none
Azure Stack TP2 deployment issues

    Question

  • Hi guys,

    during PoC deployment I receive the following error message on Step 60.61 which stops the progress. Any idea what I need to do?
    I did not restart the deployment yet.

    COMPLETE: Action 'Deployment-Phase3-WOSSDeployment'
    VERBOSE: 1> 2> Action: Status of 'Deployment-Phase3-WOSSDeployment' is 'Success'. - 10/6/2016
    3:02:34 PM
    COMPLETE: Task Cloud - Deployment-Phase3-WOSSDeployment
    VERBOSE: 1> 2> Task: Status of action 'Deployment-Phase3-WOSSDeployment' of role 'Cloud' is
    'Success'. - 10/6/2016 3:02:34 PM
    VERBOSE: 1> Step: Status of step 'Phase 3 - ConfigureVMs-Part1' is 'Error'. - 10/6/2016 3:02:34 PM
    Invoke-EceAction : 1> Action: Invocation of step 60.61 failed. Stopping invocation of action
    plan. - 10/6/2016 3:02:34 PM
    At line:7 char:2
    +  Invoke-EceAction -RolePath Cloud -ActionType Deployment -Start 0.16  ...
    +  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [Invoke-EceAction], Exception
        + FullyQualifiedErrorId : Unspecified error,CloudEngine.Cmdlets.InvokeCmdlet
    
    VERBOSE: 1> Action: Status of 'Deployment-Phase2-ConfigureStack' is 'Error'. - 10/6/2016 3:02:34
    PM
    COMPLETE: Task Cloud - Deployment-Phase2-ConfigureStack
    VERBOSE: 1> Task: Status of action 'Deployment-Phase2-ConfigureStack' of role 'Cloud' is 'Error'.
    - 10/6/2016 3:02:34 PM
    VERBOSE: Step: Status of step 'Phase 2 - ConfigureVMs' is 'Error'. - 10/6/2016 3:02:34 PM
    Invoke-EceAction : Action: Invocation of step 60 failed. Stopping invocation of action plan. -
    10/6/2016 3:02:34 PM
    At line:7 char:2
    +  Invoke-EceAction -RolePath Cloud -ActionType Deployment -Start 0.16  ...
    +  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [Invoke-EceAction], Exception
        + FullyQualifiedErrorId : Unspecified error,CloudEngine.Cmdlets.InvokeCmdlet

    I checked the deployment log and it states the following

    2016-10-06 14:34:58 Error    1> 4> Task: Invocation of interface 'Deployment' of role 'Cloud\Fabric\IdentityProvider' failed: 
    
    Function 'Create-ActiveDirectoryApplication' in module 'Roles\IdentityProvider\IdentityProvider.psd1' raised an exception:
    
    Application with identifier 'https://vault.azurestack.local/8c143426-a17e-407e-b53f-7af183e4d39a' not found
    at Get-GraphApplication, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 568
    at Initialize-GraphApplication, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 1044
    at Create-ActiveDirectoryApplication, C:\CloudDeployment\Roles\IdentityProvider\IdentityProvider.psm1: line 82
    at <ScriptBlock>, <No file>: line 18
    2016-10-06 14:34:58 Verbose  1> 4> Step: Status of step '(Katal) Create AzureStack Service Principals' is 'Error'.
    2016-10-06 14:34:58 Error    1> 4> Action: Invocation of step 60.61.93 failed. Stopping invocation of action plan.
    2016-10-06 14:34:58 Verbose  1> 4> Action: Status of 'Deployment-Phase3-CreateServicePrincipals' is 'Error'.
    2016-10-06 14:34:58 Verbose  1> 4> Task: Status of action 'Deployment-Phase3-CreateServicePrincipals' of role 'Cloud' is 'Error'.

    Summary.xml shows this

    - <Task RolePath="Cloud" ActionType="Deployment-Phase3-CreateServicePrincipals" StartTimeUtc="2016-10-06T21:34:35.2485074Z" Status="Error" EndTimeUtc="2016-10-06T21:34:58.1235625Z">
    - <Action Type="Deployment-Phase3-CreateServicePrincipals" Scope="Internal" StartTimeUtc="2016-10-06T21:34:35.2485074Z" Status="Error" EndTimeUtc="2016-10-06T21:34:58.1235625Z">
    - <Steps>
    - <Step Index="93" Name="(Katal) Create AzureStack Service Principals" Description="Create Azure Graph Applications and Service Principals in AAD." StartTimeUtc="2016-10-06T21:34:35.2485074Z" Status="Error" EndTimeUtc="2016-10-06T21:34:58.1235625Z">
    - <Task RolePath="Cloud\Fabric\IdentityProvider" InterfaceType="Deployment" StartTimeUtc="2016-10-06T21:34:35.2485074Z" Status="Error" EndTimeUtc="2016-10-06T21:34:58.1235625Z">
    - <Exception>
      <Message>Function 'Create-ActiveDirectoryApplication' in module 'Roles\IdentityProvider\IdentityProvider.psd1' raised an exception: Application with identifier 'https://vault.azurestack.local/8c143426-a17e-407e-b53f-7af183e4d39a' not found at Get-GraphApplication, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 568 at Initialize-GraphApplication, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 1044 at Create-ActiveDirectoryApplication, C:\CloudDeployment\Roles\IdentityProvider\IdentityProvider.psm1: line 82 at <ScriptBlock>, <No file>: line 18</Message> 
      <StackTrace>at CloudEngine.Actions.PowerShellHost.Invoke(InterfaceParameters parameters, Object legacyConfigurationObject, CancellationToken token) at CloudEngine.Actions.InterfaceTask.Invoke(Configuration roleConfiguration, Object legacyConfigurationObject, MultiLevelIndexRange indexRange, CancellationToken token)</StackTrace> 
      <Raw>CloudEngine.Actions.InterfaceInvocationFailedException: Function 'Create-ActiveDirectoryApplication' in module 'Roles\IdentityProvider\IdentityProvider.psd1' raised an exception: Application with identifier 'https://vault.azurestack.local/8c143426-a17e-407e-b53f-7af183e4d39a' not found at Get-GraphApplication, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 568 at Initialize-GraphApplication, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 1044 at Create-ActiveDirectoryApplication, C:\CloudDeployment\Roles\IdentityProvider\IdentityProvider.psm1: line 82 at <ScriptBlock>, <No file>: line 18 at CloudEngine.Actions.PowerShellHost.Invoke(InterfaceParameters parameters, Object legacyConfigurationObject, CancellationToken token) at CloudEngine.Actions.InterfaceTask.Invoke(Configuration roleConfiguration, Object legacyConfigurationObject, MultiLevelIndexRange indexRange, CancellationToken token)</Raw> 
      </Exception>
    

