Install Azure Web App Extension using PowerShell

Our company has been using Cloud Services (classic) for some time now and I was tasked with migrating our application to Azure Web Apps. Our company used a MSI to install the New Relic agent as part of the Cloud Services startup. When we switched to Web Apps, I setup our Azure Web Apps to install the New Relic extension. What I did not know at the time was the fact that when you create a staging slot using the PowerShell command New-AzWebAppSlot, extensions are not carried over.

I had to devise a way for our deployment process to be able to create a new staging slot and still be able to install New Relic before swapping slots. Turns out, this is not documented very well by Microsoft or anyone really at the time of writing this.

Below are the methods I use to install new relic (or any extension) on an Azure Web app. If you are trying to install New Relic – the extension name is “NewRelic.Azure.WebSites.Extension”. If you are looking for the name of another extension, I have provided instructions on how to get that name below.

New-AzResource -ResourceType "Microsoft.Web/sites/siteextensions" -ResourceGroupName RGNAME -ResourceName "WEBAPPNAME/EXTENSIONNAME" -ApiVersion '2018-02-01' -Force

If you are trying to install the extension on a slot (such as a staging slot), use this command. I could not find a way to deploy to the production slot/staging slot using the same command. If you can find a way, please let me know in the comment section!

New-AzResource -ResourceType "Microsoft.Web/sites/slots/siteextensions" -ResourceGroupName RGNAME -ResourceName "WEBAPPNAME/SLOTNAME/EXTENSIONNAME" -ApiVersion '2018-02-01' -Force

Find extension name

To find the extension name, we will use Kudo to get that!

  1. Open the Azure Portal and navigate to your Web App
  2. In the sidebar, click Advanced Tools and click Go. This should open a new Tab to the Kudo interface.
  3. You should see a heading called REST API. Under there, you will find Site Extensions: installed | feed
  4. If you have the app installed on this web ap, you can click installed and you will see the information for just what you have installed. If you do not have it installed, you can click feed and see all the installable extensions that the Azure Portal lets you install.
  5. You should now see JSON data for the extensions. Find your extension and look for its id. The ID is what you need to put into the above PowerShell command (without the extra quotes.

Resources for Learning Azure from the Beginning

I can remember back when I first signed into the Azure portal. It was very overwhelming. I didn’t know where to click to even begin. Azure has changed a lot since then and still takes a lot of patience to learn, but once you get started it just kind of clicks.

When you’re starting to learn azure, one of the most important things is to have some great resources to use to get started! Having the right learning materials when you first sign into Azure can make a huge difference in your experience.

As tempting as it is to start learning the really fun stuff like AI, Cognitive services, Machine Learning, and other Azure services, you probably should start with learning the slightly more boring stuff first – Azure Infrastructure as a Service. These are things like Azure Networking, Azure Virtual Machines, and Azure Storage. Once you have these things down, you will have a much better understanding of the Azure basics. You will understand how Azure pieces things together and breaks things apart.

Below I am going to list some great resources for learning the very basics of Azure.

  • MoreAbout.Tech – Obviously this site in the Azure category would be my first stop 🙂
  • Pluralsight – Azure Fundamentals – If you haven’t heard of it, Pluralsight is a GREAT place to learn. It does cost some upfront, but they do usually offer a free trial. They have MANY courses on Azure and even courses specific to different sections of Azure. I would recommend starting with their Azure Fundamentals course.
  • Microsoft Learn – Azure Fundamentals – This is where I would recommend starting. Its a link to a certification test, but if you scroll down to Ways to prepare and click Self-paced, Microsoft links to several great learning paths where you can get started. It also even gives you a free lab environment. You can spin up resources and it doesn’t cost you anything at all! And at the end you can even try for the certification exam. The test was super easy, back when I took it, it was more on the theories of cloud computing rather than the specifics of Azure.
  • Azure Documentation – although not the best place to start with, this is by far one of the best places to learn once you understand the basics.
  • Azure for Student – If you can prove you are a student at a school or college, you can get free Azure credit and some of their most popular services for free. I would definitely sign up for this if you qualify!
  • Hands on experience is best! There are several ways to get hands on experience:
    • Use Microsoft Learn modules that offer a lab experience. These are free!
    • If you company has a MSDN license available, ask for one. This gives you $50 for free every month!
    • If your a student, you can get free credit
    • Ask you company if they use Azure. If so, ask for a walk around in Azure. Not only will this get you experience, but it will get you in with the Azure people. You could ask for some side duties if your company is open to cross training.
  • Azure Master Class on YouTube – a FREE YouTube playlist for an Azure masterclass

How to Join a Windows 11 Computer to an Active Directory Domain

If you want to manage your Windows 11 devices centrally and apply security policies, group policies, and other settings, you need to join them to an Active Directory domain. In this blog post, I will show you how to join a Windows 11 computer to an on-premises Active Directory domain using different methods.

