locked
Deployment of ASDK 1809 failed RRS feed

  • Question

  • Hi Guys

    I had the 1803 release up and running in December but I rebuilt the environment to change out the caching SSD drives but have been unable to get the solution up and running again.

    I am trying to deploy the latest build but it fails at the step below:

    VERBOSE: 3> [UsageBridge:Prerequisite] [PSTask Concurrency] Task is completed, so exiting. -
    2/11/2019 6:44:26 PM
    VERBOSE: 3> [UsageBridge:Prerequisite] [PSTask Concurrency] Number of parallel tasks decreased to
    '0'. - 2/11/2019 6:44:26 PM
    VERBOSE: 3> Interface: Interface Prerequisite completed. - 2/11/2019 6:44:26 PM
    COMPLETE: Task Cloud\Fabric\FabricRingServices\UsageBridge - Prerequisite
    VERBOSE: 3> Task: Task completed. - 2/11/2019 6:44:26 PM
    COMPLETE: Step 60.61.95 - (FBI) Deploy Azure Stack Fabric Ring Controller Services -  Prerequisite
    VERBOSE: 3> Step: Status of step '60.61.95 - (FBI) Deploy Azure Stack Fabric Ring Controller
    Services -  Prerequisite' is 'Success'. - 2/11/2019 6:44:26 PM
    VERBOSE: 3> Checking if any of the in progress steps are complete. The following steps are
    currently in progress: '60.61.95'. - 2/11/2019 6:44:26 PM
    VERBOSE: 3> Action: Step 60.61.95 completed successfully. - 2/11/2019 6:44:26 PM
    VERBOSE: 3> The following steps have completed and will be removed from the collection of
    in-progress steps: '60.61.95'. - 2/11/2019 6:44:26 PM
    VERBOSE: 3> Action plan execution completed for action plan
    'Deployment-Phase3-FabricControllerServicesPrerequisites'. - 2/11/2019 6:44:26 PM
    VERBOSE: 3> Action: Action plan 'Deployment-Phase3-FabricControllerServicesPrerequisites'
    completed. - 2/11/2019 6:44:26 PM
    COMPLETE: Action 'Deployment-Phase3-FabricControllerServicesPrerequisites'
    VERBOSE: 3> Action: Status of 'Deployment-Phase3-FabricControllerServicesPrerequisites' is
    'Success'. - 2/11/2019 6:44:26 PM
    COMPLETE: Task Cloud - Deployment-Phase3-FabricControllerServicesPrerequisites
    VERBOSE: 3> Task: Status of action 'Deployment-Phase3-FabricControllerServicesPrerequisites' of
    role 'Cloud' is 'Success'. - 2/11/2019 6:44:26 PM
    VERBOSE: Step: Status of step '60.61 - Phase 3 - ConfigureVMs-Part1' is 'Error'. - 2/11/2019
    6:44:26 PM
    VERBOSE: Checking if any of the in progress steps are complete. The following steps are currently
    in progress: '60.61'. - 2/11/2019 6:44:26 PM
    VERBOSE: Action: Action plan 'Deployment-Phase2-ConfigureStack' failed. Finish running all steps
    that are currently in progress before exiting. - 2/11/2019 6:44:26 PM
    VERBOSE: Draining all steps that are still in progress. The following steps are still in progress
    or just completed: '60.61'. - 2/11/2019 6:44:26 PM
    VERBOSE: Action: Action plan 'Deployment-Phase2-ConfigureStack' failed. - 2/11/2019 6:44:26 PM
    Invoke-EceAction : Action: Invocation of step 60.61 failed. Stopping invocation of action plan.
    At line:5 char:2
    +  Invoke-EceAction -RolePath Cloud -ActionType Deployment -Start 0.Phy ...
    +  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [Invoke-EceAction], ActionExecutionException
        + FullyQualifiedErrorId : Unspecified error,CloudEngine.Cmdlets.InvokeCmdlet

    VERBOSE: Action: Status of 'Deployment-Phase2-ConfigureStack' is 'Error'. - 2/11/2019 6:44:26 PM
    COMPLETE: Task Cloud - Deployment-Phase2-ConfigureStack
    VERBOSE: Task: Status of action 'Deployment-Phase2-ConfigureStack' of role 'Cloud' is 'Error'. -
    2/11/2019 6:44:26 PM
    VERBOSE: Step: Status of step '60 - Phase 2 - ConfigureVMs' is 'Error'. - 2/11/2019 6:44:26 PM
    VERBOSE: Checking if any of the in progress steps are complete. The following steps are currently
    in progress: '60'. - 2/11/2019 6:44:26 PM
    VERBOSE: Action: Action plan 'Deployment' failed. Finish running all steps that are currently in
    progress before exiting. - 2/11/2019 6:44:26 PM
    VERBOSE: Draining all steps that are still in progress. The following steps are still in progress
    or just completed: '60'. - 2/11/2019 6:44:26 PM
    VERBOSE: Action: Action plan 'Deployment' failed. - 2/11/2019 6:44:26 PM
    Invoke-EceAction : Action: Invocation of step 60 failed. Stopping invocation of action plan.
    At line:5 char:2
    +  Invoke-EceAction -RolePath Cloud -ActionType Deployment -Start 0.Phy ...
    +  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [Invoke-EceAction], ActionExecutionException
        + FullyQualifiedErrorId : Unspecified error,CloudEngine.Cmdlets.InvokeCmdlet


    Please can you assist?

    This is running off the following:
    Dell PowerEdge R720
    2x Xeon E5-2660v2 (10 Core/20 thread)
    256GB of RAM
    2x 450GB SATA SSD (RAID1)
    2x 256GB PCI-E NVME SSD for caching 
    12x 1TB SATA disks

    We are a software development house and I want to get this up so we can get guys exposed to the platform and learning all about Azure development.

    Regards

    Nicholas

    Tuesday, February 12, 2019 4:35 AM

Answers

  • Hello, 

    The issue is coming from your AZ subscription, which does not have any Privileged rights. All thought you are using a MSDN subscription used as Part of your COMPANY Domain. 


    VERBOSE: 1> [IdentityProvider:Deployment] ERROR: An error occurred while trying to make a graph
    API call:
    {"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient
    privileges to complete the operation."}}}

    If you wanna make it work, you should ask them to delegate you some  administrative rights , then use the -rerun command to continue the deployment 


    • Edited by Huce_AZS Monday, February 25, 2019 2:59 PM
    • Proposed as answer by TravisCragg_MSFTMicrosoft employee Monday, February 25, 2019 10:34 PM
    • Marked as answer by Skyfie80 Tuesday, February 26, 2019 12:45 PM
    • Unmarked as answer by Skyfie80 Tuesday, February 26, 2019 12:45 PM
    • Marked as answer by Skyfie80 Tuesday, February 26, 2019 12:48 PM
    Monday, February 25, 2019 2:58 PM

All replies

  • The current build of ASDK is 1901, make sure that you are installing the latest build!

