locked
Deployment failure at 60.140.142 RRS feed

  • Question

  • Hello Guys,

    I am trying to deploy Azure Stack , but it fails at 60.140.142

    Details Below:

    Build/Version:  

    <Version>1.0.180302.1</Version> 

    Directory type: 

    Azure AD

    Network: 

    Static 

    The method used to access the Internet:

    Transparent  Proxy

    BareMetal or Nested Hyper-V:

    BareMatal

    Deployment parameters used:

    .\InstallAzureStackPOC.ps1 -AdminPassword $adminpass -InfraAzureDirectoryTenantName ************.onmicrosoft.com -NatIPv4Subnet 10.202.45.0/24 -NatIPv4Address 10.202.45.23 -NatIPv4DefaultGateway 10.202.45.254 -TimeServer 10.202.45.3

    Troubleshooting steps:

    I tried to:

    -          Rerun the script .\InstallAzureStackPOC.ps1-rerun

    -          Reboot AzS-WAS01 and rerun the script

    Error:

    VERBOSE: 1> [WAS:Configure] Testing connection to graph environment using endpoint

    'https://login.windows.net/149d1a4d-6c75-49c8-af82-3c0aacfe774c/.well-known/openid-configuration' - 3/16/2018 1:14:24 PM

    VERBOSE: 1> [WAS:Configure] GET https://login.windows.net/149d1a4d-6c75-49c8-af82-3c0aacfe774c/.well-known/openid-configuration with 0-byte payload - 3/16/2018

    1:14:24 PM

    VERBOSE: 1> [WAS:Configure] received 1490-byte response of content type application/json; charset=utf-8 - 3/16/2018 1:14:24 PM

    VERBOSE: 1> [WAS:Configure] Verified a successful connection to the graph service; response received: {

        "StatusCode":  200,

        "StatusDescription":  "OK",

        "Content":  {

                        "authorization_endpoint":  "https://login.windows.net/149d1a4d-6c75-49c8-af82-3c0aacfe774c/oauth2/authorize",

                        "token_endpoint":  "https://login.windows.net/149d1a4d-6c75-49c8-af82-3c0aacfe774c/oauth2/token",

                        "token_endpoint_auth_methods_supported":  [

                                                                      "client_secret_post",

                                                                      "private_key_jwt",

                                                                      "client_secret_basic"

                                                                  ],

                        "jwks_uri":  "https://login.windows.net/common/discovery/keys",

                        "response_modes_supported":  [

                                                         "query",

                                                         "fragment",

                                                         "form_post"

                                                     ],

                        "subject_types_supported":  [

                                                        "pairwise"

                                                    ],

                        "id_token_signing_alg_values_supported":  [

                                                                      "RS256"

                                                                  ],

                        "http_logout_supported":  true,

                        "frontchannel_logout_supported":  true,

                        "end_session_endpoint":  "https://login.windows.net/149d1a4d-6c75-49c8-af82-3c0aacfe774c/oauth2/logout",

                        "response_types_supported":  [

                                                         "code",

                                                         "id_token",

                                                         "code id_token",

                                                         "token id_token",

                                                         "token"

                                                     ],

                        "scopes_supported":  [

                                                 "openid"

                                             ],

                        "issuer":  "https://sts.windows.net/149d1a4d-6c75-49c8-af82-3c0aacfe774c/",

                        "claims_supported":  [

                                                 "sub",

                                                 "iss",

                                                 "cloud_instance_name",

                                                 "cloud_instance_host_name",

                                                 "cloud_graph_host_name",

                                                 "msgraph_host",

                                                 "aud",

                                                 "exp",

                                                 "iat",

                                                 "auth_time",

                                                 "acr",

                                                 "amr",

                                                 "nonce",

                                                 "email",

                                                 "given_name",

                                                 "family_name",

                                                 "nickname"

                                             ],

                        "microsoft_multi_refresh_token":  true,

                        "check_session_iframe":  "https://login.windows.net/149d1a4d-6c75-49c8-af82-3c0aacfe774c/oauth2/checksession",

                        "userinfo_endpoint":  "https://login.windows.net/149d1a4d-6c75-49c8-af82-3c0aacfe774c/openid/userinfo",

                        "tenant_region_scope":  "NA",

                        "cloud_instance_name":  "microsoftonline.com",

                        "cloud_graph_host_name":  "graph.windows.net",

                        "msgraph_host":  "graph.microsoft.com"

                    }

    } - 3/16/2018 1:14:24 PM

    VERBOSE: 1> [WAS:Configure] Attempting to acquire a token for resource

    'https://adminmanagement.sinelshchikovgmail.onmicrosoft.com/1f5c041e-f23d-4868-88d5-a1c1ac54b451' using a refresh token - 3/16/2018 1:14:24 PM

    VERBOSE: 1> [WAS:Configure] POST https://login.windows.net/149d1a4d-6c75-49c8-af82-3c0aacfe774c/oauth2/token?api-version=1.6 with -1-byte payload - 3/16/2018

    1:14:24 PM

    VERBOSE: 1> [WAS:Configure] received 3344-byte response of content type application/json; charset=utf-8 - 3/16/2018 1:14:24 PM

    VERBOSE: 1> [WAS:Configure] Calling ARM to check if RBAC assignment already exists...

    (https://adminmanagement.local.azurestack.external/subscriptions/c4b58151-9146-4fd3-a5cd-d5390e44556a/providers/Microsoft.Authorization/roleAssignments?api-version=

    2015-07-01) - 3/16/2018 1:14:24 PM

    VERBOSE: 1> [WAS:Configure] GET

    https://adminmanagement.local.azurestack.external/subscriptions/c4b58151-9146-4fd3-a5cd-d5390e44556a/providers/Microsoft.Authorization/roleAssignments?api-version=2

    015-07-01 with 0-byte payload - 3/16/2018 1:14:24 PM

    WARNING: 1> [WAS:Configure] Issue trying to get existing RBAC assignments (retrying in 10 seconds):

    403 - Forbidden: Access is denied.

