"Azure IoT Edge on Ubuntu" doesn't exist in the Marketplace: In the pre-requisites of the lab, we have an Azure IoT Edge VM to be deployed which when deployed through ARM Template is throwing an error saying - 'The image doesn't exist in Marketplace. "iot_edge_vm_ubuntu" was removed from the marketplace for new purchase'

1. Instructions are not so clear regarding which linuxVM ( i.e, either oilwells-d01/oilwells-edge-001 or both) should be used to perform the steps.
2. Shell-service is not installed in oilwells-d01 linuxVM which caused connection refused error while connecting to PowerShell in WindowsVM.
3. Unable to re-start iotedge service because it's masked. To unmask it, I have to use systemctl unmask iotedge.service command which is not mentioned in the labguide.
4. In Exercise-5 Task-1, unable to find Endpoints in Microsoft Defender Portal. We need Microsoft Defender for Endpoints License to perform exercise-5. Even after applying the License I'm unable to perform this particular exercise. Please check on this license requirement and update the Before Hands-on-lab accordingly.
5. In Exercise-9 Task-2 Step-10, while running the given sudo python.... command, I'm getting sudo python command not found error. Installed python using sudo apt install python command and then sudo python.... command got succeed. Please check on this and update.
6. Encountered multiple UI changes and instructions need to be updated.

1. In Exercise 2 Task 1 after performing the given steps in the task for oilwells-edge-001. In step 10 user asked to perform the same steps for oilwells-d01.
   

   While doing the same task for oilwells-d01, user getting an connection refused error in step 7.
   

2. Instructions need to be updated for Exercise 1 Task 1. In the step 4 user asked to select ssh and in the next step 5 user asked to Login via RDP .
   

My UI did not provide "settings". Instead, I accessed it via the blade

{"code":"MarketplacePurchaseEligibilityFailed","details":[{"code":"BadRequest","message":"Offer with PublisherId: 'microsoft_iot_edge', OfferId: 'iot_edge_vm_ubuntu' cannot be purchased due to validation errors. For more information see details. Correlation Id: '348e9704-da28-418a-8361-262252f150f6' Offer with PublisherId: 'microsoft_iot_edge' and OfferId: 'iot_edge_vm_ubuntu' was removed from the marketplace for new purchase. See similar offers here 'https://azuremarketplace.microsoft.com/en-us/marketplace/apps?page=1%26search=microsoft_iot_edge%20iot_edge_vm_ubuntu'. Correlation Id '188babd2-4cf8-44c0-8310-5af20044d69c'.[{"Offer with PublisherId: 'microsoft_iot_edge' and OfferId: 'iot_edge_vm_ubuntu' was removed from the marketplace for new purchase. See similar offers here 'https://azuremarketplace.microsoft.com/en-us/marketplace/apps?page=1%26search=microsoft_iot_edge%20iot_edge_vm_ubuntu'. Correlation Id '188babd2-4cf8-44c0-8310-5af20044d69c'.":"StoreApi"}]"}],"message":"Marketplace purchase eligibilty check returned errors. See inner errors for details. "}

There appears to be 5 vulnerabilities that expose the 2 virtual machines that get spun up as part of the ARM template. The issues are:

Secure Shell (SSH) Weak Encryption
Secure Shell (SSH) Password Authentication Enabled
Secure Shell Exposed to the Internet
Remote Desktop Protocol (RDP) Exposed to the Internet
Remote Desktop Protocol (RDP) Weak Encryption

I have access to some internal resources that document the steps on how to remediate. Please ping me and I'll provide the steps.

I have modified the yaml config file to use TPM, I reset IoT Edge, but it fails to start.
In the journal I see: HSM API returned an invalid null response