    Please run the Deployment Checked for Azure Stack, it will validate your current hardware and configuration. If you currently have your drives in a storage pool, please remove the pool so that Azure Stack can create it. 

    Wednesday, February 13, 2019 11:31 PM
  • Hi Travis

    All of that was done before the redeployment of the latest version.

    I am trying to deploy the latest version (1901), I downloaded the new cloudbuilder VHD as well as the latest asdk-installer.ps1 script.

    The disks were all removed out of the storage pools before it was attempted again

    Pre-checks passes, result from the native host:

    PS C:\AzureStack> .\asdk-prechecker.ps1
    [ 08:00:54 ] Starting Deployment Checker for Microsoft Azure Stack Development Kit (ASDK)...
    [ 08:00:54 ] There are several prerequisites checks to verify that your machine meets all the minimum requirements for deploying ASDK.
    [ 08:00:54 ] For more details, please refer to the online requirements : https://azure.microsoft.com/en-us/documentation
    /articles/azure-stack-deploy/
    [ 08:00:54 ] Checking for Administrator priviledge...
    [ 08:00:54 ] This script can be run on the host where you will be configuring boot from VHD, for example prior to downloading the ASDK files. Or it can be run after booting from the provided Cloudbuilder.vhdx file where the ASDK will be installed. In the first case, it will only check for hardware specifications like memory, cores, hard disk configuration, as well as free space for extracting the ASDK files. In the second case, it will run both hardware and software tests, and other items like domain membership, OS version, NIC configuration will be checked.
    Are you running this script on the host before booting in the provider VHDX file [1] or after booting into it [2] (any other input will exit the script)?: 1
    [ 08:01:02 ] User chose to run pre-boot from VHD checks (hardware checks only)
    [ 08:01:02 ] Checking for physical/virtual machine status...
    [ 08:01:02 ]  -- This is a physical machine.
    [ 08:01:02 ] Checking system disk capacity...
    [ 08:01:02 ]  -- Check system disk passed successfully.
    [ 08:01:02 ] Checking physical disks...
    [ 08:01:02 ]  -- Listing of all physical disks on this server:

    FriendlyName              SerialNumber                             CanPool BusType OperationalStatus HealthStatus Usage               Size
    ------------              ------------                             ------- ------- ----------------- ------------ -----               ----
    DELL PERC H710            00537b607fe8dce32300ed84f060f681            True RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710            00d03a516fdadbe32300ed84f060f681            True RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710            0052e2486753dbe32300ed84f060f681            True RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710            004b8a296ca5dbe32300ed84f060f681            True RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710            008548645b8cdae32300ed84f060f681            True RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710            0082d0036970dbe32300ed84f060f681            True RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710            00dea11e652fdbe32300ed84f060f681            True RAID    OK                Healthy      Auto-Select 999653638144
    Samsung SSD 960 EVO 250GB 0025_3858_71B0_1E9D.                        True NVMe    OK                Healthy      Auto-Select 250059350016
    DELL PERC H710            00b8b6837210dce32300ed84f060f681            True RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710            00be378c5fd2dae32300ed84f060f681            True RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710            00a9acf67cbfdce32300ed84f060f681            True RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710            000142c76208dbe32300ed84f060f681            True RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710            00fea7430471fde32300ed84f060f681           False RAID    OK                Healthy      Auto-Select 479559942144
    DELL PERC H710            00667fdf798bdce32300ed84f060f681            True RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710            00165d5a8109dde32300ed84f060f681            True RAID    OK                Healthy      Auto-Select 999653638144
    PM981 NVMe Samsung 256GB  3434_3330_4B71_1789_0025_3845_0000_0001.    True NVMe    OK                Healthy      Auto-Select 256060514304
    DELL PERC H710            0079784b7760dce32300ed84f060f681            True RAID    OK                Healthy      Auto-Select 999653638144



    [ 08:01:02 ]  -- Listing of all physical disks meeting ASDK requirements:

    FriendlyName   SerialNumber                     BusType OperationalStatus HealthStatus Usage               Size
    ------------   ------------                     ------- ----------------- ------------ -----               ----
    DELL PERC H710 00537b607fe8dce32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 00d03a516fdadbe32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 0052e2486753dbe32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 004b8a296ca5dbe32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 008548645b8cdae32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 0082d0036970dbe32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 00dea11e652fdbe32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 00b8b6837210dce32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 00be378c5fd2dae32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 00a9acf67cbfdce32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 000142c76208dbe32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 00fea7430471fde32300ed84f060f681 RAID    OK                Healthy      Auto-Select 479559942144
    DELL PERC H710 00667fdf798bdce32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 00165d5a8109dde32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 0079784b7760dce32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144



    [ 08:01:02 ]  -- Check physical disks passed successfully. Note that ASDK handles situations where there is a pre-existing storage pool, and will delete/recreate it.
    [ 08:01:02 ] Checking Memory...
    [ 08:01:02 ]  -- Memory on this server = 256
    [ 08:01:02 ]  -- System memory check passed successfully. ASDK requires a minimum of 96 GB of RAM, with 128 GB recommended.
    [ 08:01:03 ] Checking processor information...
    [ 08:01:05 ]  -- Number of CPU sockets = 2
    [ 08:01:05 ]  -- Number of physical cores =  20
    [ 08:01:05 ]  -- CPU socket count (2) and core count (12) meet the minimum requirements for ASDK.
    [ 08:01:05 ] Checking Hyper-V support on the host...
    [ 08:01:05 ]  -- Hyper-V is already installed. Note that the installer would enable it otherwise.
    [ 08:01:05 ]  Checking free space for extracting the ASDK files...
    [ 08:01:05 ]  -- Listing disks and their free space

    DriveLetter FileSystemLabel FileSystem DriveType HealthStatus OperationalStatus SizeRemaining      Size
    ----------- --------------- ---------- --------- ------------ ----------------- -------------      ----
    C                           NTFS       Fixed     Healthy      OK                    312.67 GB 446.02 GB
                Recovery        NTFS       Fixed     Healthy      OK                    180.07 MB    499 MB



    [ 08:01:06 ]  -- Free space check passed successfully.
    [ 08:01:06 ] SUCCESS : All of the prerequisite checks passed.
    [ 08:01:06 ] Deployment Checker has finished checking Azure Stack Development Kit requirements
    PS C:\AzureStack>

    Pre-checks passes, result from booted CloudBuilder.vhdx:

