locked
SCOM Management Pack for Azure Stack RRS feed

  • Question

  • Hello,

    I am testing the Operations Manager Management Pack for Azure Stack:

    https://www.microsoft.com/en-us/download/details.aspx?id=55184

    According to the deployment guide, it appears that this should work with the Azure Stack Developer Kit.  I'm not sure if this is the appropriate forum for issues on the management pack, but I thought I would give it a try.

    In my first attempt to add my ASDK deployment to the management pack configuration screen in OM Administration, I received the SSL certificate validation error as noted in the guide.  After a reboot, I was able to re-add my ASDK, and the credentials were validated successfully - no errors in the Add Deployment wizard.  However, in the Microsoft Azure Stack Monitoring View under Deployments, my ASDK still continues to display a Critical State.

    Might someone be able to add some insight?

    Thanks,

    Mike

    Tuesday, August 8, 2017 4:39 PM

Answers

  • Following up with Mike

    The certificates from the ADSK need to be imported at the SCOM Server into cert:localmachine\root .

    If you choose to import the certificate into current user you need to be logged on with the SCOM Service Account

    Thomas


    Regards, Thomas

    Monday, August 14, 2017 12:45 PM

All replies

  • Hi Mike

    Can you please try to remove the ASDK deployment in the configuration wizard. Restart the OM Services including the console. 

    Than add it back and see if that does resolve the issue?

    We had seen some corner cases with that specific issue why we have added this as a known issue into the mp documentation.

    By the way which OM version are you running?

    Thomas


    Regards, Thomas

    Tuesday, August 8, 2017 5:41 PM
  • Hi Thomas,

    I tried your suggestion but still run into the same problem.

    In case it's pertinent, I am connected to the Development Kit on the OM server via the VPN connection.

    Also, I am using OM 2016 version 7.2.11719.0.

    Thanks,

    Mike

    Wednesday, August 9, 2017 1:36 PM
  • Sorry to ask you some more standard questions:

    1. You imported the Certificates (There are two) from the ASDK in your OM Server (Trusted Root?)

    2. You can browse the Admin Portal without any certificate issues from the OM Server?

    3. Did you try Force Update for the deployment?


    Regards, Thomas

    Wednesday, August 9, 2017 10:54 PM
  • Hi Thomas,

    1.  Yes, both the AzureStackCertificationAuthority and AzureStackSelfSignedRootCert certificates are both in the Trusted Root CA on the OM server.

    2.  Yes, I can browse the Admin Portal fine without any certificate issues on the OM server.

    3.  Yes, I did try the Force Update task.

    I think my next course of action is build another OM server, take a snapshot of the VM, and then attempt to add the Azure Stack environment successfully on the first try.  Then, at least we'll know if there's some caching issue or if something is stuck on the first OM server due to the first unsuccessful attempt to add the deployment.

    Thanks,

    Mike

    Thursday, August 10, 2017 1:32 PM
  • Update from my earlier post on this.

    I built an entirely new OM 2016 instance and get the same results.  I step through the wizard and successfully add the Azure Stack deployment from the first try.  In the Active Alerts, I see the deployment is unavailable.  "The underlying connection was closed:  Could not establish trust relationship for the SSL/TSL secure channel."  This is even with both the certificates I mentioned above in the Trusted Root CA on the OM server.  Is there another certificate I would be considering?

    Thanks,

    Mike

    Thursday, August 10, 2017 10:35 PM
  • Following up with Mike

    The certificates from the ADSK need to be imported at the SCOM Server into cert:localmachine\root .

    If you choose to import the certificate into current user you need to be logged on with the SCOM Service Account

    Thomas


    Regards, Thomas

    Monday, August 14, 2017 12:45 PM
  • Hi Lamiam,

    I have same issue and solved 

    this issue because the certificate imported on Current user not on Local Computer.

    so i just export AzureStackCertificationAuthority and AzureStackSelfSignedRootCert certificate from Current user and then import again to trust Root Local computer :

     

    After import certificate to local computer, the server Scom can monitor Azure Stack

     


    • Proposed as answer by Hendra P Wednesday, August 30, 2017 4:22 AM
    • Edited by Hendra P Wednesday, August 30, 2017 4:27 AM
    Wednesday, August 30, 2017 4:18 AM