Requirements and Preparations

Before you join your Windows 11 computer to a domain, you need to meet some basic requirements and make some preparations:

  • Your computer must have a Pro, Education, Pro for Workstations, or Enterprise edition of Windows 11. Home editions do not support domain join. However, you can purchase a Home to Pro upgrade license.
  • Your computer must be connected to a local network and be able to access at least one domain controller. You can check the network connectivity and DNS settings of your computer by using the ipconfig /all command in PowerShell or Command Prompt.
  • Your computer must be able to resolve the domain name and ping the domain controller. For example, if your domain name is woshub.loc, you can use the command ping woshub.loc to test the name resolution and network connectivity.
  • Your computer’s local time must be within five minutes of the domain controller’s time. This is required for Kerberos authentication. You can check the time settings of your computer by using the Get-Date command in PowerShell or the date and time commands in Command Prompt.
  • Your computer must have a unique and meaningful name that will be used in the domain. You can change the computer name by using the classic Control Panel (sysdm.cpl) or PowerShell (Rename-Computer -NewName "wks-tst1"). You need to restart your computer after changing the name.
  • You must have a user account with delegated administrative permissions to join computers to the domain. This can be a regular user account (by default, any domain user can join up to 10 devices) or a privileged domain administrator account.

Joining Windows 11 to a Domain Using System Properties

The classic way of joining a Windows computer to a domain is by using the System Properties dialog box. Here are the steps:

  1. Open Control Panel and click on System and Security > System.
  2. Click on Change settings under Computer name, domain, and workgroup settings.
  3. Click on Change under To rename this computer or change its domain or workgroup, click Change.
  4. Select Domain under Member of and enter your domain name (e.g., woshub.loc).
  5. Click OK and enter your user name and password when prompted.
  6. Click OK again when you see the message Welcome to the woshub.loc domain.
  7. Restart your computer.

Joining Windows 11 to a Domain Using Settings App

Another way of joining a Windows 11 computer to a domain is by using the Settings app. Here are the steps:

  1. Open Settings and click on Accounts > Access work or school > Connect.
  2. Click on Join this device to a local Active Directory domain under Advanced options.
  3. Enter your domain name (e.g., woshub.loc) and click Next.
  4. Enter your user name and password when prompted and click OK.
  5. Click Next when you see the message Welcome to the woshub.loc domain.
  6. Restart your computer.

Joining Windows 11 to a Domain Using PowerShell

You can also join a Windows 11 computer to a domain using PowerShell commands. Here are the steps:

  1. Open PowerShell as an administrator.
  2. Use the Add-Computer cmdlet to join your computer to the domain. For example:
Add-Computer -DomainName "woshub.loc" -Credential "woshub\administrator" -Restart

This command will prompt you for the password of the administrator account and then join your computer to the woshub.loc domain and restart it.

  1. Alternatively, you can use the Join-Domain cmdlet from the ActiveDirectory module (you need to install it first by using Install-WindowsFeature RSAT-AD-PowerShell). For example:
Join-Domain -Name "woshub.loc" -Credential "woshub\administrator" -Restart

This command will do the same thing as the previous one.

Applying User GPO Settings to a Computer

Today, I wanted to apply some Group Policy settings to users who login to certain computers in an OU. More specifically, I wanted to create a Scheduled Task for users who log into servers. I have found in my research that this is technically called Loopback Processing of Group Policy. Using this feature of Group Policies, you can apply a User based GPO to users who log into applied computers.

The first thing I did was build out my Group Policy like I wanted, just like a normal GPO. I created some Scheduled Tasks that would run as the user and would be created when they login.

Next, I turned on the setting that applied the GPO to Users as well. Navigate to Computer Configuration – Policies – Administrative Templates – System – Group Policy.

Screenshot of Group Policy GPO folder filtered

From within there, you will find the policy labeled: Configure user Group Policy loopback processing mode. Set that setting to enabled. Below is the Help Section of the group policy setting. Here is a link to the related Microsoft article. You may want to do more research before you turn this setting on, as I only tested it in my Home Lab. It could have more far-reaching changes that I am unaware of.

A screenshot of the GPO item Configure user Group Policy loopback processing mode

This policy setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this setting. It is intended for special-use computers, such as those in public places, laboratories, and classrooms, where you must modify the user setting based on the computer that is being used.

By default, the user’s Group Policy Objects determine which user settings apply. If this setting is enabled, then, when a user logs on to this computer, the computer’s Group Policy Objects determine which set of Group Policy Objects applies.

If you enable this setting, you can select one of the following modes from the Mode box:

“Replace” indicates that the user settings defined in the computer’s Group Policy Objects replace the user settings normally applied to the user.