    PS C:\Users\Administrator> d:
    PS D:\> cd .\AzureStack\
    PS D:\AzureStack> .\asdk-prechecker.ps1
    [ 08:45:33 ] Starting Deployment Checker for Microsoft Azure Stack Development Kit (ASDK)...
    [ 08:45:33 ] There are several prerequisites checks to verify that your machine meets all the minimum requirements for deploying ASDK.
    [ 08:45:33 ] For more details, please refer to the online requirements : https://azure.microsoft.com/en-us/documentation/articles/azure-stack-deploy/
    [ 08:45:33 ] Checking for Administrator priviledge...
    [ 08:45:33 ] This script can be run on the host where you will be configuring boot from VHD, for example prior to downloading the ASDK files. Or it can be run after booting from the provided Cloudbuilder.vhdx file where the ASDK will be installed. In the first case, it will only check for hardware specifications like memory, cores, hard disk configuration, as well as free space for extracting the ASDK files. In the second case, it will run both hardware and software tests, and other items like domain membership, OS version, NIC configuration will be checked.
    Are you running this script on the host before booting in the provider VHDX file [1] or after booting into it [2] (any other input will exit the script)?: 2
    [ 08:45:37 ] User chose to run post-boot from VHD checks (all checks except free space)
    [ 08:45:37 ] Checking for physical/virtual machine status...
    [ 08:45:37 ]  -- This is a physical machine.
    [ 08:45:37 ] Checking system disk capacity...
    [ 08:45:40 ]  -- Check system disk passed successfully.
    [ 08:45:40 ] Checking physical disks...
    [ 08:45:40 ]  -- Listing of all physical disks on this server:

    FriendlyName              SerialNumber                             CanPool BusType             OperationalStatus HealthStatus Usage               Size
    ------------              ------------                             ------- -------             ----------------- ------------ -----               ----
    DELL PERC H710            00537b607fe8dce32300ed84f060f681            True RAID                OK                Healthy      Auto-Select 999653638144
    DELL PERC H710            00d03a516fdadbe32300ed84f060f681            True RAID                OK                Healthy      Auto-Select 999653638144
    DELL PERC H710            0052e2486753dbe32300ed84f060f681            True RAID                OK                Healthy      Auto-Select 999653638144
    DELL PERC H710            004b8a296ca5dbe32300ed84f060f681            True RAID                OK                Healthy      Auto-Select 999653638144
    DELL PERC H710            008548645b8cdae32300ed84f060f681            True RAID                OK                Healthy      Auto-Select 999653638144
    DELL PERC H710            0082d0036970dbe32300ed84f060f681            True RAID                OK                Healthy      Auto-Select 999653638144
    DELL PERC H710            00dea11e652fdbe32300ed84f060f681            True RAID                OK                Healthy      Auto-Select 999653638144
    Samsung SSD 960 EVO 250GB 0025_3858_71B0_1E9D.                        True NVMe                OK                Healthy      Auto-Select 250059350016
    DELL PERC H710            00b8b6837210dce32300ed84f060f681            True RAID                OK                Healthy      Auto-Select 999653638144
    DELL PERC H710            00be378c5fd2dae32300ed84f060f681            True RAID                OK                Healthy      Auto-Select 999653638144
    DELL PERC H710            00a9acf67cbfdce32300ed84f060f681            True RAID                OK                Healthy      Auto-Select 999653638144
    DELL PERC H710            000142c76208dbe32300ed84f060f681            True RAID                OK                Healthy      Auto-Select 999653638144
    DELL PERC H710            00fea7430471fde32300ed84f060f681           False RAID                OK                Healthy      Auto-Select 479559942144
    DELL PERC H710            00667fdf798bdce32300ed84f060f681            True RAID                OK                Healthy      Auto-Select 999653638144
    DELL PERC H710            00165d5a8109dde32300ed84f060f681            True RAID                OK                Healthy      Auto-Select 999653638144
    PM981 NVMe Samsung 256GB  3434_3330_4B71_1789_0025_3845_0000_0001.    True NVMe                OK                Healthy      Auto-Select 256060514304
    DELL PERC H710            0079784b7760dce32300ed84f060f681            True RAID                OK                Healthy      Auto-Select 999653638144
    Msft Virtual Disk                                                    False File Backed Virtual OK                Healthy      Auto-Select 128849018880



    [ 08:45:41 ]  -- Listing of all physical disks meeting ASDK requirements:

    FriendlyName   SerialNumber                     BusType OperationalStatus HealthStatus Usage               Size
    ------------   ------------                     ------- ----------------- ------------ -----               ----
    DELL PERC H710 00537b607fe8dce32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 00d03a516fdadbe32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 0052e2486753dbe32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 004b8a296ca5dbe32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 008548645b8cdae32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 0082d0036970dbe32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 00dea11e652fdbe32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 00b8b6837210dce32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 00be378c5fd2dae32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 00a9acf67cbfdce32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 000142c76208dbe32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 00fea7430471fde32300ed84f060f681 RAID    OK                Healthy      Auto-Select 479559942144
    DELL PERC H710 00667fdf798bdce32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 00165d5a8109dde32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144
    DELL PERC H710 0079784b7760dce32300ed84f060f681 RAID    OK                Healthy      Auto-Select 999653638144



    [ 08:45:41 ]  -- Check physical disks passed successfully. Note that ASDK handles situations where there is a pre-existing storage pool, and will delete/recreate it.
    [ 08:45:41 ] Checking Memory...
    [ 08:45:41 ]  -- Memory on this server = 256
    [ 08:45:41 ]  -- System memory check passed successfully. ASDK requires a minimum of 96 GB of RAM, with 128 GB recommended.
    [ 08:45:41 ] Checking processor information...
    [ 08:45:43 ]  -- Number of CPU sockets = 2
    [ 08:45:43 ]  -- Number of physical cores =  20
    [ 08:45:43 ]  -- CPU socket count (2) and core count (12) meet the minimum requirements for ASDK.
    [ 08:45:43 ] Checking Hyper-V support on the host...
    [ 08:45:47 ]  -- Hyper-V is already installed. Note that the installer would enable it otherwise.
    [ 08:45:47 ] Checking domain join status...
    [ 08:45:47 ]  -- The host is not domain joined.
    [ 08:45:47 ] Checking Internet access...
    [ 08:45:51 ]  -- This machine has internet access (we tried to contact https://login.windows.net).
    [ 08:45:51 ] Checking Host OS version...
    [ 08:45:51 ]  -- Host OS version: 10.0.14393, SKU: 8
    [ 08:45:51 ]  -- The host OS version matches the requirements for ASDK (10.0.14393).
    [ 08:45:51 ] Checking NIC status...
    [ 08:45:52 ]  -- Multiple NICs, virtual switches or NIC teaming are not allowed. Please only keep one physical NIC enabled and remove virtual switches or NIC teaming. This message can be ignored if you are planning to leverage the ASDK Installer from GitHub, as it provides a way to configure the NICs.
    [ 08:45:52 ] Checking NIC requirements...
    [ 08:45:58 ]  -- Please make sure to leverage the ASDK Installer for deployment, per the documentation. This installer will apply an update to this host prior to deployment.
    [ 08:45:58 ] Checking server name...
    [ 08:45:58 ]  -- Server name is BBDAZSTACK
    [ 08:45:58 ]  -- Server name does not conflict with future domain name AzureStack.local.
    [ 08:45:58 ] SUCCESS : All of the prerequisite checks passed.
    [ 08:45:58 ] Deployment Checker has finished checking Azure Stack Development Kit requirements

    I know i am using the latest installer as there is no BGPNAT01 stuff to configure.

