locked
Deploy templates in Azure Stack using the command line RRS feed

  • Question

  • Hi ,

    I am having trouble while doing a Deployment using the command line . I am getting the below error

    C:\Users\AzureStackUser>azure account env add AzureStack --resource-manager-endpoint-url "url"
    --management-endpoint-url "url" --active-directory-endpoint-url  "url"
    --portal-url "url" --gallery-endpoint-url "url"
    --active-directory-resource-id "url" --active-directory-graph-resource-id "url"
    info:    Executing command account env add
    info:    New environment AzureStack created
    info:    account env add command OK

    C:\Users\AzureStackUser>azure login -e AzureStack -u "admin live account/tenant account"
    info:    Executing command login
    Password: ************
    + Authenticating...
    error:   connect ECONNREFUSED
    info:    Error information has been recorded to C:\Users\AzureStackUser\.azure\azure.err
    error:   login command failed

    I have given the right Administrator's username live account/tenant username , but still not getting through. I am able to successfully login to the Azure Portal Account.
    Has anyone faced this authentication issue?

    Please suggest.

    Thursday, May 19, 2016 2:17 PM

All replies

  • Hi Kunal,

    Thank you for posting here.

    If you're getting certificate validation issues, disable certificate validation by running the command set "NODE_TLS_REJECT_UNAUTHORIZED=0".

    For More information, Kindly please refer the link given below:

    https://azure.microsoft.com/en-in/documentation/articles/azure-stack-deploy-template-command-line/

    Regards,

    Pradeep

    Friday, May 20, 2016 3:36 AM
  • Hi Pradeep,

    Thanks for replying.

    I have already tried to disable certificate validation by running the command set "NODE_TLS_REJECT_UNAUTHORIZED=0". But it is not helping.

    Regards,

    Kunal

    Monday, May 23, 2016 3:28 PM
  • Hi Kunal,

    You would have to disable TLS anyway but the fact that you gets ECONNREFUSED is mostly likely due to something else. Would you be able to confirm that you configured the environment using the exact CLI command below?

    azure account env add AzureStack --resource-manager-endpoint-url "https://api.azurestack.local" --management-endpoint-url "https://api.azurestack.local" --active-directory-endpoint-url  "https://login.windows.net" --portal-url "https://portal.azurestack.local" --gallery-endpoint-url "https://portal.azurestack.local" --active-directory-resource-id "https://azurestack.local-api/" --active-directory-graph-resource-id "https://graph.windows.net/"

    Also, it would be helpful to confirm that networking connectivity to the endpoints is working as expected. You can check this through the following PowerShell cmdlets:

    @("api.azurestack.local","login.windows.net","portal.azurestack.local","graph.windows.net") | ForEach-Object {Test-NetConnection $_ -Port 443 -InformationLevel Quiet}

    This is the expected outcome, please ignore the warnings:

    WARNING: Ping to api.azurestack.local failed -- Status: TimedOut

    True

    WARNING: Ping to login.windows.net failed -- Status: TimedOut

    True

    WARNING: Ping to portal.azurestack.local failed -- Status: TimedOut

    True

    WARNING: Ping to graph.windows.net failed -- Status: TimedOut

    True

    Regards,
    Malar.

    Wednesday, May 25, 2016 3:38 AM
  • Hi Malar,

    Thanks for replying.

    Now I have configured the VPN connection to the Azure Stack Portal. I have tried to "Deploy templates in Azure Stack using the command line" from here also, but still getting the same error as I was getting from the ClientVM.

    As you suggested, I tried to check if the networking connectivity to the endpoints is working as expected. But it is not working as expected. But from both ClientVM ans VPN node I am able to connect to Azure Stack Portal and login usind my live ID.

    @("api.azurestack.local","login.windows.net","portal.azurestack.local","graph.windows.net") | ForEach
    -Object {Test-NetConnection $_ -Port  443 -InformationLevel  Quiet}

    • WARNING: Ping to api.azurestack.local failed -- Status: TimedOut
      True
    • WARNING: Ping to login.windows.net failed -- Status: TimedOut
      False
    • WARNING: Ping to portal.azurestack.local failed -- Status: TimedOut
      True
    • WARNING: Ping to graph.windows.net failed -- Status: TimedOut
      False

    Also for proxy setting:

    get-itemproperty 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings'

    DisableCachingOfSSLPages : 0
    IE5_UA_Backup_Flag       : 5.0
    PrivacyAdvanced          : 1
    SecureProtocols          : 2688
    User Agent               : Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    CertificateRevocation    : 1
    ZonesSecurityUpgrade     : {168, 166, 19, 88...}
    WarnonZoneCrossing       : 0
    EnableNegotiate          : 1
    MigrateProxy             : 1
    ProxyEnable              : 1
    ProxyServer              : xxxx.xxxx.com:8080
    ProxyOverride            : <local>;*.AzureStack.local
    PSPath                   : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVers
                               ion\Internet Settings
    PSParentPath             : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVers
                               ion
    PSChildName              : Internet Settings
    PSDrive                  : HKCU
    PSProvider               : Microsoft.PowerShell.Core\Registry

    Please suggest

    Regards,

    Kunal

    Friday, May 27, 2016 1:13 PM
  • Hi Malar,

    Can you please suggest how can I resolve following issue:

    @("api.azurestack.local","login.windows.net","portal.azurestack.local","graph.windows.net") | ForEach
    -Object {Test-NetConnection $_ -Port  443 -InformationLevel  Quiet}

    • WARNING: Ping to api.azurestack.local failed -- Status: TimedOut
      True
    • WARNING: Ping to login.windows.net failed -- Status: TimedOut
      False
    • WARNING: Ping to portal.azurestack.local failed -- Status: TimedOut
      True
    • WARNING: Ping to graph.windows.net failed -- Status: TimedOut
      False

    Wednesday, June 1, 2016 3:56 PM
  • Hi All,

    Even I have faced the above issue.

