locked
Unable to activate the administrator and tenant portals RRS feed

  • Question

  • Hello Azure Support Team,

    I´ve been trying to register Azure Stack administrator and tenant portals, but couldn´t do that. I was checking the logs and I found the message as bellow:

     

    2018-06-07.01-04-20: ************************ Error ************************
    2018-06-07.01-04-20: Action plan execution failed. Error: Type 'ConfigureBridgeIdentity' of Role 'AzureBridge' raised an exception:

    An error occurred while trying to verify connection to the graph endpoint 'https://login.windows.net/a762d872-efd0-4961-b122-a23xxxxxx/.well-known/openid-configuration': Unable to connect to the remote server

    Additional details: 
    at Assert-GraphConnection, C:\ProgramData\SF\ErcsClusterNode2\Fabric\work\Applications\EnterpriseCloudEngineApplicationType_App1\EnterpriseCloudEngineServicePkg.Code.1.0.672.28\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 361
    at Get-GraphToken, C:\ProgramData\SF\ErcsClusterNode2\Fabric\work\Applications\EnterpriseCloudEngineApplicationType_App1\EnterpriseCloudEngineServicePkg.Code.1.0.672.28\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 406
    at Update-GraphAccessToken, C:\ProgramData\SF\ErcsClusterNode2\Fabric\work\Applications\EnterpriseCloudEngineApplicationType_App1\EnterpriseCloudEngineServicePkg.Code.1.0.672.28\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 552
    at Initialize-GraphEnvironment, C:\ProgramData\SF\ErcsClusterNode2\Fabric\work\Applications\EnterpriseCloudEngineApplicationType_App1\EnterpriseCloudEngineServicePkg.Code.1.0.672.28\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 289
    at ConfigureBridgeIdentity, C:\ProgramData\SF\ErcsClusterNode2\Fabric\work\Applications\EnterpriseCloudEngineApplicationType_App1\EnterpriseCloudEngineServicePkg.Code.1.0.672.28\CloudDeployment\Classes\AzureBridge\AzureBridge.psm1: line 41
    at <ScriptBlock>, <No file>: line 39
    at <ScriptBlock>, <No file>: line 37
    2018-06-07.01-04-20: at Start-ActionPlanInstance, C:\Program Files\WindowsPowerShell\Modules\Microsoft.Azurestack.Activation\Microsoft.Azurestack.Activation.psm1: line 364
    at New-AzureBridgeServicePrincipal, C:\Program Files\WindowsPowerShell\Modules\Microsoft.Azurestack.Activation\Microsoft.Azurestack.Activation.psm1: line 121
    2018-06-07.01-04-20: *********************** Ending registration action during New-ServicePrincipal ***********************

    2018-06-07.01-04-20: Logs can be found at: C:\MASLogs\Registration\AzureStack.Activation.Set-AzsRegistration-2018-06-07.log  and  \\AzS-ERCS01\c$\maslogs 

    When I try to register in the browser the url https://adminportal.local.azurestack.external/guest/signup, I see in the

    browser the status loading Azure Portal for a long time and occur the error http 500.

     

    Best Regards,

    Rafael Nunes

    Thursday, June 28, 2018 9:08 PM

Answers

  • Hello,

    Note: Azure Stack ASDK & ASIS are not supported in a nested Hypervisor environmernt and is most likely the cause of your internet conectivity issue.

     

    FYI - There are 2 processes involved in adding Marketplace Items from Azure to Azure Stack.

    Registration and Syndication =(downloading the item and registering it in local Azure Stack.)

    It is possible to to register your ASDK and download Marketplace items in ‘disconnected’ mode

    We have published documentation and tools to provide full functionality in disconnected scenarios.

     

    Please see: Download marketplace items in a disconnected or a partially connected scenario (with limited internet connectivity)

             

    Let us know how it goes.

     

    We apologize for any inconvenience and appreciate your time and interest in Azure Stack.

    If you continue experience any issues with ASDK release, feel free to contact us.

           

     Thanks, 


    Gary Gallanes

    Friday, June 29, 2018 6:00 PM

All replies

  • Could you provide the following information to understand the issue better?

    Build/Version:  

    Get-Content "C:\CloudDeployment\Configuration\Version\version.xml"

    Directory type: 

    Azure AD or ADFS

    Hardware: 

    How many CPU Cores, RAM, Get-Disk output

    Network: 

    Static or DHCP.

    BareMetal or Nested Hyper-V:

    Deployment parameters used:

    Are you referring to the suggestions outlined in this document Register Azure Stack with Azure? Ensure that all the prerequisites are met as per the document.

    This may happen when the Host network adapter has internet connectivity but the AzS-BGPNAT01 host adapter does not.

    Run the following command to test if AzS-ERCS01 can access the graph endpoint.

     

    invoke-command -computername AzS-ERCS01 -Scriptblock {tnc login.windows.net -port 443}.

