Skip to content

Aidan Finn, IT Pro

A blog covering Azure, Hyper-V, Windows Server, desktop, systems management, deployment, and so on …

  • Blog
  • Events
  • Azure Newsletter
  • Azure Training
  • About Aidan Finn
  • Privacy
  • RSS

Tag: Migration

How I Upgraded This VM To Azure Resource Manager

How I Upgraded This VM To Azure Resource Manager

In this post, I will explain how I upgraded the Azure virtual machine, that this site is hosted on, from ASM (Azure Service Management, Classic or Azure v1) to ARM (Azure Resource Manager, Resource Manager or Azure v2).

FYI, although I had no plans for changing subscriptions, this migration is also the first step for moving resources from one subscription to another, e.g. Credit Card/Direct to CSP, Open to CSP, or EA to CSP.

Background

I’ve been running aidanfinn.com on Azure for a few years now. It game me a vested interest in Azure, other than my day job where I teach and sell Azure services to MS partners. Over the years, I’ve applied some of the things that I’ve learned, including one time where MySQL blew up so bad that I had to use Azure Backup (then in preview) to restore the entire VM – this is why you’ll see the phrase “aidanfinn02” later in the example.

The VM was running in ASM. ASM is effectively deprecated, but I never had a chance to migrate it to ARM. That changed, and I decided to make the switch. In the process, I decided that I wanted to clean up resource groups, migrate to managed disks, and maybe change a few other things.

I had two options available to me:

  • MigAz: Great community tool that allows a complete change, including renaming. There is downtime to move the disks.
  • The “Platform Supported” method: Using official cmdlets to do an ASM-ARM migration with no downtime during the ASM-ARM migration.

I went with the platform supported method. Long-term, it means I have more work to do to do some renaming, etc, but I’ve never had “my own” stuff to move using this method, so I wanted to do it and document it with a real example.

Note that the platform support method has a few approaches. My virtual machine was in a virtual network, so I opted to move the entire virtual network and associated contents. This is cool because, all VMs (I have one only) are moved, and endpoints are converted into NAT rules in a load balancer. Any reserved cloud service IPs are converted into static public IPs.

Note, you’ll need to download the latest Azure PowerShell modules (and reboot if it’s your first install) to do either method.

FYI, the below includes copy/pastes of the actual cmdlets that I used. The only thing I have modified, for obvious reasons, is the subscription ID.

Register the Migration Provider

You’ll need to register the provider that allows you to do ASM-ARM migrations. This is done on a per subscription basis. You’ll log into your subscription using ARM:

Login-AzureRmAccount

If your tenant has more than one subscription, like mine does, then you need to query the subscriptions:

Get-AzureRmSubscription

This allows you to get the ID of the subscription that you will sign into, so you can select it as the current subscription to work on:

Select-AzureRmSubscription -SubscriptionId 1234567f-a1b2-1234-1a2b-1234ab123456

Next you register the migration proivder:

Register-AzureRmResourceProvider -ProviderNamespace Microsoft.ClassicInfrastructureMigrate

This migration can take up to five minutes. You can query the status of the migration:

Get-AzureRmResourceProvider -ProviderNamespace Microsoft.ClassicInfrastructureMigrate

You can continue once you get a registered status:

ProviderNamespace : Microsoft.ClassicInfrastructureMigrate

RegistrationState : Registered

ResourceTypes : {classicInfrastructureResources}

Locations : {East Asia, Southeast Asia, East US, East US 2…}

Validation

The migration has three phases. The first allows you to validate that you can migrate your machines cleanly. Common issues include unsupported extensions, extension versions, classic backup vault registrations, endpoint ACLs, etc.

To do the validation, you need to sign in using ASM:

Add-AzureAccount

Once again you need to make sure you’re working with the right subscription:

Get-AzureSubscription

And then make that subscription current:

Select-AzureSubscription -SubscriptionId 1234567a-a1b2-1234-1a2b-1234ab123456

I migrated my virtual network, so I queried for the Azure name of the virtual network.

Get-AzureVnetSite | Select -Property Name

My virtual network was called aidanfinn02 so I saved that as a variable – it’ll be used a few times.

