question

MrTenant-1342 avatar image
0 Votes"
MrTenant-1342 asked NestoriSyynimaa-6300 commented

Trying to install an Azure Stack Hub (development kit), the installation fails when we try to connect to Azure AD.

Issue is this:


Trying to install an Azure Stack Hub (development kit), the installation fails when we try to connect to Azure AD.
We are using the latest setup, Build version 1.2008.0.59.


The command that fails in Powershell is Get-AzureAdTenantDetails, it claims the account is not an administrator in Azure AD:


Get-AzureAdTenantDetails : The account you entered 'abc.def@xxx.onmicrosoft.com' is not an
administrator of any Azure Active Directory tenant.”


Here is the thing though, if we run that command in another powershell window (with same account), and load modules manually, the commands works fine (i.e. the account is OK)


Also, if we run the Azure validation tools (https://docs.microsoft.com/sv-se/azure-stack/operator/azure-stack-validate-identity?view=azs-2008&tabs=az),
they work in the powershell we opened manually, however if we try to run that tool in the powershell window that the ASDK installation initiated it fails like this:


Error message:
[Test-AzsServiceAdministrator] Test Test-AzsService[redacted] fail with exception System.Management.Automation.MethodException: Cannot convert argument "redirectUri", with value: "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential", for "AcquireToken" to type "System.Uri": "Cannot convert the "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" value of type "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" to type "System.Uri"." ---> System.Management.Automation.PSInvalidCastException: Cannot convert the "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" value of type "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" to type "System.Uri".




Something is fishy with the Azure Stack hub setup, what can we do?

Please advise...



azure-active-directoryazure-stack-hub
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

<<Private message note: This is a private message which only you as Original Poster and Microsoft Moderators can view. Please respond directly to this comment to privately share the requested information. For your privacy, please do not share any Personal Identifiable Information (PII) as a public or private comment. All private messages on the thread will be deleted within 30 days.>>
Subject: Survey Feedback Check-in
Hello @MrTenant-1342,
We noticed your recent experience on the Q&A community platform was rated a 3* star. Thank you for taking time to share your feedback.
We are eager to know what could have been done better to evolve your experience to a 5* star rating.
Your candid feedback is very important to us.
Looking forward to your reply.

Regards,
Travis
AzCommunity@microsoft.com

0 Votes 0 ·

1 Answer

MarkBowler-7155 avatar image
0 Votes"
MarkBowler-7155 answered NestoriSyynimaa-6300 commented

I hit the same problem. Took ages debugging the install scripts to get to the bottom of it.

There's an issue with one of the installation scripts which expects the user to have a role of 'Company Administrator' instead of 'Global Administrator'.

Try editing line 339 in C:\CloudDeployment\Setup\Common\AzureADConfiguration.psm1 and change the description to 'Global Administrator', and then re-run.

You might have to remove the module in PowerShell (Remove-Module) as well before re-running so that it gets imported again.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Yeeehaaa... COMPLETE: Action 'Deployment'

I edited line 339 in C:\CloudDeployment\Setup\Common\AzureADConfiguration.psm1 to "Global Administrator" and did a re-run and worked perfectly and didn´t have to remove the module in PowerShell before re-running.


Thanks alot for your help @MarkBowler-7155

Cheers

1 Vote 1 ·

Found out this too, was really driving me crazy!

I changed the line 339 to following, as the role template id is global & fixed:

 $roleOid = Invoke-Graph -method Get -uri $getUri -authorization $authorization | Select-Object -ExpandProperty Value | Where roleTemplateId -eq "62e90394-69f5-4237-9190-012177145e10" | Select-Object -ExpandProperty objectId


Also, I noticed that the AAD Directory MUST be the default domain, which in my case was not <tenant>.onmicrosoft.com but like company.com.






0 Votes 0 ·