    Friday, October 07, 2016 6:56 AM

All replies

  • From an elevated command prompt on the HOST, logged in as azurestack\azurestackadmin, run the following commands:

    Import-Module C:\CloudDeployment\CloudDeployment.psd1 -Force

    Import-Module C:\CloudDeployment\ECEngine\EnterpriseCloudEngine.psd1 -Force

    Invoke-EceAction -RolePath Cloud -ActionType Deployment -Start 60.61.93 -Verbose

    Reference: http://aka.ms/azurestackrerundeploy


    Charles Joy [MSFT] https://twitter.com/OrchestratorGuy

    Friday, October 07, 2016 8:03 PM
    Owner
  • Thanks Charles, this fixed the issue. Before i saw you answer i always redeployed from scratch and not from that particular step.
    Now i am stuck at step 60.120.124 "Configures Azure Stack with Azure AD."

    The summary.xml Looks like this:

    -<Task EndTimeUtc="2016-10-10T12:24:47.7857278Z" Status="Error" StartTimeUtc="2016-10-10T12:22:16.722868Z" ActionType="Deployment-Phase4-ConfigureWAS" RolePath="Cloud">
    -<Action EndTimeUtc="2016-10-10T12:24:47.7857278Z" Status="Error" StartTimeUtc="2016-10-10T12:22:16.722868Z" Type="Deployment-Phase4-ConfigureWAS" Scope="Internal">
    -<Steps>
    -<Step EndTimeUtc="2016-10-10T12:24:19.1294084Z" Status="Success" StartTimeUtc="2016-10-10T12:22:16.722868Z" Description="Configures Windows Azure Stack on the guest VMs." Name="(Katal) Configure WAS VMs" Index="123">
    <Task EndTimeUtc="2016-10-10T12:24:19.1294084Z" Status="Success" StartTimeUtc="2016-10-10T12:22:16.722868Z" RolePath="Cloud\Fabric\WAS" InterfaceType="Configure"/>
    </Step>
    -<Step EndTimeUtc="2016-10-10T12:24:47.7857278Z" Status="Error" StartTimeUtc="2016-10-10T12:24:19.1294084Z" Description="Configures Azure Stack with Azure AD." Name="(Katal) Azure Stack AAD Configuration." Index="124">
    -<Task EndTimeUtc="2016-10-10T12:24:47.7857278Z" Status="Error" StartTimeUtc="2016-10-10T12:24:19.1294084Z" RolePath="Cloud\Fabric\AAD" InterfaceType="Configure">
    -<Exception>
    <Message>Function 'ConfigureAAD' in module 'Roles\AAD\AAD.psd1' raised an exception: The remote server returned an error: (401) Unauthorized. at <ScriptBlock>, <No file>: line 288</Message>
    <StackTrace> at CloudEngine.Actions.PowerShellHost.Invoke(InterfaceParameters parameters, Object legacyConfigurationObject, CancellationToken token) at CloudEngine.Actions.InterfaceTask.Invoke(Configuration roleConfiguration, Object legacyConfigurationObject, MultiLevelIndexRange indexRange, CancellationToken token)</StackTrace>
    <Raw>CloudEngine.Actions.InterfaceInvocationFailedException: Function 'ConfigureAAD' in module 'Roles\AAD\AAD.psd1' raised an exception: The remote server returned an error: (401) Unauthorized. at <ScriptBlock>, <No file>: line 288 at CloudEngine.Actions.PowerShellHost.Invoke(InterfaceParameters parameters, Object legacyConfigurationObject, CancellationToken token) at CloudEngine.Actions.InterfaceTask.Invoke(Configuration roleConfiguration, Object legacyConfigurationObject, MultiLevelIndexRange indexRange, CancellationToken token)</Raw>

    Any idea what is causing this "unauthorized" error?
    Much appreciate your help on this.

    Btw. i already restarted manually from step 60.120.124, but no change. Getting the same error message.

    Thanks,
    Stefan



    Monday, October 10, 2016 12:49 PM
  • Hello, it looks like the unauthorized error you're getting is actually when trying to call the Azure Stack Resource Manager, and it fails to authorize your token. Usually this is the result of a clock skew / timeserver issue, where the token "notBefore" field is for a time in the future (as measured on the machine where the resource manager is running). Could you clarify if you specified a timeserver during the initial installation parameters?

    There may also be more information if you check for a log file at the location \\[prefix]-WAS01\c$\Logs with a name like "ConfigureAAD_{timestamp}"

    Tuesday, October 11, 2016 8:43 PM
  • Hi Bryant,

    thanks for your reply. I already heard about the clock/timeserver issue before, so i specified a timeserver within the Installation parameters and i changed the BIOS of the physical server + host OS (.vhdx) both to my local timezone and same time (CET, which is UTC+1). I had some clock issues before which were solved after i did that adjustment, so this time i don't think it is a clock issue.