$vnetName = “aidanfinn02”

Then I ran the validation against the virtual network, saving the results in a variable called $validate:

$validate = Move-AzureVirtualNetwork -Validate -VirtualNetworkName $vnetName

I could then see the results:

$validate.ValidationMessages

There were two issues:

  • A faulty monitoring (Log Analytics) extension (guest OS agent)
  • The VM was being backed up by a classic Azure Backup backup vault.

ResourceType : VirtualNetwork

ResourceName : aidanfinn02

Category : Error

Message : Virtual Network aidanfinn02 has encountered validation failures, and hence it is not supported for migration.

VirtualMachineName :

ResourceType : Deployment

ResourceName : aidanfinn02

Category : Error

Message : Deployment aidanfinn02 in Cloud Service aidanfinn02 has encountered validation failures, and hence it is not supported for migration.

VirtualMachineName :

ResourceType : Deployment

ResourceName : aidanfinn02

Category : Error

Message : VM aidanfinn02 in HostedService aidanfinn02 contains Extension MicrosoftMonitoringAgent reporting Status : Error. Hence, the VM cannot be migrated. Please ensure that

the Extension status being reported is Success or uninstall it from the VM and retry migration.,Additional Details: Message=This machine is already connected to another

Log Analytics workspace, please set stopOnMultipleConnections to false in public settings or remove this property, so this machine can connect to new workspaces, also

it means this machine will get billed multiple times for each workspace it report to. (MMAEXTENSION_ERROR_MULTIPLECONNECTIONS) Code=400

VirtualMachineName : aidanfinn02

ResourceType : Deployment

ResourceName : aidanfinn02

Category : Error

Message : VM aidanfinn02 in HostedService aidanfinn02 contains Extension MicrosoftMonitoringAgent reporting Handler Status : Unresponsive. Hence, the VM cannot be migrated.

Please ensure that the Extension handler status being reported is Ready or uninstall it from the VM and retry migration.,Additional Details: Message=Handler

Microsoft.EnterpriseCloud.Monitoring.MicrosoftMonitoringAgent of version 1.0.11049.5 is unresponsive Code=0

VirtualMachineName : aidanfinn02

ResourceType : Deployment

ResourceName : aidanfinn02

Category : Error

Message : VM aidanfinn02 in HostedService aidanfinn02 is currently configured with the Azure Backup service and therefore currently not supported for Migration. To migrate this

VM, please follow the procedure described athttps://aka.ms/vmbackupmigration.

VirtualMachineName : aidanfinn02

The solutions to these problems were easy:

  1. I signed into the classic Azure Management Portal and unregistered the virtual machine in the backup vault – DO NOT DELETE THE BACKUP DATA!
  2. Then I switched to the Azure Portal (and stayed here), and I removed the VMSnapshot (Azure Backup) extension from the VM.
  3. And then I removed the Microsoft.EnterpriseCloud.Monitoring (Log Analytics) extension
  4. The VM had an old version of the Diagnostics agent, so I removed that too, even though it didn’t effect validation.

I re-ran the validation:

$validate = Move-AzureVirtualNetwork -Validate -VirtualNetworkName $vnetName$validate.ValidationMessages

And the result was that the virtual network (and thus the VM) was ready for an ARM migration.

$validate.ValidationMessages

ResourceType : VirtualNetwork

ResourceName : aidanfinn02

Category : Information

Message : Virtual Network aidanfinn02 is eligible for migration.

VirtualMachineName :

ResourceType : Deployment

ResourceName : aidanfinn02

Category : Information

Message : Deployment aidanfinn02 in Cloud Service aidanfinn02 is eligible for migration.

VirtualMachineName :

ResourceType : Deployment

ResourceName : aidanfinn02

Category : Information

Message : VM aidanfinn02 in Deployment aidanfinn02 within Cloud Service aidanfinn02 is eligible for migration.

VirtualMachineName : aidanfinn02

Preparation

The preparation phase is next. This is an interim or trial period where you introduce the ARM API to your resources. For a time, the resources are visible to both ARM and ASM. There is no downtime, but you cannot make any configuration changes. The reasoning for this is that you can validate that everything is still working.

You run the command, as I did against the virtual network.

Move-AzureVirtualNetwork -Prepare -VirtualNetworkName $vnetName

And then you wait … try not to grind your teeth or chew your gums:

OperationDescription OperationId OperationStatus

——————– ———– —————

Move-AzureVirtualNetwork 2bcb56ce-2330-0824-a376-a3dcc4892e3d Succeeded

Commit

Once preparation is done, double-check everything. My website was still responding, and resources appeared in two different resource groups with -Migrated suffixes – I’ll show you how I tidied that up later in the post. I was ready to commit; this is when you tell Azure that all is good, and to please remove the ASM APIs from the resources.