    

    I am busy running the deployment again and will advise where it gets to.... in a few hours of course :)

    Regards

    Nick



    Thursday, February 14, 2019 7:06 AM
  • So.... after having some funnies during deployment from an error that hyper-v cannot start the vm's because the hypervisor is not running to DISM failing miserably to add the initial features I have finally reached a different point where the installation still fails to deploy, we get stuck here:

    STARTING: Task Cloud\Fabric\IdentityProvider - Deployment
    VERBOSE: 1> Interface: Path to module:
    C:\CloudDeployment\Classes\IdentityProvider\IdentityProvider.psm1 - 2/19/2019 12:53:55 AM
    VERBOSE: 1> Interface: Running interface Deployment
    (Classes\IdentityProvider\IdentityProvider.psm1, IdentityProvider:Deployment) - 2/19/2019 12:53:55
     AM
    VERBOSE: 1> [IdentityProvider:Deployment] [PSTask Concurrency] Trying to enter into the critical
    region. - 2/19/2019 12:53:55 AM
    VERBOSE: 1> [IdentityProvider:Deployment] [PSTask Concurrency] Inside the critical region. -
    2/19/2019 12:53:55 AM
    VERBOSE: 1> [IdentityProvider:Deployment] [PSTask Concurrency] Validate if the nummber of tasks is
     under max limit '12'. - 2/19/2019 12:53:55 AM
    VERBOSE: 1> [IdentityProvider:Deployment] [PSTask Concurrency] Concurrency requirements have been
    met, number of concurrent tasks '0' is less than max limit '12'. - 2/19/2019 12:53:55 AM
    VERBOSE: 1> [IdentityProvider:Deployment] [PSTask Concurrency] Number of parallel tasks increased
    to '1'. - 2/19/2019 12:53:55 AM
    VERBOSE: 1> [IdentityProvider:Deployment] [PSTask Concurrency] TotalVirtualMemoryMB:
    [266175.3359375], FreeVirtualMemoryMB: [199856.6484375], FreePhysicalMemoryMB: [196146.99609375].
    - 2/19/2019 12:53:55 AM
    WARNING: 1> [IdentityProvider:Deployment] The names of some imported commands from the module
    'IdentityProvider' include unapproved verbs that might make them less discoverable. To find the
    commands with unapproved verbs, run the Import-Module command again with the Verbose parameter.
    For a list of approved verbs, type Get-Verb. - 2/19/2019 12:53:57 AM
    WARNING: 1> [IdentityProvider:Deployment] The names of some imported commands from the module
    'RoleHelpers' include unapproved verbs that might make them less discoverable. To find the
    commands with unapproved verbs, run the Import-Module command again with the Verbose parameter.
    For a list of approved verbs, type Get-Verb. - 2/19/2019 12:53:58 AM
    WARNING: 1> [IdentityProvider:Deployment] The names of some imported commands from the module
    'NetworkHelpers' include unapproved verbs that might make them less discoverable. To find the
    commands with unapproved verbs, run the Import-Module command again with the Verbose parameter.
    For a list of approved verbs, type Get-Verb. - 2/19/2019 12:53:58 AM
    WARNING: 1> [IdentityProvider:Deployment] The names of some imported commands from the module
    'IdentityProvider' include unapproved verbs that might make them less discoverable. To find the
    commands with unapproved verbs, run the Import-Module command again with the Verbose parameter.
    For a list of approved verbs, type Get-Verb. - 2/19/2019 12:53:58 AM
    VERBOSE: 1> [IdentityProvider:Deployment] New-ActiveDirectoryApplication : BEGIN on BBDADSK as
    AZURESTACK\AzureStackAdmin - 2/19/2019 12:53:58 AM
    VERBOSE: 1> [IdentityProvider:Deployment] [IdentityProvider]: AzureAD Identity Provider Selected
    (AzureAD). - 2/19/2019 12:53:58 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Initialize-AADActiveDirectoryApplication : BEGIN on
    BBDADSK as AZURESTACK\AzureStackAdmin - 2/19/2019 12:53:58 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Initializing the module to use Graph environment
    'AzureCloud' (with refresh token) in directory tenant 'cccbf502-6b91-40d6-be02-5ffa0eb711d6'. -
    2/19/2019 12:53:58 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Graph Environment initialized: client-request-id:
    5078c9f3-179d-4adf-a477-ccfbd16183a5 - 2/19/2019 12:53:58 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Testing connection to graph environment using endpoint
    'https://login.microsoftonline.com/cccbf502-6b91-40d6-be02-5ffa0eb711d6/.well-known/openid-configu
    ration' - 2/19/2019 12:53:58 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://login.microsoftonline.com/cccbf502-6b91-40d6-be02-5ffa0eb711d6/.well-known/openid-configur
    ation with 0-byte payload - 2/19/2019 12:53:58 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 1575-byte response of content type
    application/json; charset=utf-8 - 2/19/2019 12:53:59 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Verified a successful connection to the graph service;
    response received: {
        "StatusCode":  200,
        "StatusDescription":  "OK",
        "Content":  {
                        "authorization_endpoint":
    "https://login.microsoftonline.com/cccbf502-6b91-40d6-be02-5ffa0eb711d6/oauth2/authorize",
                        "token_endpoint":
    "https://login.microsoftonline.com/cccbf502-6b91-40d6-be02-5ffa0eb711d6/oauth2/token",
                        "token_endpoint_auth_methods_supported":  [
                                                                      "client_secret_post",
                                                                      "private_key_jwt",
                                                                      "client_secret_basic"
                                                                  ],
                        "jwks_uri":  "https://login.microsoftonline.com/common/discovery/keys",
                        "response_modes_supported":  [
                                                         "query",
                                                         "fragment",
                                                         "form_post"
                                                     ],
                        "subject_types_supported":  [
                                                        "pairwise"
                                                    ],
                        "id_token_signing_alg_values_supported":  [
                                                                      "RS256"
                                                                  ],
                        "http_logout_supported":  true,
                        "frontchannel_logout_supported":  true,
                        "end_session_endpoint":
    "https://login.microsoftonline.com/cccbf502-6b91-40d6-be02-5ffa0eb711d6/oauth2/logout",
                        "response_types_supported":  [
                                                         "code",
                                                         "id_token",
                                                         "code id_token",
                                                         "token id_token",
                                                         "token"
                                                     ],
                        "scopes_supported":  [
                                                 "openid"
                                             ],
                        "issuer":  "https://sts.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/",
                        "claims_supported":  [
                                                 "sub",
                                                 "iss",
                                                 "cloud_instance_name",
                                                 "cloud_instance_host_name",
                                                 "cloud_graph_host_name",
                                                 "msgraph_host",
                                                 "aud",
                                                 "exp",
                                                 "iat",
                                                 "auth_time",
                                                 "acr",
                                                 "amr",
                                                 "nonce",
                                                 "email",
                                                 "given_name",
                                                 "family_name",
                                                 "nickname"
                                             ],
                        "microsoft_multi_refresh_token":  true,
                        "check_session_iframe":
    "https://login.microsoftonline.com/cccbf502-6b91-40d6-be02-5ffa0eb711d6/oauth2/checksession",
                        "userinfo_endpoint":
    "https://login.microsoftonline.com/cccbf502-6b91-40d6-be02-5ffa0eb711d6/openid/userinfo",
                        "tenant_region_scope":  "AF",
