Creating an Azure Persistent VM for an Isolated SharePoint Farm

The first step in being able to create a persistent VM in Azure is to get your account upgraded to take advantage of these features, which are all in preview. Once the features are enabled you can follow this process to get the various components configured to support running an isolated SharePoint farm. 

In this case, by “isolated farm” I mean one in which there are two virtual images. In my scenario one image is running Active Directory, DNS and ADFS. The other image is running SharePoint 2010 and SQL 2012. The second image is joined to the forest running on the first image. The IP address used by the domain controller (SRDC) is; the IP address for the SharePoint server (SRSP) is and

IMPORTANT: Make sure you enable Remote Desktop on your images before uploading them to Azure (it is disabled by default). Without it, you will find it very difficult to manage your farm, specifically things like Active Directory and ADFS.

  1. Create a new Virtual Network. Since I’m talking about an isolated farm here, that implies that I do not want to connect or integrate with my corporate identity or name services (like AD and DNS). Instead I’m going to configure a new virtual network for my small farm. Here are the sub steps for creating a virtual network for this scenario:
    1. Click New…Network…Custom Create.
    2. Type in a Name for the network, then from the Affinity Group drop down select Create a new affinity group. Select either West US or East US as the region and type a name for the affinity group. In this example I use the name SamlAffinity for the affinity group and SamlNetwork for the network name. Click the Next button.
    3. Enter the address space in CIDR format for the IP address you want to use then click the Next button. Now your first question may be what is CIDR format? That’s beyond the scope of this, but suffice to say that you can figure out CIDR format by going to a web site that will calculate it for you, like In this case I wanted to use the entire subnet, so I entered Note that you can optionally also create different subnets of use within your virtual network, but it is not needed for this scenario so I did not do it. Click the Next button.
    4. For this particular scenario you can skip selecting a DNS server because we’ll configure it on the servers themselves once they’re up and running. Click the Finish button to complete this task and create the virtual network.
  2. Create a new storage account to store your virtual machines. This step is fairly straightforward – in the new management portal click on New…Storage…Quick Create. Give it a unique name and click on the Region/Affinity Group drop down. Select the affinity group you created in the previous step, then click the Create Storage Account button. For this example, I’ve called my new storage account samlvms.
  3. Upload your images that you will be using. In this case I have two images – SRDC and SRSP – that need to push up to the storage account I created earlier – samlvms. Uploading the image can be done with the csupload tool that is part of the Windows Azure 1.7 SDK, which you can get from The documentation for using csupload can be found at Detailed instructions on creating and uploading a VHD image using this new command can also be found at A few other notes:
  1. UPDATE: I added instructions for how to create the certificate used with the csupload tool. You can find it at
  2. In this case I’m using images that already are ready to go – they are not sysprepped, they have a domain controller or SharePoint and SQL installed and just need to be started up. You can use that as the basis for a new virtual machine but you need to use the Add-Disk command instead of the Add-PersistedVMImage command. Use the latter if you have a sysprepped image upon which you want to base new images.
  3. Figuring out your management certificate thumbprint when you create the connection can be somewhat mystical. The detailed instructions above include information on how to get this. In addition, if you have already been publishing applications with Visual Studio then you can use the same certificate it does. You have to go into Visual Studio, select Publish, then in the account drop down click on the Manage… link. From there you can get the certificate that’s used. If you are trying to use csupload on a different machine then you’ll also need to copy it (including the private key) and then move it to where ever you are using csupload. Once you copy it over you need to add it to your personal certificate store; otherwise csupload will complain that it is unable to find a matching thumbprint or certificate.
  4. Here’s an example of the commands I used:
  1. csupload Set-Connection "SubscriptionID=mySubscriptionID;CertificateThumbprint=myThumbprintDetails;ServiceManagementEndpoint="
  2. csupload Add-Disk -Destination "" -Label "SAML SharePoint" -LiteralPath "C:\srsp.vhd" -OS Windows -Overwrite
  3. csupload Add-Disk -Destination " /srdc.vhd" -Label "SAML DC" -LiteralPath "C:\ srdc.vhd" -OS Windows -Overwrite
  • Once the images are uploaded, you can create new virtual machines based on them.
  • Click on the New…Virtual Machine…From Gallery.
  • Click on My Disks on the left, and then select the image you want to create from your image library on the right, then click the Next button.
  • Type a machine name and select a machine size, then click the Next button.
  1. Select standalone virtual machine (unless you are connecting to an existing one) and enter an available DNS name, select your region and subscription, then click the Next button
  2. Either use no availability set, select an existing one, or create a new one; when finished, click the Finish button to complete the wizard.

Your images may go through multiple states, including “Stopped”, before it finally enters the running state. Once it starts running, you need to give it a couple minutes or so to boot up, and then you can select it in the Azure portal and click the Connect button on the bottom of the page. That creates and downloads and RDP connection that you can use to connect to your image and work with it.

It’s also important to note that your network settings are not preserved. What I mean by that is my images were using static IP addresses, but after restarting the images in Azure they were using DHCP and getting local addresses, so the images require some reconfiguration to work.

Networking Changes

The networking configuration is changed for the images once they are started in Azure. Azure persistent VMs use DHCP, but the leases last indefinitely so it acts very similar to fixed IP addresses. One of the big limits though is that you can only have one IP address per machine, so that means the second lab for the SAML Ramp will not be feasible.

To begin with though you need to correct DNS and the domain controller, so RDP into the domain controller first (SRDC in my scenario). Restart the Net Logon service, either through the Services applet or in a command prompt by typing net stop netlogon followed by net start netlogon. This will reset your new DHCP address as one of the host addresses for the domain. Next you need to delete the old host address for the domain, which for me was Open up DNS Manager and then double-click on the Forward Lookup Zone for your domain. Find the host (A) record with the old address, in my case, (it will also say “(same as parent folder)” in the Name column) and delete it. 

Next you need to change the DNS server for your network adapter to point to the DHCP address that was assigned to the image. Open a command prompt and type ipconfig and press Enter. The IPv4 Address that is shown is what needs to be used as the DNS server address. To change it, right click on the network icon in the taskbar and select Open Network and Sharing Center. Click on the change adapter settings link. Right-click on the adapter and choose Properties.

When the Properties dialog opens, uncheck the box next to Internet Protocol Version 6. Click on Internet Protocol Version 4 but DO NOT uncheck the box, then click on the Properties button. In the DNS section click on the radio button that says Use the following DNS server addresses and for the Preferred DNS server enter the DHCP address for the SRDC server that you retrieved using ipconfig. Click the OK button to close the Internet Protocol Version 4 Properties dialog, then click the OK button again to close the network adapter Properties dialog. You can now close the Network Connections window.

Now if you open a command prompt and type ping your Active Directory forest name it should resolve the name and respond with a ping; on my image it responded with address

On the SharePoint server you just need to change the Primary DNS server IP address to the IP address of the domain controller, which in this example was After doing so you should be able to ping your domain controller name and Active Directory forest name. Once this is working you need to get the new IP address that’s been assigned to the SharePoint server and update DNS on the domain controller if you used any static host names for your SharePoint sites. One limitation that could NOT be addressed in this scenario is the fact that my SharePoint server used multiple IP addresses; persistent images in Azure currently only support a single IP address.