базой данных"
"Настройка виртуальной машины с Service Bus for Windows Server"
"Настройка виртуальной машины с Azure Pack"
"Проверка работы Service Bus"