Connect Azure Pack to Service Bus for Windows Server with Custom DNS

Question

I'm trying to configure Azure Pack to use Service Bus for Windows Server 1.1 with Custom DNS. All runs on one virtual machine (Windows Server 2012 R2) in Windows Azure.

I following this post:

http://roysvork.wordpress.com/2014/06/14/developing-against-service-bus-for-windows-1-1/

Replace FramDNS "servicebus" to "mymachine.cloudapp.net", and create certificate:

SelfSSL /N:CN=mymachine.cloudapp.net /V:1000 /T

On Windows Azure Virtual Machine:

• I'll set publuc DNS: mymachine.cloudapp.net
• Open ports: 10354,10355,10356,10359,10000-10004
• In hosts file: 127.0.0.1 mymachine.cloudapp.net
• Create certificate SelfSSL /N:CN=mymachine.cloudapp.net /V:1000 /T

PowerShell:

Stop-SBFarm –Verbose
Set-SBFarm -FarmDns 'mymachine.cloudapp.net' 
Update-SBHost –Verbose
Start-SBFarm –Verbose
New-SBAuthorizationRule -NamespaceName ServiceBusDefaultNamespace -Name MainRule -Rights Manage, Send, Listen

Afther that i can connect to my ServiceBusDefaultNamespace with SAS:

const string sharedAccessKeyName = "MainRule";
const string sharedAccessKey = "<key>";

var sasTokenProvider = TokenProvider.CreateSharedAccessSignatureTokenProvider(sharedAccessKeyName, sharedAccessKey);

string token = sasTokenProvider.GetWebTokenAsync("https://mymachine.cloudapp.net:10355/ServiceBusDefaultNamespace","NotUsedWithSAS", false, TimeSpan.FromSeconds(15)).Result;

var existingTokenProvider = TokenProvider.CreateSharedAccessSignatureTokenProvider(token);

var namespaceManger = new NamespaceManager("https://mymachine.cloudapp.net:10355/ServiceBusDefaultNamespace", existingTokenProvider);
var result = namespaceManger.TopicExists("DefaultTopic");

It's work perfect. But, When I try to create Service Bus Namespace from Azure Pack Tenant portal - in Log an Exception:

Namespace Provisioning Exception. TrackingId: . SystemId: . Namespace: SomeNamespace. Method: Activating. Exception: System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

And status of namespace - Activating.

Please help!

Answer 1

I found the Solution and wrote post about Configure Service Bus for Windows Server On-Premise with Custom DNS, 'Black Jack' & etc. Post in Russian language, but many screenshots and code/script samples included:

http://habrahabr.ru/post/254059/

Description:

It is difficult to answer briefly, without explain full configuration process.

Basically, problem in Certificates:

On VM with Service Bus:

1) Generate access certificate with Command Line Utility makecert.exe:

(C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin)

    makecert.exe -r -pe -n "CN=hello-habr-sb.cloudapp.net, CN=hello-habr-sb" -e 11/11/2022 -eku 1.3.6.1.5.5.7.3.2 -ss My -sr "LocalMachine" -sky Exchange -a sha256 -sy 24 -len 2048 "hello-habr-sb.cloudapp.net.cer"

Import it on Server an Client to Certificates – Local Computer (Trusted Root CA).

2) Change DNS with PowerShell:

    Get-SBFarm

    Stop-SBFarm –Verbose

    Set-SBFarm -FarmDns 'hello-habr-sb.cloudapp.net'

    Update-SBHost –Verbose

    Start-SBFarm –Verbose

3) Set SAS-Key with PowerShell:

    New-SBAuthorizationRule -NamespaceName ServiceBusDefaultNamespace -Name MainRule -Rights Manage, Send, Listen

Output looks like this:

    KeyName             : MainRule
    PrimaryKey          : ylF6GWmH6rlZg1ekQMQrLQnht4kwVFWHAfyB8HkrZvM=
    SecondaryKey        : ZYBpdiCYgZNfwOC37x6DEDLxhv+qan6CJZT0vG3GvTk=
    Rights              : {Manage, Send, Listen}
    CreatedTime         : 3/22/2015 12:53:23 AM
    ModifiedTime        : 3/22/2015 12:53:23 AM
    ConnectionString    : Endpoint=sb://hello-habr-sb.cloudapp.net/ServiceBusDefaultNamespace;
                          StsEndpoint=https://hello-habr-sb.cloudapp.net:10355/ServiceBusDefaultNamespace;
                          RuntimePort=10354;
                          ManagementPort=10355;
                          SharedAccessKeyName=MainRule;
                          SharedAccessKey=ylF6GWmH6rlZg1ekQMQrLQnht4kwVFWHAfyB8HkrZvM=

4) Add link to hosts:

(C:\Windows\System32\drivers\etc)

    127.0.0.1       hello-habr-sb.cloudapp.net

On VM with Azure Pack:

1) Generate certificate with Command Line Utilities makecert.exe и pvk2pfx.exe:

(C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin)