    Friday, June 29, 2018 10:49 AM
  • Hi Ajay,

    Thanks for your reply.

    Find bellow the information requested according to the questions.

    PS C:\> Get-Content "C:\CloudDeployment\Configuration\Version\version.xml"
    <Version>1.0.180513.1</Version>

    Directory type: ADFS

    Hardware: 12 vCPU / 152 GB RAM 

    PS C:\> Get-Disk

    Number Friendly Name Serial Number                    HealthStatus         OperationalStatus      Total Size Partition
                                                                                                                 Style
    ------ ------------- -------------                    ------------         -----------------      ---------- ----------
    5      Msft Virtu...                                  Healthy              Online                     120 GB MBR
    0      VMware Vir... 6000c292506d4d06ae61d4baaffa250f Healthy              Online                     250 GB MBR
    6      SU1_Volume    {3cdb61dd-1f2d-40f2-8d5a-be98... Healthy              Online                     716 GB GPT

    Host Network - Static

    Nested Virtualization - Virtual Machine Host on VMware vSphere.


    Are you referring to the suggestions outlined in this document Register Azure Stack with Azure? 
    yes, I´m.


    PS C:\> invoke-command -computername AzS-ERCS01 -Scriptblock {tnc login.windows.net -port 443}
    WARNING: TCP connect to login.windows.net:443 failed
    WARNING: Ping to login.windows.net failed -- Status: TimedOut


    PSComputerName           : AzS-ERCS01
    RunspaceId               : e723d389-3756-4a6c-a32d-a61371b67958
    ComputerName             : login.windows.net
    RemoteAddress            : 104.41.xx. xxx
    ResolvedAddresses        : {104.41.xx.xxx, 104.41.xx.xxx, 191.237.xxx.xxx}
    PingSucceeded            : False
    PingReplyDetails         : System.Net.NetworkInformation.PingReply
    TcpClientSocket          :
    TcpTestSucceeded         : False
    RemotePort               : 443
    TraceRoute               :
    Detailed                 : False
    InterfaceAlias           : Ethernet
    InterfaceIndex           : 5
    InterfaceDescription     : Microsoft Hyper-V Network Adapter
    NetAdapter               : MSFT_NetAdapter (CreationClassName = "MSFT_NetAdapter", DeviceID =
                               "{DA97C76A-9CA7-49E6-A474-233516B456DD}", SystemCreationClassName = "CIM_NetworkPort",
                               SystemName = "AzS-ERCS01.azurestack.local")
    NetRoute                 : MSFT_NetRoute (InstanceID = ":8:8:8:9:55?55;C?8;@B8?::8;55;")
    SourceAddress            : MSFT_NetIPAddress (Name = ";C?8;@B8?::8???xx?xxx;xxx;", CreationClassName = "",
                               SystemCreationClassName = "", SystemName = "")
    NameResolutionSucceeded  : True
    BasicNameResolution      : {Microsoft.DnsClient.Commands.DnsRecord_A, Microsoft.DnsClient.Commands.DnsRecord_A,
                               Microsoft.DnsClient.Commands.DnsRecord_A}
    LLMNRNetbiosRecords      : {}
    DNSOnlyRecords           : {Microsoft.DnsClient.Commands.DnsRecord_A, Microsoft.DnsClient.Commands.DnsRecord_A,
                               Microsoft.DnsClient.Commands.DnsRecord_A}
    AllNameResolutionResults : {Microsoft.DnsClient.Commands.DnsRecord_A, Microsoft.DnsClient.Commands.DnsRecord_A,
                               Microsoft.DnsClient.Commands.DnsRecord_A}
    IsAdmin                  : True
    NetworkIsolationContext  : Internet
    MatchingIPsecRules       :

    Best Regards,

    Rafael Nunes



    Friday, June 29, 2018 3:04 PM
  • Hi Ajay,

    Addional information.

    As you can see in the screenshot bellow, the server AzS-BGPNAT01 it´s able to resolv nslookup for login.windows.net

    

    Best Regards,

    Rafael Nunes


    Friday, June 29, 2018 4:55 PM
  • Hello,

    Note: Azure Stack ASDK & ASIS are not supported in a nested Hypervisor environmernt and is most likely the cause of your internet conectivity issue.

     

    FYI - There are 2 processes involved in adding Marketplace Items from Azure to Azure Stack.

    Registration and Syndication =(downloading the item and registering it in local Azure Stack.)

    It is possible to to register your ASDK and download Marketplace items in ‘disconnected’ mode

    We have published documentation and tools to provide full functionality in disconnected scenarios.

     

    Please see: Download marketplace items in a disconnected or a partially connected scenario (with limited internet connectivity)

             

    Let us know how it goes.

     

    We apologize for any inconvenience and appreciate your time and interest in Azure Stack.

    If you continue experience any issues with ASDK release, feel free to contact us.

           

     Thanks, 


    Gary Gallanes

    Friday, June 29, 2018 6:00 PM