Jun 09 17:06:01 oilwells-edgevm-pietrobr iotedged[5963]: 2020-06-09T17:06:01Z [INFO] - Starting provisioning edge device via TPM...
Jun 09 17:06:01 oilwells-edgevm-pietrobr iotedged[5963]: 2020-06-09T17:06:01Z [ERR!] - The daemon could not start up successfully: Could not initialize DPS provisioning client
Jun 09 17:06:01 oilwells-edgevm-pietrobr iotedged[5963]: 2020-06-09T17:06:01Z [ERR!] - caused by: HSM API returned an invalid null response
Jun 09 17:06:01 oilwells-edgevm-pietrobr iotedged[5963]: Error: Time:Tue Jun 9 17:06:01 2020 File:/home/vsts/work/1/s/edgelet/hsm-sys/azure-iot-hsm-c/deps/utpm/src/tpm_comm_linux.c Func:tpm_usermode_resmgr
Jun 09 17:06:01 oilwells-edgevm-pietrobr iotedged[5963]: Error: Time:Tue Jun 9 17:06:01 2020 File:/home/vsts/work/1/s/edgelet/hsm-sys/azure-iot-hsm-c/deps/utpm/src/tpm_comm_linux.c Func:tpm_comm_create Lin
Jun 09 17:06:01 oilwells-edgevm-pietrobr iotedged[5963]: Error: Time:Tue Jun 9 17:06:01 2020 File:/home/vsts/work/1/s/edgelet/hsm-sys/azure-iot-hsm-c/deps/utpm/src/tpm_codec.c Func:Initialize_TPM_Codec Lin
Jun 09 17:06:01 oilwells-edgevm-pietrobr iotedged[5963]: 2020-06-09T17:06:01Z [ERR!] (/home/vsts/work/1/s/edgelet/hsm-sys/azure-iot-hsm-c/src/hsm_client_tpm_device.c:initialize_tpm_device:273) Failure initi
Jun 09 17:06:01 oilwells-edgevm-pietrobr iotedged[5963]: 2020-06-09T17:06:01Z [ERR!] (/home/vsts/work/1/s/edgelet/hsm-sys/azure-iot-hsm-c/src/hsm_client_tpm_device.c:hsm_c

There is choice of the provisioning methods, suggest to be clearer. e.g. Option 1, Option 2 etc.

Hi running in the Edge VM provided with the sample ( Ubuntu 16.04)

./configure --prefix=${HOME}/local --disable-hwtpm

I get the following error

./configure: line 12268: syntax error near unexpected token OPENSSL,' ./configure: line 12268: PKG_CHECK_MODULES(OPENSSL, openssl >= 1.0.1 )

To solve you need to install this ( Ubuntu 16.04)

apt-get install pkg-config

Please replace IoT Provisioning Service with IoT Device Provisioning Service in the full document
Slide 14 as well as Hands-on MCW talks about routing data form IoT Hub to Service Bus, there is no service bus in the SA (Analytics).
Major - Though the Case Study talks about Security Center and Analytics use case, in implementation, what is shown is only the Security Center. The Analytics use case is not shown. SA (Analytics) is not demonstrated at all.
HOL step-by-step - Securing the IoT end-to-end.md- Task 3, Enable Azure Audit logging, One screenshot missing how to enable logs and link it to oilwells-logging-[YOUR INIT].

Template file MCW-Securing-Azure-IoT-solutions/Hands-on lab/Resources/template.json has static references to Australian datacenters at lines 201 and 207

"locationName": "Australia East",
"locationName": "Australia Southeast",

For this reason cosmosdb creation may fail with not enough resources being available in the region.

Solution coulod be template.json referring to the default region set by resource group

post-install-script01.ps1 fails on downloading Git apparently in line 110 trying to write to file 'C:\Windows\system32\config\systemprofile\AppData\Local\Temp\git.exe'
causing further steps to fail leaving you without the Ubuntu VM

