locked
Azure Stack TP2 InstallAzureStackPOC.ps1 Error: "Invocation of step 60.120 failed. Stopping invocation of action plan." RRS feed

  • Question

  • I'm getting precisely the same error that Charles originally reported in the following post:

    https://social.msdn.microsoft.com/Forums/azure/en-US/0ca1e331-fd75-4d1b-91cb-b99380bc3ea1/azure-stack-tp2-deployment-failing-at-step-60120?forum=AzureStack

    I'll describe my specific situation as a preliminary step:

    I downloaded what I presume is the latest released TP2 build (".bin" files dated November 10th 2016) on February 8th 2017.

    The deployment checker passed my hardware (HPE DL 360 G9; 128GB Memory; 2 X E5-2620v4 - 8 cores each for 16 cores total).

    And of course I ran the prescribed ".\PrepareBootFromVHD.ps1" and ".\InstallAzureStackPOC.ps1" commands.  When the process aborted, I saw the 14 expected VMs running on my host.  After a reboot, I could only see the MAS-DC01 VM in HyperV Manager.

    Based on a suggestion from Ruud Borst, I ran "Failover Cluster Manager" and started every role there, waited 15 minutes and then re-ran the installation.

    This reproduced the original error again.

    I'm hoping for some guidance to get me past this roadblock.

    Sincerely,

    Andy Babinszki.

    Tuesday, February 14, 2017 5:26 AM

Answers

  • Strange. Can you ping the 192.168.200.1 address? I advise to reboot the MAS-BGPNAT01 VM, and the Host. If that wont help then try to reconfigure NAT by removing and adding the external address again. Execute the below steps one by one and verify that the addresses are right. 

    # RDP or open up a VM console to MAS-BGPNAT01 and execute the commands below ## This is your NAT configuration Get-NetNat ## This is the external address in use, assigned by DHCP or static supplied by the installation parameters (-NatIPv4Address)

    Get-NetNatExternalAddress

    ## Verify the address with the ip configuration of the NAT network adapter # Try to remove an re-add the address Get-NetNatExternalAddress | Remove-NetNatExternalAddress # Verify the ip configuration on your NAT network adapter again, enable and disable when you use DHCP, configure the ip address if you use a static configuration.

    #Then add the NAT external address again Add-NetNatExternalAddress -NatName BGPNAT -IPAddress 'youripaddress' -PortStart 4096 -PortEnd 49151


    There is nothing else besides rebooting the host and MAS-BGPNAT01 VM to get NAT working again, only other option is to redeploy from scratch.

    Also check with your network people that they dont block MAC spoofing of any other kind of security measures not allowing other VM's (MAC addresses) to go outside via NAT. 


    Cheers,

    Ruud
    Twitter:    Blog: AzureStack.Blog  LinkedIn:    
    Note: Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.





    Thursday, February 16, 2017 10:20 AM

All replies

  • Hi Andy, can you execute the following script and return the output. Also could you include your error found from the deployment log in C:\CloudDeployment\Logs

    ## Change this two variables
    $AadUser = "admin@company.onmicrosoft.com"
    $Password = 'password'
    
    $NETVMS = @("MAS-BGPNAT01","MAS-DC01","MAS-WAS01")
    $AadTenantid = ($AadUser -split '@')[1]
    $Credential = New-Object System.Management.Automation.PSCredential(($AadUser) , `
    (ConvertTo-SecureString -String $Password  -AsPlainText -Force))
    
    ### Runs Network Tests to login.windows.net on 443 from "MAS-DC01","MAS-WAS01,MAS-BGPNAT01"
    $ConTests = $NETVMS | % {
        Invoke-command -ComputerName $_ -ScriptBlock {
            write-output '--------------------------------------------------------------------------------'
            write-output "`n`n`t`t`t$env:computername (Timezone,DNS config,DNS lookup,Webrequest)`n" 
            (Get-TimeZone).displayname
            Get-NetIPConfiguration | ft IPv4Address,@{n='dns';e={$_.dnsserver.serveraddresses}}
            Resolve-DnsName -Name bing.com -Server 192.168.200.6 | select -First 1 | ft name,ipaddress,type,name
            Invoke-WebRequest https://login.windows.net/common/.well-known/openid-configuration -UseBasicParsing | ft statuscode,content
        }
    
    }
    
    ### Opens a Session on MAS-WAS01 and Authenticate to login.windows.net and get an Azure Stack Token. 
    $TokenTest = invoke-command -Computername MAS-WAS01 -ArgumentList $AadTenantid ,$Credential -ScriptBlock {
    