Move-AzureVirtualNetwork -Commit -VirtualNetworkName $vnetName

More time passes when you forget to breath, and then it’s done! You’re in ARM, and your resources are manageable once again. Note that there is an alternative to Commit, which is to abort the process and roll back to ASM-only management.

Network Security Group

My ASM deployment was quite basic, and not best practice. I created a network security group for the subnet, allowing in:

  • RDP to the subnet
  • HTTP to the local static IP of the VM.

Resource Group Clean-up

As I mentioned, my ASM resources migrated into two resource groups as ARM resources. I wanted to:

  • Move the resources into a single resource group.
  • Get rid of the –Migrated suffix.

You can move resources, but you cannot rename resource groups. So I created a third resource group (aidanfinn):

image

Then I moved the resources from both of the migrated resource groups into the new aidanfinn resource group:

image

Migrate Storage to ARM

The official method for migrating storage is to migrate the storage account. That means that you move the storage account with the VHDs within it. Azure offers a new method for handling storage called managed disks:

  • You dispense with the storage account for VHDs
  • The disk becomes a manageable resource in the Portal
  • You get cool new features like Snapshots and easier VM restores from disk

I decided to take a different route – I would convert my ARM VM from un-managed disks to managed disks. I needed a few values:

$rgName = "aidanfinn"
$vmName = "aidanfinn02"

I stopped the VM (my first piece of downtime in this entire process):

Stop-AzureRmVM -ResourceGroupName $rgName -Name $vmName -Force

Then I did the conversion:

ConvertTo-AzureRmVMManagedDisk -ResourceGroupName $rgName -VMName $vmName

And then I restarted the VM, after just a few minutes of downtime:

Start-AzureRmVM -ResourceGroupName $rgName -Name $vmName

Re-Introduce Management

I like the management features of Azure, so I re-introduced:

  • Azure Backup of the VM using a recovery services vault using a custom policy – I created a manual backup immediately.
  • Monitoring & diagnostics, to a new dedicated storage account – make sure you verify that the storage account is being used by the VM Agent and Boot Diagnostics.

Cleanup ASM

Lots of stuff can get left behind, especially if you’ve been trying things out. That all needs to be removed. One thing I kept around for a while was the classic backup vault, just in case. I only unregistered the old ASM VM – I did not delete the data. That means I have a way back if all goes wrong in ARM or I screw up in some way. I’ll give it a month, and then I’ll remove the old vault.

By the way, you can upgrade a backup vault to ARM (recovery services vault) if you want to keep your retention.

The End Result

I ended up with everything in ARM and in one resource group:

image

I don’t like the naming, so I will be cleaning things up. My next mini-project will be to:

  1. Power down the VM.
  2. Create a disk snapshot.
  3. Create a new disk from the snapshot.
  4. Create a new deployment, using the new disk, with names that I like.

I know – I could have done all that more quickly and easily using MigAz, but I wanted to do the platform supported migration on my stuff, and it was a chance to document it too! Hopefully this will be useful for you.

Author AFinnPosted on August 31, 2017August 31, 2017Categories AzureTags ARM, ASM, Azure, Azure Backup, Managed Disks, Migration, PowerShell, Storage Account, Virtual MachinesLeave a comment on How I Upgraded This VM To Azure Resource Manager
RSS
Facebook
Facebook
fb-share-icon
Twitter
Visit Us
Follow Me
LinkedIn
LinkedIn
Share