    I checked the logs ("\\mas-was01\c$\Logs\ConfigureAAD_20161010-141139.txt"), but unfortunately i can't find a real error message:

    ********************** Windows PowerShell transcript start Start time: 20161010141140 Username: AZURESTACK\FabricAdmin RunAs User: AZURESTACK\FabricAdmin Machine: MAS-WAS01 (Microsoft Windows NT 10.0.14393.0) Host Application: C:\Windows\system32\wsmprovhost.exe -Embedding Process ID: 2016 PSVersion: 5.1.14393.1000 PSEdition: Desktop PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.14393.1000 BuildVersion: 10.0.14393.1000 CLRVersion: 4.0.30319.42000 WSManStackVersion: 3.0 PSRemotingProtocolVersion: 2.3 SerializationVersion: 1.1.0.1 ********************** VERBOSE: Importing function 'Clear-StorageDiagnosticInfo'. VERBOSE: Importing function 'Get-StorageDiagnosticInfoInternal'. VERBOSE: Importing function 'Get-StorageSubSystem'. VERBOSE: Importing function 'New-MaskingSet'. VERBOSE: Importing function 'New-StorageFileServer'. VERBOSE: Importing function 'New-StoragePool'. VERBOSE: Importing function 'New-StorageSubsystemVirtualDisk'. VERBOSE: Importing function 'Start-StorageDiagnosticLog'. VERBOSE: Importing function 'Stop-StorageDiagnosticLog'. VERBOSE: Importing alias 'Disable-StorageDiagnosticLog'. VERBOSE: Importing alias 'Enable-StorageDiagnosticLog'. VERBOSE: Exporting function 'Get-StorageHealth'. VERBOSE: Exporting function 'Get-StorageHealthSettingInternal'. VERBOSE: Exporting function 'Remove-StorageHealthSettingInternal'. VERBOSE: Exporting function 'Set-StorageHealthSettingInternal'. VERBOSE: Exporting function 'Clear-StorageDiagnosticInfo'. VERBOSE: Exporting function 'Get-StorageDiagnosticInfoInternal'. VERBOSE: Exporting function 'Get-StorageSubSystem'. VERBOSE: Exporting function 'New-MaskingSet'. VERBOSE: Exporting function 'New-StorageFileServer'. VERBOSE: Exporting function 'New-StoragePool'. VERBOSE: Exporting function 'New-StorageSubsystemVirtualDisk'. VERBOSE: Exporting function 'Start-StorageDiagnosticLog'. VERBOSE: Exporting function 'Stop-StorageDiagnosticLog'. VERBOSE: Exporting function 'CreateErrorRecord'. VERBOSE: Exporting function 'Get-PhysicalDisk'. VERBOSE: Exporting function 'Get-PhysicalExtent'. VERBOSE: Exporting function 'Get-PhysicalExtentAssociation'. VERBOSE: Exporting function 'Enable-PhysicalDiskIdentification'. VERBOSE: Exporting function 'Disable-PhysicalDiskIdentification'. VERBOSE: Exporting function 'Reset-PhysicalDisk'. VERBOSE: Exporting function 'Get-StorageFirmwareInformation'. VERBOSE: Exporting function 'Update-StorageFirmware'. VERBOSE: Exporting function 'Get-PhysicalDiskStorageNodeView'. VERBOSE: Exporting function 'Get-DiskStorageNodeView'. VERBOSE: Exporting function 'Get-StorageEnclosureStorageNodeView'. VERBOSE: Exporting function 'Get-StorageHealthAction'. VERBOSE: Exporting function 'Get-StorageFaultDomain'. VERBOSE: Exporting function 'New-Volume'. VERBOSE: Exporting function 'Get-StorageAdvancedProperty'. VERBOSE: Exporting function 'Get-StorageHealthReport'. VERBOSE: Exporting function 'Get-StorageHealthSetting'. VERBOSE: Exporting function 'Set-StorageHealthSetting'. VERBOSE: Exporting function 'Remove-StorageHealthSetting'. VERBOSE: Exporting function 'Debug-StorageSubSystem'. VERBOSE: Exporting function 'Debug-FileShare'. VERBOSE: Exporting function 'Debug-Volume'. VERBOSE: Exporting function 'Enable-StorageMaintenanceMode'. VERBOSE: Exporting function 'Disable-StorageMaintenanceMode'. VERBOSE: Exporting function 'Get-StorageDiagnosticInfo'. VERBOSE: Exporting alias 'Disable-StorageDiagnosticLog'. VERBOSE: Exporting alias 'Enable-StorageDiagnosticLog'. VERBOSE: Exporting alias 'Enable-PhysicalDiskIndication'. VERBOSE: Exporting alias 'Disable-PhysicalDiskIndication'. VERBOSE: Exporting alias 'Get-PhysicalDiskSNV'. VERBOSE: Exporting alias 'Get-DiskSNV'. VERBOSE: Exporting alias 'Get-StorageEnclosureSNV'. VERBOSE: Adding new ACL rule for 