Can't register ASDK + ADFS to Azure.

Question

We set up two sets of ASDK system and we could register the ASDK + AAD system to azure. However, we got errors when we tried to register the ASDK + ADFS system to azure. 

We tried to register it to different MSDN subscriptions twice but we got same error messages. Thanks for any help. 

... ...

VERBOSE: 2019-05-07.15-17-27: *********************** Ending registration action during New-ServicePrincipal ***********************
VERBOSE: 2019-05-07.15-17-27: Logs can be found at: C:\MASLogs\Registration\AzureStack.Activation.Set-AzsRegistration-2019-05-07.log  and  \\AzS-ERCS01\c$\maslogs 

VERBOSE: 2019-05-07.15-17-27: Removing any existing PSSession...
Action plan execution failed. Error: Execution timeout
At C:\AzureStack-Tools-master\Registration\RegisterWithAzure.psm1:1249 char:13
+             $servicePrincipal = Invoke-Command -Session $PSSession -S ...
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (Action plan exe...ecution timeout:String) [], RuntimeException
    + FullyQualifiedErrorId : Action plan execution failed. Error: Execution timeout

messages in the log:

2019-05-07.15-00-36: Initializing session with privileged endpoint: AzS-ERCS01. Attempt 0 of 3
2019-05-07.15-00-49: Connection to AzS-ERCS01 successful
2019-05-07.15-00-49: Verifying stamp version.
2019-05-07.15-01-00: Running registration actions on build 1.1904.0.36. Cloud Id: efa86c0c-39a4-4b98-acb1-1a3f01dcda19, Deployment Id: 3b2b64f9-9d4c-4a23-bd34-ce781e544bf2
2019-05-07.15-01-00: Creating Azure Active Directory service principal in tenant '9c72f76e-51f1-4e52-b726-28dcc21ce764' Attempt 0 of 3
2019-05-07.15-06-22: *** WARNING ***
2019-05-07.15-06-22: Creation of service principal failed:
Action plan execution failed. Error: Execution timeout
2019-05-07.15-06-22: *** End WARNING ***
2019-05-07.15-06-22: Waiting 10 seconds and trying again...
2019-05-07.15-06-32: Creating Azure Active Directory service principal in tenant '9c72f76e-51f1-4e52-b726-28dcc21ce764' Attempt 1 of 3
2019-05-07.15-11-47: *** WARNING ***
2019-05-07.15-11-47: Creation of service principal failed:
Action plan execution failed. Error: Execution timeout
2019-05-07.15-11-47: *** End WARNING ***
2019-05-07.15-11-48: Waiting 10 seconds and trying again...
2019-05-07.15-11-58: Creating Azure Active Directory service principal in tenant '9c72f76e-51f1-4e52-b726-28dcc21ce764' Attempt 2 of 3
2019-05-07.15-17-17: *** WARNING ***
2019-05-07.15-17-17: Creation of service principal failed:
Action plan execution failed. Error: Execution timeout
2019-05-07.15-17-17: *** End WARNING ***
2019-05-07.15-17-17: Waiting 10 seconds and trying again...
2019-05-07.15-17-27: ************************ Error ************************
2019-05-07.15-17-27: Action plan execution failed. Error: Execution timeout
2019-05-07.15-17-27: at Start-ActionPlanInstance, C:\Program Files\WindowsPowerShell\Modules\Microsoft.Azurestack.Activation\Microsoft.Azurestack.Activation.psm1: line 426
at New-AzureBridgeServicePrincipal, C:\Program Files\WindowsPowerShell\Modules\Microsoft.Azurestack.Activation\Microsoft.Azurestack.Activation.psm1: line 179
2019-05-07.15-17-27: *********************** Ending registration action during New-ServicePrincipal ***********************

2019-05-07.15-17-27: Logs can be found at: C:\MASLogs\Registration\AzureStack.Activation.Set-AzsRegistration-2019-05-07.log  and  \\AzS-ERCS01\c$\maslogs 

2019-05-07.15-17-27: Removing any existing PSSession...

