locked
When Trying to Register ASDK Deployment getting failure message "Action plan execution failed. Error: Execution timeout" on 1904 build RRS feed

  • Question

  • Hello, when trying to register my AzureStack instance it fails creating the Azure Bridge Service principle. I have included the error log below.

    VERBOSE: 2019-05-27.13-36-21: Connection to AzS-ERCS01 successful
    VERBOSE: 2019-05-27.13-36-21: Verifying stamp version.
    VERBOSE: 2019-05-27.13-36-31: Running registration actions on build 1.1904.0.36. Cloud Id: xxxxxxxx
    -xxxx-xxxx-xxxx-xxxxxxxxxxxx, Deployment Id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
    VERBOSE: 2019-05-27.13-36-31: Creating Azure Active Directory service principal in tenant 'xxxxxxxx
    -xxxx-xxxx-xxxx-xxxxxxxxxxxx' Attempt 0 of 3
    VERBOSE: Looking up shared vhd product drive letter.
    WARNING: Unable to find volume with label Deployment
    VERBOSE: Get-Package returned with Success:True
    VERBOSE: Found package Microsoft.AzureStack.Solution.Deploy.Security with version 1.1904.0.36 at C:
    \NugetStore\Microsoft.AzureStack.Solution.Deploy.Security.1.1904.0.36\Microsoft.AzureStack.Solution
    .Deploy.Security.nuspec.
    VERBOSE: type added
    VERBOSE: 2019-05-27.13-41-52: *** WARNING ***
    WARNING: 2019-05-27.13-41-52: Creation of service principal failed:
    Action plan execution failed. Error: Execution timeout
    VERBOSE: 2019-05-27.13-52-36: *** End WARNING ***
    VERBOSE: 2019-05-27.13-52-36: Waiting 10 seconds and trying again...
    VERBOSE: 2019-05-27.13-52-46: ************************ Error ************************
    VERBOSE: 2019-05-27.13-52-46: Action plan execution failed. Error: Execution timeout
    VERBOSE: 2019-05-27.13-52-47: at Start-ActionPlanInstance, C:\Program Files\WindowsPowerShell\Modul
    es\Microsoft.Azurestack.Activation\Microsoft.Azurestack.Activation.psm1: line 426
    at New-AzureBridgeServicePrincipal, C:\Program Files\WindowsPowerShell\Modules\Microsoft.Azurestack
    .Activation\Microsoft.Azurestack.Activation.psm1: line 179
    VERBOSE: 2019-05-27.13-52-47: *********************** Ending registration action during New-Service
    Principal ***********************
    VERBOSE: 2019-05-27.13-52-47: Logs can be found at: C:\MASLogs\Registration\AzureStack.Activation.S
    et-AzsRegistration-2019-05-27.log and \AzS-ERCS01\c$\maslogs
    VERBOSE: 2019-05-27.13-52-47: Removing any existing PSSession...
    Action plan execution failed. Error: Execution timeout
    At C:\AzureStack-Tools-master\Registration\RegisterWithAzure.psm1:1249 char:13

        $servicePrincipal = Invoke-Command -Session $PSSession -S ...
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    

    CategoryInfo : OperationStopped: (Action plan exe...ecution timeout:String) [], Ru
    ntimeException
    FullyQualifiedErrorId : Action plan execution failed. Error: Execution timeout


    Wednesday, May 29, 2019 4:26 PM

Answers

  • This issue is being caused due to an improper timeout on the service principal creation, and all we need to do is increase the timeout. 

    To mitigate this issue, you will need to open up the file at "C:\AzureStack-Tools-master\Registration/RegisterWithAzure.psm1" in an editor with ADMINISTRATOR PERMISSIONS, I prefer PowerShell ISE as it gives line numbers. 

    Line#1249 needs -TimeoutInSeconds 600 added to the "New-AzureBridgeServicePrincipal" cmdlet, and should look like this:

    $servicePrincipal = Invoke-Command -Session $PSSession -ScriptBlock { New-AzureBridgeServicePrincipal -RefreshToken $using:RefreshToken -AzureEnvironment $using:AzureEnvironmentName -TenantId $using:TenantId -TimeoutInSeconds 1800 }

    We are fixing this in the Registration Script as well, but for now the manual workaround is the best. 