'S-1-5-82-2699861480-139441918-3172239802-227876058-2239630229' on private key 'C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3538ca02eda2129392ec1025d0fade57_8c3a3a0f-b46e-4fa7-b2a9-498a3cc9e65e' for certificate 'E2D1FB02EA5ADEE9D913BB4FE592C19D9CD4C362' VERBOSE: Adding new ACL rule for 'S-1-5-82-2100338048-76060490-347169973-2028959449-1309629683' on private key 'C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3538ca02eda2129392ec1025d0fade57_8c3a3a0f-b46e-4fa7-b2a9-498a3cc9e65e' for certificate 'E2D1FB02EA5ADEE9D913BB4FE592C19D9CD4C362' VERBOSE: Adding new ACL rule for 'S-1-5-82-151719502-3379035933-363574962-24702114-4058119228' on private key 'C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d5e36b8e878f812206ad4ac9b7f69e37_8c3a3a0f-b46e-4fa7-b2a9-498a3cc9e65e' for certificate '02FAADC66817B975E9911F03745B175AFA6DE374' VERBOSE: Adding new ACL rule for 'S-1-5-82-1468657960-213188414-1193330982-775079561-109385672' on private key 'C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b18bb6db258937803f3a5884255eb34b_8c3a3a0f-b46e-4fa7-b2a9-498a3cc9e65e' for certificate '781F389CC8DC52F82FD4841B830BF64C9E3E6FA8' VERBOSE: Adding new ACL rule for 'S-1-5-82-2835481193-3413989992-46192687-3300590913-2124418781' on private key 'C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\901de8d021737432beda1513a2304e90_8c3a3a0f-b46e-4fa7-b2a9-498a3cc9e65e' for certificate '8347E435410DE68D9B901156E9697433864A32FE' VERBOSE: Initializing new connection string: 'Data Source=MAS-WAP-HA\MASSqlWAP;Integrated Security=True;Pooling=False' VERBOSE: Initializing services using connection string 'Data Source=MAS-WAP-HA\MASSqlWAP;Integrated Security=True;Pooling=False' VERBOSE: Updating owner of root admin subscription 'AB4EBC88-208F-4F39-89F0-27C7697E325C' from 'AZURESTACK\FabricAdmin' to 'azurestack@mytestdomain.onmicrosoft.com' (DirectoryTenantId=). VERBOSE: Updating 5/5 changed settings (44 total) in 'C:\inetpub\AzureStack-Authorization\web.config'. VERBOSE: Updating 4/4 changed settings (55 total) in 'C:\inetpub\AzureStack-Monitoring\web.config'. VERBOSE: Updating 12/13 changed settings (101 total) in 'C:\inetpub\AzureStack-Policy\web.config'. VERBOSE: Updating 0/0 changed connection strings (18 total) in 'C:\inetpub\AzureStack-Policy\web.config'. VERBOSE: Updating 13/14 changed settings (337 total) in 'C:\inetpub\AzureStack-ResourceManager\web.config'. WARNING: Setting with key 'Microsoft.WindowsAzure.ResourceStack.Frontdoor.KeyVault.Enabled' is absent in 'C:\inetpub\AzureStack-ResourceManagerAdmin\web.config'. Adding this new setting. WARNING: Setting with key 'Microsoft.WindowsAzure.ResourceStack.Frontdoor.KeyVault.Resource' is absent in 'C:\inetpub\AzureStack-ResourceManagerAdmin\web.config'. Adding this new setting. WARNING: Setting with key 'Microsoft.WindowsAzure.ResourceStack.Frontdoor.KeyVault.EndpointTemplate' is absent in 'C:\inetpub\AzureStack-ResourceManagerAdmin\web.config'. Adding this new setting. VERBOSE: Updating 13/14 changed settings (335 total) in 'C:\inetpub\AzureStack-ResourceManagerAdmin\web.config'. VERBOSE: Updating 4/8 changed settings (80 total) in 'C:\inetpub\AzureStack-ShellSite\web.config'. VERBOSE: Updating 0/0 changed settings (17 total) in 'C:\inetpub\AzureStack-BillingExtension\web.config'. VERBOSE: Updating 0/0 changed settings (42 total) in 'C:\inetpub\AzureStack-HubsExtension\web.config'. VERBOSE: Updating 0/0 changed settings (53 total) in 'C:\inetpub\AzureStack-InsightsTenantExtension\web.config'. VERBOSE: Updating 0/0 changed settings (26 total) in 'C:\inetpub\AzureStack-MarketplaceTenantExtension\web.config'. VERBOSE: Updating 2/4 changed settings (40 total) in 'C:\inetpub\AzureStack-RbacExtension\web.config'. VERBOSE: Updating 0/0 changed settings (17 total) in 'C:\inetpub\AzureStack-SubscriptionsTenantExtension\web.config'. WARNING: Get-AzureStackToken cmdlet will be deprecated in a future release of AzureStackAdmin module.

