locked
TP3 Refresh Doesn't Register with Azure RRS feed

  • Question

  • Even though the instructions say that with the current version of TP3 you don't have to register and activate to start syndication, I am prompted to do so when I open the Marketplace Management blade. So I run the RegisterWithAzure.ps1 script, and it errors out on authentication:

    WARNING: Task: Invocation of interface 'ConfigureBridgeIdentity' of role 'Cloud\Fabric\AzureBridge' failed:
    Function 'AzureBridge:ConfigureBridgeIdentity' in module 'Classes\AzureBridge\AzureBridge.psm1' raised an exception:
    An error occurred while trying to make a graph API call: {"error":"invalid_grant","error_description":"AADSTS70002: Error validating credentials. AADSTS50126: Invalid username or password\r\nTrace ID: 75ff631e-69ad-43e3-a7a3-4c1d
    f7ad0700\r\nCorrelation ID: eb8ee814-66cf-422c-bfb1-1e242523f704\r\nTimestamp: 2017-04-20 15:55:55Z","error_codes":[70002,50126],"timestamp":"2017-04-20 15:55:55Z","trace_id":"75ff631e-69ad-43e3-a7a3-4c1df7ad0700","correlation_id
    ":"eb8ee814-66cf-422c-bfb1-1e242523f704"}

    Additional details: {
        "Method":  "POST",
        "ResponseUri":  "https://login.windows.net/arrayasolutions.com/oauth2/token?api-version=1.6",
        "StatusCode":  400,
        "StatusDescription":  "Bad Request",
        "IsFromCache":  false,
        "LastModified":  "\/Date(1492703755826)\/"
    }
    at Invoke-GraphApi, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 625
    at Get-GraphToken, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 485
    at Update-GraphAccessToken, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 501
    at Initialize-GraphEnvironment, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 238
    at SetAzureBridgeIdentityConfiguration, C:\CloudDeployment\Roles\AzureBridge\AzureBridge.psm1: line 243
    at ConfigureBridgeIdentity, C:\CloudDeployment\Classes\AzureBridge\AzureBridge.psm1: line 80
    at <ScriptBlock>, <No file>: line 9 - 4/20/2017 11:55:55 AM
    Invoke-EceAction : Task: Invocation of interface 'ConfigureBridgeIdentity' of role 'Cloud\Fabric\AzureBridge' failed:
    Function 'AzureBridge:ConfigureBridgeIdentity' in module 'Classes\AzureBridge\AzureBridge.psm1' raised an exception:
    An error occurred while trying to make a graph API call: {"error":"invalid_grant","error_description":"AADSTS70002: Error validating credentials. AADSTS50126: Invalid username or password\r\nTrace ID:
    75ff631e-69ad-43e3-a7a3-4c1df7ad0700\r\nCorrelation ID: eb8ee814-66cf-422c-bfb1-1e242523f704\r\nTimestamp: 2017-04-20 15:55:55Z","error_codes":[70002,50126],"timestamp":"2017-04-20
    15:55:55Z","trace_id":"75ff631e-69ad-43e3-a7a3-4c1df7ad0700","correlation_id":"eb8ee814-66cf-422c-bfb1-1e242523f704"}
    Additional details: {
        "Method":  "POST",
        "ResponseUri":  "https://login.windows.net/arrayasolutions.com/oauth2/token?api-version=1.6",
        "StatusCode":  400,
        "StatusDescription":  "Bad Request",
        "IsFromCache":  false,
        "LastModified":  "\/Date(1492703755826)\/"
    }
    at Invoke-GraphApi, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 625
    at Get-GraphToken, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 485
    at Update-GraphAccessToken, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 501
    at Initialize-GraphEnvironment, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 238
    at SetAzureBridgeIdentityConfiguration, C:\CloudDeployment\Roles\AzureBridge\AzureBridge.psm1: line 243
    at ConfigureBridgeIdentity, C:\CloudDeployment\Classes\AzureBridge\AzureBridge.psm1: line 80
    at <ScriptBlock>, <No file>: line 9 - 4/20/2017 11:55:55 AM
    At C:\CloudDeployment\Setup\Activation\Bridge\Configure-BridgeIdentity.ps1:51 char:1
    + Invoke-EceAction -RolePath "Cloud\Fabric\AzureBridge" -ActionType "Co ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : OperationStopped: (:) [Invoke-EceAction], Exception
        + FullyQualifiedErrorId : An error occurred while trying to make a graph API call: {"error":"invalid_grant","error_description":"AADSTS70002: Error validating credentials. AADSTS50126: Invalid username or password\r\nTrace 
       ID: 75ff631e-69ad-43e3-a7a3-4c1df7ad0700\r\nCorrelation ID: eb8ee814-66cf-422c-bfb1-1e242523f704\r\nTimestamp: 2017-04-20 15:55:55Z","error_codes":[70002,50126],"timestamp":"2017-04-20 15:55:55Z","trace_id":"75ff631e-69ad-4 
      3e3-a7a3-4c1df7ad0700","correlation_id":"eb8ee814-66cf-422c-bfb1-1e242523f704"}
    Additional details: {
        "Method":  "POST",
        "ResponseUri":  "https://login.windows.net/arrayasolutions.com/oauth2/token?api-version=1.6",
        "StatusCode":  400,
        "StatusDescription":  "Bad Request",
        "IsFromCache":  false,
        "LastModified":  "\/Date(1492703755826)\/"
    },CloudEngine.Cmdlets.InvokeCmdlet

    If I take the url above and paste it into any browser on any machine, I get the error:

    Additional technical information:
    Correlation ID: 4aa77b43-630d-42e3-b8dc-f1cb5bad7229
    Timestamp: 2017-04-20 16:00:16Z

    AADSTS90056: This endpoint only accepts POST, OPTIONS requests. Received a GET request.

