Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,132 questions
Azure Automation Hybrid Worker Sandbox process creation failed
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 54%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAN%3C/text%3E%3C/svg%3E)
AMARRIS - Nolan LE PAPE
6
Reputation points
Hi,
I am trying to setup an Azure automation runbook with an hybrid worker, the goal is to delete computers from our on premises AD.
The problem is that I can't even test my runbook as I have errors on the server in the event viewer (error ID 15180 and 15106) saying "Sandbox process creation failed on the hybrid worker server".
I get this two errors, updating the runbook job from "Queued" to "Suspended".
Error | ID 15180
Sandbox process creation failed [SandboxId={JOB_ID}][Reason=Failed to grant access to Windows Station and Desktop][Exception=System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.]Error | ID 15106
Hybrid sandbox manager failed to create sandbox. [AccountId=account id] [RunbookWorkerGroup=GroupName] [MachineName=computername] [MachineId={machineid}] [SandboxId={sandboxid}] [SandboxHubEndpoint=] [Exception=System.AggregateException: One or many errors have happened. ---> Orchestrator.Runtime.SandboxCreationException: Failed to grant access to Windows Station and Desktop ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.]
The Log Analytics workspace is ok with my server showing in the "Agent Management".
In my azure automation account, in "hybrid worker groups", the hybrid worker group is showing 1 computer.
In the event viewer on the server I can see "Hybrid runbook worker started successfully".
But right after this event:
Info | ID 15157
Sandbox access settings completed - [User='scrubbed' [SandboxId={sandboxid}]] [SandboxId={sandboxid}]
It fails with the two errors
I used thoose websites to setup all of this:
https://shehanperera.com/2021/07/06/az-automation/
https://practical365.com/how-to-manage-on-premises-infrastructure-using-azure-automation-hybrid-worker/
If someone has a solution, I'm all ears.
Thanks,
Nolan
{count} vote
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Shashi Shailaj 7,581 Reputation points Microsoft Employee2021-09-13T10:49:39.677+00:00 @AMARRIS - Nolan LE PAPE , Apologies for the delay in handling this one. I am checking this internally and will update on this . It may be possible that the user account mentioned may not have rights to delete the account . Or there may be a group policy preventing the deletion of device objects in the container in Local AD .
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 99%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Josie 26 Reputation points2022-01-21T01:50:57.807+00:00 Hi @AMARRIS - Nolan LE PAPE , did you manage to fix this issue? I'm having the exact same issue but unable to fix it.
-
AMARRIS - Nolan LE PAPE 6 Reputation points
2022-01-21T08:06:16.377+00:00 Hi @Josie , sorry no. I switched to a local server based solution (we have a Jenkins server, used it too. Works for now). But it only works in the local network, so chance are if you need it for online purpose it is not the best solution. good luck
-
Josie 26 Reputation points
2022-01-27T02:13:05.4+00:00 Thanks @AMARRIS - Nolan LE PAPE , I just managed to fix this issue! Hopefully sharing the solution will help you and others solve it too... I spent hours troubleshooting it, and then it turns out the issue was caused by the automation account credentials. If you go to the Azure Automation account, click on Shared Resources / Credentials, if you created an account in the UPN format "first.last@keyman .com", the @ symbol is the culprit! If you change it to domain\first.last (or domain\username), it should work. I hope this helps you, let me know how you go if you manage to test it.
Josie. -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 67%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAJ%3C/text%3E%3C/svg%3E)
Adams, Jeremy 6 Reputation points2022-03-24T15:04:15.97+00:00 This solved the error for me as well.
-
dcvander 6 Reputation points2022-12-26T18:32:36.957+00:00 OMG thank you so much for this. Same issue here, foolish to think that a UPN would work for a credential with the v2 Extension hybrid workers like the v1.
Sign in to comment