                        "cloud_instance_name":  "microsoftonline.com",
                        "cloud_graph_host_name":  "graph.windows.net",
                        "msgraph_host":  "graph.microsoft.com",
                        "rbac_url":  "https://pas.windows.net"
                    }
    } - 2/19/2019 12:53:59 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Attempting to acquire a token for resource
    'https://graph.windows.net/' using a refresh token - 2/19/2019 12:53:59 AM
    VERBOSE: 1> [IdentityProvider:Deployment] POST
    https://login.microsoftonline.com/cccbf502-6b91-40d6-be02-5ffa0eb711d6/oauth2/token?api-version=1.
    6 with -1-byte payload - 2/19/2019 12:53:59 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 3374-byte response of content type
    application/json; charset=utf-8 - 2/19/2019 12:54:00 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Initialize-AADActiveDirectoryApplication : Including tag
     on AAD service principals:
    {"AzureStackMetadata":{"CreationDate":"\/Date(1550537640162)\/","DeploymentGuid":"3dfd8c47-426f-41
    c8-a603-579182db4181"}} (length = 121) - 2/19/2019 12:54:00 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/applications?$filter=identifierUris
    /any(i:i+eq+'https://deploy.bbdza.onmicrosoft.com/3dfd8c47-426f-41c8-a603-579182db4181')&api-versi
    on=1.6 with 0-byte payload - 2/19/2019 12:54:00 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 2209-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:54:01 AM
    VERBOSE: 1> [IdentityProvider:Deployment] An existing application with identifier
    'https://deploy.bbdza.onmicrosoft.com/3dfd8c47-426f-41c8-a603-579182db4181' was found. This
    application will be updated accordingly. - 2/19/2019 12:54:01 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Updating application in AAD... - 2/19/2019 12:54:01 AM
    VERBOSE: 1> [IdentityProvider:Deployment] PATCH
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/directoryObjects/5449b02d-8f1d-4815
    -b34a-da9cb18fc278/Microsoft.DirectoryServices.Application?api-version=1.6 with -1-byte payload -
    2/19/2019 12:54:01 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received -1-byte response of content type  - 2/19/2019
    12:54:01 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/applications?$filter=identifierUris
    /any(i:i+eq+'https://deploy.bbdza.onmicrosoft.com/3dfd8c47-426f-41c8-a603-579182db4181')&api-versi
    on=1.6 with 0-byte payload - 2/19/2019 12:54:06 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 2209-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:54:06 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincipals?$filter=appId+eq+
    'fa1be109-8b8f-4b4b-8ba2-a30b602c796d'&api-version=1.6 with 0-byte payload - 2/19/2019 12:54:06 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 1937-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:54:07 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Service principal for application
    'fa1be109-8b8f-4b4b-8ba2-a30b602c796d' already created in AAD directory tenant. - 2/19/2019
    12:54:07 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincipals?$filter=appId+eq+
    'fa1be109-8b8f-4b4b-8ba2-a30b602c796d'&api-version=1.6 with 0-byte payload - 2/19/2019 12:54:07 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 1937-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:54:07 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Adding new tag to service principal:
    '{"AzureStackMetadata":{"CreationDate":"\/Date(1550537640162)\/","DeploymentGuid":"3dfd8c47-426f-4
    1c8-a603-579182db4181"}}' - 2/19/2019 12:54:07 AM
    VERBOSE: 1> [IdentityProvider:Deployment] PATCH
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincipals/3b31b2cb-11ee-453
    2-a98a-31d999dae9df?api-version=1.6 with -1-byte payload - 2/19/2019 12:54:07 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received -1-byte response of content type  - 2/19/2019
    12:54:08 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/applications?$filter=appId+eq+'fa1b
    e109-8b8f-4b4b-8ba2-a30b602c796d'&api-version=1.6 with 0-byte payload - 2/19/2019 12:54:08 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 2209-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:54:08 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincipals?$filter=appId+eq+
    'fa1be109-8b8f-4b4b-8ba2-a30b602c796d'&api-version=1.6 with 0-byte payload - 2/19/2019 12:54:08 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 2073-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:54:08 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Service principal for application
    'fa1be109-8b8f-4b4b-8ba2-a30b602c796d' already created in AAD directory tenant. - 2/19/2019
    12:54:08 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincipals/3b31b2cb-11ee-453
    2-a98a-31d999dae9df/appRoleAssignedTo?api-version=1.6 with 0-byte payload - 2/19/2019 12:54:08 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 167-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:54:08 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/oauth2PermissionGrants?$filter=clie
    ntId+eq+'3b31b2cb-11ee-4532-a98a-31d999dae9df'&$top=500&api-version=1.6 with 0-byte payload -
    2/19/2019 12:54:08 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 127-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:54:09 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/oauth2PermissionGrants?$filter=reso
    urceId+eq+'3b31b2cb-11ee-4532-a98a-31d999dae9df'&$top=500&api-version=1.6 with 0-byte payload -
    2/19/2019 12:54:09 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 127-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:54:09 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/applications?$filter=appId+eq+'fa1b
    e109-8b8f-4b4b-8ba2-a30b602c796d'&api-version=1.6 with 0-byte payload - 2/19/2019 12:54:09 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 2209-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:54:09 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincipals?$filter=appId+eq+
    '00000002-0000-0000-c000-000000000000'&api-version=1.6 with 0-byte payload - 2/19/2019 12:54:09 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 9567-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:54:09 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Service principal for application
    '00000002-0000-0000-c000-000000000000' already created in AAD directory tenant. - 2/19/2019
    12:54:09 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Granting permission 'Application.ReadWrite.OwnedBy'
    (824c81eb-e3f8-4ee6-8f6d-de7f50d565b7) exposed by application 'Windows Azure Active Directory'
    (00000002-0000-0000-c000-000000000000) of type 'Application' to application 'Azure Stack -
    Deployment' (fa1be109-8b8f-4b4b-8ba2-a30b602c796d) - 2/19/2019 12:54:10 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincipals?$filter=appId+eq+
    'fa1be109-8b8f-4b4b-8ba2-a30b602c796d'&api-version=1.6 with 0-byte payload - 2/19/2019 12:54:10 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 2073-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:54:10 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Service principal for application
    'fa1be109-8b8f-4b4b-8ba2-a30b602c796d' already created in AAD directory tenant. - 2/19/2019
    12:54:10 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincipals?$filter=appId+eq+
    '00000002-0000-0000-c000-000000000000'&api-version=1.6 with 0-byte payload - 2/19/2019 12:54:10 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 9567-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:54:10 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Service principal for application
    '00000002-0000-0000-c000-000000000000' already created in AAD directory tenant. - 2/19/2019
    12:54:10 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincipals/3b31b2cb-11ee-453
    2-a98a-31d999dae9df/appRoleAssignedTo?api-version=1.6 with 0-byte payload - 2/19/2019 12:54:10 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 167-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:54:10 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Granting AppRoleAssignment
    '824c81eb-e3f8-4ee6-8f6d-de7f50d565b7' to application service principal 'Azure Stack - Deployment'
     on behalf of application 'Windows Azure Active Directory'... - 2/19/2019 12:54:10 AM
    VERBOSE: 1> [IdentityProvider:Deployment] POST
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincipals/3b31b2cb-11ee-453
    2-a98a-31d999dae9df/appRoleAssignments?api-version=1.6 with -1-byte payload - 2/19/2019 12:54:10
    AM
    VERBOSE: 1> [IdentityProvider:Deployment] ERROR: An error occurred while trying to make a graph
    API call:
    {"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient
    privileges to complete the operation."}}}