    I am running the scripts on the AzureStack Host.

    What am I missing here?

    Thursday, April 20, 2017 4:01 PM

Answers

All replies

  • Your log shows "Invalid username or password" and a couple of  "Error validating credentials. AADSTS50126: Invalid username or password". Did you supply the proper credentials for your Azure Subscription?


    Kind regards, Mark


    • Edited by Mark D _NL_ Thursday, April 20, 2017 5:02 PM Sending regards once is enough :)
    Thursday, April 20, 2017 5:00 PM
  • The credentials used need to be both a delegated Azure subscription Owner and AAD Global Admin..

    Kind regards, Mark

    Thursday, April 20, 2017 5:31 PM
  • Is this the Azure Subscription Owner that is set on account.windowsazure.com or is it the owner as set in the Azure portal? If it is the latter, the account I am using has it.
    Friday, April 21, 2017 2:53 PM
  • I attempted this to another subscription where I know for sure my account is the subscription owner and received the same errors as above.
    Friday, April 21, 2017 3:07 PM
  • Hello Eric,

    Let’s get past the "Invalid username or password" and "Error validating credentials” issue first.

     

    Let’s validate your credentials, subscription status and ownership by running the following PowerShell: 

     

    Login-AzureRmAccount

     

    Then run:

     

    Get-AzureRmSubscription

     

    The output should look like this:  

     

    PS C:\Windows\system32> Login-AzureRmAccount

    Environment           : AzureStackAdmin

    Account               : AzureAdmin@AzSDogfood.onmicrosoft.com

    TenantId              : a542s340-0059-48fe-9f0e-b285fad09f32

    SubscriptionId        : 8b2ca751-4f32-4ac4-a132-a3a1f4f4d65a

    CurrentStorageAccount :

     

    PS C:\Windows\system32> Get-AzureRmSubscription

    SubscriptionName : Pay-As-You-Go

    SubscriptionId   : 8b2ca751-4f32-4ac4-a132-a3a1f4f4d65a

    TenantId         : a542s340-0059-48fe-9f0e-b285fad09f32

    State            : Enabled

     

    The output should point to where it’s failing.

    Let us know how is goes.

     

    We apologize for any inconvenience and appreciate your time and interest in Azure Stack.

    https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-troubleshooting

     

    If you continue experience any issues with TP3 refresh, feel free to contact us.

    Azure Stack TP3 refresh Docs:

    https://docs.microsoft.com/en-us/azure/azure-stack/

    https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-troubleshooting

    https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-diagnostics

    https://aka.ms/GetAzureStackLogs

     

     Thanks,


    Gary Gallanes

    Tuesday, April 25, 2017 12:17 AM
  • I have reinstalled and am stuck at the same spot. I ran the commands above and got the output below:

    Environment           : AzureCloud
    Account               : EDougherty@arrayasolutions.com
    TenantId              : d425f6d3-zzzz-zzzz-b23f-fea013abd0b3
    SubscriptionId        : 6bbe578e-xxxx-xxxx-94e3-508f3df91e6c
    CurrentStorageAccount :
    PS C:\CloudDeployment\Setup\Activation\Bridge> Get-AzureRmSubscription

    SubscriptionName : Visual Studio Enterprise
    SubscriptionId   : 6bbe578e-xxxx-xxxx-94e3-508f3df91e6c
    TenantId         : d425f6d3-xxxx-xxxx-b23f-fea013abd0b3
    State            : Enabled
    SubscriptionName : Microsoft Azure Sponsorship
    SubscriptionId   : bd2e116a-xxxx-xxxx-9798-169f26ae31f0
    TenantId         : d425f6d3-xxxx-xxxx-b23f-fea013abd0b3
    State            : Enabled

    I am attempting to use the VSE subscription, which I know I am the owner of.

    Monday, May 1, 2017 2:24 PM
  • Hi-

    Any update on this issue? 

    Sunday, May 7, 2017 1:03 AM
  • Eric,

    I think I see the problem.

    The account must be a resident user of your Azure AD Tenant.

    Something like EDougherty@MyAzureAD.onmicrosoft.com

     

    Even though Azure AD lets you add the User and assign it Azure AD Global Administrator role it will still error out if it is not a resident user of your Azure AD Tenant.

      

    It must be formatted like:

    EDougherty@MyAzureAD.onmicrosoft.com (The same AAD Account you deployed Azure Stack with) 

    and Not

    EDougherty@arrayasolutions.com

     

    We apologize for any inconvenience and appreciate your time and interest in Azure Stack.

    If you continue experience any issues with TP3 release, feel free to contact us.

    https://azure.microsoft.com/en-us/blog/hybrid-application-innovation-with-azure-and-azure-stack/

     

    TP3 Azure Stack Docs:

    https://docs.microsoft.com/en-us/azure/azure-stack/

    https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-troubleshooting

    https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-diagnostics

    https://aka.ms/GetAzureStackLogs

     

    Thanks,


    Gary Gallanes




    Monday, May 8, 2017 10:41 PM
  • That worked, thanks for your help!
    Friday, May 12, 2017 2:35 PM