post-install-script01.ps1 fails during deployment in winExtension with status:
[
{
"code": "ComponentStatus/StdOut/succeeded",
"level": "Info",
"displayStatus": "Provisioning succeeded",
"message": "Progress: 98% - Saving 519.08 MB of 525.91 MB\r\nProgress: 98% - Saving 519.22 MB of 525.91 MB\r\nProgress: 98% - Saving 519.38 MB of 525.91 MB\r\nProgress: 98% - Saving 519.51 MB of 525.91 MB\r\nProgress: 98% - Saving 519.64 MB of 525.91 MB\r\nProgress: 98% - Saving 519.76 MB of 525.91 MB\r\nProgress: 98% - Saving 519.89 MB of 525.91 MB\r\nProgress: 98% - Saving 520.01 MB of 525.91 MB\r\nProgress: 98% - Saving 520.14 MB of 525.91 MB\r\nProgress: 98% - Saving 520.26 MB of 525.91 MB\r\nProgress: 98% - Saving 520.39 MB of 525.91 MB\r\nProgress: 98% - Saving 520.51 MB of 525.91 MB\r\nProgress: 98% - Saving 520.64 MB of 525.91 MB\r\nProgress: 99% - Saving 520.76 MB of 525.91 MB\r\nProgress: 99% - Saving 520.87 MB of 525.91 MB\r\nProgress: 99% - Saving 521 MB of 525.91 MB\r\nProgress: 99% - Saving 521.12 MB of 525.91 MB\r\nProgress: 99% - Saving 521.26 MB of 525.91 MB\r\nProgress: 99% - Saving 521.39 MB of 525.91 MB\r\nProgress: 99% - Saving 521.51 MB of 525.91 MB\r\nProgress: 99% - Saving 521.64 MB of 525.91 MB\r\nProgress: 99% - Saving 521.76 MB of 525.91 MB\r\nProgress: 99% - Saving 521.92 MB of 525.91 MB\r\nProgress: 99% - Saving 522.06 MB of 525.91 MB\r\nProgress: 99% - Saving 522.19 MB of 525.91 MB\r\nProgress: 99% - Saving 522.33 MB of 525.91 MB\r\nProgress: 99% - Saving 522.45 MB of 525.91 MB\r\nProgress: 99% - Saving 522.56 MB of 525.91 MB\r\nProgress: 99% - Saving 522.69 MB of 525.91 MB\r\nProgress: 99% - Saving 522.81 MB of 525.91 MB\r\nProgress: 99% - Saving 522.94 MB of 525.91 MB\r\nProgress: 99% - Saving 523.08 MB of 525.91 MB\r\nProgress: 99% - Saving 523.19 MB of 525.91 MB\r\nProgress: 99% - Saving 523.33 MB of 525.91 MB\r\nProgress: 99% - Saving 523.47 MB of 525.91 MB\r\nProgress: 99% - Saving 523.59 MB of 525.91 MB\r\nProgress: 99% - Saving 523.72 MB of 525.91 MB\r\nProgress: 99% - Saving 523.84 MB of 525.91 MB\r\nProgress: 99% - Saving 523.97 MB of 525.91 MB\r\nProgress: 99% - Saving 524.11 MB of 525.91 MB\r\nProgress: 99% - Saving 524.23 MB of 525.91 MB\r\nProgress: 99% - Saving 524.37 MB of 525.91 MB\r\nProgress: 99% - Saving 524.5 MB of 525.91 MB\r\nProgress: 99% - Saving 524.63 MB of 525.91 MB\r\nProgress: 99% - Saving 524.75 MB of 525.91 MB\r\nProgress: 99% - Saving 524.89 MB of 525.91 MB\r\nProgress: 99% - Saving 525.01 MB of 525.91 MB\r\nProgress: 99% - Saving 525.16 MB of 525.91 MB\r\nProgress: 99% - Saving 525.28 MB of 525.91 MB\r\nProgress: 99% - Saving 525.41 MB of 525.91 MB\r\nProgress: 99% - Saving 525.56 MB of 525.91 MB\r\nProgress: 99% - Saving 525.72 MB of 525.91 MB\r\nProgress: 99% - Saving 525.87 MB of 525.91 MB\r\nProgress: 100% - Completed download of C:\Windows\TEMP\chocolatey\docker-desktop\3.3.1\Docker Desktop Installer.exe (525.91 MB).\r\nDownload of Docker Desktop Installer.exe (525.91 MB) completed.\r\nHashes match.\r\nInstalling docker-desktop...\r\ndocker-desktop has been installed.\r\n docker-desktop may be able to be automatically uninstalled.\r\nEnvironment Vars (like PATH) have changed. Close/reopen your shell to\r\n see the changes (or in powershell/cmd.exe just type refreshenv).\r\n The install of docker-desktop was successful.\r\n Software installed to 'C:\Program Files\Docker\Docker'\r\n\r\nChocolatey installed 3/3 packages. \r\n See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).\r\nSetting Hide file ext\r\nThe operation completed successfully.\r\n\r\nEnable task history\r\nEnable HyperV\r\nWARNING: Restart is suppressed because NoRestart is specified.\r\n\r\nPath : \r\nOnline : True\r\n\r\nDownloading MCW git repo\r\nDownloading Azure IoT SDK Repo\r\nCreating reboot task\r\nCreating task with jschwert and Susanne1966!\r\n\r\nActions : {MSFT_TaskExecAction}\r\nAuthor : \r\nDate : \r\nDescription : \r\nDocumentation : \r\nPrincipal : MSFT_TaskPrincipal2\r\nSecurityDescriptor : \r\nSettings : MSFT_TaskSettings3\r\nSource : \r\nState : Ready\r\nTaskName : MCW Setup Script\r\nTaskPath : \\r\nTriggers : {MSFT_TaskBootTrigger}\r\nURI : \MCW Setup Script\r\nVersion : \r\nPSComputerName : \r\n\r\nTranscript stopped, output file is C:\WindowsAzure\Logs\CloudLabsCustomScriptExtension.txt\r\n0\r\n\r\n\r\n"
},
{
"code": "ComponentStatus/StdErr/succeeded",
"level": "Info",
"displayStatus": "Provisioning succeeded",
"message": "Invoke-WebRequest : Could not find a part of the path \r\n'C:\Windows\system32\config\systemprofile\AppData\Local\Temp\git.exe'.\r\nAt C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.10.10\Downloads\0\post-install-script01.ps1:110 char:3\r\n+ Invoke-WebRequest -Uri https://github.com/git-for-windows/git/relea ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : NotSpecified: (:) [Invoke-WebRequest], DirectoryNotFoundException\r\n + FullyQualifiedErrorId : System.IO.DirectoryNotFoundException,Microsoft.PowerShell.Commands.InvokeWebRequestComma \r\n nd\r\n \r\nstart-process : This command cannot be run due to the error: The system cannot find the file specified.\r\nAt C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.10.10\Downloads\0\post-install-script01.ps1:115 char:3\r\n+ start-process "$productPath\$productExec" -ArgumentList $argList -w ...\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n + CategoryInfo : InvalidOperation: (:) [Start-Process], InvalidOperationException\r\n + FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand\r\n \r\ngit : The term 'git' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the \r\nspelling of the name, or if a path was included, verify that the path is correct and try again.\r\nAt C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.10.10\Downloads\0\post-install-script01.ps1:348 char:1\r\n+ git clone https://github.com/Microsoft/MCW-Securing-Azure-IoT-solutio ...\r\n+ ~~~\r\n + CategoryInfo : ObjectNotFound: (git:String) [], CommandNotFoundException\r\n + FullyQualifiedErrorId : CommandNotFoundException\r\n \r\ngit : The term 'git' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the \r\nspelling of the name, or if a path was included, verify that the path is correct and try again.\r\nAt C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.10.10\Downloads\0\post-install-script01.ps1:351 char:1\r\n+ git clone https://github.com/Azure/azure-iot-sdk-c\r\n+ ~~~\r\n + CategoryInfo : ObjectNotFound: (git:String) [], CommandNotFoundException\r\n + FullyQualifiedErrorId : CommandNotFoundException\r\n \r\n"
}
]

