Has anyone had success running Azure Stack TP2 behind a corporate firewall/proxy? RRS feed

  • Question

  • Hello,

    Checking to see if anyone has had success getting the Azure Stack TP2 bits behind a corporate proxy. 

    We were able to make progress till step 60.120.124, and haven't been able to make any sort of progress despite multiple attempts. The diagnostic messages weren't indicative of what exactly the problem was, but we suspect its mostly to the do with the MAS VMs not having connectivity to the internet. 

    2016-11-28 17:12:42 Verbose  1> 2> & : Invoking command on MAS-WAS01 as AzureStack\FabricAdmin


    2016-11-28 17:13:22 Warning 1> 1> The names of some imported commands from the module 'FabricRingApplications' include unapproved verbs that might make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb. 2016-11-28 17:13:23 Verbose 1> 1> Configure Storage Controller from machine MAS-Xrp01.AzureStack.local on service fabric cluster MAS-Xrp01.AzureStack.local 2016-11-28 17:13:45 Error 1> 2> Task: Invocation of interface 'Configure' of role 'Cloud\Fabric\AAD' failed: Function 'ConfigureAAD' in module 'Roles\AAD\AAD.psd1' raised an exception: user_realm_discovery_failed: User realm discovery failed at <ScriptBlock>, <No file>: line 280 2016-11-28 17:13:45 Verbose 1> 2> Step: Status of step '(Katal) Azure Stack AAD Configuration.' is 'Error'. 2016-11-28 17:13:45 Error 1> 2> Action: Invocation of step 60.120.124 failed. Stopping invocation of action plan. 2016-11-28 17:13:45 Verbose 1> 2> Action: Status of 'Deployment-Phase4-ConfigureWAS' is 'Error'.

    We had hit this error earlier as well, when we had not configured a new user in Azure Active Directory with the "Global Admin" role. But this time, we believe the error message is to do with the MAS-WAS01 not being able to connect to the Internet.

    We were able to confirm the lack of internet connectivity from MAS-WAS01 by running simple Invoke-WebRequest command-lines. DNS lookups are working perfectly fine - verified using nslookup. 

    The physical host running the Azure Stack has internet connectivity, through the corporate proxy. Configuring the proxy on any of the VM guests still do not provide internet connectivity to them. 

    I was looking at the MAS-BGPNAT01 VM which has a DHCP address from our network (this interface is attached to the "Public Switch"). As this VM acts as the gateway (with its IP) for other VMs to access anything external, I was trying to see if this VM had connectivity to the Internet, but here to I ran into the same problem even with the proxy configured. In summary, even this VM is not able to connect to the corporate proxy.

    I'd appreciate any pointers on how to troubleshoot this further. Also, would love to hear from folks who have successfully setup this stack behind a corporate firewall/proxy.



    Wednesday, November 30, 2016 5:02 PM


All replies