question

johnjoyner avatar image
0 Votes"
johnjoyner asked johnjoyner commented

Adding on-prem VM to Azure Arc using OnboadingScript.ps1 fails with "Error storing certificate"

We have one on-prem Windows Server 2012 R2 computer successfully onboarded to Azure Arc using the OnboadingScript.ps1 downloaded from Azure Portal. Running the script on the second computer also Windows Server 2012 R2 fails with this error:

time="2020-07-08T20:31:09-07:00" level=error msg="Request error: Error storing certificate, Details: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation." Error="Error response from agent"

C:\Windows\System32\>azcmagent show
Resource Name :
Resource Group Name :
Subscription ID :
Tenant ID :
VM ID :
Location :
Agent Version : 0.9.20164.002
Agent Logfile : C:\ProgramData\AzureConnectedMachineAgent\Log\himds.log

Agent Status : Disconnected
Agent Last Heartbeat :
Agent Error Code : Error in storing in certificate store
Agent Error Details : The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.
Agent Error Timestamp : 08 Jul 20 20:31 MST

Looking for tips to troubleshoot this. Unable to run azcmagent reconnect due to this error:

C:\Windows\System32\>azcmagent reconnect --tenant-id 56xxxx6e-xxxx-xxxx-xxxx-9066xxxxab2d
time="2020-07-08T21:08:46-07:00" level=fatal msg="Invalid Resource Name. Resource Name can only contain alphanumeric characters, - , _ or . Resource Name cannot contain more than 54 characters." Resource Name=

Thank you.

azure-arc
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

ManuPhilip avatar image
0 Votes"
ManuPhilip answered johnjoyner commented

Hi,
Please set the following value in registry editor and try again

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb

ProtectionPolicy = 1 (DWORD)

Ref: https://support.microsoft.com/en-ca/help/3000850/november-2014-update-rollup-for-windows-rt-8-1-windows-8-1-and-windows


Please mark as "Accept the answer" if the above steps helps you. Others with similar issues can also follow the solution as per your suggestion

Regards,

Manu

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you Manu this was exactly it!

Best, John

0 Votes 0 ·