Published on : Jun 22, 2012
Category : BizTalk360 Update
This articles is part of the multi-part article, please read the previous stages here
Summary: In the previous articles we explained the process of creating Windows Azure Affinity group, Virtual Networks. We created few Virtual machines that are part of the Virtual network and they can talk to each other. We also created a dedicated virtual machine that’s going to work as our AD/DNS server. In this article we will see how we can bring all the virtual machines inside the domain.
Why do we need to create AD/DNS for BizTalk infrastructure?
After our stage 1
, we created bunch of virtual machines, added to the virtual network and they are able to communicate to each other. This will be sufficient for majority of the cases, for example if you are building a web front-end and SQL backend with 2 servers. The web server can talk to the SQL server easily with SQL authentication. You only need to supply the SQL login username/password and open an endpoint for 1433 (default SQL port).
But for BizTalk server multi server installation, SQL Login is not supported. The only supported multi server configuration is by Windows Authentication to the SQL servers and also you need to setup domain level groups (BizTalk Administrator group, SSO Administrator group etc) that both BizTalk and SQL server got access to.
So, as a pre-requisite for a multi server BizTalk configuration it’s a must to have an Active Directory and DNS is required for name resolution of all the virtual machines in our network.
You need to repeat the above steps in all the virtual machines in our network (QE-BTS2 and QE-SQL2) to make sure they are all in the domain
Configure DNS server in Virtual Machine(s)
Login to one of the normal virtual machine.
- Login to the windows azure management portal, click on the virtual machines link and then select QE-BTS1.
- Click the “Connect” button at the bottom, a RDP file will be downloaded. Click on the file, enter password for the Administrator account, click “Yes” for the security warnings.
Once logged in open a command prompt and ping our active directory domain, using the command
You will receive the “Request timed out” error as shown in the below picture.
This is because our network is not able to resolve the domain URL, since we didn’t tell the virtual machine about the DNS server.
To resolve this issue, login to the active directory virtual machine QE-AD-DNS, we created in the previous stage
and get the IP address.
Now switch back to our normal virtual machine, and make sure you can ping the AD IP address
Go to the start menu, and enter “network and sharing” and click on the “Network and Sharing Center” application from the list. Then click on “Change Adapter Settings” as shown below
Follow the steps below to add the DNS IP Address
- Right click on “Local Area Connection 2” and Click properties
- Select “Internet Protocol Version 4 (TCP/IPv4)” and click properties
- Click on the “Advanced button” on the screen “Internet Protocol Version 4 (TCP/IPv4) Properties”
- Select “DNS” tab and click “Add” button
- Enter our AD IP address 10.0.0.7 and click “Add”
- Close all the windows one by one by clicking OK all the way through.
Once the above step is done, go back to the command prompt and ping the domain URL
This time the request should respond correctly as shown below
Join the Virtual Machine to Domain
Since we made all the prerequisite now, making sure the machine can talk to each other resolve their names using DNS. Adding the virtual machine is very straight forward. On the start menu, right click on Computer and select Properties.
Click on “Change Settings” link from the System properties window as shown below
Click on the Change button and enter the domain name corp.b360.com as shown below.
Click OK, it will ask for Domain username/password as shown below
Provide the domain administrator username and password and click OK. You’ll receive the welcome message as shown below
Click OK and close all windows. The system will ask you to restart the machine. Click Restart and when it comes back you can actually login using the domain credential “CORPAdministrator”