With the latest changes, we can now move to a IoT device -> Edge Device with certificates setup. Will need to be part of next "Update".

https://docs.microsoft.com/en-us/azure/iot-edge/how-to-authenticate-downstream-device?view=iotedge-2018-06
https://docs.microsoft.com/en-us/azure/iot-edge/how-to-manual-provision-symmetric-key?view=iotedge-2018-06

Please review .md coding. Images show inside the repo for all documents, but not in the HTML version:

Repo view:

HTML file view (alt-text only shows):

manually running post-install-script02.ps1 throws an error message on line 50 complaining about the ...vmcx file not being available (which is correct at that stage as it's being created afterwards). That error message should be suppressed as it confuses participants.

Suggest to suppress error message by adding "-ErrorAction SilentlyContinue" or in short:

$item = get-item "C:\VMs\UBUSRV\Virtual Machines\BE674C9C-0461-4F44-B105-6893F5618F46.vmcx" **-ea silentlycontinue** 

There is an error in Exercise 2:->Task 5:-> Setp3
This step is unable to generating Registration Id and the Endorsement Key.

Include red box for device connection string in screenshot as the instruction is to copy both primary key and the device connection string.

Exercise 3 :-> task 2:-> Subtask 11
please take a look on screenshot

Just to be clearer, suggest

Select all the checkboxes under Category Details

Hi,
I have been trying this lab for the past 2 days. The template deployment is very time consuming and to top it all never actually gets deployed. It's been running in my machine for almost 2 hours and just failed for the 8th time in 2 days. I am attaching some screenshots here for reference. Please help.

Following "Before the HOL - Securing Azure IoT solutions.md", Task 2 item 13 requires to enter an alias

Modify the alias to be something unique such as "[your initials or first name]".

If alias length is more than 9 characters, template validation fails with

[{"code":"AccountNameInvalid","target":"oilwellsstorageXXXXXXXXXXXXX","message":"oilwellsstorageXXXXXXXXXXXXX is not a valid storage account name. Storage account name must be between 3 and 24 characters in length and use numbers and lower-case letters only."}]

where Alias is XXXXXXXXXXXXX. It would be good to include a warning in instructions to keep Alias length<9

Hi
Please help me to find the Directory, when I run the command "cd Azure-IoT-Security-Agent-C/release" it shows that no such directory found

Exercise 4 Task 1 can you please verify these commands

Securing the IoT end to end sounds super odd. Please rename to something like "Securing IoT Edge to Cloud end to end"

Perhaps provide a little more context for exercise 8, e.g. why, what kind of situation you need to do that?
The section feels out of place.

In Exercise-7 Task-3 Step-4, Getting mdatp command not found error. Tried by mdate command and got output.

In Exercise 5 , Task 2 , Step 6 was not able to find linux server option under advance settings.

It can be found by clicking on agents management under advance settings , connected sources tab.

The Ubuntu VM comes bare naked not even with SSH server or net-tools installed. As Copy&Paste doesn't work well between WindowsVM and Ubunto GUI therein you likely end up running SSH on Windows against the Ubuntu VM:
In Task 2: Update and INstall Azure IoT SDK... I suggest to add at the very beginning to install ssh and how to get your IP address so that you can ssh wsuser@172...

i.e. add

sudo apt-get install ssh
ip address