From d0b0c42dc95d12393bc9b4096b29d7e29187919a Mon Sep 17 00:00:00 2001 From: Andreas Schwarz Date: Fri, 6 Mar 2026 12:31:51 +0100 Subject: [PATCH 1/3] Add logging for invocation line and bound parameters --- .../resources/artifacts/Bootstrap.ps1 | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/03-Azure/01-03-Infrastructure/06_Migration_Secure_AI_Ready/resources/artifacts/Bootstrap.ps1 b/03-Azure/01-03-Infrastructure/06_Migration_Secure_AI_Ready/resources/artifacts/Bootstrap.ps1 index 9d87c4410..254b29fad 100644 --- a/03-Azure/01-03-Infrastructure/06_Migration_Secure_AI_Ready/resources/artifacts/Bootstrap.ps1 +++ b/03-Azure/01-03-Infrastructure/06_Migration_Secure_AI_Ready/resources/artifacts/Bootstrap.ps1 @@ -88,6 +88,14 @@ New-Item -Path $Env:MHBoxDemoPageDir -ItemType directory -Force Start-Transcript -Path $Env:MHBoxLogsDir\Bootstrap.log +Write-Host "Invocation line:" +Write-Host $MyInvocation.Line + +Write-Host "Bound parameters:" +$PSBoundParameters.GetEnumerator() | Sort-Object Name | ForEach-Object { + Write-Host "$($_.Key) = $($_.Value)" +} + # Set SyncForegroundPolicy to 1 to ensure that the scheduled task runs after the client VM joins the domain Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" "SyncForegroundPolicy" 1 @@ -359,4 +367,4 @@ if ($flavor -eq "ITPro") { # Restart computer -Restart-Computer \ No newline at end of file +Restart-Computer From 7766fbfd75d2d2619b635c11cc431052007e254e Mon Sep 17 00:00:00 2001 From: Andreas Schwarz Date: Fri, 6 Mar 2026 14:27:27 +0100 Subject: [PATCH 2/3] Refactor Azure Bootstrap script for improved clarity --- .../resources/artifacts/Bootstrap.ps1 | 35 ++++++++++++------- 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/03-Azure/01-03-Infrastructure/06_Migration_Secure_AI_Ready/resources/artifacts/Bootstrap.ps1 b/03-Azure/01-03-Infrastructure/06_Migration_Secure_AI_Ready/resources/artifacts/Bootstrap.ps1 index 254b29fad..445851534 100644 --- a/03-Azure/01-03-Infrastructure/06_Migration_Secure_AI_Ready/resources/artifacts/Bootstrap.ps1 +++ b/03-Azure/01-03-Infrastructure/06_Migration_Secure_AI_Ready/resources/artifacts/Bootstrap.ps1 @@ -96,6 +96,20 @@ $PSBoundParameters.GetEnumerator() | Sort-Object Name | ForEach-Object { Write-Host "$($_.Key) = $($_.Value)" } +# Early Az init - before any module install/update in this session +$ErrorActionPreference = 'Stop' + +Disable-AzContextAutosave -Scope Process | Out-Null + +Import-Module Az.Accounts -Force +Import-Module Az.Resources -Force +Import-Module Az.KeyVault -Force + +Connect-AzAccount -Identity -Tenant $tenantId -Subscription $subscriptionId | Out-Null +Set-AzContext -Subscription $subscriptionId | Out-Null + +Write-Host "Az context initialized successfully" + # Set SyncForegroundPolicy to 1 to ensure that the scheduled task runs after the client VM joins the domain Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" "SyncForegroundPolicy" 1 @@ -118,8 +132,6 @@ foreach ($module in $modules) { } # Add Key Vault Secrets -Connect-AzAccount -Identity - $DeploymentProgressString = "Started bootstrap-script..." $tags = Get-AzResourceGroup -Name $resourceGroup | Select-Object -ExpandProperty Tags @@ -344,10 +356,10 @@ if ($flavor -eq "ITPro") { Register-ScheduledTask -TaskName "MHServersLogonScript" -User $adminUsername -Action $Action -RunLevel "Highest" -Force } - # Disabling Windows Server Manager Scheduled Task - Get-ScheduledTask -TaskName ServerManager | Disable-ScheduledTask +# Disabling Windows Server Manager Scheduled Task +Get-ScheduledTask -TaskName ServerManager | Disable-ScheduledTask - if ($flavor -eq "ITPro") { +if ($flavor -eq "ITPro") { Write-Header "Installing Hyper-V" @@ -357,14 +369,13 @@ if ($flavor -eq "ITPro") { Enable-WindowsOptionalFeature -Online -FeatureName VirtualMachinePlatform -NoRestart Install-WindowsFeature -Name Hyper-V -IncludeAllSubFeature -IncludeManagementTools -Restart - } - - # Clean up Bootstrap.log - Write-Host "Clean up Bootstrap.log" - Stop-Transcript - $logSuppress = Get-Content $Env:MHBoxLogsDir\Bootstrap.log | Where-Object { $_ -notmatch "Host Application: $ScheduledTaskExecutable" } - $logSuppress | Set-Content $Env:MHBoxLogsDir\Bootstrap.log -Force +} +# Clean up Bootstrap.log +Write-Host "Clean up Bootstrap.log" +Stop-Transcript +$logSuppress = Get-Content $Env:MHBoxLogsDir\Bootstrap.log | Where-Object { $_ -notmatch "Host Application: $ScheduledTaskExecutable" } +$logSuppress | Set-Content $Env:MHBoxLogsDir\Bootstrap.log -Force # Restart computer Restart-Computer From acc4b608e4d7a4969c6d682c2d18adc540354273 Mon Sep 17 00:00:00 2001 From: Andreas Schwarz Date: Fri, 6 Mar 2026 15:05:01 +0100 Subject: [PATCH 3/3] Update commandToExecute for PowerShell script --- .../resources/bicep/clientVm/clientVm.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/03-Azure/01-03-Infrastructure/06_Migration_Secure_AI_Ready/resources/bicep/clientVm/clientVm.bicep b/03-Azure/01-03-Infrastructure/06_Migration_Secure_AI_Ready/resources/bicep/clientVm/clientVm.bicep index 7ccc06dee..c72637712 100644 --- a/03-Azure/01-03-Infrastructure/06_Migration_Secure_AI_Ready/resources/bicep/clientVm/clientVm.bicep +++ b/03-Azure/01-03-Infrastructure/06_Migration_Secure_AI_Ready/resources/bicep/clientVm/clientVm.bicep @@ -225,8 +225,8 @@ resource vm 'Microsoft.Compute/virtualMachines@2024-07-01' = { fileUris: [ uri(templateBaseUrl, 'artifacts/Bootstrap.ps1') ] - //commandToExecute: 'powershell.exe -ExecutionPolicy Bypass -File Bootstrap.ps1 -adminUsername ${windowsAdminUsername} -tenantId ${tenantId} -spnAuthority ${spnAuthority} -subscriptionId ${subscription().subscriptionId} -resourceGroup ${resourceGroup().name} -acceptEula ${acceptEula} -registryUsername ${registryUsername} -azureLocation ${location} -templateBaseUrl ${templateBaseUrl} -flavor ${flavor} -githubUser ${githubUser} -githubBranch ${githubBranch} -vmAutologon ${vmAutologon} -rdpPort ${rdpPort} -namingPrefix ${namingPrefix} -debugEnabled ${debugEnabled} -sqlServerEdition ${sqlServerEdition} -autoShutdownEnabled ${autoShutdownEnabled}' - commandToExecute: 'powershell.exe -ExecutionPolicy Bypass -File Bootstrap.ps1 -adminUsername ${windowsAdminUsername} -tenantId ${tenantId} -spnAuthority ${spnAuthority} -subscriptionId ${subscription().subscriptionId} -resourceGroup ${resourceGroup().name} -acceptEula ${acceptEula} -registryUsername ${registryUsername} -azureLocation ${location} -templateBaseUrl ${templateBaseUrl} -flavor ${flavor} -githubUser ${githubUser} -githubBranch ${githubBranch} -vmAutologon ${vmAutologon} -rdpPort ${rdpPort} -namingPrefix "MHBox" -debugEnabled ${debugEnabled} -sqlServerEdition ${sqlServerEdition} -autoShutdownEnabled ${autoShutdownEnabled}' + //commandToExecute: 'powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -File Bootstrap.ps1 -adminUsername ${windowsAdminUsername} -tenantId ${tenantId} -spnAuthority ${spnAuthority} -subscriptionId ${subscription().subscriptionId} -resourceGroup ${resourceGroup().name} -acceptEula ${acceptEula} -registryUsername ${registryUsername} -azureLocation ${location} -templateBaseUrl ${templateBaseUrl} -flavor ${flavor} -githubUser ${githubUser} -githubBranch ${githubBranch} -vmAutologon ${vmAutologon} -rdpPort ${rdpPort} -namingPrefix ${namingPrefix} -debugEnabled ${debugEnabled} -sqlServerEdition ${sqlServerEdition} -autoShutdownEnabled ${autoShutdownEnabled}' + commandToExecute: 'powershell.exe -NoProfile -NonInteractive -ExecutionPolicy Bypass -File Bootstrap.ps1 -adminUsername ${windowsAdminUsername} -tenantId ${tenantId} -spnAuthority ${spnAuthority} -subscriptionId ${subscription().subscriptionId} -resourceGroup ${resourceGroup().name} -acceptEula ${acceptEula} -registryUsername ${registryUsername} -azureLocation ${location} -templateBaseUrl ${templateBaseUrl} -flavor ${flavor} -githubUser ${githubUser} -githubBranch ${githubBranch} -vmAutologon ${vmAutologon} -rdpPort ${rdpPort} -namingPrefix "MHBox" -debugEnabled ${debugEnabled} -sqlServerEdition ${sqlServerEdition} -autoShutdownEnabled ${autoShutdownEnabled}' } } }