    Any other idea? Thanks a lot for your help!
    Tuesday, October 11, 2016 9:30 PM
  • Let's see if we can get more information from the 401 response message. If you open a PS session on that same [prefix]-was01 machine, we can use the Azure PowerShell to attempt to authenticate with resource manager. If you run the below script (it needs 3 parameters, the resource manager endpoint, your directory tenant ID, and your azure stack admin user credential (the account you would sign into the Azure stack portal with))).

    PS D:\> D:\WAP\Setup\Scripts\Initialize-AzurePowerShellEnvironment.ps1 -Verbose

    This will attempt to setup the AzurePowerShell to target your azure stack environment. The first part of that involves acquiring a token and calling resource manager to list your subscriptions. If something goes wrong, you should get a friendly error message with more information.

    Wednesday, October 12, 2016 2:33 AM
  • Hi Bryant,

    first I was not able to run the command as it was missing three modules (AzureRM.Profile, AzureRM.Resources and AzureRM.AzureStackAdmin).

    I installed those modules (Install-Module AzureRM...) and I was able to run the script afterwards. As Resource Manager Endpoint i set https://api.azurestack.local (is that correct?) Here the output of the command. It does not contain any error messages as far as i can see?

    PS D:\WAP\Setup\Scripts> .\Initialize-AzurePowerShellEnvironment.ps1 -verbose
    
    cmdlet Initialize-AzurePowerShellEnvironment.ps1 at command pipeline position 1
    Supply values for the following parameters:
    ResourceManagerEndpoint: https://api.azurestack.local
    Credential
    DirectoryTenantId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
    VERBOSE: GET https://api.azurestack.local/metadata/endpoints?api-version=2015-01-01 with 0-byte payload
    VERBOSE: received 303-byte response of content type application/json; charset=utf-8
    VERBOSE: Endpoints: {
        "galleryEndpoint":  "https://portal.azurestack.local:30015/",
        "graphEndpoint":  "https://graph.windows.net/",
        "portalEndpoint":  "https://portal.azurestack.local/",
        "authentication":  {
                               "loginEndpoint":  "https://login.windows.net/",
                               "audiences":  [
                                                 "https://api.azurestack.local/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
                                             ]
                           }
    }
    VERBOSE: Performing the operation "log in" on target "User account in environment 'AzureStack'".
    VERBOSE: Using account: {
        "Account":  {
                        "Id":  "azurestack@xxx.onmicrosoft.com",
                        "AccountType":  "User",
                        "Tenants":  [
                                        "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
                                    ],
                        "AccessToken":  null,
                        "CertificateThumbprint":  null
                    },
        "Environment":  {
                            "Name":  "AzureStack",
                            "EnableAdfsAuthentication":  false,
                            "ActiveDirectoryServiceEndpointResourceId":
    "https://api.azurestack.local/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
                            "AdTenant":  "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
                            "GalleryUrl":  "https://portal.azurestack.local:30015/",
                            "ManagementPortalUrl":  null,
                            "ServiceManagementUrl":  null,
                            "PublishSettingsFileUrl":  null,
                            "ResourceManagerUrl":  "https://api.azurestack.local/",
                            "SqlDatabaseDnsSuffix":  null,
                            "StorageEndpointSuffix":  null,
                            "ActiveDirectoryAuthority":  "https://login.windows.net/",
                            "GraphUrl":  "https://graph.windows.net/",
                            "GraphEndpointResourceId":  "https://graph.windows.net/",
                            "TrafficManagerDnsSuffix":  null,
                            "AzureKeyVaultDnsSuffix":  null,
                            "AzureDataLakeStoreFileSystemEndpointSuffix":  null,
                            "AzureDataLakeAnalyticsCatalogAndJobEndpointSuffix":  null,
                            "AzureKeyVaultServiceEndpointResourceId":  null
                        },
        "Subscription":  {
                             "SubscriptionId":  "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
                             "SubscriptionName":  "Default Provider Subscription",
                             "State":  "Enabled",
                             "TenantId":  "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
                             "CurrentStorageAccountName":  null
                         },
        "Tenant":  {
                       "TenantId":  "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
                       "Domain":  "xxx.onmicrosoft.com"
                   }
    }
    PS D:\WAP\Setup\Scripts>
    
    

    Wednesday, October 12, 2016 9:49 AM
  • So, it seems that you are able to acquire a token and call Resource Manager successfully. I would try to run a few more commands to confirm (perhaps Get-AzureRmResourceGroup). Apologies about the Azure PowerShell not being installed, I thought it already would be available on this machine as it is installed there during deployment (perhaps we just needed to import it specifically), and would be made use of during a later step of deployment. One follow-up aspect of this to be careful on is that a specific version of the AzurePS is needed to be used with Azure Stack, so you may want to uninstall the versions of the AzurePS you installed if they were the "latest" available as you could have problems farther down the line. There should be an MSI to install the "right" version of AzurePS on that same machine under D:\WAP\Setup\Packages, so to be safe you may want to uninstall the versions you installed and run that MSI instead.

    Back to the original problem, I would maybe just try re-running that step again to see if the issue is still occurring. To get a more specific repro, we can try and make the same call that the code is making. I've prepared a little script below to simulate this - if it fails we should hopefully get more information about what specifically is wrong with the call.

    $directoryTenantId = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
    $subscriptionId    = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
    $armResource       = 'https://api.azurestack.local/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
    $credential        = Get-Credential -Message "Credential of azure stack admin used to login to the portal"
    
    ## ----
    $tokenParams = @{
        Authority   = 'https://login.windows.net/'
        AadTenantId = $directoryTenantId
        Resource    = $armResource
        Credential  = $credential
    }
    Write-Verbose "Attempting to acquire a token using parameters: $(ConvertTo-Json $tokenParams -Depth 1)" -Verbose
    $token = Get-AzureStackToken @tokenParams -Verbose
    
    $requestParams = @{
        ContentType = "application/json"
        Headers     = @{ Authorization = "Bearer $token" }
        Uri         = "https://api.azurestack.local/subscriptions/$subscriptionId/providers/Microsoft.Authorization/roleAssignments?api-version=2015-07-01"
    }
    
    $existingRbacAssignments = Invoke-WebRequest @requestParams -UseBasicParsing -Verbose -ErrorAction Stop
    Write-Verbose "Existing RBAC assignments: $(ConvertTo-Json $existingRbacAssignments -Depth 4)" -Verbose

    Wednesday, October 12, 2016 10:15 PM
  • I have a similar issue, stopped on step 60.120.124.
    But I got the below error when I was running script [Initialize-AzurePowerShellEnvironment.ps1].
    Any idea?
    ----------------------log start-----------------------------------------------------------
    PS D:\WAP\Setup\Scripts> .\Initialize-AzurePowerShellEnvironment.ps1 -verbose

    cmdlet Initialize-AzurePowerShellEnvironment.ps1 at command pipeline position 1
    Supply values for the following parameters:
    ResourceManagerEndpoint: https://api.azurestack.local
    Credential
    DirectoryTenantId: xxx@xxxxx.onmicrosoft.com
    VERBOSE: GET https://api.azurestack.local/metadata/endpoints?api-version=2015-01-01 with 0-byte payload
    Invoke-RestMethod :
            Runtime Error

             body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;}
             p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px}
             b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px}
             H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red }
             H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon }
             pre {font-family:"Consolas","Lucida
    Console",Monospace;font-size:11pt;margin:0;padding:0.5em;line-height:14pt}
             .marker {font-weight: bold; color: black;text-decoration: none;}
             .version {color: gray;}
             .error {margin-bottom: 10px;}
             .expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }
             @media screen and (max-width: 639px) {
              pre { width: 440px; overflow: auto; white-space: pre-wrap; word-wrap: break-word; }
             }
             @media screen and (max-width: 479px) {
              pre { width: 280px; }
             }

                Server Error in '/' Application.
                 Runtime Error

                 Description: An application error occurred on the server. The current custom error
    settings for this application prevent the details of the application error from being viewed remotely
    (for security reasons). It could, however, be viewed by browsers running on the local server machine.