        ### Downloads and Imports the AzureRM module 1.2.6 installed #######
        Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted
        $AzureModule = "c:\Program Files\WindowsPowerShell\Modules\AzureRM\1.2.6\AzureRM.psd1"
        if (Test-Path $AzureModule){
            Import-Module $AzureModule -Global -WarningAction SilentlyContinue
              } else { 
                    Install-Module -Name AzureRM -RequiredVersion 1.2.6 -AllowClobber 
                    }
        Import-Module -Name "AzureRM" -Erroraction SilentlyContinue -WarningAction SilentlyContinue
        write-output '--------------------------------------------------------------------------------'
        write-output "`t`t`t$env:computername (Get-AzureStackToken)`n"
        $AadTenantid ,$Credential = $args[0],$args[1]
        $AuthorityEndpoint = "https://login.windows.net"
        $armEndpoint = "https://api.azurestack.local”
        $response = Invoke-RestMethod "${armEndpoint}/metadata/endpoints?api-version=1.0"
        $armResourceId = $response.authentication.audiences[0]
        $token = Get-AzureStackToken -Authority $AuthorityEndpoint -AadTenantId $AadTenantid  -Resource $armResourceId -Credential $Credential -Verbose 
        if (!$token){write-warning 'Couldnt retrieve token'}else{$token}
    }
    
    
    ### Tests time sync between MAS-WAS01, MAS-BGPNAT01 and MAS-DC01
    $TimeTest =write-output "`n`n`t`t`t$env:computername (Net Time Test)`n`n";$TimeTest += (net time \\MAS-DC01)[0]; $TimeTest+="`n" + (net time \\MAS-WAS01)[0];$TimeTest+= "`n" + (net time \\MAS-BGPNAT01)[0]
    
    ### Retrieves and test DNS forwarders on MAS-DC01
    $DNSTest=@();$DNSTest += write-output "`n`t`t`t$env:computername (DNS forwarder test)`n"
    $DNSforwarder = Get-DnsServerForwarder -ComputerName 192.168.200.6
    if ($DNSforwarder.ipaddress){
    $DNSTest += ($DNSforwarder.ipaddress | where IsIPv6SiteLocal -eq $false).ipaddresstostring | % {write-output "`n`t`t`t$_" ;(Resolve-DnsName bing.com -Server $_ |  select -First 1 | ft name,ipaddress,type,name) }
    } else { write-output "No DNS forwarders found." }
    
    
    $DNSTest;$TimeTest;$ConTests;$TokenTest

    Tuesday, February 14, 2017 12:47 PM
  • Thanks Ruud.

    I dropped the script into a file called "MS-test.ps1":

    Running it generates a continuous stream of error messages.  After over an hour, it's still running (hung or not).

    ------------------------------------

    PS D:\Azure Stack> .\MS-test.ps1
    bing.com : DNS server failure
        + CategoryInfo          : ResourceUnavailable: (bing.com:String) [Resolve-DnsName], Win32Exception
        + FullyQualifiedErrorId : RCODE_SERVER_FAILURE,Microsoft.DnsClient.Commands.ResolveDnsName
        + PSComputerName        : MAS-BGPNAT01

    bing.com : DNS server failure
        + CategoryInfo          : ResourceUnavailable: (bing.com:String) [Resolve-DnsName], Win32Exception
        + FullyQualifiedErrorId : RCODE_SERVER_FAILURE,Microsoft.DnsClient.Commands.ResolveDnsName
        + PSComputerName        : MAS-DC01

    The remote name could not be resolved: 'login.windows.net'
        + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc
       eption
        + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
        + PSComputerName        : MAS-DC01

    bing.com : DNS server failure
        + CategoryInfo          : ResourceUnavailable: (bing.com:String) [Resolve-DnsName], Win32Exception
        + FullyQualifiedErrorId : RCODE_SERVER_FAILURE,Microsoft.DnsClient.Commands.ResolveDnsName
        + PSComputerName        : MAS-WAS01

    The remote name could not be resolved: 'login.windows.net'
        + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc
       eption
        + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
        + PSComputerName        : MAS-WAS01

    No repository with the name 'PSGallery' was found.
        + CategoryInfo          : InvalidOperation: (PSGallery:String) [Set-PSRepository], InvalidOperationException
        + FullyQualifiedErrorId : RepositoryNotFound,Set-PSRepository
        + PSComputerName        : MAS-WAS01

    No match was found for the specified search criteria and module name 'AzureRM'. Try Get-PSRepository to see all
    available registered module repositories.
        + CategoryInfo          : ObjectNotFound: (Microsoft.Power....InstallPackage:InstallPackage) [Install-Package], Ex
       ception
        + FullyQualifiedErrorId : NoMatchFoundForCriteria,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackage
        + PSComputerName        : MAS-WAS01

    ---------------------------------------------

    Here's the deployment log from the rerun you suggested:

    ----------------------------------------------

    2017-02-13 20:39:02 Verbose  Action: Running action plan 'Deployment'.
    2017-02-13 20:39:03 Verbose  Skipping step 'Phase 0 - Configure physical machine and external networking' index '0' because it is outside the specified bounds.
    2017-02-13 20:39:03 Verbose  Skipping step 'Phase 1 - CreateVMs' index '40' because it is outside the specified bounds.
    2017-02-13 20:39:03 Verbose  Step: Running step 60 - Phase 2 - ConfigureVMs
    2017-02-13 20:39:03 Verbose  2> Task: Running action type 'Deployment-Phase2-DeployConsoleVMs' of role 'Cloud'.
    2017-02-13 20:39:03 Verbose  1> Task: Running action type 'Deployment-Phase2-ConfigureStack' of role 'Cloud'.
    2017-02-13 20:39:03 Verbose  2> Action: Running action Deployment-Phase2-DeployConsoleVMs.
    2017-02-13 20:39:03 Verbose  1> Action: Running action Deployment-Phase2-ConfigureStack.
    2017-02-13 20:39:03 Verbose  2> Action: Running action plan 'Deployment-Phase2-DeployConsoleVMs'.
    2017-02-13 20:39:03 Verbose  1> Action: Running action plan 'Deployment-Phase2-ConfigureStack'.
    2017-02-13 20:39:03 Verbose  2> Step: Running step 221 - (FBI) Setup Console VMs
    2017-02-13 20:39:03 Verbose  1> Skipping step 'Phase 3 - ConfigureVMs-Part1' index '60.61' because it is outside the specified bounds.
    2017-02-13 20:39:03 Verbose  1> Step: Running step 120 - Phase 4 - ConfigureVMs-Part2
    2017-02-13 20:39:03 Verbose  1> 2> Task: Running action type 'Deployment-Phase4-ConfigureWAS' of role 'Cloud'.
    2017-02-13 20:39:03 Verbose  1> 3> Task: Running action type 'Deployment-Phase4-DeployADFS' of role 'Cloud'.
    2017-02-13 20:39:03 Verbose  1> 3> Action: Running action Deployment-Phase4-DeployADFS.
    2017-02-13 20:39:03 Verbose  1> 3> Action: Running action plan 'Deployment-Phase4-DeployADFS'.
    2017-02-13 20:39:03 Verbose  1> 3> Step: Running step 125 - (Katal) Install ADFS
    2017-02-13 20:39:03 Verbose  1> 1> Task: Running action type 'Deployment-Phase4-DeploySRPControllerServices' of role 'Cloud'.
    2017-02-13 20:39:03 Verbose  1> 1> Action: Running action Deployment-Phase4-DeploySRPControllerServices.
    2017-02-13 20:39:03 Verbose  1> 2> Action: Running action Deployment-Phase4-ConfigureWAS.
    2017-02-13 20:39:03 Verbose  1> 1> Action: Running action plan 'Deployment-Phase4-DeploySRPControllerServices'.
    2017-02-13 20:39:03 Verbose  1> 1> Skipping step '(FBI) Deploy Resource providers and Controllers' index '60.120.121' because it is outside the specified bounds.
    2017-02-13 20:39:03 Verbose  1> 1> Skipping step '(FBI) Controller Configuration' index '60.120.122' because it is outside the specified bounds.
    2017-02-13 20:39:03 Verbose  1> 1> Action: Action plan 'Deployment-Phase4-DeploySRPControllerServices' completed.
    2017-02-13 20:39:03 Verbose  1> 2> Action: Running action plan 'Deployment-Phase4-ConfigureWAS'.
    2017-02-13 20:39:03 Verbose  1> 2> Skipping step '(Katal) Configure WAS VMs' index '60.120.123' because it is outside the specified bounds.
    2017-02-13 20:39:03 Verbose  1> 2> Step: Running step 124 - (Katal) Azure Stack AAD Configuration.
    2017-02-13 20:39:03 Verbose  1> 4> Task: Running action type 'Deployment-Phase4-ConfigureWASPUBLIC' of role 'Cloud'.
    2017-02-13 20:39:03 Verbose  1> 4> Action: Running action Deployment-Phase4-ConfigureWASPUBLIC.
    2017-02-13 20:39:03 Verbose  1> 4> Action: Running action plan 'Deployment-Phase4-ConfigureWASPUBLIC'.
    2017-02-13 20:39:03 Verbose  1> 4> Step: Running step 128 - (Katal) Configure WAS PUBLIC VMs
    2017-02-13 20:39:03 Verbose  1> 1> Action: Status of 'Deployment-Phase4-DeploySRPControllerServices' is 'Success'.
    2017-02-13 20:39:03 Verbose  1> 1> Task: Status of action 'Deployment-Phase4-DeploySRPControllerServices' of role 'Cloud' is 'Success'.
    2017-02-13 20:39:03 Verbose  1> 2> Task: Running interface 'Configure' of role 'Cloud\Fabric\AAD'.
    2017-02-13 20:39:03 Verbose  1> 4> Task: Running interface 'Configure' of role 'Cloud\Fabric\WASPUBLIC'.
    2017-02-13 20:39:03 Verbose  1> 3> Task: Running interface 'Prerequisite' of role 'Cloud\Fabric\ADFS'.
    2017-02-13 20:39:03 Verbose  2> Task: Running interface 'Deployment' of role 'Cloud\Fabric\Console'.
    2017-02-13 20:39:03 Verbose  1> 3> Interface: Path to module: C:\CloudDeployment\Roles\AdfsRole\AdfsRole.psd1
    2017-02-13 20:39:03 Verbose  1> 3> Interface: Running interface Prerequisite (Roles\AdfsRole\AdfsRole.psd1, InstallAdfs)