Answer 1

I am currently installing 1904 and will register it, so If this is an issue with 1904 I will be able to reproduce the error. 

In the past on my test machines, the "creating AAD Service Principal" action takes about 2:30s. Yours is timing out after 5 minutes. 

Timeouts can occur for many reasons, but the easiest place to start is to validate your Azure Stack Deployment using Test-Azurestack. If you are getting any WARN or FAIL messages, please post them here.

Answer 2

The system passed all tests, but we still got the error. 

PS C:\AzureStack-Tools-master> Enter-PSSession -ComputerName "AzS-ERCS01" -ConfigurationName PrivilegedEndpoint -Credential $localcred
WARNING: The names of some imported commands from the module 'ECEClient' include unapproved verbs that might make them less discoverable. To find the commands with unapproved verbs, run the I
mport-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.

[AzS-ERCS01]: PS> Test-AzureStack -ServiceAdminCredential CloudAdmin@azurestack.local
05/08/2019 07:42:10 : Starting Test-AzureStack
05/08/2019 07:42:42 : Launching AzsInfraPerformance
05/08/2019 07:45:59 : AzsInfraPerformance complete
05/08/2019 07:45:59 : Launching AzsScenarios
05/08/2019 07:45:59 : Launching AzsPortalAPISummary
05/08/2019 07:45:59 : Launching AzsStorageSvcsSummary
05/08/2019 07:45:59 : Launching AzsInfraRoleSummary
05/08/2019 07:45:59 : Launching AzsHostingInfraSummary
05/08/2019 07:45:59 : Launching AzsStorageDataPlane
05/08/2019 07:46:00 : Launching AzsSFRoleSummary
05/08/2019 07:46:28 : AzsPortalAPISummary complete
05/08/2019 07:46:29 : Launching AzsScaleUnitEvents
05/08/2019 07:46:37 : AzsSFRoleSummary complete
05/08/2019 07:46:37 : Launching AzsStoreSummary
05/08/2019 07:46:38 : AzsScaleUnitEvents complete
05/08/2019 07:46:38 : Launching AzsVmPlacement
05/08/2019 07:46:42 : AzsHostingInfraSummary complete
05/08/2019 07:46:42 : Launching AzsScaleUnitResources
05/08/2019 07:46:44 : AzsStoreSummary complete
05/08/2019 07:46:44 : Launching AzsInfraUpdateSummary
05/08/2019 07:46:48 : AzsVmPlacement complete
05/08/2019 07:46:48 : Launching AzsApplicationCrashSummary
05/08/2019 07:46:53 : AzsApplicationCrashSummary complete
05/08/2019 07:46:53 : Launching AzsDefenderSummary
05/08/2019 07:46:54 : AzsStorageDataPlane complete
05/08/2019 07:46:55 : Launching AzsAdSummary
05/08/2019 07:47:04 : AzsStorageSvcsSummary complete
05/08/2019 07:47:04 : Launching AzsAlertSummary
05/08/2019 07:47:08 : AzsScaleUnitResources complete
05/08/2019 07:47:08 : Launching AzsHostingInfraFWSummary
5/8/2019 7:47:08 AM Get-AzureStackAlert : Starting Get Alerts.
5/8/2019 7:47:08 AM Get-AzureStackAlert : Got the Health service endpoint https://AzS-Xrp01.azurestack.local:43009
05/08/2019 07:47:15 : AzsAlertSummary complete
05/08/2019 07:47:15 : Launching AzsAcsSummary
05/08/2019 07:47:19 : AzsAcsSummary complete
05/08/2019 07:47:19 : AzsHostingInfraFWSummary complete
05/08/2019 07:47:19 : Launching AzsInfraUpdateMemory
05/08/2019 07:47:19 : Launching AzsHostingInfraUtilization
05/08/2019 07:47:23 : AzsHostingInfraUtilization complete
05/08/2019 07:47:23 : Launching AzsInfraCapacity
05/08/2019 07:47:24 : AzsInfraUpdateSummary complete
05/08/2019 07:47:28 : AzsInfraUpdateMemory complete
05/08/2019 07:47:41 : AzsInfraRoleSummary complete
VERBOSE: Triggering KCC .
VERBOSE: Triggering inter/intra-site replication [PULL].
VERBOSE: Triggering inter/intra-site replication [PUSH]
05/08/2019 07:47:54 : AzsAdSummary complete
05/08/2019 07:48:06 : AzsInfraCapacity complete
05/08/2019 07:48:14 : AzsDefenderSummary complete
WARNING: Unable to acquire token for tenant 'Common'
WARNING: Unable to acquire token for tenant 'Common'
WARNING: Unable to acquire token for tenant 'Common'
WARNING: Unable to acquire token for tenant 'Common'
WARNING: Unable to acquire token for tenant 'Common'
WARNING: Unable to acquire token for tenant 'Common'
WARNING: Unable to acquire token for tenant 'Common'
05/08/2019 07:54:10 : AzsScenarios complete
-------------------------------------------------------------------------------
                      Azure Stack Operator and User Scenarios
-------------------------------------------------------------------------------
PASS Create Azure Stack environment using the admin ARM endpoint
PASS Login to the admin Azure Stack environment
PASS Select the Default Provider Subscription in admin context
PASS Create a resource group for the user subscription resource
PASS Create a plan for the users
PASS Create a user offer
PASS Register the required (Storage/Compute/Network/KeyVault) resource providers
PASS Create a resource group for the placing the utility/helper files
PASS Create a storage account for the placing the utility/helper files
PASS Create a storage container for the placing the utility/helper files
PASS Upload files to the storage blob container
PASS Create a storage table
PASS Add a row to a storage table
PASS Read a storage table entry
PASS Create a storage queue
PASS Enqueue a message to a storage queue
PASS Dequeue a message from a storage queue
PASS Create a Key Vault
PASS Get HRP alerts
PASS Get URP updates
PASS Create a resource group for the placing the VMs and corresponding resources
PASS Enumerate out all the resources that have been deployed
PASS Delete the resource group that contains all the helper/utilities and corresponding resources
PASS Delete the resource group that contains all the VM related resources
PASS Delete the resource group that contains subscription resources
PASS Remove quotas


