CSP Multi-Channel Model & Azure Subscriptions

A slightly less technical log post for today’s topic, however a vital one for anyone using/thinking of using an Azure CSP Subscription.

Firstly a quick explanation of the CSP (Cloud Solution Provider) program.

CSP is a program that partners can sign up to in order to sell Microsoft Cloud Services like Azure, Office 365, Microsoft 365, EM+S and other similar services to their customers directly; instead of customers having to purchase them directly from  Microsoft.

CSP has had a massive uptake over the last 3-5 years and pretty much every MSP (Managed Service Provider) has access to a CSP program, whether directly or indirectly, to sell Microsoft Cloud services to their customer.

The key fact around CSP is that the CSP partner you chose to purchase Office 365 or Azure subscriptions from etc… is responsible for billing the client and providing support for both billing and technical support. Meaning the CSP partner effectively becomes the single point of contact for the client for all things relating to the Microsoft Cloud.

Further information around CSP can be found here:

I’ll be blogging soon about things you should consider before choosing between CSP and other subscriptions types for Azure (EA/PAYG etc…). So watch out for that.

However this post focuses on a particular limitation of CSP Azure Subscriptions in a Multi-Channel Model approach that is commonly not known about and can be a road block to project flows if not known about.

What is the CSP Multi-Channel Model?

When CSP first launched it only allowed the provisioning CSP partner to add/remove/amend licenses and subcriptions for each customer. So if you had a scenario where the customer, “ACME Corporation”, purchased 10 X Office 365 E3 licenses from CSP Partner 1; Only CSP Partner 1 could sell them additional licenses or provision any other services available in the CSP program, like Azure etc…

This obviously locked customers like, “ACME Corporation”, into a relationship with CSP Partner 1 until the end of time. Both customers and other CSP partners didn’t like this as effectively people where just getting any customer to sign up for CSP for a tiny amount of services to lock them in for future consumption costs.

Microsoft then released the CSP Multi-Channel Model which allowed another partner, say CSP Partner 2 in our above scenario, to start a CSP relationship with “ACME Corporation” which would allow them to purchase CSP services from both CSP partners at the same time; even for the same license SKU types.

For example “ACME Corporation” could have 10 x Office 365 E3 licenses from CSP Partner 1 & then start another relationship with CSP Partner 2 and purchase and additional 5 x Office 365 E3 licenses from them also. In this scenario each partner bills “ACME Corporation” for 10 x Office 365 E3 licenses separately and everyone is happy.

Also an important note is that when another relationship is established with another CSP partner they cannot amend and services/licenses provided by another other CSP partner to the same customer; very handy indeed!

So why doesn’t this work in the same way for Azure subscriptions?

Unfortunately for Azure subscriptions the CSP Multi-Channel model doesn’t allow 2 CSP partners to each provide Azure subscriptions to a customer.

So in our example scenario above, “ACME Corporation” could be provided Office 365 licenses from both CSP partners at the same time but only 1 CSP partner could provide an Azure subscription at any one time.

This can be quite a road blocker when not known about! It is certainly 1 thing I have had to stop from occurring multiple times in the last year or so and it’s becoming ever more popular as more customer take services from CSP partners.

There is a note on the following Microsoft Docs page for adding existing Azure customers in CSP that is often not missed and not read and understood in full.

The note is shown below:

Is there a way around this?

There is but its not simple and takes considerable thought and consideration before starting the process.

The only way around this is to transfer the Azure services between CSP partners. This does mean the source partner will lost all billing and revenue from the Azure subscription once the transfer process is complete. However if they are providing Office 365 or any other license model based services via CSP these are not transferred during the Azure transfer process. These are in-fact very easy to switch CSP Partner 2 provisions all the same quantities and licenses for each SKU in use by the customer then CSP Partner 1 cancels all those licenses fort the customer and then each users licenses automatically flips over the the licenses provided by CSP Partner 2.

The Azure transfer process is documented fully by Microsoft here:

The process requires involvement from both CSP partners, the customer and Microsoft support to complete the process in full. So a good relationship with all parties involved is vital to ensure a smooth transfer process!


I hope this helps customers and other CSP Partners out there as this is certainly going to become more of a day to day occurrence as more customers utilise CSP partners for Azure subscriptions.

Look out for more CSP related articles soon!

Azure Geos, Regions, Pairs, Availability Zones & Availability Sets Relationship

A common topic I find myself explaining to customers and colleagues who haven’t worked with Azure, or any public cloud platform for that matter, is the relationship between the following Azure components:

  • Geographies
  • Regions
  • Region Pairs
  • Availability Zones
  • Availability Sets

This is quite hard to visualize when trying to explain verbally and I have drawn the same diagram on whiteboards a thousand times and it seems to make that “light bulb moment” occur to who I’m presenting too .