    2017-02-13 20:39:03 Verbose  1> 4> Interface: Path to module: C:\CloudDeployment\Roles\WASPUBLIC\WASPUBLIC.psd1
    2017-02-13 20:39:03 Verbose  1> 4> Interface: Running interface Configure (Roles\WASPUBLIC\WASPUBLIC.psd1, ConfigureWAS)
    2017-02-13 20:39:03 Verbose  1> 2> Interface: Path to module: C:\CloudDeployment\Roles\AAD\AAD.psd1
    2017-02-13 20:39:03 Verbose  2> Interface: Path to module: C:\CloudDeployment\Roles\Console\Console.psd1
    2017-02-13 20:39:03 Verbose  2> Interface: Running interface Deployment (Roles\Console\Console.psd1, DeployConsole)
    2017-02-13 20:39:03 Verbose  1> 2> Interface: Running interface Configure (Roles\AAD\AAD.psd1, ConfigureAAD)
    2017-02-13 20:39:18 Warning  2> The names of some imported commands from the module 'Console' include unapproved verbs that might make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.
    2017-02-13 20:39:19 Verbose  1> 2> & : BEGIN on WIN-B8RETLUKTB9 as AZURESTACK\AzureStackAdmin
    2017-02-13 20:39:19 Verbose  1> 2> & DirectoryTenantID: 9b193487-7794-460e-b0b5-201705ded10a
    2017-02-13 20:39:19 Verbose  1> 2> & [PSCredential]DomainAdmin: AzureStack\FabricAdmin
    2017-02-13 20:39:19 Verbose  1> 2> & AzureEnvironment: AzureCloud
    2017-02-13 20:39:19 Verbose  1> 2> & AAD Admin User: Admin@BabinszkiAzureStack.onmicrosoft.com, UniqueNameClaim: Admin@BabinszkiAzureStack.onmicrosoft.com
    2017-02-13 20:39:19 Verbose  1> 2> & SqlServer: MAS-WAP-HA\MASSqlWAP
    2017-02-13 20:39:19 Verbose  1> 2> & KeyVaultResourceId: https://vault.azurestack.local/cc719320-78d4-4e00-9c3a-1bae4427fc7a, KeyVaultEndpointTemplate: https://{0}.vault.azurestack.local
    2017-02-13 20:39:19 Verbose  1> 2> & ArmEndpoint: https://api.AzureStack.Local
    2017-02-13 20:39:19 Verbose  2>  Console on the VM: 'MAS-Con01'.
    2017-02-13 20:39:19 Verbose  1> 4> Interface: Interface Configure completed.
    2017-02-13 20:39:19 Verbose  1> 4> Task: Task completed.
    2017-02-13 20:39:19 Verbose  1> 4> Step: Status of step '(Katal) Configure WAS PUBLIC VMs' is 'Success'.
    2017-02-13 20:39:19 Verbose  1> 4> Action: Action plan 'Deployment-Phase4-ConfigureWASPUBLIC' completed.
    2017-02-13 20:39:19 Verbose  1> 4> Action: Status of 'Deployment-Phase4-ConfigureWASPUBLIC' is 'Success'.
    2017-02-13 20:39:19 Verbose  1> 4> Task: Status of action 'Deployment-Phase4-ConfigureWASPUBLIC' of role 'Cloud' is 'Success'.
    2017-02-13 20:39:21 Verbose  1> 2> & : Invoking command on MAS-WAS01 as AzureStack\FabricAdmin
    2017-02-13 20:39:41 Verbose  1> 3> Found AD running on MAS-DC01
    2017-02-13 20:39:45 Verbose  1> 3> Configuring VIPs for role 'ADFS' containing VMs: 'VirtualMachine (Name = 'MAS-ADFS01') [Id = 'af7323bc-debc-4395-ab12-63756e4fbb36']'.
    2017-02-13 20:39:45 Verbose  1> 3> Connecting to the network controller with REST name 'NC.AzureStack.Local'.
    2017-02-13 20:39:45 Verbose  1> 3> JSON Get [/LoadBalancers/]
    2017-02-13 20:39:46 Verbose  1> 3> Processing VIP ID 'Adfs' named 'Active Directory Federation Services' with IPv4 Address '192.168.102.4'.
    2017-02-13 20:39:46 Verbose  1> 3> Adding DNS resource record for name 'adfs' with IP '192.168.102.4' under zone name 'AzureStack.Local' on the domain controller 'MAS-DC01'.
    2017-02-13 20:39:47 Verbose  2> Waiting for the scheduled tasks to finish.
    2017-02-13 20:39:52 Verbose  1> 3> Removing existing record for 'adfs'.
    2017-02-13 20:39:52 Verbose  1> 3> Adding record for 'adfs'.
    2017-02-13 20:39:52 Verbose  1> 3> Configuring port mapping named 'Adfs' with ports: '443' and '443'; protocol: 'TCP'; and VIP IPv4 address '192.168.102.4'.
    2017-02-13 20:39:52 Verbose  1> 3> JSON Get [/LoadBalancerManager/Config]
    2017-02-13 20:39:52 Verbose  1> 3> JSON Get [/logicalnetworks/f8f67956-3906-4303-94c5-09cf91e7e311]
    2017-02-13 20:39:53 Verbose  1> 3> Getting port profile for [MAS-ADFS01] on [WIN-B8RETLUKTB9]
    2017-02-13 20:39:56 Verbose  1> 3> Searching resourceId for instance id [b4498581-5ce6-450d-bf84-61299ba0e258].
    2017-02-13 20:39:56 Verbose  1> 3> JSON Get [/networkinterfaces]
    2017-02-13 20:39:56 Verbose  1> 3> JSON Get [/LoadBalancers/48d315a2-4f54-45d0-a61f-2634aaeead86]
    2017-02-13 20:39:56 Verbose  1> 3> JSON Get [/NetworkInterfaces/0489fc10-7111-4559-9ca9-6b0642296e13]
    2017-02-13 20:39:56 Verbose  1> 3> JSON Get [/LoadBalancers/]
    2017-02-13 20:39:57 Verbose  1> 3> Processing VIP ID 'Graph' named 'Azure Stack Graph' with IPv4 Address '192.168.102.5'.