    Server Error

      403 - Forbidden: Access is denied.

      You do not have permission to view this directory or page using the credentials that you supplied.

    Additional details: {

        "Method":  "GET",

        "ResponseUri":

    "https://adminmanagement.local.azurestack.external/subscriptions/c4b58151-9146-4fd3-a5cd-d5390e44556a/providers/Microsoft.Authorization/roleAssignments?api-version=

    2015-07-01",

        "StatusCode":  502,

        "StatusDescription":  "Forbidden",

        "IsFromCache":  false,

        "LastModified":  "\/Date(1521220554888)\/"

    } - 3/16/2018 1:15:54 PM


    Monday, March 19, 2018 2:22 PM

Answers

  • Hello Denis,

    The error from your logs indicates a Permission issue in your Azure AD Tenant.

     

    Additional details: {

        "Method":  " GET https://adminmanagement.local.azurestack.external/subscriptions/xxxxxxxx-xxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxxxxxx/providers /Microsoft.Authorization/roleAssignments?api-version=2015-07-01",

        "StatusCode":  502,

        "StatusDescription":  "Forbidden",

        "IsFromCache":  false,

        "LastModified":  "\/Date(1521145773110)\/"

    }

    2018-03-15 16:29:43 Verbose  1> [WAS:Configure] GET https://adminmanagement.local.azurestack.external/subscriptions/xxxxxxxx-xxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxxxxxx/providers/Microsoft.Authorization/roleAssignments?api-version=2015-07-01 with 0-byte payload

    2018-03-15 16:29:43 Verbose  1> [WAS:Configure] ERROR: An error occurred while trying to make an authenticated API call to Resource Manager:

    403 - Forbidden: Access is denied.

      You do not have permission to view this directory or page using the credentials that you supplied

      

    Can you validate your credentials by going to https://portal.azure.com and logging using the Azure AD Tenant and password you are using to deploy?

    If you are unable to login:

    - Reset your credentials and retry the deployment.

    If you are able to login:

    - Go to the Azure AD Tenant and verify the user you are deploying Azure Stack with is Global Admin for the Tenant directory.

    Let us know how it goes,

        

         

    We apologize for any inconvenience and appreciate your time and interest in Azure Stack.

    If you continue experience any issues with ASDK release, feel free to contact us.

           

     Thanks,


    Gary Gallanes



    Friday, March 23, 2018 10:57 PM

All replies

  • Hello,

    Can you validate your credentials by going to https://portal.azure.com and logging using the Azure AD Tenant and password you are using to deploy.

    If you are unable to login, reset your credentials and retry the deployment.

     

    If you are able to login than we will require some logs in order to continue troubleshooting. 

        

    If you could, please zip up all files and folders in C:\CloudDeployment\Logs and email them to ascustfeedback@microsoft.com   

       

    Make sure to and include the thread URL in the subject contacting ascustfeedback@microsoft.com

        

    We apologize for any inconvenience and appreciate your time and interest in Azure Stack.

    If you continue experience any issues with ASDK release, feel free to contact us.

          

     Thanks,


    Gary Gallanes

    Monday, March 19, 2018 11:36 PM
  • Gary, 

    For some reason I cannot send the email with logs to ascustfeedback@microsoft.com.

    I got the "Undeliverable" error, saying that the mailbox is restricted to only allowed senders...

    a screenshot is attached.


    Microsoft Corrupt Professional

    Tuesday, March 20, 2018 2:28 PM
  • Hello Denis,

    We got your email and logs and will reply with next step shortly.

     Thanks,

    Gary


    Gary Gallanes

    Tuesday, March 20, 2018 9:38 PM
  • Hello Denis,

    The error from your logs indicates a Permission issue in your Azure AD Tenant.

     

    Additional details: {

        "Method":  " GET https://adminmanagement.local.azurestack.external/subscriptions/xxxxxxxx-xxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxxxxxx/providers /Microsoft.Authorization/roleAssignments?api-version=2015-07-01",

        "StatusCode":  502,

        "StatusDescription":  "Forbidden",

        "IsFromCache":  false,

        "LastModified":  "\/Date(1521145773110)\/"

    }

    2018-03-15 16:29:43 Verbose  1> [WAS:Configure] GET https://adminmanagement.local.azurestack.external/subscriptions/xxxxxxxx-xxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxxxxxx/providers/Microsoft.Authorization/roleAssignments?api-version=2015-07-01 with 0-byte payload

    2018-03-15 16:29:43 Verbose  1> [WAS:Configure] ERROR: An error occurred while trying to make an authenticated API call to Resource Manager:

    403 - Forbidden: Access is denied.

      You do not have permission to view this directory or page using the credentials that you supplied

      

    Can you validate your credentials by going to https://portal.azure.com and logging using the Azure AD Tenant and password you are using to deploy?

    If you are unable to login:

    - Reset your credentials and retry the deployment.

    If you are able to login:

    - Go to the Azure AD Tenant and verify the user you are deploying Azure Stack with is Global Admin for the Tenant directory.

    Let us know how it goes,

        

         

    We apologize for any inconvenience and appreciate your time and interest in Azure Stack.

    If you continue experience any issues with ASDK release, feel free to contact us.

           

     Thanks,


    Gary Gallanes



    Friday, March 23, 2018 10:57 PM
  • Gary, 

    Thank you , you are correct. That were the permissions and transparent proxy  problems. All fixed now.


    Microsoft Corrupt Professional

    Monday, March 26, 2018 1:15 PM