AzureStack VPN setup failure RRS feed

  • Question

  • I got the Azurestack POC TP2 deployed, and was able to connect via RDP to the host, as well as to the CON01 machine and connected to the web interface, as well as deployed a VM per the getting started steps.

    However, I want to set it up so that other people can also access the Azurestack portal, so I followed the instructions in 'Connect to Azure Stack POC' 'Connect with VPN', but while the VPN ended up connecting and passes traffic, I did have an error at the end of the script, and logging into the portal, while 'successful', is not right.

    The error I got at the end of the script was:


    VERBOSE: Retrieving Azure Stack Root Authority certificate...
    [mas-ca01.azurestack.local] Connecting to remote server mas-ca01.azurestack.local failed with the following error
    message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
        + CategoryInfo          : OpenError: (mas-ca01.azurestack.local:String) [], PSRemotingTransportException
        + FullyQualifiedErrorId : AccessDenied,PSSessionStateBroken
    Connect-AzureStackVpn : Certificate has not been retrieved!
    At C:\Users\davek\Desktop\AzureStackVPN.ps1:18 char:1
    + Connect-AzureStackVpn -Password $Password
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
        + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Connect-AzureStackVpn


    After this error, I noticed that the VPN was connected, and I could ping the AzureStack Portal, however, after I tried to log in, I got the Azure home page, but pretty much everything was missing.

    When logged in to the MAS-CON01 machine from the host, when I log in to the portal, I get the dashboard with various tiles, such as 'Get a subscription', 'MarketPlace', 'Region Management', etc, and along the left side I have 'Resource Groups', 'All Resources', 'Recent', 'Virtual MAchines' and 'Offers'. Pretty much what you'd expect.

    Trying to access the portal from a remote machine over the VPN gives me pretty much nothing. I get a bunch of tiles with three cycling dots in them that are in the same pattern as the populated tiles on CON01. The only tile with something other than the cycling dots is the one for the test VM I deployed, and while on CON01, it shows the name and status, from remote, it shows 'VirtualMachinePart' with a grey cloud and a water drop.

    Since the portal seems to work fine from the CON01 machine with no certificate errors, and it does not work right from remote, where I have a certificate error in the browser, I'm assuming the lack of functionality has something to do with the certificate error I got when trying to set up the VPN.

    Any ideas why it threw this error, and how to get around it so we can have remote access to the machine?

    Wednesday, January 18, 2017 7:39 PM


  • Just copy the root certificate from '\SU1FileServer\SU1_Infrastructure_1\AzureStackCertStore\CARootCert.cer' and import into the 'Trusted Root certification Authorities' store.

    I know its not the solution for your VPN troubles but you can also try my script to extend the portal externally without using VPN or RDP.  https://azurestack.blog/2016/12/expose-portal-azurestack-through-nat/  


    Twitter:    Blog: AzureStack.Blog  LinkedIn:    
    Note: Please “Vote As Helpful” if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

    Thursday, January 19, 2017 9:29 AM

All replies