question

AMARRISNolanLEPAPE-8620 avatar image
0 Votes"
AMARRISNolanLEPAPE-8620 asked AMARRISNolanLEPAPE-8620 commented

Azure Automation Hybrid Worker Sandbox process creation failed

Hi,
I am trying to setup an Azure automation runbook with an hybrid worker, the goal is to delete computers from our on premises AD.
The problem is that I can't even test my runbook as I have errors on the server in the event viewer (error ID 15180 and 15106) saying "Sandbox process creation failed on the hybrid worker server".

I get this two errors, updating the runbook job from "Queued" to "Suspended".

Error | ID 15180
Sandbox process creation failed [SandboxId={JOB_ID}][Reason=Failed to grant access to Windows Station and Desktop][Exception=System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.]

Error | ID 15106
Hybrid sandbox manager failed to create sandbox. [AccountId=account id] [RunbookWorkerGroup=GroupName] [MachineName=computername] [MachineId={machineid}] [SandboxId={sandboxid}] [SandboxHubEndpoint=] [Exception=System.AggregateException: One or many errors have happened. ---> Orchestrator.Runtime.SandboxCreationException: Failed to grant access to Windows Station and Desktop ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.]

The Log Analytics workspace is ok with my server showing in the "Agent Management".
In my azure automation account, in "hybrid worker groups", the hybrid worker group is showing 1 computer.

In the event viewer on the server I can see "Hybrid runbook worker started successfully".

But right after this event:

Info | ID 15157
Sandbox access settings completed - [User='scrubbed' [SandboxId={sandboxid}]] [SandboxId={sandboxid}]

It fails with the two errors



I used thoose websites to setup all of this:
https://shehanperera.com/2021/07/06/az-automation/
https://practical365.com/how-to-manage-on-premises-infrastructure-using-azure-automation-hybrid-worker/

If someone has a solution, I'm all ears.

Thanks,
Nolan

azure-active-directoryazure-automation
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@AMARRISNolanLEPAPE-8620 , Apologies for the delay in handling this one. I am checking this internally and will update on this . It may be possible that the user account mentioned may not have rights to delete the account . Or there may be a group policy preventing the deletion of device objects in the container in Local AD .

0 Votes 0 ·

0 Answers