So I finally decided to create them in Lucidchart and share them with you all!

(On a side not if you aren’t using Lucidchart already, seriously give it a go, it’s made my diagramming a lot fast and less stressful when trying to draw connection lines in Visio)

The Diagrams

The  above diagram depicts that Availability Sets live withing Availability Zone and they live within Regions and they finally reside within a Geography.

The  above diagram depicts the same as the previous diagram but shows the concept of Region Pairs.

Some Important Info…

Availability Zones

At the time of writing this, Availability Zones aren’t available in all Regions; however they have just been announced in UK South!

Check if the latest supported Regions here.

Also not all resources support Availability Zones, again check the latest supported list here.

Region Pairs

You cannot chose which region is paired with the region you chose to use, this is decided by Microsoft at the time when they build a new Region. As this is to support Geo Replicated Services (GRS) etc…

Brazil South doesn’t have another Region within the same Geography, so it is paired with South Central US. But South Central US isn’t paired back with Brazil South.

Again the latest information on Regions and where they are paired to can be found here.


Hopefully this will help you all and feel free to use the diagrams on the page (they have a transparent background, you’re welcome).

Until next time!

Finding The License Key For SQL Server Reporting Services

A very common question I seem to get from customers, colleagues & friends in the Azure community is “Where do I find the product key for SQL Server Reporting Services, if I’m using PAYG licensing from Azure?”.

And if I’m honest this is a very good question, as you never get shown the product key in the Azure portal when deploying and there is no command you can run via PowerShell or AZ CLI to get the key.

However finding the key is actually very easy and isn’t just applicable to Azure, so you can use option 1 below on any SQL server to find the product key.

I’ll assume you know how to download and install the latest version of SSRS. But here is a handy link to the download page if not. Download SSRS 2017.

So lets get into the 2 methods you can use to find the product key on an Azure IaaS SQL VM deployed using a marketplace image on the PAYG licensing model.

Option 1 – Using The SQL Server Setup Wizard

  1. Connect to and login to your newly deployed SQL IaaS VM via RDP
  2. Open Windows Explorer and navigate to the following path: ‘C:\SQLServerFull\’
  3. Locate ‘Setup.exe’ and double click on it to launch the setup wizard
  4. Select the ‘Maintenance’ pane from the left hand side menu and then click on ‘Edition Upgrade’
  5. The ‘Edition Upgrade’ wizard will launch after a few moments and will display a product key

This is the product key that you require and has been used to install/license the SQL Database Engine that is running on this VM. Copy this key to a notepad file and then cancel all of the wizards and close the setup launcher.

Then launch your SSRS installation wizard and use the key you have copied to a notepad file.

Option 2 – Extract Key From DeafultSetup.ini

  1. Connect to and login to your newly deployed SQL IaaS VM via RDP
  2. Open Windows Explorer and navigate to the following path: ‘C:\SQLServerFull\x64’
  3. Locate a file called ‘DefaultSetup.ini’ it may just be shown as ‘DefaultSetup’ if you don’t have file extensions shown. Double click on this file and open it with Notepad.
  4. Notepad will then display the contents of the .ini file and within this the product key is shown next to “PID=”

Again this is the product key that you require and has been used to install/license the SQL Database Engine that is running on this VM. Copy this key to a notepad file and then close the ‘DefaultSetup.ini’ file without making any changes to it and saving them.

Then launch your SSRS installation wizard and use the key you have copied to a new notepad file.


Hopefully this article will help you all out at some point in the future. It’s a curve ball that’s come my way a few times and took me a bit of research to find the above methods.

Until next time!

Passing The Azure AZ-302 Exam

Firstly apologies for the radio silence on my blog, it’s been a hectic couple of months for me as I’m getting married in April; time free at the weekends is very sparse at the moment. But fear not I have a list of items to blog about and a new method to attack writing them faster, so watch this space.

Anyway on with the topic for today’s blog!

So nearly a month ago now I passed the Azure AZ-302 exam to complete the requirement for the Azure Certified Solutions Architect Expert badge.

Now it was my 2nd attempt that I passed on, but failing exams is not something to be ashamed of at all. Putting yourself up against a test is a sign of courage and confidence in my eyes. We can only learn from failure; so that’s a massive positive in my eyes! It took me a while to realise this in my career after failing a CCNP exam by 3 points years ago!

Before I continue I feel it is important to reiterate a couple of points that I made in my post about passing the 70-535.

You can only take the AZ-302 if you have passed the 70-535 exam. Also the transition exam, AZ-302, is only available to take until the 30th June 2019 before it is retired!

