So I have been working on a GCP project for a big customer where I live, and part of the work involved migrating instances from their other cloud platform to GCP. The migration that I was doing supposed to be simple. We call it life and shift.
The concept is we take the instance as it is with all of its data and configuration and replicate it to GCP. This is a simple process.. Or that’s how we all though!
We used CloudEndure for this work and the whole process was easy and straight forward. Once the machines were ready for testing I started them up and asked the customer to login to them and test and confirm if things are good.
The customer called and said they cannot access the machines and there is an issue with the authentication and AD settings… I should mention that we already built an AD on GCP, and there is a VPN tunnel setup between the GCP tenant and the customer main on-premise datacenter where there is a primary AD server there.
The servers were not wanting to authenticate! I found out that the DNS settings of the servers are incorrect and the IP is pointing to another server that has no connectivity at all to GCP! So I got into a situation where I either ask our customer to make a local admin account on each servers, then wait for that to be replicated, re-launch instances, and login with that local admin and fix the DNS settings. Or I actually do provision the local admin form the GCP console… Except I did not want to do things I am not in control of.
Did some more digging and had a thought about using a startup script.
An unseen feature and idea
Luckily, the servers we are working with are all 2012 R2 or 2016, so Powershell is the best way to go!
So I figured out I use a start up script on the instances to provision the correct DNS IP to the servers, and having them all accessible without doing a lot of crazy work…
I went to the GCP console, then to the instances and edited them. In the “Custom metadata” section I added one metadata as follows:
- Key: windows-startup-script-ps1
- Value: Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses “x.x.x.x”,”x.x.x.x”
Once I added that script, I reset the instance, tried to login, and I was in!
That above script was all I needed to get inside the machines!
- Providing startup script contents directly – https://cloud.google.com/compute/docs/startupscript#providing_startup_script_contents_directly
- Providing a startup script for Windows instances – https://cloud.google.com/compute/docs/startupscript#providing_a_startup_script_for_windows_instances
- Applying a startup script to running instances – https://cloud.google.com/compute/docs/startupscript#startupscriptrunninginstances
- Weekend Scripter: Modify DNS Settings via Windows PowerShell – https://blogs.technet.microsoft.com/heyscriptingguy/2014/01/26/weekend-scripter-modify-dns-settings-via-windows-powershell/
Checkout my other blog posts here.
Check out my channel on Youtube and subscribe :-):
Disclaimer: Google Cloud Platform and its logo is a trade mark owned by its owners which I am not. I only used GCP logo for demonstration purposes and no copyrights infringement meant