Tags

  • 1709
  • Access Restrictions
  • ACT
  • Action
  • Active Directory
  • Activity Log
  • Advanced Threat Protection
  • AKS
  • Alerts
  • AMD
  • Analytic Rules
  • App Controller
  • Apple
  • Appliance
  • Application Firewall
  • Application Gateway
  • App Services
  • Architecture
  • Archive
  • ARM
  • ARM Template
  • ASM
  • ASR
  • Automation
  • Availability Sets
  • Availability Zones
  • Azure
  • Azure AD
  • Azure AD Connect
  • Azure AD Domain Services
  • Azure Automation
  • Azure Backup
  • Azure Backup Server
  • Azure Bastion
  • Azure DevOps
  • Azure DNS
  • Azure Files
  • Azure File Sync
  • Azure Firewall
  • Azure Firewall Manager
  • Azure Firewall Policy
  • Azure IaaS
  • Azure Image Builder
  • Azure Kubernetes Service
  • Azure Lighthouse
  • Azure Migrate
  • Azure Monitor
  • Azure Monitor Logs
  • Azure PaaS
  • Azure Policy
  • Azure Portal
  • Azure Resource Graph
  • Azure Resource Manager
  • Azure Security Center
  • Azure Sentinel
  • Azure Shared Image Gallery
  • Azure Site Recovery
  • Azure Stack
  • Azure Virtual Desktop
  • Azure Virtual WAN
  • Azure WAN
  • B-Series
  • Backup
  • Barracuda
  • Basic
  • Bastion Host
  • BGP
  • Bicep
  • BitLocker
  • Blob
  • Books
  • Boot Diagnostics
  • Business Intelligence
  • Certificate
  • Certification
  • Check Point
  • Circuit
  • Cisco
  • Citrix
  • Cloud
  • Cloud Adoption Framework
  • Cloud Camp
  • Cloud Computing
  • Cloud Mechanix
  • Cold
  • Compliance
  • Conference
  • Conferences
  • ConfigMgr
  • Configuration Manager
  • Connect
  • Connection
  • Containers
  • Course
  • Custom RBAC Roles
  • Custom Resource Provider
  • Custom Routing
  • Das_v3
  • Data Warehouse
  • Default Route
  • Delegated Resource Management
  • Delegation
  • Deployment
  • DevOps
  • DevSecOps
  • DevTest Labs
  • Diagnostics
  • Dig Data
  • DMZ Hub
  • DNS
  • DPM
  • DR
  • DSC
  • Dublin
  • Eas_v3
  • EMS
  • Entity Behavior
  • EPYC
  • Evens
  • Event
  • Event Hub
  • Event Notes
  • Events
  • Exchange
  • Exchange 2010
  • ExpressRoute
  • ExpressRoute Gateway
  • Failover Clustering
  • Featured
  • Firewall
  • Forefront
  • Function App
  • Functions
  • GA
  • Gateway
  • GatewaySubnet
  • General Purpose v2 Storage Account
  • Geo-Zone Redundant Storage
  • Git
  • GitHub
  • Global Azure
  • Global Azure Bootcamp
  • Global VNet Peering
  • Governance
  • GPv2
  • GZRS
  • Hardware
  • HB_v2
  • HCI
  • HDInsight
  • Health Monitoring
  • Hot
  • HP
  • Hub
  • Hub & Spoke
  • Hub-and-spoke
  • Hybrid Cloud
  • Hyper-Converged Infrastructure
  • Hyper-V
  • Hyper-V Server
  • IaaS
  • IaC
  • I am live blogging this session
  • IDPS
  • IE
  • Ignite
  • IIS
  • Image Builder
  • Image Definition
  • Image Template
  • Image Version
  • Infrastructure-as-Code
  • Intel NUC
  • Internet
  • Internet Explorer
  • Intune
  • IoT
  • IoT Hub
  • iPhone
  • it’s lovely and cool in this room Smile
  • JSON
  • Jumpbox
  • Jump box
  • Key Vault
  • Kubernetes
  • Layer-7
  • Licensing
  • Lighthouse
  • Linux
  • Live
  • Live Migration
  • Load Balancer
  • Load Balancing
  • Log Analytics
  • Lync
  • MABS
  • Machine Learning
  • Managed Apps
  • Managed Disks
  • Managed Service Prover
  • MAP
  • MARS
  • MDT
  • Metasploit
  • Microservices
  • Microsoft
  • Microsoft. Hyper-V
  • Microsoft. MDT
  • Microsoft 365
  • Microsoft Ignite 2019
  • Microsoft Information Protection
  • Microsoft Multipath I/O (MPIO) Users Guide for Windows Server 2012
  • Microsoft News
  • Migration
  • Mobile
  • MVP
  • MVPBuzz
  • Nano Server
  • NAT
  • Network
  • Networking