    2017-02-13 20:39:57 Verbose  1> 3> Adding DNS resource record for name 'graph' with IP '192.168.102.5' under zone name 'AzureStack.Local' on the domain controller 'MAS-DC01'.
    2017-02-13 20:39:57 Verbose  1> 3> Removing existing record for 'graph'.
    2017-02-13 20:39:57 Verbose  1> 3> Adding record for 'graph'.
    2017-02-13 20:39:57 Verbose  1> 3> Configuring port mapping named 'Graph' with ports: '443' and '443'; protocol: 'TCP'; and VIP IPv4 address '192.168.102.5'.
    2017-02-13 20:39:57 Verbose  1> 3> JSON Get [/LoadBalancerManager/Config]
    2017-02-13 20:39:57 Verbose  1> 3> JSON Get [/logicalnetworks/f8f67956-3906-4303-94c5-09cf91e7e311]
    2017-02-13 20:39:57 Verbose  1> 3> Getting port profile for [MAS-ADFS01] on [WIN-B8RETLUKTB9]
    2017-02-13 20:39:59 Verbose  1> 3> Searching resourceId for instance id [b4498581-5ce6-450d-bf84-61299ba0e258].
    2017-02-13 20:39:59 Verbose  1> 3> JSON Get [/networkinterfaces]
    2017-02-13 20:39:59 Verbose  1> 3> JSON Get [/LoadBalancers/6e9470f9-4aca-4bbe-b990-d89837433951]
    2017-02-13 20:39:59 Verbose  1> 3> JSON Get [/NetworkInterfaces/0489fc10-7111-4559-9ca9-6b0642296e13]
    2017-02-13 20:39:59 Verbose  1> 3> InstallAdfs : BEGIN on WIN-B8RETLUKTB9 as AZURESTACK\AzureStackAdmin
    2017-02-13 20:39:59 Verbose  1> 3> InstallAdfs : Invoking command on "MAS-ADFS01" as AzureStack\FabricAdmin
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Enabled Remote Desktop on Server MAS-CON01'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'NET-Framework-Core' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'NET-Framework-45-Core' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'RSAT-SMTP' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'RSAT-Clustering-Mgmt' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'RSAT-Clustering-PowerShell' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'RSAT-NLB' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'RSAT-SNMP' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'RSAT-AD-PowerShell' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'RSAT-AD-AdminCenter' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'RSAT-ADDS-Tools' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'RSAT-ADLDS' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'RSAT-Hyper-V-Tools' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'Hyper-V-Tools' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'Hyper-V-PowerShell' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'UpdateServices-RSAT' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'UpdateServices-API' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'UpdateServices-UI' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'RSAT-ADRMS' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'RSAT-DHCP' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'RSAT-DNS-Server' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'RSAT-File-Services' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'RSAT-DFS-Mgmt-Con' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'RSAT-FSRM-Mgmt' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'RSAT-NFS-Admin' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'RSAT-VA-Tools' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'WDS-AdminPack' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'Telnet-Client' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'TFTP-Client' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:11 Verbose  2> Console Server  message: 'Skipping: Windows feature 'WoW64-Support' already installed on Node 'MAS-CON01'.'.
    2017-02-13 20:40:22 Verbose  2> Created shortcuts on 'MAS-Con01'.
    2017-02-13 20:40:23 Verbose  2> Interface: Interface Deployment completed.
    2017-02-13 20:40:23 Verbose  2> Task: Task completed.
    2017-02-13 20:40:23 Verbose  2> Step: Status of step '(FBI) Setup Console VMs' is 'Success'.
    2017-02-13 20:40:23 Verbose  2> Step: Running step 222 - (FBI) Setup Console VMs
    2017-02-13 20:40:23 Verbose  2> Task: Running interface 'Configure' of role 'Cloud\Fabric\Console'.
    2017-02-13 20:40:23 Verbose  2> Interface: Path to module: C:\CloudDeployment\Roles\Console\Console.psd1
    2017-02-13 20:40:23 Verbose  2> Interface: Running interface Configure (Roles\Console\Console.psd1, ConfigureConsole)
    2017-02-13 20:40:24 Error    1> 2> Task: Invocation of interface 'Configure' of role 'Cloud\Fabric\AAD' failed: 