    I even tried to check network connectivity by the PowerShell cmdlets suggested above.

    • WARNING: Ping to api.azurestack.local failed -- Status: TimedOut
      True
    • WARNING: Ping to login.windows.net failed -- Status: TimedOut
      False
    • WARNING: Ping to portal.azurestack.local failed -- Status: TimedOut
      True
    • WARNING: Ping to graph.windows.net failed -- Status: TimedOut
      False

    Please suggest the work-around for this issue.

    Regards,

    Spoorthi

    Wednesday, June 15, 2016 4:21 PM
  • Hi All,

    I was able to add  the below Azure Stack environments successfully in the Client VM of Azure Stack TP2 deployment

    azure account env add AzureStack --resource-manager-endpoint-url "https://api.azurestack.local"  

    --management-endpoint-url "https://api.azurestack.local"

    --active-directory-endpoint-url  "https://login.windows.net"

    --portal-url "https://portal.azurestack.local" --gallery-endpoint-url "https://portal.azurestack.local"

    --active-directory-resource-id "https://azurestack.local-api/"

    --active-directory-graph-resource-id "https://graph.windows.net/"

    Also,checked the network connectivity and it is working fine.

    When I try to login using the global admin/ tenant accounts I am getting the following error :

    C:\Users\FabricAdmin> azure login -e AzureStack -u “XXXXXxXX.onmicrosoft.com”
    info:    Executing command login
    Password: *********
    + Authenticating...
    error:   Get Token request returned http error: 400 and server response: {"error":"invalid_resource","error_description"
    :"AADSTS50001: The application named 

    https://azurestack.local-api

    was not found in the tenant named secondaztp2.onmicro
    soft.com.  This can happen if the application has not been installed by the administrator of the tenant or consented to
    by any user in the tenant.  You might have sent your authentication request to the wrong tenant.\r\nTrace ID: 1e76a79b-3
    883-4bb6-bd17-eef2cbc1063c\r\nCorrelation ID: 9a3fb530-f884-468f-a910-e14675562cf1\r\nTimestamp: 2016-10-05 14:39:37Z","
    error_codes":[50001],"timestamp":"2016-10-05 14:39:37Z","trace_id":"1e76a79b-3883-4bb6-bd17-eef2cbc1063c","correlation_i
    d":"9a3fb530-f884-468f-a910-e14675562cf1"}
    info:    Error information has been recorded to C:\Users\FabricAdmin\.azure\azure.err
    error:   login command failed

    If any one has faced the same issue and got a solution m please suggest.

    Thank you I advance....

    • Edited by Darren Shaw Wednesday, October 5, 2016 2:53 PM
    Wednesday, October 5, 2016 2:00 PM
  • Hey Darren,

    There are a number of changes in the endpoints and steps for connecting to Azure Stack via CLI in TP2.

    The following articles has the new steps: https://azure.microsoft.com/en-us/documentation/articles/azure-stack-connect-cli/

    Try these new steps and let us know if you are still having issues. Thanks!

    Matt

    Monday, October 10, 2016 6:54 PM
  • Hi Matthew,

    I have followed the new steps in the above mentioned article only.

    But still not able to get through.

    Regards,

    Darren

    Friday, October 14, 2016 7:37 AM
  • Hi Darren,

    What platform are you using the CLI on and which version?  I believe we may need to update the guidance in the above article as the api endpoint now has a GUID.  Can you try the following and let us know if that corrects the issue:

    1. Run `azure --version` to verify it has installed.
    2. Open PowerShell on the Azure Stack console machine and run `$response = curl https://api.azurestack.local/metadata/endpoints?api-version=1.0`
    3. In PowerShell run `$response.Content`.
    4. Take note of the data from the `audiences` key, which should be a url like: `https://api.azurestack.local/{GUID}/`
    5. Go back to the CLI and run `azure account env add AzureStackCloud --resource-manager-endpoint-url "https://api.AZURESTACK.LOCAL" --management-endpoint-url "https://api.azurestack.local/{YOUR GUID HERE}" --active-directory-endpoint-url "https://login.windows.net" --portal-url "https://portal.azurestack.local" --gallery-endpoint-url "https://portal.azurestack.local:30015/" --active-directory-resource-id "https://api.azurestack.local/{YOUR GUID HERE}" --active-directory-graph-resource-id "https://graph.windows.net/" `
    6. Run `azure config mode arm`
    7. Run `export NODE_TLS_REJECT_UNAUTHORIZED=0`

    The error that you are experiencing above is that when the cli contacts AAD it is not finding the API application and this is because we added GUIDs to the URL in TP2.  Please try the above and let us know if it helps you.

    Thanks,

    -Steve


    Steve Linehan | Principal Program Manager | Microsoft Enterprise Cloud Group

    Saturday, October 15, 2016 1:18 AM
  • Hi Steve,

    I tried all the above steps suggested but its not helping.

    Regards,

    Darren


    • Edited by Darren Shaw Tuesday, October 18, 2016 8:58 AM
    Tuesday, October 18, 2016 8:57 AM