“Merge” indicates that the user settings defined in the computer’s Group Policy Objects and the user settings normally applied to the user are combined. If the settings conflict, the user settings in the computer’s Group Policy Objects take precedence over the user’s normal settings.

If you disable this setting or do not configure it, the user’s Group Policy Objects determines which user settings apply.

Note: This setting is effective only when both the computer account and the user account are in at least Windows 2000 domains.

ADFS WID Error: An exception occurred while enqueueing a message in the target queue

An exception occurred while enqueueing a message in the target queue. Error: 15517, State: 1. Cannot execute as the database principal because the principal "dbo" does not exist, this type of principal cannot be impersonated, or you do not have permission.

I had to do some troubleshooting on our ADFS (Active Directory Federation Service) servers today and I noticed the Event Viewer was completely full of hundreds of these messages every minute:

An exception occurred while enqueueing a message in the target queue. Error: 15517, State: 1. Cannot execute as the database principal because the principal “dbo” does not exist, this type of principal cannot be impersonated, or you do not have permission.

There was so many of these messages, I couldn’t see anything else and it was taking too long to filter. So I did a little bit of research on this and with my SQL DBA background, I was able to figure it out. My knowledge of ADFS is limited and this fix worked in our environment but every environment is different, so make sure it will work in your environment too before following this!

The issue is the fact that when ADFS tries to connect to the WID (Windows Internal Database) for ADFS, the user is tied to DBO for the DB. But when the DB Owner is no longer valid, you will get the impersonation error and will no longer be able to connect. Most likely (this is just my assumption for my environment) ADFS was setup a long time ago by a different user that no longer exists. Which then invalidated the owner of the DB. All that needs to be done is change the DB ownership – instantly without a reboot or service restart, it resolved the error messages in my environment and had to be done to each ADFS server.

Many other sites says to install the full SSMS, but this can require reboots and no updates pending, etc. That is actually not necessary if you use PowerShell. If you dont already have it installed for one reason or another, install PowerShell SQL commands:

Run PowerShell ISE (PowerShell will work, I just prefer ISE) AS ADMINISTRATOR. Run this command (be sure its cool with your security team you install this or follow any steps below):

Install-Module sqlserver

After installing the SQLserver module, if you want, you can verify if this is the issue by using the below command.

Invoke-SQLcmd -ServerInstance "np:\.\pipe\MICROSOFT##WID\tsql\query" -Query "select name,owner_sid from sys.databases"

After running the command, if SA does own the DBs (meaning this is NOT your issue) you should see all {1, 0, 0, 0…} in the owner_sid rows. If you see something other than {1, 0, 0, 0…} in all columns like the screenshot below, then you COULD be effected by this (its possible the owner is still a valid user)

To change the owner of the DBs, runs these two commands.

Invoke-SQLcmd -ServerInstance "np:\\.\pipe\MICROSOFT##WID\tsql\query" -Query "ALTER AUTHORIZATION ON DATABASE::[AdfsArtifactStore] TO [sa]"
Invoke-SQLcmd -ServerInstance "np:\\.\pipe\MICROSOFT##WID\tsql\query" -Query "ALTER AUTHORIZATION ON DATABASE::[AdfsConfiguration] TO [sa]"

After running those commands, you should no longer see any new events in the error log.

I hope this helps you! Please let me know if it does in the comments below!

MDBootstrap Discount/Promo Code


I have been eyeballing MDBootstrap Pro for a couple years now, and ran into this. I noticed that MDBootstrap was having a promotion where if you used their coupon code, you get 6% off your total. So I just wanted to share it in case you was considering buying it!


Please consider using my affiliate link so I can make a small commission (at no cost to you) for sharing this coupon with you!

Save 16% with a few extra steps

They give you an extra 10% savings if you like their Facebook page and signup to their newsletter if you use this link..

I hope all of this helps you save a little!

Material Design for Bootstrap 4

A powerful and free UI KIT for the newest Bootstrap 4 and Material Design

500 material UI elements, 600+ material icons, 77 CSS animations, Sass files, templates, tutorials and many more. Free for personal and commercial use.

Trusted by 1,500,000+ developers & designers. It’s used by companies like Nike, Samsung, Amazon, Ikea, and Sony.

Most important features:

  1. Lots of tutorials
  2. Fully responsive
  3. Plenty of useful templates
  4. Easy installation
  5. Easy to use and customize
  6. Active community
  7. Dedicated support forum
  8. Detailed documentation
  9. Available in jQuery, Angular, React and Vue versions

The most important free resources are:

  1. Material Design for Bootstrap – Details, Demo & Download
  2. Bootstrap 4 tutorial – best & free guide of responsive web design
  3. Free Bootstrap 4 Templates & Themes

Sophos XG Firewall Windows DHCP Server not getting IP Addresses

I recently setup Sophos XG Firewall in my Home Lab and setup vlans, firewall rules, DHCP relays to point to my Windows DHCP Server, etc. The whole 9 yards. After I had everything working, I decided to add in the rest of my VLANS and create relays so they all worked without a hitch. After doing this, something that should not have effected other already working VLANs, nothing was getting DHCP addresses. Not even ones that was working.