Preparation – What To Study

As I have said in my previous post, you must first understand what the exam is going to be testing you on before you can decide your plan of attack for studying the exam objectives.

As always Microsoft has published the exam objectives and breakdown on the AZ-302 web page.

However please note that a change document was posted on the web page that changes some of the exam objectives and section percentages; it’s located just above the exam objectives as a note.

One thing I feel is important to say about the stated exam objectives for the AZ-302 is that they look at first glance to be quite a wide range of topics and it can feel overwhelming.

From taking the exam twice I honestly feel that the exam objectives aren’t very accurate at all. So much so that I actually filled out parts of the feedback at the end of my 2nd exam.

So my advice would be to review the objectives on the web page and in the change document and make notes of things you need to revise more heavily than others. But then take the following tips from my experiences:

  • You don’t need to know how to be a full on developer for this exam. An understanding of programming languages and being able to read them at a high level will suffice.
    • It’s more important to understand what service is best for each use case for different development functions (i.e. Azure Functions/Azure Web Jobs etc…)
  • Know your SLAs for different services and features (Availability Sets 99.95% vs Availability Zones 99.99% etc…)
  • Invest more time on Azure Site Recovery & the different Azure Backup products/features
  • Be prepared to be quizzed on some preview features, so don’t disregard those sections of the Azure Docs

Preparation – Revision Tools & Resources

I find videos are easier to watch on the train when travelling into London and back home as I can’t always get my laptop out to make notes; getting a seat is generally a challenge!

So with that in mind I started off with the Scott Duffy AZ-302 course on Udemy.

This course is very high level and doesn’t have a lot of walkthroughs/labs/demos so it’s certainly not going to be enough for you to pass the exam. But it’s quite good for the theory side of things around determining requirements and when to use a pilot instead of a POC.

Then I normally like to read a book to reinforce the videos but as this exam is only a transition exam there isn’t one available and I can’t really see anyone thinking about making one as it’s such a niche gap in the market.

So instead I headed to the Azure Docs! Especially from my last experience with the 70-535, these really are awesome for all aspects of learning Azure. From how to’s to overviews, they cover it all and are super up-to-date thanks to them being open the community to recommend updates via the github repo where the content is hosted.

I also make sure I check the Azure Blog daily at least twice. Once when I get up and again before I call it a day. This helps to keep on top of new feature releases etc…

I cannot stress enough of also using the Azure portal itself daily and just getting comfortable with it and it’s behaviour. Also any hands on time with AZ CLI would be a very handy.

Finally I checked all of the following great blogs from some people in the community to make sure I had covered all the correct objectives and pick up any tips they have given in their posts:

Preparation – Method

My method to revise for this exam was very similar to how I approached the 70-535 apart from I spent much more time actually deploying and configuring things in the Azure portal and with AZ CLI.

A high level overview of my approach per objective/topic is below:

  • Watch any videos available for the objective/topic
  • Deploy it and configure it if possible and understand how it really works in Azure
  • Read at least the overview page on the Azure Docs website for the objective/topic but also try to follow some of the how to’s through
  • Make notes along the way of key facts like SLAs, tiers & pricing etc…

The Exam

The exam itself was a new one on me for Microsoft exams with the introduction of hands-on labs!

Yes that’s right, actual labs where you have to perform tasks in the Azure portal and using AZ CLI/PowerShell. I had 2 labs that contained about 10 tasks each! And being perfectly honest, I really enjoyed them as i use the portal daily testing features & services out so it didn’t phase me.

I can only assume that these are marked by Microsoft reviewing the JSON of the subscription you are given access to to perform the tasks on and they look for the specific values you have been asked to configure/change. Very cool!

There was also the normal multiple choice questions along with a couple of case studies with 5 questions or so each in them.

A top tip of mine would be to make sure you don’t waste all your time in the labs as my case study questions appeared after I completed the labs; just when I was starting to put my feet up!


All in all I really enjoyed the exam; enough to take it twice in fact!

The introduction of labs was odd for an architecture exam but I’m a big believer of being able to actually configure/deploy something before suggesting it in a HLD as how can you know it really the works they way it says it does!

Hopefully the above gives you an insight to my experiences for this exam and helps you pass it before the retirement date in June.

Until next time… Like, Comment & Share!

AD DS DC’s In Azure

This week I received a couple of queries from clients around Active Directory in Azure and more specifically how they should handle/manage their Domain Controller IaaS VMs in Azure.

Now I have seen hundreds of IaaS VMs in Azure as Domain Controllers, it’s something that goes into the majority of my designs for clients today; it’s like a natural reaction/muscle memory for me.