    Additional details: {
        "Method":  "POST",
        "ResponseUri":
    "https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincipals/3b31b2cb-11ee-45
    32-a98a-31d999dae9df/appRoleAssignments?api-version=1.6",
        "StatusCode":  403,
        "StatusDescription":  "Forbidden",
        "IsFromCache":  false,
        "LastModified":  "\/Date(1550537651132)\/"
    } - 2/19/2019 12:54:11 AM
    VERBOSE: 1> [IdentityProvider:Deployment] WARNING: An error occurred during identity application
    initialization. Delaying for 300 seconds and trying again...
    Error: An error occurred while trying to make a graph API call:
    {"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient
    privileges to complete the operation."}}}

    Additional details: {
        "Method":  "POST",
        "ResponseUri":
    "https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincipals/3b31b2cb-11ee-45
    32-a98a-31d999dae9df/appRoleAssignments?api-version=1.6",
        "StatusCode":  403,
        "StatusDescription":  "Forbidden",
        "IsFromCache":  false,
        "LastModified":  "\/Date(1550537651132)\/"
    } - 2/19/2019 12:54:11 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/applications?$filter=identifierUris
    /any(i:i+eq+'https://deploy.bbdza.onmicrosoft.com/3dfd8c47-426f-41c8-a603-579182db4181')&api-versi
    on=1.6 with 0-byte payload - 2/19/2019 12:59:11 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 2209-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:59:12 AM
    VERBOSE: 1> [IdentityProvider:Deployment] An existing application with identifier
    'https://deploy.bbdza.onmicrosoft.com/3dfd8c47-426f-41c8-a603-579182db4181' was found. This
    application will be updated accordingly. - 2/19/2019 12:59:12 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Updating application in AAD... - 2/19/2019 12:59:12 AM
    VERBOSE: 1> [IdentityProvider:Deployment] PATCH
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/directoryObjects/5449b02d-8f1d-4815
    -b34a-da9cb18fc278/Microsoft.DirectoryServices.Application?api-version=1.6 with -1-byte payload -
    2/19/2019 12:59:12 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received -1-byte response of content type  - 2/19/2019
    12:59:12 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/applications?$filter=identifierUris
    /any(i:i+eq+'https://deploy.bbdza.onmicrosoft.com/3dfd8c47-426f-41c8-a603-579182db4181')&api-versi
    on=1.6 with 0-byte payload - 2/19/2019 12:59:17 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 2209-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:59:17 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincipals?$filter=appId+eq+
    'fa1be109-8b8f-4b4b-8ba2-a30b602c796d'&api-version=1.6 with 0-byte payload - 2/19/2019 12:59:17 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 2073-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:59:18 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Service principal for application
    'fa1be109-8b8f-4b4b-8ba2-a30b602c796d' already created in AAD directory tenant. - 2/19/2019
    12:59:18 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincipals?$filter=appId+eq+
    'fa1be109-8b8f-4b4b-8ba2-a30b602c796d'&api-version=1.6 with 0-byte payload - 2/19/2019 12:59:18 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 2073-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:59:18 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Tag already present on service principal:
    '{"AzureStackMetadata":{"CreationDate":"\/Date(1550537640162)\/","DeploymentGuid":"3dfd8c47-426f-4
    1c8-a603-579182db4181"}}' - 2/19/2019 12:59:18 AM
    VERBOSE: 1> [IdentityProvider:Deployment] PATCH
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincipals/3b31b2cb-11ee-453
    2-a98a-31d999dae9df?api-version=1.6 with -1-byte payload - 2/19/2019 12:59:18 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received -1-byte response of content type  - 2/19/2019
    12:59:18 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/applications?$filter=appId+eq+'fa1b
    e109-8b8f-4b4b-8ba2-a30b602c796d'&api-version=1.6 with 0-byte payload - 2/19/2019 12:59:18 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 2209-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:59:19 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincipals?$filter=appId+eq+
    'fa1be109-8b8f-4b4b-8ba2-a30b602c796d'&api-version=1.6 with 0-byte payload - 2/19/2019 12:59:19 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 2073-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:59:19 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Service principal for application
    'fa1be109-8b8f-4b4b-8ba2-a30b602c796d' already created in AAD directory tenant. - 2/19/2019
    12:59:19 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincipals/3b31b2cb-11ee-453
    2-a98a-31d999dae9df/appRoleAssignedTo?api-version=1.6 with 0-byte payload - 2/19/2019 12:59:19 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 167-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:59:19 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/oauth2PermissionGrants?$filter=clie
    ntId+eq+'3b31b2cb-11ee-4532-a98a-31d999dae9df'&$top=500&api-version=1.6 with 0-byte payload -
    2/19/2019 12:59:19 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 127-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:59:19 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/oauth2PermissionGrants?$filter=reso
    urceId+eq+'3b31b2cb-11ee-4532-a98a-31d999dae9df'&$top=500&api-version=1.6 with 0-byte payload -
    2/19/2019 12:59:19 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 127-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:59:20 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/applications?$filter=appId+eq+'fa1b
    e109-8b8f-4b4b-8ba2-a30b602c796d'&api-version=1.6 with 0-byte payload - 2/19/2019 12:59:20 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 2209-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:59:20 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincipals?$filter=appId+eq+
    '00000002-0000-0000-c000-000000000000'&api-version=1.6 with 0-byte payload - 2/19/2019 12:59:20 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 9567-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:59:20 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Service principal for application
    '00000002-0000-0000-c000-000000000000' already created in AAD directory tenant. - 2/19/2019
    12:59:20 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Granting permission 'Application.ReadWrite.OwnedBy'
    (824c81eb-e3f8-4ee6-8f6d-de7f50d565b7) exposed by application 'Windows Azure Active Directory'
    (00000002-0000-0000-c000-000000000000) of type 'Application' to application 'Azure Stack -
    Deployment' (fa1be109-8b8f-4b4b-8ba2-a30b602c796d) - 2/19/2019 12:59:20 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincipals?$filter=appId+eq+
    'fa1be109-8b8f-4b4b-8ba2-a30b602c796d'&api-version=1.6 with 0-byte payload - 2/19/2019 12:59:20 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 2073-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:59:20 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Service principal for application
    'fa1be109-8b8f-4b4b-8ba2-a30b602c796d' already created in AAD directory tenant. - 2/19/2019
    12:59:20 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincipals?$filter=appId+eq+
    '00000002-0000-0000-c000-000000000000'&api-version=1.6 with 0-byte payload - 2/19/2019 12:59:20 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 9567-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:59:21 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Service principal for application
    '00000002-0000-0000-c000-000000000000' already created in AAD directory tenant. - 2/19/2019
    12:59:21 AM
    VERBOSE: 1> [IdentityProvider:Deployment] GET
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincipals/3b31b2cb-11ee-453
    2-a98a-31d999dae9df/appRoleAssignedTo?api-version=1.6 with 0-byte payload - 2/19/2019 12:59:21 AM
    VERBOSE: 1> [IdentityProvider:Deployment] received 167-byte response of content type
    application/json; odata=minimalmetadata; streaming=true; charset=utf-8 - 2/19/2019 12:59:21 AM
    VERBOSE: 1> [IdentityProvider:Deployment] Granting AppRoleAssignment
    '824c81eb-e3f8-4ee6-8f6d-de7f50d565b7' to application service principal 'Azure Stack - Deployment'
     on behalf of application 'Windows Azure Active Directory'... - 2/19/2019 12:59:21 AM
    VERBOSE: 1> [IdentityProvider:Deployment] POST
    https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincipals/3b31b2cb-11ee-453
    2-a98a-31d999dae9df/appRoleAssignments?api-version=1.6 with -1-byte payload - 2/19/2019 12:59:21
    AM
    VERBOSE: 1> [IdentityProvider:Deployment] ERROR: An error occurred while trying to make a graph
    API call:
    {"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient
    privileges to complete the operation."}}}