-------------------------------------------------------------------------------
                      Azure Stack Validation Summary
-------------------------------------------------------------------------------
PASS Azure Stack Operator and User Scenarios
PASS Azure Stack Cloud Hosting Infrastructure Summary
PASS Azure Stack Storage Services Summary
PASS Azure Stack Infrastructure Role Instance Summary
PASS Azure Stack Scale Unit VM Placement Summary
PASS Azure Stack Infrastructure Capacity
PASS Azure Stack Shared Volume Capacity
PASS Azure Stack Update Memory
PASS Azure Stack Active Directory Summary
PASS Azure Stack Portal and API Summary
PASS Azure Stack ARM Certificate Summary
PASS Azure Stack Data Store Cluster
PASS Azure Stack Data Store Servers
PASS Azure Stack ACS Blob Service Summary
PASS Azure Stack Storage Data Plane Summary
PASS Azure Stack Defender Summary
PASS Azure Stack Update Summary
PASS Azure Stack Privileged endpoint Infrastructure Roles
PASS Azure Stack Privileged endpoint Infrastructure Role Instances
PASS Azure Stack Privileged endpoint Cloud Infrastructure Role summary
PASS Azure Stack Privileged endpoint Cloud Service Fabric Services
PASS Azure Stack Storage services Infrastructure Roles
PASS Azure Stack Storage services Infrastructure Role Instances
PASS Azure Stack Storage services Cloud Infrastructure Role summary
PASS Azure Stack Storage services Cloud Service Fabric Services
PASS Azure Stack Fabric management controller Infrastructure Roles
PASS Azure Stack Fabric management controller Infrastructure Role Instances
PASS Azure Stack Fabric management controller Cloud Infrastructure Role summary
PASS Azure Stack Fabric management controller Cloud Service Fabric Services
PASS Azure Stack Network controller Infrastructure Roles
PASS Azure Stack Network controller Infrastructure Role Instances
PASS Azure Stack Network controller Cloud Infrastructure Role summary
PASS Azure Stack Network controller Cloud Service Fabric Services
PASS Azure Stack Infrastructure Role Instance Performance
PASS Azure Stack Cloud Host Performance Summary
PASS Azure Stack Cloud Hosting Infrastructure Utilization
PASS Azure Stack Infrastructure Clocks
PASS Azure Stack Service Resource Consumption Summary
PASS Azure Stack Alert Summary
PASS Azure Stack Scale Unit Critical Events (Last 8 hours)
PASS Azure Stack Application Crashes (Last 8 hours)
PASS Azure Stack Scale Unit VM Resources
PASS Azure Stack Infrastructure Hosts BIOS Inventory
PASS Azure Stack Infrastructure Hosts Processor Inventory
PASS Azure Stack Infrastructure Hosts Network Adapter Inventory
PASS Azure Stack Infrastructure Hosts Storage Adapter Inventory
PASS Azure Stack Storage Job Summary
PASS Azure Stack Storage SubSystem Summary
PASS Azure Stack Storage Pool Summary
PASS Azure Stack Storage Virtual Disk Summary
PASS Azure Stack Storage Cluster Shared Volume Summary
PASS Azure Stack Storage Volume Summary
PASS Azure Stack Storage File Share Summary
PASS Azure Stack Storage Services Physical Disks Summary


