Saturday, December 30, 2017

VPN connectivity to SharePoint server farm in Azure using OpenVPN

Recently I wanted to have a VPN connectivity to one of my SharePoint server farms hosted in Microsoft Azure. Although Microsoft Azure provides VPN gateway options, they were not suitable to this scenario.

Following are the steps I used to configure OpenVPN server

1. Provision Ubuntu VM


2. Configure DNS name for the public IP

  • Select VM
  • Click on Public IP Address
  • Assign DNS address


3. Configure Inbound Security Rule

  • Allow UDP 1194


4. Connect to VM using PuTTY, update and upgrade

  • sudo su
  • apt-get update
  • apt-get upgrade

5. Install OpenVPN

  • Run following configuration script. You can get more information from this location
  • wget -O && sudo bash ./

6.  Configure OpenVPN

  • IP : Provide default local IP address
  • Protocol : UDP
  • Port : 1194
  • DNS : Current system resolver
  • Specify external IP if the server is behind NAT : the DNS address we have assigned to our public IP (in step 2)

7. Download the  client.ovpn file using FileZilla


8. Download and configure VPN client (Windows)


9. Place the downloaded ovpn configuration in “C:\Program Files\OpenVPN\config” directory


10. Connect using OpenVPN GUI




Now I’m able to create a VPN connection to my SharePoint environment hosted in Azure. I can  access the environment using different platforms (Linux PC, Mobile devices, etc ..) by connecting via respective OpenVPN clients

Wednesday, November 1, 2017

Collab365 Conference 2017 : Join my session on Single Page Applications with SharePoint

Have you heard about the virtual Collab365 Global Conference 2017 that’s streaming online November 1st – 2nd?

Join me and 120 other speakers from around the world who will be bringing you the very latest content around SharePoint, Office 365, Flow, PowerApps, Azure, OneDrive for Business and of course the increasingly popular Microsoft Teams. The event is produced by the Collab365 Community and is entirely free to attend.

Places are limited to 5000 so be quick and register now.


During the conference I'd love you to watch my session which is called : 'Rich single page applications with SharePoint'

There are lots of ways to develop applications on top of SharePoint. You can build full trust farm solutions, SharePoint add-ins or SharePoint framework based apps. But can we do customizations without limiting to any of these frameworks? In this session, I will explain how to build and package Single Page Applications (SPA) on top of SharePoint and embrace client-side technologies. Furthermore, I will explain how to involve continuous integration and unit testing whenever possible​

If you join me, you will learn:

  • Single Page Applications (SPA) concepts
  • AngularJS, SharePoint REST API
  • Packaging
  • Further improvements


  • SharePoint

Audience :

  • Developer

Time (in UTC) :

  • Thursday, November 2 2017 2:00 PM ( 7.30PM IST)

How to attend :

  1. Register here.
  2. At the time listed above go here to watch my session. (you can also add me to your own personal planner from the agenda.
  3. Be ready to take notes!

Wednesday, August 16, 2017

Collab365 conference : “Rich single page applications with SharePoint”

It feels great to be selected yet another time to speak at Collab365 conference. This time I will be talking about how to build single page applications with SharePoint.

There are lots of ways to develop applications on top of SharePoint. You can build full trust farm solutions, SharePoint add-ins or SharePoint framework based apps. But can we do customizations without limiting to any of these frameworks?

In this session I will explain how to build and package Single Page Applications (SPA) on top of SharePoint and embrace client side technologies


Following are some links for the event

Friday, July 28, 2017

Create IKEV1/V2 site-to-site VPN between Microsoft Azure and external networks using a StrongSwan VM

Microsoft Azure is a great place to host our IaaS workloads. We can create a complete setup using Azure IaaS features including but not limited to Virtual Machines, Virtual Networks, Gateways, etc..

It’s often a requirement to connect external networks to our Azure virtual network. Azure itself provides a great feature called Virtual Network Gateway which can be utilized to build Site-to-Site VPN connectivity with external network.

However, Azure Virtual Network Gateways still have some compatibility issues and other limitations. Some issues are as below

  • Some routes are still not supported.
  • We can use either IKEV1 or IKEV2 for a subnet but not both (either policy based or route based. but not both).

We don’t know, by the time you read this article, those issues may have fixed.