    Additional details: {
        "Method":  "POST",
        "ResponseUri":
    "https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincipals/3b31b2cb-11ee-45
    32-a98a-31d999dae9df/appRoleAssignments?api-version=1.6",
        "StatusCode":  403,
        "StatusDescription":  "Forbidden",
        "IsFromCache":  false,
        "LastModified":  "\/Date(1550537961642)\/"
    } - 2/19/2019 12:59:21 AM
    VERBOSE: 1> [IdentityProvider:Deployment] [PSTask Concurrency] Task is completed, so exiting. -
    2/19/2019 12:59:21 AM
    VERBOSE: 1> [IdentityProvider:Deployment] [PSTask Concurrency] Number of parallel tasks decreased
    to '0'. - 2/19/2019 12:59:21 AM
    WARNING: 1> Task: Invocation of interface 'Deployment' of role 'Cloud\Fabric\IdentityProvider'
    failed:

    Type 'Deployment' of Role 'IdentityProvider' raised an exception:

    An error occurred while trying to make a graph API call:
    {"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient
    privileges to complete the operation."}}}

    Additional details: {
        "Method":  "POST",
        "ResponseUri":
    "https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincipals/3b31b2cb-11ee-45
    32-a98a-31d999dae9df/appRoleAssignments?api-version=1.6",
        "StatusCode":  403,
        "StatusDescription":  "Forbidden",
        "IsFromCache":  false,
        "LastModified":  "\/Date(1550537961642)\/"
    }
    at Invoke-GraphApi, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 632
    at Initialize-GraphAppRoleAssignment, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1:
    line 1271
    at Grant-GraphApplicationPermission<Process>,
    C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 1671
    at Grant-GraphApplicationPermissions, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1:
    line 1729
    at Initialize-GraphApplication, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line
    2286
    at Initialize-AADActiveDirectoryApplication,
    C:\CloudDeployment\Roles\IdentityProvider\IdentityProvider.psm1: line 165
    at New-ActiveDirectoryApplication,
    C:\CloudDeployment\Roles\IdentityProvider\IdentityProvider.psm1: line 41
    at Deployment, C:\CloudDeployment\Classes\IdentityProvider\IdentityProvider.psm1: line 18
    at <ScriptBlock>, <No file>: line 42
    at <ScriptBlock>, <No file>: line 40 - 2/19/2019 12:59:21 AM
    Invoke-EceAction : Type 'Deployment' of Role 'IdentityProvider' raised an exception:
    An error occurred while trying to make a graph API call:
    {"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient
    privileges to complete the operation."}}}
    Additional details: {
        "Method":  "POST",
        "ResponseUri":  "https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePrincip
    als/3b31b2cb-11ee-4532-a98a-31d999dae9df/appRoleAssignments?api-version=1.6",
        "StatusCode":  403,
        "StatusDescription":  "Forbidden",
        "IsFromCache":  false,
        "LastModified":  "\/Date(1550537961642)\/"
    }
    at Invoke-GraphApi, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 632
    at Initialize-GraphAppRoleAssignment, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1:
    line 1271
    at Grant-GraphApplicationPermission<Process>,
    C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 1671
    at Grant-GraphApplicationPermissions, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1:
    line 1729
    at Initialize-GraphApplication, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 2286
    at Initialize-AADActiveDirectoryApplication,
    C:\CloudDeployment\Roles\IdentityProvider\IdentityProvider.psm1: line 165
    at New-ActiveDirectoryApplication,
    C:\CloudDeployment\Roles\IdentityProvider\IdentityProvider.psm1: line 41
    at Deployment, C:\CloudDeployment\Classes\IdentityProvider\IdentityProvider.psm1: line 18
    at <ScriptBlock>, <No file>: line 42
    at <ScriptBlock>, <No file>: line 40
    At line:5 char:2
    +  Invoke-EceAction -RolePath Cloud -ActionType Deployment -Start 0.Phy ...
    +  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : OperationStopped: (:) [Invoke-EceAction], InterfaceInvocationFailed
       Exception
        + FullyQualifiedErrorId : An error occurred while trying to make a graph API call: {"odata.er
       ror":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient privi
      leges to complete the operation."}}}
    Additional details: {
        "Method":  "POST",
            "ResponseUri":  "https://graph.windows.net/cccbf502-6b91-40d6-be02-5ffa0eb711d6/servicePr
       incipals/3b31b2cb-11ee-4532-a98a-31d999dae9df/appRoleAssignments?api-version=1.6",
        "StatusCode":  403,
        "StatusDescription":  "Forbidden",
        "IsFromCache":  false,
        "LastModified":  "\/Date(1550537961642)\/"
    },CloudEngine.Cmdlets.InvokeCmdlet

