none
ASDK on baremetal deployment failure - Step 60.120.121 - The graph environment has not yet been initialized

    Question

  • I am repeatedly seeing the following failure to deploy ASDK on a baremetal server using AAD in step 60.120.121

    FWIW... I was seeing the same issue with initializing the graph environment when I tried to deploy ASDK on an azure instance  but since that was unsupported, we're now deploying directly on a server running Windows 2016 datacenter server.

    From the deployment logs...

    ---

    2019-03-19 14:40:31 Verbose  1> [IdentityProvider:Deployment] Attempting to acquire a token for resource 'https://graph.windows.net/' using a refresh token
    2019-03-19 14:40:31 Verbose  1> [IdentityProvider:Deployment] POST https://login.microsoftonline.com/<REDACTED>/oauth2/token?api-version=1.6 with -1-byte payload
    2019-03-19 14:40:31 Verbose  1> [IdentityProvider:Deployment] received 2389-byte response of content type application/json; charset=utf-8
    2019-03-19 14:40:32 Verbose  1> [IdentityProvider:Deployment] Initialize-AADActiveDirectoryApplication : Including tag on AAD service principals: {"AzureStackMetadata":{"CreationDate":"\/Date(1553006432001)\/","DeploymentGuid":"<REDACTED"}} (length = 121)
    2019-03-19 14:40:32 Verbose  1> [IdentityProvider:Deployment] WARNING: An error occurred during identity application initialization. Delaying for 300 seconds and trying again...
    Error: The graph environment has not yet been initialized. Please run 'Initialize-GraphEnvironment' with a valid credential or refresh token.
    2019-03-19 14:45:32 Verbose  1> [IdentityProvider:Deployment] [PSTask Concurrency] Task is completed, so exiting.
    2019-03-19 14:45:32 Verbose  1> [IdentityProvider:Deployment] [PSTask Concurrency] Number of parallel tasks decreased to '1'.
    2019-03-19 14:45:32 Warning  1> Task: Invocation of interface 'Deployment' of role 'Cloud\Fabric\IdentityProvider' failed: 

    Type 'Deployment' of Role 'IdentityProvider' raised an exception:

    The graph environment has not yet been initialized. Please run 'Initialize-GraphEnvironment' with a valid credential or refresh token.
    at Assert-GraphEnvironmentIsInitialized, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 320
    at Invoke-GraphApi, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 560
    at Find-GraphApplication, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 761
    at Initialize-GraphApplication, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 1969
    at Initialize-AADActiveDirectoryApplication, C:\CloudDeployment\Roles\IdentityProvider\IdentityProvider.psm1: line 165
    at New-ActiveDirectoryApplication, C:\CloudDeployment\Roles\IdentityProvider\IdentityProvider.psm1: line 41
    at Deployment, C:\CloudDeployment\Classes\IdentityProvider\IdentityProvider.psm1: line 18
    at <ScriptBlock>, <No file>: line 42
    at <ScriptBlock>, <No file>: line 40
    2019-03-19 14:45:32 Error    1> Task: Invocation of interface 'Deployment' of role 'Cloud\Fabric\IdentityProvider' failed: 

    Type 'Deployment' of Role 'IdentityProvider' raised an exception:

    The graph environment has not yet been initialized. Please run 'Initialize-GraphEnvironment' with a valid credential or refresh token.
    at Assert-GraphEnvironmentIsInitialized, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 320
    at Invoke-GraphApi, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 560
    at Find-GraphApplication, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 761
    at Initialize-GraphApplication, C:\CloudDeployment\Roles\IdentityProvider\GraphAPI.psm1: line 1969
    at Initialize-AADActiveDirectoryApplication, C:\CloudDeployment\Roles\IdentityProvider\IdentityProvider.psm1: line 165
    at New-ActiveDirectoryApplication, C:\CloudDeployment\Roles\IdentityProvider\IdentityProvider.psm1: line 41
    at Deployment, C:\CloudDeployment\Classes\IdentityProvider\IdentityProvider.psm1: line 18
    at <ScriptBlock>, <No file>: line 42
    at <ScriptBlock>, <No file>: line 40
    2019-03-19 14:45:32 Verbose  1> Step: Status of step '60.120.121 - (Katal) Create AzureStack Service Principals' is 'Error'.
    2019-03-19 14:45:32 Verbose  1> Checking if any of the in progress steps are complete. The following steps are currently in progress: '60.120.121'.
    2019-03-19 14:45:32 Verbose  1> Action: Action plan 'Deployment-Phase4-IdentitySystemAndWASBootstrap' failed. Finish running all steps that are currently in progress before exiting.
    2019-03-19 14:45:32 Verbose  1> Draining all steps that are still in progress. The following steps are still in progress or just completed: '60.120.121'.
    2019-03-19 14:45:32 Verbose  1> Action: Action plan 'Deployment-Phase4-IdentitySystemAndWASBootstrap' failed.
    2019-03-19 14:45:32 Error    1> Action: Invocation of step 60.120.121 failed. Stopping invocation of action plan.
    2019-03-19 14:45:32 Verbose  1> Action: Status of 'Deployment-Phase4-IdentitySystemAndWASBootstrap' is 'Error'.
    2019-03-19 14:45:32 Verbose  1> Task: Status of action 'Deployment-Phase4-IdentitySystemAndWASBootstrap' of role 'Cloud' is 'Error'.

    Tuesday, March 19, 2019 9:36 PM

All replies

  • Are you deploying using 1902?

    to start, make sure that the AAD account you are using matches the requirements for the ASDK. Make sure that the account you use for deployment has AAD Global Administrator Permissions. 

    There are some common errors that occur when using Azure to deploy Azure Stack, and one of them is a AAD Directory endpoint issue that is similar to this one. Becuase you are getting this while on-premise, it might be possible for you to go back and deploy on Azure if that is your desire, however it will still not be a supported scenario. 

    Tuesday, March 19, 2019 11:16 PM
    Moderator
  • Hello Travis,

    I  am using 1902.

    The AAD account we are using for deployment has Global Administrator rights in our AAD.

    My understanding is "global administrator rights" is the only requirement for the AAD account.  Are there some other requirements for that account that I'm missing/misunderstanding?

    Wednesday, March 20, 2019 5:21 PM
  • FYI - I finally found the old thread about Nested Virtualization errors for ASDK - Although your error is close, it is not the same. 

    I am following up now to see what we can do to get the graph enviornment ready. 

    Wednesday, March 20, 2019 11:13 PM
    Moderator
  • Hi Travis,

    Have you been able to follow up on additional steps we can take to get the graph environment ready?


    Wednesday, March 27, 2019 1:24 AM
  • Nevermind, we have decided to stop pursuing this.

    Tuesday, April 2, 2019 4:37 PM
  • If you decide to pursue this further, please let me know. We will need to collect some log files from both the Azure Stack installation, along with the AzS-WAS01 VM
    Friday, April 12, 2019 12:47 AM
    Moderator