In my Azure environment, I have a SharePoint 2013 farm. I need to allow users from the external network to use my SharePoint farm by creating a trust between two environment. In order to perform that task I need a reliable Site-to-Site connection.

In this article I’ll show a reliable mechanism to create Site-to-Site VPN using a Ubuntu Linux VM and StrongSwan.


Following are the steps to be done at Azure environment


  • Create Ubuntu 14.04 VM in Microsoft Azure environment
  • Public IP is available
  • IP can be forwarded
  • UDP ports 500 and 4500 is open


  • Create Ubuntu VM and connect to it using SSH client like PuTTy


  • Login as Root

sudo su
sudo apt-get update

  • Install OpenSSH server

sudo apt-get install openssh-server

  • Enable IP forwarding
echo "1" | sudo tee /proc/sys/net/ipv4/ip_forward
  • Navigate to /etc/iptables.rules and add following section


  • Install StrongSwan and Update
sudo apt-get install strongswan
sudo apt-get upgrade strongswan
  • Navigate to /etc/ipsec.secrets and add following line. We will create the connection using Pre Shared Key (PSK) to create the VPN. We should create a matching entry in our client VPN device too.
Z.Z.Z.Z Y.Y.Y.Y : PSK "Password"
  • Add configurations for each Subnet as below. In this sample I have shown how to build a IKEV1 connection.

conn Client1

Building IKEV2 connection is also similar.

  • Create a user defined route in Azure




  • Start the VPN
    • ipsec update
    • ipsec secrets
    • ipsec restart

Following are the steps to be performed at client router

  • Create VPN Policy


  • Create VPN Connection


After completing above steps I’m able to establish a connection between my Azure environment and client network.

By using StrongSwan I can create multiple IKEV1 and IKEV2 connections to my Azure network seamlessly

Wednesday, May 10, 2017

Presentation - Build real-time applications using SharePoint, Azure Service Bus and SignalR

I did a session on real-time applications with SignalR and Azure service bus for SharePoint Saturday Colombo 2017. I explained the concept and different technologies we can employ to build rich and real-time applications. Later I explained the approach to host such applications within SharePoint.

I will do a separate blog post explaining the steps required to a host real-time web application within SharePoint.


Following is the presentation I did

We had a room full of active participants Smile. It was nice to see some familiar faces after a long time.
DSC_0019   DSC_0059
We had a productive panel discussion as well.

Wednesday, April 12, 2017

Resolve SQL Server error “Cannot generate SSPI context” in a Kerberos environment

Recently I came across following error when I tried to create an ODBC connection to one of my SQL Servers using TCP/IP.


The SQL server belongs to a SharePoint farm which is configured with Kerberos authentication. The same SQL server was initially configured with local system account and later reconfigured with a domain account (e.g trs\SQL_Admin).

Logs showed that there is an issue with SPN records

Following are the steps I followed to resolve the issue

  • Check existing SPN records for the service account

setspn –l trs\sql_admin

It lists all SPN records registered. However it did not contain an entry for


  • Add missing SPN record using following command

setspn -a mssqlsvc/TRS-AUS1-AS-01.trs.local:1433 trs\sql_admin

Unfortunately I received an error saying that there is a duplicate record. Let’s investigate that

  • Execute following command to find out any SPN records for that particular server

setspn -l TRS-AUS1-AS-01

It had a record with same signature. May be it was created for my local service account when SQL server was initially configured


  • We need to remove those SPN entries. To remove them use following commands

SetSpn -d MSSQLSvc/TRS-AUS1-AS-01.TRS.local:1433 TRS-AUS1-AS-01
SetSpn -d MSSQLSvc/TRS-AUS1-AS-01.TRS.local TRS-AUS1-AS-01

  • Then we need to add new SPN entries with our service account

setspn -a mssqlsvc/TRS-AUS1-AS-01:1433 trs\sql_admin
setspn -a mssqlsvc/TRS-AUS1-AS-01.trs.local:1433 trs\sql_admin

  • You can verify the delegation through Active Directory Users and Computers


That’s all we have to do. Now I can create an ODBC connection using TCP/IP

Monday, March 20, 2017

Presentation - A deep dive on SharePoint Authentication

We discussed about different authentication options in SharePoint at SharePoint Sri Lanka forum on 8th of March 2016.


Following is the presentation I did