However, these questions from my client made me take a step back and take a deep dive into Active Directory again, something I haven’t done in a few years, and review the recommendations and best practices for running DCs in Azure.

The Questions…

There were only 2 questions that got me thinking about this topic, they were:

  1. Should we place the Active Directory installation (database, logs & SYSVOL) on a separate data disk with caching disabled?
  2. Can we shut down the DC IaaS VM from the portal using the stop button as we do for other IaaS VMs?

The Answers…

So some of you may be thinking that these questions are pretty simple to answer and to some extent you are correct. However taking the time to check and investigate the answers to these questions and application specific best practices from time to time is never a bad idea.

Below I’ll answer each question and break it down as to what you should/shouldn’t do.

Question 1 – Separate Data disk For AD Data WITH No Caching

Now this topic isn’t actually specifically related to Azure only, it actually applies to any virtualisation platform (vSphere, Hyper-V, Xen Server, AWS EC2, etc…).

In short the answer is yes, store the AD data on a separate data disk and disable read and write caching.

The why is actually more to do with the caching element of the question. The theory being that if write caching is enabled at the hypervisor level for the data disk (or any disk where AD data is stored for that matter) there is a chance that if the VM is powered off abruptly for any reason, some changes are still waiting to be written/committed to the disk and therefore this can lead to issues like USN rollbacks.

So I would add an additional data disk to your Azure IaaS DC VMs when building them to place the AD install upon.

Create Managed Disk

Attach Disk To VM & Disable Caching

If you have already deployed your DCs and promoted them etc… I would suggest building new ones in Azure with the additional data disk and just following the process to promote/demote DCs. You can migrate the database etc… manually but, why I add the risk when it’s so easy to just build new and promote/demote.

Question 2 – SHutting down DC IaaS VM Via Portal stop button

So this one is a little more interesting and again isn’t exclusively related to Azure and applies to any virtualised DC depending on the hypervisor platform it runs upon.

However keeping this strictly Azure focused, Microsoft advise explicitly on the docs website that you should NOT shut down IaaS DCs via the portal. You can check that Microsoft page here.

Shutting down the VM via the portal causes a chain of events to occur when that VM is eventually powered back on.

The first thing that happens is the VM-Generation ID is reset/changed. The VM-Generation ID is stored as an attribute of the DCs computer object within the AD database called msDS-GenerationID upon promotion.

When a DC is started up and AD is starting up, it checks the VM-Generation ID against the msDS-GenerationID that it has stored in it’s database against the DCs computer object. If that value is not the same, the DC resets the Invocation ID and discards its RID pool; adding to the chain reaction!

Thankfully since Windows Server 2012 the VM-Generation ID is supported and stored as an attribute as explained above. So now AD knows exactly what to do when the VM-Generation ID changes to prevent a USN rollback and/or give out duplicate SIDs etc… Clearly none of us want these things to happen, so lets all take a moment and thank Microsoft for this feature since Windows Server 2012.

Anyway, now that AD has detected the VM-Generation ID and reset the Invocation ID it will clear the DCs RID pool and update the msDS-GenerationID on the DCs computer object with the new  VM-Generation ID. It will also perform a non-authoritative restore on the affected DC to replicate the SYSVOL and other information from another DC within the domain.

This all happens automatically to ensure that the integrity of the domain stays in tact and no duplicate SIDs are given out and also to keep the replication topology in tact.

Regardless that this all happens automatically, it’s still not a healthy thing to be happening to a DC and it is certainly something that can be avoided

So to avoid it all that you need to do is shut down the DC IaaS VM via the guest OS instead of clicking stop in the Azure portal. That’s honestly it. However you can sleep easily knowing that if your DC is at least Windows Server 2012 it will protect you if the VM gets shut down abruptly!

One thing to be aware of when shutting any VM down via the guest OS instead of stopping it via the Azure portal is that the VM will not enter the deallocated state once its shut down. It will just show a status of stopped. This will mean that you will still be charged for the VM compute costs etc… as if the VM was still powered on.

Although this does mean that the VM-Generation ID will not change when you start the VM back on!

Another point to consider is that your VM is unlikely to be turned off abruptly and even so you should be deploying at least 2 DCs in an Availability Set using managed disk to give your AD services the best SLA possible from Azure.


Again there is a lot of information to take in here. But I feel it’s a vital topic to cover as nearly every deployment will have a IaaS DC in it somewhere. Also to be prepared for the questions above from a client, your boss or an AD specialist is always best, rather than having to research the answer when asked.

Any questions on this topic please leave a comment or drop me a tweet and I’ll happily get back to you.

© 2019 Jack Tracey

Theme by Anders NorénUp ↑