    Function 'ConfigureAAD' in module 'Roles\AAD\AAD.psd1' raised an exception:

    user_realm_discovery_failed: User realm discovery failed
    at <ScriptBlock>, <No file>: line 281
    2017-02-13 20:40:24 Verbose  1> 2> Step: Status of step '(Katal) Azure Stack AAD Configuration.' is 'Error'.
    2017-02-13 20:40:24 Error    1> 2> Action: Invocation of step 60.120.124 failed. Stopping invocation of action plan.
    2017-02-13 20:40:24 Verbose  1> 2> Action: Status of 'Deployment-Phase4-ConfigureWAS' is 'Error'.
    2017-02-13 20:40:24 Verbose  1> 2> Task: Status of action 'Deployment-Phase4-ConfigureWAS' of role 'Cloud' is 'Error'.
    2017-02-13 20:40:27 Warning  2> The names of some imported commands from the module 'Console' include unapproved verbs that might make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.
    2017-02-13 20:40:29 Verbose  2> Moving Content to \\MAS-Con01\C$
    2017-02-13 20:40:31 Verbose  2> Interface: Interface Configure completed.
    2017-02-13 20:40:31 Verbose  2> Task: Task completed.
    2017-02-13 20:40:31 Verbose  2> Step: Status of step '(FBI) Setup Console VMs' is 'Success'.
    2017-02-13 20:40:31 Verbose  2> Action: Action plan 'Deployment-Phase2-DeployConsoleVMs' completed.
    2017-02-13 20:40:31 Verbose  2> Action: Status of 'Deployment-Phase2-DeployConsoleVMs' is 'Success'.
    2017-02-13 20:40:31 Verbose  2> Task: Status of action 'Deployment-Phase2-DeployConsoleVMs' of role 'Cloud' is 'Success'.
    2017-02-13 20:40:36 Verbose  1> 3> InstallAdfs : END on WIN-B8RETLUKTB9 as AZURESTACK\AzureStackAdmin
    2017-02-13 20:40:36 Verbose  1> 3> Interface: Interface Prerequisite completed.
    2017-02-13 20:40:36 Verbose  1> 3> Task: Task completed.
    2017-02-13 20:40:36 Verbose  1> 3> Step: Status of step '(Katal) Install ADFS' is 'Success'.
    2017-02-13 20:40:36 Verbose  1> 3> Step: Running step 126 - (Katal) Install ADFS/Graph
    2017-02-13 20:40:36 Verbose  1> 3> Task: Running interface 'Deployment' of role 'Cloud\Fabric\ADFS'.
    2017-02-13 20:40:36 Verbose  1> 3> Interface: Path to module: C:\CloudDeployment\Roles\AdfsRole\AdfsRole.psd1
    2017-02-13 20:40:36 Verbose  1> 3> Interface: Running interface Deployment (Roles\AdfsRole\AdfsRole.psd1, DeployAdfs)
    2017-02-13 20:40:48 Verbose  1> 3> DeployAdfs : BEGIN on WIN-B8RETLUKTB9 as AZURESTACK\AzureStackAdmin
    2017-02-13 20:40:48 Verbose  1> 3> DeployAdfs : Invoking command on "MAS-ADFS01" as AzureStack\FabricAdmin
    2017-02-13 20:41:25 Verbose  1> 3> DeployAdfs : END on WIN-B8RETLUKTB9 as AZURESTACK\AzureStackAdmin
    2017-02-13 20:41:25 Verbose  1> 3> Interface: Interface Deployment completed.
    2017-02-13 20:41:25 Verbose  1> 3> Task: Task completed.
    2017-02-13 20:41:25 Verbose  1> 3> Step: Status of step '(Katal) Install ADFS/Graph' is 'Success'.
    2017-02-13 20:41:25 Verbose  1> 3> Step: Running step 127 - (Katal) Configure ADFS
    2017-02-13 20:41:25 Verbose  1> 3> Task: Running interface 'Configure' of role 'Cloud\Fabric\ADFS'.
    2017-02-13 20:41:25 Verbose  1> 3> Interface: Path to module: C:\CloudDeployment\Roles\AdfsRole\AdfsRole.psd1
    2017-02-13 20:41:25 Verbose  1> 3> Interface: Running interface Configure (Roles\AdfsRole\AdfsRole.psd1, ConfigureAdfs)
    2017-02-13 20:41:40 Verbose  1> 3> ConfigureAdfs : BEGIN on WIN-B8RETLUKTB9 as AZURESTACK\AzureStackAdmin
    2017-02-13 20:41:40 Verbose  1> 3> ConfigureAdfs [PSCredential]CertReq: AzureStackAdmin
    2017-02-13 20:41:40 Verbose  1> 3> ConfigureAdfs [PSCredential]ADSchemaAdmin: Administrator
    2017-02-13 20:41:40 Verbose  1> 3> ConfigureAdfs [PSCredential]AdfsServiceAccount: AzureStack\MAS-AdfsSA$
    2017-02-13 20:41:41 Verbose  1> 3> ConfigureAdfs : Invoking command on MAS-ADFS01 as AzureStack\FabricAdmin
    2017-02-13 20:41:41 Verbose  1> 3> ConfigureAdfs : Certificate Authority: MAS-CA01.AzureStack.Local\AzureStackCertificationAuthority
    2017-02-13 20:41:41 Verbose  1> 3> ConfigureAdfs : ADFS Service Account: AzureStack\MAS-AdfsSA$
    2017-02-13 20:41:41 Verbose  1> 3> ConfigureAdfs : SqlServer: MAS-WAP-HA\MASSqlWAP
    2017-02-13 20:46:07 Verbose  1> 3> ConfigureAdfs : END on WIN-B8RETLUKTB9 as AZURESTACK\AzureStackAdmin
    2017-02-13 20:46:07 Verbose  1> 3> Interface: Interface Configure completed.
    2017-02-13 20:46:07 Verbose  1> 3> Task: Task completed.
    2017-02-13 20:46:07 Verbose  1> 3> Step: Status of step '(Katal) Configure ADFS' is 'Success'.
    2017-02-13 20:46:07 Verbose  1> 3> Action: Action plan 'Deployment-Phase4-DeployADFS' completed.
    2017-02-13 20:46:07 Verbose  1> 3> Action: Status of 'Deployment-Phase4-DeployADFS' is 'Success'.
    2017-02-13 20:46:07 Verbose  1> 3> Task: Status of action 'Deployment-Phase4-DeployADFS' of role 'Cloud' is 'Success'.
    2017-02-13 20:46:07 Verbose  1> Step: Status of step 'Phase 4 - ConfigureVMs-Part2' is 'Error'.
    2017-02-13 20:46:07 Error    1> Action: Invocation of step 60.120 failed. Stopping invocation of action plan.
    2017-02-13 20:46:07 Verbose  1> Action: Status of 'Deployment-Phase2-ConfigureStack' is 'Error'.
    2017-02-13 20:46:07 Verbose  1> Task: Status of action 'Deployment-Phase2-ConfigureStack' of role 'Cloud' is 'Error'.
    2017-02-13 20:46:07 Verbose  Step: Status of step 'Phase 2 - ConfigureVMs' is 'Error'.
    2017-02-13 20:46:07 Error    Action: Invocation of step 60 failed. Stopping invocation of action plan.