    Thursday, May 30, 2019 9:14 PM

All replies

  • This appears to be the same issue that others are having in This Thread. We are currently following up internally to see what is causing this issue, and we have an active reproduction. 

    I will post any updates as soon as I have them. 

    Wednesday, May 29, 2019 7:20 PM
  • Don't know if this helps, but I have pulled the activation logs from a previous deployment that I still have standing of 1901 and it seems like some sort of encryption of a token is happening in the 1904 run. 

    This is 1901 deployment

    2019-03-16.04-09-56:
    ================================
    2019-03-16.04-09-56: Begin action: New-AzureBridgeServicePrincipal
    2019-03-16.04-09-56: ================================
    2019-03-16.04-09-56: [New-AzureBridgeServicePrincipal] Creating service principal. Environment: AzureCloud, Tenant Id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
    2019-03-16.04-09-56: [New-AzureBridgeServicePrincipal] Creating ECE client.
    2019-03-16.04-09-56: [New-AzureBridgeServicePrincipal] Retrieving ECE configuration.
    2019-03-16.04-10-09: [New-AzureBridgeServicePrincipal] Identity file: \\SU1FileServer\SU1_Infrastructure_1\ASResourceProvider\Config\AzureBridge.IdentityApplication.Configuration.json.
    2019-03-16.04-10-09: [New-AzureBridgeServicePrincipal] Invoking CreateServicePrincipal action plan.
    2019-03-16.04-10-09: [Start-ActionPlanInstance] Invoking action plan instance. RolePath: Cloud\Fabric\AzureBridge, ActionType: ConfigureBridgeIdentity, InstanceId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx, Timeout: 300s

    This is 1904 deployment

    2019-05-30.03-09-38:
    ================================
    2019-05-30.03-09-38: Begin action: New-AzureBridgeServicePrincipal
    2019-05-30.03-09-38: ================================
    2019-05-30.03-09-38: [New-AzureBridgeServicePrincipal] Creating service principal. Environment: AzureCloud, Tenant Id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
    2019-05-30.03-09-38: [New-AzureBridgeServicePrincipal] Creating ECE client.
    2019-05-30.03-09-38: [New-AzureBridgeServicePrincipal] Retrieving ECE configuration.
    2019-05-30.03-09-49: [New-AzureBridgeServicePrincipal] Identity file: \\SU1FileServer\SU1_Infrastructure_1\ASResourceProvider\Config\AzureBridge.IdentityApplication.Configuration.json.
    2019-05-30.03-09-49: Encrypting token
    2019-05-30.03-09-54: Done encrypting token
    2019-05-30.03-09-54: [New-AzureBridgeServicePrincipal] Invoking CreateServicePrincipal action plan.
    2019-05-30.03-09-55: [Start-ActionPlanInstance] Invoking action plan instance. RolePath: Cloud\Fabric\AzureBridge, ActionType: ConfigureBridgeIdentity, InstanceId: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx, Timeout: 300s

    Thursday, May 30, 2019 4:16 PM
  • This issue is being caused due to an improper timeout on the service principal creation, and all we need to do is increase the timeout. 

    To mitigate this issue, you will need to open up the file at "C:\AzureStack-Tools-master\Registration/RegisterWithAzure.psm1" in an editor with ADMINISTRATOR PERMISSIONS, I prefer PowerShell ISE as it gives line numbers. 

    Line#1249 needs -TimeoutInSeconds 600 added to the "New-AzureBridgeServicePrincipal" cmdlet, and should look like this:

    $servicePrincipal = Invoke-Command -Session $PSSession -ScriptBlock { New-AzureBridgeServicePrincipal -RefreshToken $using:RefreshToken -AzureEnvironment $using:AzureEnvironmentName -TenantId $using:TenantId -TimeoutInSeconds 1800 }

    We are fixing this in the Registration Script as well, but for now the manual workaround is the best. 


    Thursday, May 30, 2019 9:14 PM