True

Answer 3

can you post the registration command that you use? Be sure to edit out any Subscription IDs or sensitive information. 

Answer 4

Here is the command that we used. If anything wrong, please let me know. thanks.  

=============

# Add the Azure cloud subscription environment name. 
# Supported environment names are AzureCloud, AzureChinaCloud or AzureUSGovernment depending which Azure subscription you are using.
Add-AzureRmAccount -EnvironmentName "AzureCloud"

# Register the Azure Stack resource provider in your Azure subscription
Register-AzureRmResourceProvider -ProviderNamespace Microsoft.AzureStack

# Import the registration module that was downloaded with the GitHub tools
Import-Module C:\AzureStack-Tools-master\Registration\RegisterWithAzure.psm1

# If you have multiple subscriptions, run the following command to select the one you want to use:
# Get-AzureRmSubscription -SubscriptionID "<subscription ID>" | Select-AzureRmSubscription

# Register Azure Stack
$AzureContext = Get-AzureRmContext
$CloudAdminCred = Get-Credential -UserName Azurestack\CloudAdmin -Message "Enter the credentials to access the privileged endpoint."
$RegistrationName = "XXXX-Demo"
Set-AzsRegistration `
-PrivilegedEndpointCredential $CloudAdminCred `
-PrivilegedEndpoint AzS-ERCS01 `
-BillingModel Development `
-RegistrationName $RegistrationName `
-UsageReportingEnabled:$true

Answer 5

I was able to register 1904 with no issues, I am following up now for further troubleshooting steps. 

Answer 6

Any update? Seeing same issue.

Answer 7

I do not have any updates on this right now, but I am following up to push this forward. Any updates will be posted as soon as I have them. 

Answer 8

This issue is being caused due to an improper timeout on the service principal creation, and all we need to do is increase the timeout. 

To mitigate this issue, you will need to open up the file at "C:\AzureStack-Tools-master\Registration/RegisterWithAzure.psm1" in an editor with ADMINISTRATOR PERMISSIONS, I prefer PowerShell ISE as it gives line numbers. 

Line#1249 needs -TimeoutInSeconds 600 added to the "New-AzureBridgeServicePrincipal" cmdlet, and should look like this:

$servicePrincipal = Invoke-Command -Session $PSSession -ScriptBlock { New-AzureBridgeServicePrincipal -RefreshToken $using:RefreshToken -AzureEnvironment $using:AzureEnvironmentName -TenantId $using:TenantId -TimeoutInSeconds 1800}

We are fixing this in the Registration Script as well, but for now the manual workaround is the best. 

Answer 9

Manual Workaround did the trick, Thanks.