I spent MANY hours trying to figure out why. I tried changing all of my firewall rules to any-any, etc. Nothing was working. After looing in the logs, I noticed this:

Firewallmessageid="02002" log_type="Firewall" log_component="Appliance Access" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="0" policy_type="0" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" in_interface="Port1.21" out_interface="" src_mac="68:b5:99:6f:b5:fe" src_ip="" src_country="" dst_ip="" dst_country="" protocol="UDP" src_port="67" dst_port="67" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature"

I was getting a block by the firewall rule 0 on Appliance Access as Denied. But why? A – it shouldn’t be a firewall rule blocking it because I put in an Any-Any rule. I tried changing everything. But it came down to one.. simple.. thing.. Here is my setup so you can understand the issue.

The Setup

  • VLAN 110 – – Networking equipment
    • Sophos XG Firewall – IP
  • VLAN 111 – – Servers
    • Windows AD/DNS/DHCP Server –
  • VLAN 112 – Clients (No IP address)
    • Laptop
    • Cellphone

In Sophos, Windows DHCP, I setup DHCP subnets for all three vlans. Then in Sophos, I setup a DHCP relay just the Clients VLAN.

It worked! I was getting IP addresses assigned to the Clients.

The Issue

Then I decided to setup VLANs for every subnet and made quite a few other changes to get it to that perfect lab I was hoping for. I looked up and noticed all my Chromecasts was saying they couldn’t get an IP. I checked and sure enough, it was no longer dishing out IP addresses.

The Resolution

After much trial and error, I found that the fact I put a DHCP relay on the subnet the DHCP server was on, it was causing all the DHCP requests to fail.

Someone may have a better understanding of it and can explain better in the comments, but what my assumption is, when the DHCP request goes out, it gets blasted to the entire vlan to find a DHCP server by blasting out to port 67/68 UDP in search of a DHCP server. The gateway at forwards this to the vlan and it receives the blast on that subnet for the response, and blasts that back out to the requesting vlan.

If you put in a DHCP relay on the same subet as the DHCP server, then when it tries to “blast” the response back, the gateway takes that requests and tries to re-blast it in the same subnet. This causes a malformed loop and causes the request to fail. Thus removing the DHCP relay on the VLAN the DHCP server is in should fix this.

Please let me know if you have a better understanding of the cause or if this helps you!

Samsung Galaxy Watch (46mm) vs Fossil Gen 4 Explorist: Which one I stuck with

I have been wanting a smart watch for the last year or two, but one of the biggest reasons I waited till now to get one is because I could not decide which one I wanted. I had it narrowed down between a Samsung Galaxy Watch (46mm) and a Fossil Gen 4 Explorist. But there was a couple features from each one that made it stick out.

There are major differences between the watches and each one had a few of my requirements in what I wanted from a watch, but neither had them all. So I just had to choose which one was worth the most to me.

Continue reading “Samsung Galaxy Watch (46mm) vs Fossil Gen 4 Explorist: Which one I stuck with”

Error 1918 while Installing MySQL ODBC Driver on Windows

Had to install MySQL ODBC Driver on Windows when I was trying to use SSMA to convert a MySQL DB to Microsoft SQL. When I tried to install the driver, I got the below error and was completely puzzled. I finally found the fix..

Error 1918. Error installing ODBC driver MySQL ODBC
5.3 ANSI Driver, ODBC error 13: The setup routines for
the MySQL ODBC 5.3 ANSI Driver ODBC driver could
not be loaded due to system error code 126: The
specified module could not be found. …\myodbc5S.dll…

MySQL ODBC Error 1918

Continue reading “Error 1918 while Installing MySQL ODBC Driver on Windows”

Error When Setting Up Database Mirroring

I spent a full day attempting to setup Database Mirroring on two SQL Server 2017 Development Editions with SSMS 17.4 to test a setup. Took a full day when it should have only took a few minutes and I could not find any help online, so I thought I would share my fix.

The Problem

I was getting this error at first:

Database “AdventureWorks” is not configured for database mirroring. (Microsoft SQL Server, Error: 1416)

After doing some research, I discovered that I needed to restore a full backup with the NORECOVERY option. Did that. Here is what I got then:

Database ‘AdventureWorks’ cannot be opened. It is in the middle of a restore. (.Net SqlClient Data Provider)

Well of course it is.. That is what I am suppose to do.. Everything I found online said make sure you restore it with NORECOVERY. I was in a never ending loop. I tried everything I could think of.  Continue reading “Error When Setting Up Database Mirroring”

%d bloggers like this: