locked
POC Machine can't connect to the internet after run deployment script RRS feed

  • Question

  • Hi All,

    I have deployed Azure Stack TP3. I can login to the portal from MAS-CON01 vm. But I can't download image from Azure Stack market place.

    In POC Machine I can ping anything public IP, but can't to domain. I added secondary DNS in IP Configuration, but still can't ping to domain.



    Thanks for your help



    • Edited by awankinton Thursday, March 30, 2017 8:11 AM spelling check
    Thursday, March 30, 2017 8:10 AM

Answers

  • Hi,

    It looks like the network configuration of the POC did not succeed successfully.

    I would suggest you redeploy making sure that your static IP parameters are set correctly along with the external DNS parameter.

    Thanks

    Daniel.

    Friday, March 31, 2017 6:18 PM

All replies

  • Hello,

    This looks like a DNS configuration issue.  The DVM host network adapter DNS should have been added as forwarders on the DNS server running on MAS-DC01.  Please run the following network check script and paste the results back to the forum. If DNS is failing you may want to try manually adding 4.4.4.4 as a forwarder on the MAS-DC01 .

     

    ## Change this two variables

    $AadUser = "admin@company.onmicrosoft.com"

    $Password = 'password'

    $NETVMS = @("MAS-BGPNAT01","MAS-DC01","MAS-WAS01")

    $AadTenantid = ($AadUser -split '@')[1]

    $Credential = New-Object System.Management.Automation.PSCredential(($AadUser) , `

    (ConvertTo-SecureString -String $Password  -AsPlainText -Force))

    ### Runs Network Tests to login.windows.net on 443 from "MAS-DC01","MAS-WAS01,MAS-BGPNAT01"

    $ConTests = $NETVMS | % {

        Invoke-command -ComputerName $_ -ScriptBlock {

            write-output '--------------------------------------------------------------------------------'

            write-output "`n`n`t`t`t$env:computername (Timezone,DNS config,DNS lookup,Webrequest)`n"

            (Get-TimeZone).displayname

            Get-NetIPConfiguration | ft IPv4Address,@{n='dns';e={$_.dnsserver.serveraddresses}}

            Resolve-DnsName -Name bing.com -Server 192.168.200.6 | select -First 1 | ft name,ipaddress,type,name

            Invoke-WebRequest https://login.windows.net/common/.well-known/openid-configuration -UseBasicParsing | ft statuscode,content

        }

    }

    ### Opens a Session on MAS-WAS01 and Authenticate to login.windows.net and get an Azure Stack Token.

    $TokenTest = invoke-command -Computername MAS-WAS01 -ArgumentList $AadTenantid ,$Credential -ScriptBlock {

        ### Downloads and Imports the AzureRM module 1.2.6 installed #######

        Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted

        $AzureModule = "c:\Program Files\WindowsPowerShell\Modules\AzureRM\1.2.6\AzureRM.psd1"

        if (Test-Path $AzureModule){

            Import-Module $AzureModule -Global -WarningAction SilentlyContinue

              } else {

                    Install-Module -Name AzureRM -RequiredVersion 1.2.6 -AllowClobber

                    }

        Import-Module -Name "AzureRM" -Erroraction SilentlyContinue -WarningAction SilentlyContinue

        write-output '--------------------------------------------------------------------------------'

        write-output "`t`t`t$env:computername (Get-AzureStackToken)`n"

        $AadTenantid ,$Credential = $args[0],$args[1]

        $AuthorityEndpoint = "https://login.windows.net"

        $armEndpoint = "https://api.azurestack.local”

        $response = Invoke-RestMethod "${armEndpoint}/metadata/endpoints?api-version=1.0"

        $armResourceId = $response.authentication.audiences[0]

        $token = Get-AzureStackToken -Authority $AuthorityEndpoint -AadTenantId $AadTenantid  -Resource $armResourceId -Credential $Credential -Verbose

        if (!$token){write-warning 'Couldnt retrieve token'}else{$token}

    }

    ### Tests time sync between MAS-WAS01, MAS-BGPNAT01 and MAS-DC01

    $TimeTest =write-output "`n`n`t`t`t$env:computername (Net Time Test)`n`n";$TimeTest += (net time \\MAS-DC01)[0]; $TimeTest+="`n" + (net time \\MAS-WAS01)[0];$TimeTest+= "`n" + (net time \\MAS-BGPNAT01)[0]

    ### Retrieves and test DNS forwarders on MAS-DC01

    $DNSTest=@();$DNSTest += write-output "`n`t`t`t$env:computername (DNS forwarder test)`n"

    $DNSforwarder = Get-DnsServerForwarder -ComputerName 192.168.200.6

    if ($DNSforwarder.ipaddress){

    $DNSTest += ($DNSforwarder.ipaddress | where IsIPv6SiteLocal -eq $false).ipaddresstostring | % {write-output "`n`t`t`t$_" ;(Resolve-DnsName bing.com -Server $_ |  select -First 1 | ft name,ipaddress,type,name) }

    } else { write-output "No DNS forwarders found." }

    $DNSTest;$TimeTest;$ConTests;$TokenTest

     

    If the script shows that DNS queries are not resolving. That means one of two things, there is no internet access on the MAS-BGPNAT01 or external DNS queries are not allowed.