                Details: To enable the details of this specific error message to be viewable on remote
    machines, please create a &lt;customErrors&gt; tag within a &quot;web.config&quot; configuration file
    located in the root directory of the current web application. This &lt;customErrors&gt; tag should then
    have its &quot;mode&quot; attribute set to &quot;Off&quot;.

    &lt;!-- Web.Config Configuration File --&gt;
    &lt;configuration&gt;
        &lt;system.web&gt;
            &lt;customErrors mode=&quot;Off&quot;/&gt;
        &lt;/system.web&gt;
    &lt;/configuration&gt;

                Notes: The current error page you are seeing can be replaced by a custom error page by
    modifying the &quot;defaultRedirect&quot; attribute of the application&#39;s &lt;customErrors&gt;
    configuration tag to point to a custom error page URL.

    &lt;!-- Web.Config Configuration File --&gt;
    &lt;configuration&gt;
        &lt;system.web&gt;
            &lt;customErrors mode=&quot;RemoteOnly&quot; defaultRedirect=&quot;mycustompage.htm&quot;/&gt;
        &lt;/system.web&gt;
    &lt;/configuration&gt;
    At D:\WAP\Setup\Scripts\Initialize-AzurePowerShellEnvironment.ps1:34 char:14
    + ... endpoints = Invoke-RestMethod -Method Get -Uri "$($ResourceManagerEnd ...
    +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-Rest
       Method], WebException
        + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMet
       hodCommand
    VERBOSE: Endpoints:
    You cannot call a method on a null-valued expression.
    At D:\WAP\Setup\Scripts\Initialize-AzurePowerShellEnvironment.ps1:37 char:1
    + $azureEnvironmentParams = @{
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
        + FullyQualifiedErrorId : InvokeMethodOnNull

    Add-AzureRmEnvironment : Cannot bind argument to parameter 'Name' because it is null.
    At D:\WAP\Setup\Scripts\Initialize-AzurePowerShellEnvironment.ps1:48 char:44
    + $azureEnvironment = Add-AzureRmEnvironment @azureEnvironmentParams
    +                                            ~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidData: (:) [Add-AzureRmEnvironment], ParameterBindingValidationExce
       ption
        + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.Azure.Commands.P
       rofile.AddAzureRMEnvironmentCommand

    Add-AzureRmAccount : Cannot convert 'System.Object[]' to the type
    'Microsoft.Azure.Commands.Common.Authentication.Models.AzureEnvironment' required by parameter
    'Environment'. Specified method is not supported.
    At D:\WAP\Setup\Scripts\Initialize-AzurePowerShellEnvironment.ps1:51 char:49
    + ... reAccount = Add-AzureRmAccount -Environment $azureEnvironment -Creden ...
    +                                                 ~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidArgument: (:) [Add-AzureRmAccount], ParameterBindingException
        + FullyQualifiedErrorId : CannotConvertArgument,Microsoft.Azure.Commands.Profile.AddAzureRMAccountC
       ommand

    VERBOSE: Using account:
    PS D:\WAP\Setup\Scripts>
    ----------------------log end-----------------------------------------------------------
    Thursday, October 13, 2016 12:04 PM
  • Hi Aaron, from the error it looks like the resource manager website is not configured, and so you are receiving the default IIS html response from the website. This could be because an earlier step failed to run which configures the websites on this machine (were there perhaps other failures in your environment and the deployment was resumed from a "later" step which skipped other steps?). You could investigate the underlying cause by looking at the eventviewer logs in the Application channel or in the Apps & Services / Microsoft / AzureStack / Frontdoor / Operational channel for a specific error message about the underlying cause. But you could also "resume" the deployment from the earlier step (60.120.123 instead of *.124) which performs the initial configuration of the the web services on this machine.
    Thursday, October 13, 2016 10:03 PM
  • I have reinstalled it from STEP 60.120.123, and got the below same error.
    any idea?
    thanks.

    --Command--
    Import-Module C:\CloudDeployment\CloudDeployment.psd1 -Force
    Import-Module C:\CloudDeployment\ECEngine\EnterpriseCloudEngine.psd1 -Force
    Invoke-EceAction -RolePath Cloud -ActionType Deployment -Start 60.120.123 -Verbose