    Wednesday, February 15, 2017 5:29 AM
  • Alright, thanks! It seems that DNS queries are not resolving. That means two thing, there is no internet access on the MAS-BGPNAT01 or external DNS queries are not allowed. The 'user_realm_discovery_failed: User realm discovery failed' error confirms that DNS or internet connectivity is the issue here.

    Verify that your host was able to access the internet (without proxy) before the deployment and that you supplied the correct network information to the installer script including the EnvironmentDNS parameter. See: https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-run-powershell-script 
    Normally you have to redeploy however you can correct the settings by logging into the MAS-BGPNAT01 machine and find the network adapter which has the same network configured as your hosts 'deployment' adapter and correct the issue. Execute below line on the Host to immediately identify the adapter and its settings.

    Get-VMNetworkAdapter -VMName MAS-BGPNAT01 -Name NAT

    If DNS is the issue and your enviroment needs a DNS server for external queries then open up 'dnsmgmt.msc' on the host. Add MAS-DC01 to as the DNS service in MMC , click forwarders and add your DNS there.


    Cheers,

    Ruud
    Twitter:    Blog: AzureStack.Blog  LinkedIn:    
    Note: Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

    Wednesday, February 15, 2017 1:42 PM
  • Awesome.  Thanks again Ruud.

    Originally, my Azure Stack POC host WAS able to reach Internet destinations.  However, since the deployment attempt, it can no longer do so because DNS names are no longer resolvable.  IF I ping an IP address directly (e.g. 23.194.101.156), then I receive the expected icmp echo replies.

    Part of the deployment process changed the host's DNS servers from the usual LAN DNS servers supplied by DHCP (in an RFC1918 network 10 space) to 192.168.200.6 which is part of the Azure Stack POC environment.