    The 'user_realm_discovery_failed: error will confirm if DNS or internet connectivity is the issue here.

    Verify that your host was able to access the internet (without proxy) before the deployment and that you supplied the correct network information to the installer script including the EnvironmentDNS parameter. See: https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-run-powershell-script 
     

    Normally you have to redeploy however you can correct the settings by logging into the MAS-BGPNAT01 machine and find the network adapter which has the same network configured as your hosts 'deployment' adapter and correct the issue.

     

    Execute below line on the Host to immediately identify the adapter and its settings.

     

    Get-VMNetworkAdapter -VMName MAS-BGPNAT01 -Name NAT

     

    If DNS is the issue and your environment needs a DNS server for external queries:

    1) Open up 'dnsmgmt.msc' on the host.

    2) Add MAS-DC01 to as the DNS service in MMC , click forwarders and add your DNS there.

    Add DNS Forwarder

    Let us know how it goes.

    We apologize for any inconvenience and appreciate your time and interest in Azure Stack.

    If you continue experience any issues with TP3 release, feel free to contact us.

    TP3 Azure Stack Docs:

    https://docs.microsoft.com/en-us/azure/azure-stack/

    https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-troubleshooting

    https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-diagnostics

    https://aka.ms/GetAzureStackLogs

     

     Thanks,


    Gary Gallanes

    Thursday, March 30, 2017 9:15 PM
  • Hello Gary,

    Below are the output from the network check script:

    PS C:\Windows\system32> C:\Users\AzureStackAdmin\Downloads\network_check_script.ps1
    bing.com : This operation returned because the timeout period expired
        + CategoryInfo          : OperationTimeout: (bing.com:String) [Resolve-DnsName], Win32Excepti 
       on
        + FullyQualifiedErrorId : ERROR_TIMEOUT,Microsoft.DnsClient.Commands.ResolveDnsName
        + PSComputerName        : MAS-BGPNAT01
     
    The remote name could not be resolved: 'login.windows.net'
        + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invok 
       e-WebRequest], WebException
        + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeW 
       ebRequestCommand
        + PSComputerName        : MAS-BGPNAT01
     
    bing.com : This operation returned because the timeout period expired
        + CategoryInfo          : OperationTimeout: (bing.com:String) [Resolve-DnsName], Win32Excepti 
       on
        + FullyQualifiedErrorId : ERROR_TIMEOUT,Microsoft.DnsClient.Commands.ResolveDnsName
        + PSComputerName        : MAS-DC01
     
    The remote name could not be resolved: 'login.windows.net'
        + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invok 
       e-WebRequest], WebException
        + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeW 
       ebRequestCommand
        + PSComputerName        : MAS-DC01
     
    bing.com : This operation returned because the timeout period expired
        + CategoryInfo          : OperationTimeout: (bing.com:String) [Resolve-DnsName], Win32Excepti 
       on
        + FullyQualifiedErrorId : ERROR_TIMEOUT,Microsoft.DnsClient.Commands.ResolveDnsName
        + PSComputerName        : MAS-WAS01
     
    The remote name could not be resolved: 'login.windows.net'
        + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invok 
       e-WebRequest], WebException
        + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeW 
       ebRequestCommand
        + PSComputerName        : MAS-WAS01
     
    No repository with the name 'PSGallery' was found.
        + CategoryInfo          : InvalidOperation: (PSGallery:String) [Set-PSRepository], InvalidOpe 
       rationException
        + FullyQualifiedErrorId : RepositoryNotFound,Set-PSRepository
        + PSComputerName        : MAS-WAS01
     
    No match was found for the specified search criteria and module name 'AzureRM'. Try 
    Get-PSRepository to see all available registered module repositories.
        + CategoryInfo          : ObjectNotFound: (Microsoft.Power....InstallPackage:InstallPackage)  
       [Install-Package], Exception
        + FullyQualifiedErrorId : NoMatchFoundForCriteria,Microsoft.PowerShell.PackageManagement.Cmdl 
       ets.InstallPackage
        + PSComputerName        : MAS-WAS01
     
    The remote name could not be resolved: 'api.azurestack.local'
        + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invok 
       e-RestMethod], WebException
        + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeR 
       estMethodCommand
        + PSComputerName        : MAS-WAS01
     
    Cannot index into a null array.
        + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
        + FullyQualifiedErrorId : NullArray
        + PSComputerName        : MAS-WAS01
     
    Cannot validate argument on parameter 'AadTenantId'. The argument is null. Provide a valid value 
    for the argument, and then try running the command again.
        + CategoryInfo          : InvalidData: (:) [Get-AzureStackToken], ParameterBindingValidationE 
       xception
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.AzureStack.Commands.Secu 
       rity.GetToken
        + PSComputerName        : MAS-WAS01
     
    WARNING: Couldnt retrieve token
    Get-DnsServerForwarder : Failed to get information for server 192.168.200.6.
    At C:\Users\AzureStackAdmin\Downloads\network_check_script.ps1:44 char:17
    + $DNSforwarder = Get-DnsServerForwarder -ComputerName 192.168.200.6
    +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (192.168.200.6:root/Microsoft/...ServerForwarder) [Ge 
       t-DnsServerForwarder], CimException
        + FullyQualifiedErrorId : WIN32 1722,Get-DnsServerForwarder
     
    No DNS forwarders found.
    
    			WIN-G0R4KTBSTG6 (DNS forwarder test)
    
    
    
    			WIN-G0R4KTBSTG6 (Net Time Test)
    
    Current time at \\MAS-DC01 is 3/30/2017 7:46:10 PM
    Current time at \\MAS-WAS01 is 3/30/2017 7:46:10 PM
    Current time at \\MAS-BGPNAT01 is 3/30/2017 7:46:10 PM
    --------------------------------------------------------------------------------
    
    
    			MAS-BGPNAT01 (Timezone,DNS config,DNS lookup,Webrequest)
    
    (UTC-08:00) Pacific Time (US & Canada)
    
    IPv4Address      dns                                                   
    -----------      ---                                                   
    {192.168.200.1}  192.168.200.224                                       
    {169.254.219.98} {fec0:0:0:ffff::1, fec0:0:0:ffff::2, fec0:0:0:ffff::3}
    
    
    --------------------------------------------------------------------------------
    
    
    			MAS-DC01 (Timezone,DNS config,DNS lookup,Webrequest)
    
    (UTC-08:00) Pacific Time (US & Canada)
    
    IPv4Address       dns             
    -----------       ---             
    {192.168.200.224} {::1, 127.0.0.1}
    
    
    --------------------------------------------------------------------------------
    
    
    			MAS-WAS01 (Timezone,DNS config,DNS lookup,Webrequest)
    
    (UTC-08:00) Pacific Time (US & Canada)
    
    IPv4Address      dns            
    -----------      ---            
    {192.168.200.70} 192.168.200.224
    
    
    --------------------------------------------------------------------------------
    			MAS-WAS01 (Get-AzureStackToken)
    
    
    PS C:\Windows\system32>


    It's looks no DNS Forwarders found.

    And these are output from the host for identify adapter setting:

    PS C:\Users\AzureStackAdmin\Downloads> Get-VMNetworkAdapter -VMName MAS-BGPNAT01 -Name NAT
    
    Name IsManagementOs VMName       SwitchName   MacAddress   Status IPAddresses
    ---- -------------- ------       ----------   ----------   ------ -----------
    NAT  False          MAS-BGPNAT01 PublicSwitch 0225BA3FF17F {Ok}   {169.254.219.98, fe80::748f:32cf:5df:db62}

    I Added DNS Forwarders in Host machine. But the internet connection is still problem.

    I confirm that Host machine can connect to the internet before deployment. I deployed AzureStack using ADFS and my environment not provides DHCP. 

    Thanks for your help.

    Friday, March 31, 2017 2:20 AM
  • Hi,

    It looks like the network configuration of the POC did not succeed successfully.

    I would suggest you redeploy making sure that your static IP parameters are set correctly along with the external DNS parameter.

    Thanks

    Daniel.

    Friday, March 31, 2017 6:18 PM
  • Hi,

    Thanks for you advice. I think also the network configuration didn't succeed successfully.

    I am still redeploying the machine. I will post to this forum the result.

    Monday, April 3, 2017 3:21 AM
  • Hi, 

    After I redeployed, the POC Machine and MAS-CON01 can connect to the Internet. It's need to define all network parameter such as EnvironmentDNS and NatIPv4Address if we don't have a DHCP Server and behind the NAT.

    Thanks for your help.

    Tuesday, April 4, 2017 2:02 AM