    ...
    VERBOSE: 1> 3> Interface: Interface Configure completed. - 10/16/2016 5:36:02 PM
    COMPLETE: Task Cloud\Fabric\ADFS - Configure
    VERBOSE: 1> 3> Task: Task completed. - 10/16/2016 5:36:02 PM
    COMPLETE: Step 127 - (Katal) Configure ADFS
    VERBOSE: 1> 3> Step: Status of step '(Katal) Configure ADFS' is 'Success'. - 10/16/2016 5:36:02 PM
    VERBOSE: 1> 3> Action: Action plan 'Deployment-Phase4-DeployADFS' completed. - 10/16/2016 5:36:02 PM
    COMPLETE: Action 'Deployment-Phase4-DeployADFS'
    VERBOSE: 1> 3> Action: Status of 'Deployment-Phase4-DeployADFS' is 'Success'. - 10/16/2016 5:36:02 PM
    COMPLETE: Task Cloud - Deployment-Phase4-DeployADFS
    VERBOSE: 1> 3> Task: Status of action 'Deployment-Phase4-DeployADFS' of role 'Cloud' is 'Success'. - 10/16/2016 5:36:02 PM
    VERBOSE: 1> 2> & : END on WIN-VDSRGTVT8PH as AZURESTACK\AzureStackAdmin - 10/16/2016 5:37:42 PM
    VERBOSE: 1> 2> Interface: Interface Configure completed. - 10/16/2016 5:37:42 PM
    COMPLETE: Task Cloud\Fabric\WAS - Configure
    VERBOSE: 1> 2> Task: Task completed. - 10/16/2016 5:37:42 PM
    COMPLETE: Step 123 - (Katal) Configure WAS VMs
    VERBOSE: 1> 2> Step: Status of step '(Katal) Configure WAS VMs' is 'Success'. - 10/16/2016 5:37:42 PM
    STARTING: Step 124 - (Katal) Azure Stack AAD Configuration.
    VERBOSE: 1> 2> Step: Running step 124 - (Katal) Azure Stack AAD Configuration. - 10/16/2016 5:37:42 PM
    STARTING: Task Cloud\Fabric\AAD - Configure
    VERBOSE: 1> 2> Task: Running interface 'Configure' of role 'Cloud\Fabric\AAD'. - 10/16/2016 5:37:42 PM
    VERBOSE: 1> 2> Interface: Path to module: C:\CloudDeployment\Roles\AAD\AAD.psd1 - 10/16/2016 5:37:42 PM
    VERBOSE: 1> 2> Interface: Running interface Configure (Roles\AAD\AAD.psd1, ConfigureAAD) - 10/16/2016 5:37:42 PM
    VERBOSE: 1> 2> & : BEGIN on WIN-VDSRGTVT8PH as AZURESTACK\AzureStackAdmin - 10/16/2016 5:37:45 PM
    VERBOSE: 1> 2> & DirectoryTenantID: xxxxxxxx-xxx-xxxx-xxxx-xxxxxxxx - 10/16/2016 5:37:45 PM
    VERBOSE: 1> 2> & [PSCredential]DomainAdmin: AzureStack\FabricAdmin - 10/16/2016 5:37:45 PM
    VERBOSE: 1> 2> & AzureEnvironment: AzureCloud - 10/16/2016 5:37:45 PM
    VERBOSE: 1> 2> & AAD Admin User: xxxx@xxxxxxxx.onmicrosoft.com, UniqueNameClaim: xxxx@xxxxxxxx.onmicrosoft.com - 10/16/2016 5:37:45 PM
    VERBOSE: 1> 2> & SqlServer: MAS-WAP-HA\MASSqlWAP - 10/16/2016 5:37:45 PM
    VERBOSE: 1> 2> & KeyVaultResourceId: https://vault.azurestack.local/xxxxxxxx-xxxx-xxxx-xxxx-a561137cc26b, KeyVaultEndpointTemplate: https://{0}.vault.azurestack.local -
    10/16/2016 5:37:45 PM
    VERBOSE: 1> 2> & ArmEndpoint: https://api.AzureStack.local - 10/16/2016 5:37:45 PM
    VERBOSE: 1> 2> & : Invoking command on MAS-WAS01 as AzureStack\FabricAdmin - 10/16/2016 5:37:46 PM
    Invoke-EceAction : 1> 2> Task: Invocation of interface 'Configure' of role 'Cloud\Fabric\AAD' failed:
    Function 'ConfigureAAD' in module 'Roles\AAD\AAD.psd1' raised an exception:
    user_realm_discovery_failed: User realm discovery failed
    at <ScriptBlock>, <No file>: line 280 - 10/16/2016 5:38:22 PM
    At line:1 char:1
    + Invoke-EceAction -RolePath Cloud -ActionType Deployment -Start 60.120 ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Invoke-EceAction], Exception
        + FullyQualifiedErrorId : Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException,Microsoft.AzureStack.Commands.Security.GetToken,CloudEngine.Cmdlets.InvokeCmdlet
    
    VERBOSE: 1> 2> Step: Status of step '(Katal) Azure Stack AAD Configuration.' is 'Error'. - 10/16/2016 5:38:22 PM
    Invoke-EceAction : 1> 2> Action: Invocation of step 60.120.124 failed. Stopping invocation of action plan. - 10/16/2016 5:38:22 PM
    At line:1 char:1
    + Invoke-EceAction -RolePath Cloud -ActionType Deployment -Start 60.120 ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [Invoke-EceAction], Exception
        + FullyQualifiedErrorId : Unspecified error,CloudEngine.Cmdlets.InvokeCmdlet
    
    VERBOSE: 1> 2> Action: Status of 'Deployment-Phase4-ConfigureWAS' is 'Error'. - 10/16/2016 5:38:22 PM
    COMPLETE: Task Cloud - Deployment-Phase4-ConfigureWAS
    VERBOSE: 1> 2> Task: Status of action 'Deployment-Phase4-ConfigureWAS' of role 'Cloud' is 'Error'. - 10/16/2016 5:38:22 PM
    VERBOSE: 1> Step: Status of step 'Phase 4 - ConfigureVMs-Part2' is 'Error'. - 10/16/2016 5:38:22 PM
    Invoke-EceAction : 1> Action: Invocation of step 60.120 failed. Stopping invocation of action plan. - 10/16/2016 5:38:22 PM
    At line:1 char:1
    + Invoke-EceAction -RolePath Cloud -ActionType Deployment -Start 60.120 ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [Invoke-EceAction], Exception
        + FullyQualifiedErrorId : Unspecified error,CloudEngine.Cmdlets.InvokeCmdlet
    