  • Network Security Group
  • Network Security Groups
  • Network Virtual Appliance
  • Network Watcher
  • News
  • NSG
  • NSG Flow Logging
  • NSG Traffic Analytics
  • NVA
  • O365
  • Office
  • Office 365
  • Opalis
  • Operations Manager
  • OpsMgr
  • Orchestrator
  • P2S
  • P2S Server Configuration
  • PaaS
  • Packer
  • Palo Alto
  • Peering
  • Performance
  • PIP
  • Pipeline
  • Planned Maintenance
  • Platform-as-a-Service
  • Podcasts
  • Point-to-Site Gateway
  • Point-to-Site VPN
  • PowerShell
  • Pricing
  • Private Cloud
  • Private DNS Zone
  • Private Endpoint
  • Private Link
  • Private Peering
  • Probe
  • Project Honolulu
  • ProLiant
  • Public IP Address
  • Public IP Prefix
  • Quick Storage Migration
  • RA-GZRS
  • RBAC
  • RDmi
  • RDP
  • RDS
  • RDS Gateway
  • Read-Access Geo-Zone Redundant Storage
  • Redundancy
  • Regional VNet Integration
  • Regions
  • Remote Desktop
  • Remote Desktop Services
  • Resizing
  • Resource Manager
  • Resources
  • REST API
  • Route Propagation
  • Route Table
  • Route Tables
  • Routing
  • RTM
  • Rules Collection Group
  • S2D
  • S2S VPN
  • Satya Nadella
  • Scale-Out File Server
  • SCORCH
  • Scripting
  • Scripts
  • SCVMM
  • SD-WAN
  • Secured Virtual Hub
  • Secure Virtual Hub
  • Security
  • Security Center
  • Series
  • Serveless
  • Server Core
  • Serverless
  • Service Catalog
  • Service Endpoint
  • Service Fabric
  • Service Level Agreement
  • Service Manager
  • Service Provider
  • Service Tags
  • SharePoint
  • Site-to-Site VPN
  • SLA
  • SMA
  • so hit refresh to get the latest. BTW
  • Spoke
  • Springboard
  • SQL
  • SQL 2005
  • SQL 2008
  • SQL Server
  • SSH
  • SSL
  • SSL Gateway
  • Standard Public IP
  • Standard SSD
  • Starting Azure Infrastructure
  • Static Website
  • STEP
  • Storage
  • Storage Account
  • Storage Accounts
  • Storage Replica
  • Storage Spaces
  • Storage Spaces Direct
  • Stream Analytics
  • Subnet
  • Subscription
  • Surface
  • Surface Pro
  • System Center
  • System Center Essentials
  • System Route
  • Tablet
  • Template
  • Tenant
  • Terraform
  • Tiering
  • Traffic Manager
  • Training
  • UDR
  • Uptime
  • User-Defined Route
  • User-Defined Routing
  • VDI
  • Virtual Hub
  • Virtual Hub Route Table
  • Virtualisation
  • Virtual Machine
  • Virtual Machines
  • Virtual Network
  • Virtual Network Gateway
  • Virtual WAN
  • Virtual WAN Hub
  • Virtual WAN Hub Route Table
  • Virtual WAN Route Table
  • Visual Studio Code
  • VMM
  • VMs
  • VMware
  • VNet
  • VNet Peering
  • VPN
  • VPN Gateway
  • VS Code
  • W2008
  • W2008R2
  • WAF
  • WAFv2
  • WAG
  • WAGv2
  • WAIK
  • WAN
  • WAP
  • WatchGuard
  • WDS
  • Web App
  • Web Application Firewall
  • Web Application Firewall v2
  • Web Application Gateway
  • Web Application Gateway v2
  • WebApps
  • Webinar
  • Windows
  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows 10
  • Windows 2000
  • Windows Azure
  • Windows Azure Pack
  • Windows Defender
  • Windows Home Server
  • Windows Phone
  • Windows Server
  • Windows Server. Windows Server 2016
  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2015
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server Containers
  • Windows Sever 2016
  • Windows Updates
  • Windows User Group
  • Windows Virtual Desktop
  • Windows Vista
  • Windows XP
  • WordPress
  • Workbooks
  • Workspace
  • WS2019
  • WSUS
  • Xen
  • Xeon
  • Zone Redundant Storage
  • ZRS
  • Blog
  • Events
  • Azure Newsletter
  • Azure Training
  • About Aidan Finn
  • Privacy
  • RSS
Aidan Finn, IT Pro Privacy