    VERBOSE: 1> Step: Status of step '60.120.121 - (Katal) Create AzureStack Service Principals' is
    'Error'. - 2/19/2019 12:59:21 AM
    VERBOSE: 1> Checking if any of the in progress steps are complete. The following steps are
    currently in progress: '60.120.121'. - 2/19/2019 12:59:21 AM
    VERBOSE: 1> Action: Action plan 'Deployment-Phase4-IdentitySystemAndWASBootstrap' failed. Finish
    running all steps that are currently in progress before exiting. - 2/19/2019 12:59:21 AM
    VERBOSE: 1> Draining all steps that are still in progress. The following steps are still in
    progress or just completed: '60.120.121'. - 2/19/2019 12:59:21 AM
    VERBOSE: 1> Action: Action plan 'Deployment-Phase4-IdentitySystemAndWASBootstrap' failed. -
    2/19/2019 12:59:21 AM
    Invoke-EceAction : Action: Invocation of step 60.120.121 failed. Stopping invocation of action
    plan.
    At line:5 char:2
    +  Invoke-EceAction -RolePath Cloud -ActionType Deployment -Start 0.Phy ...
    +  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [Invoke-EceAction], ActionExecutionException
        + FullyQualifiedErrorId : Unspecified error,CloudEngine.Cmdlets.InvokeCmdlet

    VERBOSE: 1> Action: Status of 'Deployment-Phase4-IdentitySystemAndWASBootstrap' is 'Error'. -
    2/19/2019 12:59:21 AM
    COMPLETE: Task Cloud - Deployment-Phase4-IdentitySystemAndWASBootstrap
    VERBOSE: 1> Task: Status of action 'Deployment-Phase4-IdentitySystemAndWASBootstrap' of role
    'Cloud' is 'Error'. - 2/19/2019 12:59:21 AM
    VERBOSE: Step: Status of step '60.120 - Phase 4 - ConfigureVMs-Part2' is 'Error'. - 2/19/2019
    12:59:21 AM
    VERBOSE: Checking if any of the in progress steps are complete. The following steps are currently
    in progress: '60.120'. - 2/19/2019 12:59:21 AM
    VERBOSE: Action: Action plan 'Deployment-Phase2-ConfigureStack' failed. Finish running all steps
    that are currently in progress before exiting. - 2/19/2019 12:59:21 AM
    VERBOSE: Draining all steps that are still in progress. The following steps are still in progress
    or just completed: '60.120'. - 2/19/2019 12:59:21 AM
    VERBOSE: Action: Action plan 'Deployment-Phase2-ConfigureStack' failed. - 2/19/2019 12:59:21 AM
    Invoke-EceAction : Action: Invocation of step 60.120 failed. Stopping invocation of action plan.
    At line:5 char:2
    +  Invoke-EceAction -RolePath Cloud -ActionType Deployment -Start 0.Phy ...
    +  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [Invoke-EceAction], ActionExecutionException
        + FullyQualifiedErrorId : Unspecified error,CloudEngine.Cmdlets.InvokeCmdlet

    VERBOSE: Action: Status of 'Deployment-Phase2-ConfigureStack' is 'Error'. - 2/19/2019 12:59:21 AM
    COMPLETE: Task Cloud - Deployment-Phase2-ConfigureStack
    VERBOSE: Task: Status of action 'Deployment-Phase2-ConfigureStack' of role 'Cloud' is 'Error'. -
    2/19/2019 12:59:21 AM
    VERBOSE: Step: Status of step '60 - Phase 2 - ConfigureVMs' is 'Error'. - 2/19/2019 12:59:21 AM
    VERBOSE: Checking if any of the in progress steps are complete. The following steps are currently
    in progress: '60'. - 2/19/2019 12:59:21 AM
    VERBOSE: Action: Action plan 'Deployment' failed. Finish running all steps that are currently in
    progress before exiting. - 2/19/2019 12:59:21 AM
    VERBOSE: Draining all steps that are still in progress. The following steps are still in progress
    or just completed: '60'. - 2/19/2019 12:59:21 AM
    VERBOSE: Action: Action plan 'Deployment' failed. - 2/19/2019 12:59:21 AM
    Invoke-EceAction : Action: Invocation of step 60 failed. Stopping invocation of action plan.
    At line:5 char:2
    +  Invoke-EceAction -RolePath Cloud -ActionType Deployment -Start 0.Phy ...
    +  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (:) [Invoke-EceAction], ActionExecutionException
        + FullyQualifiedErrorId : Unspecified error,CloudEngine.Cmdlets.InvokeCmdlet

    Please can you guys assist here as this is becoming very frustrating?

    Tuesday, February 19, 2019 4:40 AM
  • Hello, 

    The issue is coming from your AZ subscription, which does not have any Privileged rights. All thought you are using a MSDN subscription used as Part of your COMPANY Domain. 


    VERBOSE: 1> [IdentityProvider:Deployment] ERROR: An error occurred while trying to make a graph
    API call:
    {"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient
    privileges to complete the operation."}}}

    If you wanna make it work, you should ask them to delegate you some  administrative rights , then use the -rerun command to continue the deployment 


    • Edited by Huce_AZS Monday, February 25, 2019 2:59 PM
    • Proposed as answer by TravisCragg_MSFTMicrosoft employee Monday, February 25, 2019 10:34 PM
    • Marked as answer by Skyfie80 Tuesday, February 26, 2019 12:45 PM
    • Unmarked as answer by Skyfie80 Tuesday, February 26, 2019 12:45 PM
    • Marked as answer by Skyfie80 Tuesday, February 26, 2019 12:48 PM
    Monday, February 25, 2019 2:58 PM
  • Huce_AZS you are a legend!

    It worked and all is up and running thank you.

    Funny it worked once before with the same setup except that the server was not in a DMZ, it is now so permissions were not an issue before.

    Thanks and have a great one!

    Tuesday, February 26, 2019 12:47 PM
  • Hello Skyfie80, Glad to hear that , My pleasure :)
    Thursday, February 28, 2019 9:23 AM