    VERBOSE: 1> Action: Status of 'Deployment-Phase2-ConfigureStack' is 'Error'. - 10/16/2016 5:38:22 PM
    COMPLETE: Task Cloud - Deployment-Phase2-ConfigureStack
    VERBOSE: 1> Task: Status of action 'Deployment-Phase2-ConfigureStack' of role 'Cloud' is 'Error'. - 10/16/2016 5:38:22 PM
    VERBOSE: Step: Status of step 'Phase 2 - ConfigureVMs' is 'Error'. - 10/16/2016 5:38:22 PM
    Invoke-EceAction : Action: Invocation of step 60 failed. Stopping invocation of action plan. - 10/16/2016 5:38:22 PM
    At line:1 char:1
    + Invoke-EceAction -RolePath Cloud -ActionType Deployment -Start 60.120 ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [Invoke-EceAction], Exception
        + FullyQualifiedErrorId : Unspecified error,CloudEngine.Cmdlets.InvokeCmdlet
    
    PS C:\CloudDeployment\Configuration>

    summary log say below
    ----summary.xxxx-xx-xx.xx-xx-xx.x.log---------------

    -<Step EndTimeUtc="2016-10-17T00:38:22.9262599Z" Status="Error" StartTimeUtc="2016-10-17T00:37:42.7546428Z" Description="Configures Azure Stack with Azure AD." Name="(Katal) Azure Stack AAD Configuration." Index="124">
    -<Task EndTimeUtc="2016-10-17T00:38:22.9251517Z" Status="Error" StartTimeUtc="2016-10-17T00:37:42.7546428Z" RolePath="Cloud\Fabric\AAD" InterfaceType="Configure">
    -<Exception>
    <Message>Function 'ConfigureAAD' in module 'Roles\AAD\AAD.psd1' raised an exception: user_realm_discovery_failed: User realm discovery failed at <ScriptBlock>, <No file>: line 280</Message>
    <StackTrace> at CloudEngine.Actions.PowerShellHost.Invoke(InterfaceParameters parameters, Object legacyConfigurationObject, CancellationToken token) at CloudEngine.Actions.InterfaceTask.Invoke(Configuration roleConfiguration, Object legacyConfigurationObject, MultiLevelIndexRange indexRange, CancellationToken token)</StackTrace>
    <Raw>CloudEngine.Actions.InterfaceInvocationFailedException: Function 'ConfigureAAD' in module 'Roles\AAD\AAD.psd1' raised an exception: user_realm_discovery_failed: User realm discovery failed at <ScriptBlock>, <No file>: line 280 at CloudEngine.Actions.PowerShellHost.Invoke(InterfaceParameters parameters, Object legacyConfigurationObject, CancellationToken token) at CloudEngine.Actions.InterfaceTask.Invoke(Configuration roleConfiguration, Object legacyConfigurationObject, MultiLevelIndexRange indexRange, CancellationToken token)</Raw>
    </Exception>
    </Task>
    </Step>



    • Edited by Aaron.ZL Monday, October 17, 2016 8:30 AM
    Monday, October 17, 2016 3:00 AM
  • Hello,

    On MAS-WAS01 VM, can you check if this command is working?

    tnc api.azurestack.local -Port 443

    I had a similar issue too.

    Florent

    Thursday, October 20, 2016 10:23 AM
  • Hello,

    Im always getting this error even though im reruning the deployment "Invoke-EceAction -RolePath Cloud -ActionType Deployment -Start 60.61 -Verbose"

    would you please advise.

    thx

    Invoke-EceAction : 1> Action: Invocation of step 60.61 failed. Stopping invocation of action plan. - 10/21/2016
    10:03:57 PM
    At line:1 char:1
    + Invoke-EceAction -RolePath Cloud -ActionType Deployment -Verbose -Sta ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [Invoke-EceAction], Exception
        + FullyQualifiedErrorId : Unspecified error,CloudEngine.Cmdlets.InvokeCmdlet

    Saturday, October 22, 2016 6:18 AM
  • This issue has been solved.
    In my case, I had never set value of EnvironmentDNS parameter.
    Installation was completed when I added the EnvironmentDNS.
    Command is like below...
    Hope it can help someone.

    ------------------------------------------------------------------
    $adminpass = ConvertTo-SecureString "xxxxxx" -AsPlainText -Force
    $aadpass = ConvertTo-SecureString "aaaaaa" -AsPlainText -Force
    $aadcred = New-Object System.Management.Automation.PSCredential ("zzzzzzz@xxxxxxx.onmicrosoft.com", $aadpass)
    
    .\InstallAzureStackPOC.ps1 -AdminPassword $adminpass -AADAdminCredential $aadcred -NatIPv4Subnet xxx.xxx.xxx.xxx/xx -NatIPv4Address xxx.xxx.xxx.xxx -NatIPv4DefaultGateway xxx.xxx.xxx.xxx -EnvironmentDNS xxx.xxx.xxx.xxx

    Wednesday, October 26, 2016 7:22 AM
  • I had the same issue when deploying Tp2 for the first time but now it's working.

    I've missed out to add the IP adress + parameter to the deployment of the script...

    This hopefully helps someone

    .\InstallAzureStackPOC.ps1 -AdminPassword $adminpass -AADAdminCredential $aadcred -NatIPv4Subnet xxx.xxx.xxx.xxx/xx -NatIPv4Address xxx.xxx.xxx.xxx -NatIPv4DefaultGateway xxx.xxx.xxx.xxx -EnvironmentDNS xxx.xxx.xxx.xxx

    Friday, October 28, 2016 11:43 AM