Category: Networking

Prerequisites to connect an on premise network to Azure:
* A Microsoft Azure account with spending limit or a subscription
* A router that is supported by Microsoft to connect to Azure, in my situation I used the Cisco ASA 5505. A full list can be found here:
* A fixed IP address from your internet provide. A dynamic (DHCP) IP address wil work but when you get a new IP address from your provider the connection will be broken and some configuration changes must be made on the Azure site of the network. I will explain later what needs to be changed.
* To make a full Domain Network with on premise (virtual) machines and Azure virtual machines it would be nice to have a Domain  Controller on the on premise site.
* Java Runtime 6.39 to configure the Cisco ASA 5505 (if you are a die hard you can use the console but because my Surface Pro 3 and my work laptop do not have a serial port available I went for the dummy easy way with a GUI)

To configure your Cisco ASA device it turned out that you need to have Java Runtime 7.51 installed. Do not use higher then the ASDM software may not work. An old and not supported version anymore from the date of 15th of April 2015. After you installed Java and the ASDM software you probably need to change the first part of the target in the shortcut to “C:\Program Files\Java\jre6\Bin\javaw.exe”, do not use “C:\Program Files (x86)\Java\jre6\Bin\javaw.exe” because than you keep stuck in “Contacting the device”. But when you use the x64 version of javaw.exe you get the error: “Unable to launch Device Manager from”. If you keep using the original first part of the target in the shortcut at “C:\Windows\SysWOW64\javaw.exe” you also keep stuck in “Contacting the device”
My environment:
On Premise network:
On Premise network gateway (Cisco ASA 5505 router):
My (old) public IP address from my internet provider:
My On Premise network DNS Server name and IP address: HYP01 –

First you need to create a Virtual Network in Azure:
Click on +, Network Services, Virtual Network, Custom Create


Image 1: Custom Create Virtual Network

In the Virtual Network Details screen fill in the name for your Virtual Network (any name that describes you virtual network will do) and choose the location for your Virtual Network (West Europe for me because I live in West Europe). You will see the name you entered appear in the Network Preview image and click on the right pointed arrow in the lower right corner of the screen.


Image 2: Create Virtual Network (Details)

In the ‘DNS Servers and VPN Connectivity’ screen you need to fill in the name and IP address of you local DNS Server and optional a second (or third) DNS Server (for example a public DNS Server if you need to get to the Internet from the Virtual Network. Next you need to select ‘Configure a site-to-site VPN’ under ‘Site-to-site Connectivity’ The ‘Network Preview’ should display the network on Azure and On Premise with the DNS Servers. Click on the right pointed arrow in the lower right corner of the screen.


Image 3: DNS Server and VPN Connectivity

In the ‘Site-to-Site Connectivity’ screen the name for the On Premise network, the public IP address from your internet provider and the address space of your On Premise network must be filled in. Click on the right pointed arrow in the lower right corner of the screen.


Image 4: Site to Site Connectivity

In the ‘Virtual Network Address Spaces’ screen the information for your virtual Azure network must be specified. In my case I am using a address space with three subnets;, and a gateway subnet You can use only one subnet for your Virtual Machines but just to be able to test with different subnets I created two. The third, the gateway subnet, is mandatory to be able to route through the networks to you on premise network. Click on the ‘V’ in the lower right corner of the screen.


Image 5: Virtual Network Address Spaces

In the Azure website under ‘Networks’ and then the Network you just created you would see an almost finished network. There is still missing a public gateway. To create the gateway click on the bottom of the screen on ‘Create Gateway’ and choose a ‘Static Routing’. The Cisco ASA series do not support ‘Dynamic Routing’. Click on ‘Yes’ at the question if the gateway should be created for the virtual network. Creating a gateway may take some time. Just sit it out and behold! When you get the message ‘Succesfully created a gateway for virtual network Azure_Network’ you are ready to go.


Image 6: Completed Azure Network overview

Next step is to configure the Cisco ASA 5505. To do so you need to download the VPN Device script from the ‘azure_network’ page. Click on the link ‘Download VPN Device Script’ Because in this situation I am using this type of router I select in the screen ‘Download a VPN Device Configuration Script’ for ‘Cisco Systems, Inc.’ at Vendor, ‘ASA 5500 Series Adaptive Security Appliances’ at Platform and ‘ASA Software 8.3’ at Operating System and click on the ‘V’. Save the script in your downloads location.


Image 7: Download a VPN Device Configuration Script

Next you can configure the ASA with this script so the connection can be established.


Last week I got a new loginname and password for an environment based on Windows Server 2012 R2. Also in the mail I got the request to change my password at first login. Good practice so no problem with that!

To get to the environment I first needed to connect via MSTSC to a server based on Windows Server 2008 R2. Then connect via MSTSC to the environment based on Windows Server 2012 R2.

Normal steps to change your password are using CTRL + ALT + DEL and choose Change A Password.


The problem I was facing was that CTRL + ALT + DEL does not work in a MSTSC session​. There is a solution for that. You can use CTRL + ALT + END to send a CTRL + ALT + DEL to the server you are connected to. So when I did exactly that I got a bit surprised by the view I got:


This is the result of CTRL + ALT + DEL on a computer based on Windows Server 2008 R2, not the result you would expect when connected to a Windows Server 2012 R2 machine. It seems that the CTRL + ALT + END is only used on the first session of MSTSC. So what now? Next I tried to change the password via my user account tile on the start menu.


When you choose Change Account Picture and then Sign in Options you get to the new style of programs from Windows.


To my surprise the option Change to change the password was greyed out…

After some searching on the Internet my collegue Willem found a wonderful workaround (or possible security bug?) to change the password.

  1. Go to the start menu
  2. Type OSK
  3. Start the On Screen Keyboard
  4. Press on your Physical keyboard CTRL + ALT
  5. Press on the On Screen Keyboard DEL
  6. Remove the On Screen Keyboard
  7. Click on Change A Password
  8. Change your password


Why the option is greyed out by default is a bit strange. In Windows Server 2012 R2 it is mandatory to change your password every 42 days. The days the management of servers was done on the physical console of the server is a long time ago by my standards… And why, if this default is not permitted, it can be done in this way makes it even more strange.

Of course there is always the option to change the password via the command prompt… IF you have domain Admin rights…

So if anyone has a better option (Powershell?) please share.

Update 2014-10-19: I got a link via Twitter from SystematicADM how to change your password via Powershell. And also a link how to change other AD user’s passwords via Powershell. Thanks to SystematicADM for the response!