    Here's the output from the GetVMNet command you requested:

    ----------------------------------------------

    PS D:\Azure Stack> Get-VMNetworkAdapter -VMName MAS-BGPNAT01 -Name NAT

    Name IsManagementOs VMName       SwitchName   MacAddress   Status IPAddresses
    ---- -------------- ------       ----------   ----------   ------ -----------
    NAT  False          MAS-BGPNAT01 PublicSwitch 022551F28E7A {Ok}   {10.254.225.222, fe80::c985:6d59:268e:e88c}

    ----------------------------------------------

    The DNS servers from the supporting network DO show up in the MAS-DC01 DNS Forwarders tab.  And when I log onto the MAS-BGPNAT01 server, I can successfully resolve DNS names:

    ----------------------------------------------

    PS C:\Users\FabricAdmin> hostname
    MAS-BGPNAT01

    PS C:\Users\FabricAdmin> ping www.microsoft.com
    Pinging e1863.dspb.akamaiedge.net [23.194.101.156] with 32 bytes of data:
    Reply from 23.194.101.156: bytes=32 time=9ms TTL=59
    Reply from 23.194.101.156: bytes=32 time=14ms TTL=59
    Reply from 23.194.101.156: bytes=32 time=18ms TTL=59
    Reply from 23.194.101.156: bytes=32 time=22ms TTL=59
    Ping statistics for 23.194.101.156:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 9ms, Maximum = 22ms, Average = 15ms

    ----------------------------------------------

    I *think* that the ecosystem expects that MAS-DC01 has Internet access and DNS server access via MAS-BGPNAT01 (the 192.168.200.0/24 subnet has 192.168.200.1 as the default gateway). However, from the MAS-DC01 server the DNS forwarders are not reachable (hence no name resolution).  In fact Internet IP addresses are also unreachable from MAS-DC01.

    Whether it's the only issue or not, I cannot even guess, but clearly MAS-BGPNAT01 is not performing a packet forwarding function which seems to be required to support the MAS environment.

    • Edited by arbitrator64 Wednesday, February 15, 2017 7:36 PM
    Wednesday, February 15, 2017 7:01 PM
  • Strange. Can you ping the 192.168.200.1 address? I advise to reboot the MAS-BGPNAT01 VM, and the Host. If that wont help then try to reconfigure NAT by removing and adding the external address again. Execute the below steps one by one and verify that the addresses are right. 

    # RDP or open up a VM console to MAS-BGPNAT01 and execute the commands below ## This is your NAT configuration Get-NetNat ## This is the external address in use, assigned by DHCP or static supplied by the installation parameters (-NatIPv4Address)

    Get-NetNatExternalAddress

    ## Verify the address with the ip configuration of the NAT network adapter # Try to remove an re-add the address Get-NetNatExternalAddress | Remove-NetNatExternalAddress # Verify the ip configuration on your NAT network adapter again, enable and disable when you use DHCP, configure the ip address if you use a static configuration.

    #Then add the NAT external address again Add-NetNatExternalAddress -NatName BGPNAT -IPAddress 'youripaddress' -PortStart 4096 -PortEnd 49151


    There is nothing else besides rebooting the host and MAS-BGPNAT01 VM to get NAT working again, only other option is to redeploy from scratch.

    Also check with your network people that they dont block MAC spoofing of any other kind of security measures not allowing other VM's (MAC addresses) to go outside via NAT. 


    Cheers,

    Ruud
    Twitter:    Blog: AzureStack.Blog  LinkedIn:    
    Note: Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.





    Thursday, February 16, 2017 10:20 AM
  • Hi Ruud.

    Good news!  Your procedure worked.  I can now route from MAS-DC01 through MAS-BGPNAT01.  The functional outcome is that I now have DNS name resolution and IP connectivity to the Internet from the 192.168.200.0/24 subnet.

    During setup I assigned a static IP address to the external interface.  Later in the installation process the NAT address was picked up automatically from DHCP.  In following your instructions above, I replaced that DCHP assigned address (the NatExternalAddress) with another static IP.

    I tried a -Rerun again:

    ---------------------------

    COMPLETE: Step 251 - Prepare for future host reboots
    VERBOSE: Step: Status of step 'Prepare for future host reboots' is 'Success'. - 2/16/2017 9:09:27 PM
    VERBOSE: Action: Action plan 'Deployment' completed. - 2/16/2017 9:09:27 PM
    COMPLETE: Action 'Deployment'

    ---------------------------

    Thanks for your support Ruud!  I'm in business.  Well, one hurdle overcome, possibly more ahead.

    Cheers,

    Andy Babinszki.


    --- Arbitrator64



    • Marked as answer by arbitrator64 Friday, February 17, 2017 5:15 AM
    • Unmarked as answer by arbitrator64 Friday, February 17, 2017 5:15 AM
    • Edited by arbitrator64 Friday, February 17, 2017 5:51 AM
    Friday, February 17, 2017 4:30 AM
  • Great news indeed. Happy Stacking Andy!

    Cheers,

    Ruud
    Twitter:    Blog: AzureStack.Blog  LinkedIn:    
    Note: Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

    Friday, February 17, 2017 9:23 AM
  • Azure Stack TP3 has been released on March 1, 2017.

    If you are experiencing any issues with the TP2 release, please download and redeploy using the latest Azure Stack POC deployment package

    Please see the updated deployment documentation:

    https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-run-powershell-script

    And updated Azure Stack Docs:

    https://docs.microsoft.com/en-us/azure/azure-stack/

    If you experience any issues with TP3 release, feel free to contact us.

    https://azure.microsoft.com/en-us/blog/hybrid-application-innovation-with-azure-and-azure-stack/

    Wednesday, March 1, 2017 7:06 PM