For Server:

    makecert -r -pe -n "CN=WAP Portals" -ss CA -a sha1 -sky signature -cy authority -sv WAPPortals.pvk WAPPortals.cer

    makecert -pe -n "CN=hello-habr-wap.cloudapp.net" -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -ic WAPPortals.cer -iv WAPPortals.pvk -sp "Microsoft RSA SChannel Cryptographic Provider"  -sy 12 -sv WAPLocalServer.pvk WAPLocalServer.cer

    pvk2pfx -pvk WAPLocalServer.pvk -spc WAPLocalServer.cer -pfx WAPLocalServer.pfx

For Client:

    makecert -pe -n "CN=WAPMainDeveloper" -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.2 -ic WAPPortals.cer -iv WAPPortals.pvk -sv WAPClient.pvk WAPClient.cer

    pvk2pfx -pvk WAPClient.pvk -spc WAPClient.cer -pfx WAPClient.pfx -po HelloHabr2015

2) Import WAPPortals.cer in Certificates – Local Computer (Trusted Root CA) on server.

3) Import WAPClient.pfx on server and clients in Certificates – Local Computer and Current User (Personal).

4) Add link to hosts:

(C:\Windows\System32\drivers\etc)

    127.0.0.1       hello-habr-wap.cloudapp.net

5) Change FQDN site names for Azure Pack management sites with PowerShell (as Administrator):

TenantSite:

    Import-Module -Name MgmtSvcConfig

    Set-MgmtSvcFqdn -Namespace "TenantSite" -FullyQualifiedDomainName "hello-habr-wap.cloudapp.net" -Port 30081 -Server "hello-habr-wap\SQLEXPRESS"

    Set-MgmtSvcFqdn -Namespace "AuthSite" -FullyQualifiedDomainName "hello-habr-wap.cloudapp.net" -Port 30071 -Server "hello-habr-wap\SQLEXPRESS"

    Set-MgmtSvcRelyingPartySettings -Target Tenant -MetadataEndpoint "https://hello-habr-wap.cloudapp.net:30071/FederationMetadata/2007-06/FederationMetadata.xml" -ConnectionString "Data Source=hello-habr-wap\SQLEXPRESS;User ID=sa;Password=HelloHabr2015" –DisableCertificateValidation

    Set-MgmtSvcIdentityProviderSettings -Target Membership -MetadataEndpoint "https://hello-habr-wap.cloudapp.net:30081/FederationMetadata/2007-06/FederationMetadata.xml" -ConnectionString "Data Source=hello-habr-wap\SQLEXPRESS;User ID=sa;Password=HelloHabr2015" –DisableCertificateValidation

AdminSite:

    Import-Module -Name MgmtSvcConfig

    Set-MgmtSvcFqdn -Namespace "AdminSite" -FullyQualifiedDomainName "hello-habr-wap.cloudapp.net" -Port 30091 -Server "hello-habr-wap\SQLEXPRESS"

    Set-MgmtSvcFqdn -Namespace "WindowsAuthSite" -FullyQualifiedDomainName "hello-habr-wap.cloudapp.net" -Port 30072 -Server "hello-habr-wap\SQLEXPRESS"

    Set-MgmtSvcRelyingPartySettings -Target Admin -MetadataEndpoint "https://hello-habr-wap.cloudapp.net:30072/FederationMetadata/2007-06/FederationMetadata.xml" -ConnectionString "Data Source=hello-habr-wap\SQLEXPRESS;User ID=sa;Password=HelloHabr2015" –DisableCertificateValidation

    Set-MgmtSvcIdentityProviderSettings -Target Windows -MetadataEndpoint "https://hello-habr-wap.cloudapp.net:30091/FederationMetadata/2007-06/FederationMetadata.xml" -ConnectionString "Data Source=hello-habr-wap\SQLEXPRESS;User ID=sa;Password=HelloHabr2015" –DisableCertificateValidation

6) Do other stuff:

• change bindings in IIS;

• select hello-habr-wap.cloudapp.net certificate for WAP Portals;

• check Require SSL on IIS;

Finally all works on 3 VMs:

1. DataBase

   https://hello-habr-db.cloudapp.net:1433 - MSSQL Server
   

2. Service Bus for Windows Server

   https://hello-habr-sb.cloudapp.net:10355 - HttpPort (ManagementPort)
   https://hello-habr-sb.cloudapp.net:10354 - TcpPort (RuntimePort)
   

3. Azure Pack for Windows Server

   https://hello-habr-wap.cloudapp.net:30081 - TenantSite
   https://hello-habr-wap.cloudapp.net:30091 - AdminSite
   

Hope this helps! If you have some mistakes - read my post (disclose sections spoilers):

http://habrahabr.ru/post/254059/

1. Configure VM with DataBase:

"Настройка виртуальной машины с базой данных"

2. Configure VM with Service Bus for Windows Server:

"Настройка виртуальной машины с Service Bus for Windows Server"

3. Configure VM with Azure Pack:

"Настройка виртуальной машины с Azure Pack"

4. Simple .NET (C#) client for Service Bus for Windows Server:

"Проверка работы Service Bus"