question

AlexanderHeidelberg-0645 avatar image
0 Votes"
AlexanderHeidelberg-0645 asked tbgangav-MSFT answered

Azure Automation Hybrid Worker v2 creation

Hello,

I'm trying to install Hybrid Worker v2 (extension based) on Arc enabled on premise machine but there are three errors in Event log (Microsoft-SMA)

15156
Failed to set folder access - [Folder=C:\ProgramData\Microsoft\System Center\Orchestrator\7.2\SMA\Sandboxes\jkifd89ujg.3eh][User='scrubbed'][Exception=System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated. at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) at System.Security.Principal.NTAccount.Translate(Type targetType) at System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified) at System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(AccessRule rule) at Orchestrator.Runtime.SandboxSecurity.AddUserPermissionsToFolder(String user, String folder) in X:\bt\1224905\repo\src\Shared\Orchestrator.Runtime\SandboxSecurity.cs:line 204 ][SandboxId={c473b75a-3e6d-4e35-9e95-d6a68070b5ed}]



15181
Sandbox process user permissions failure [SandboxId={c473b75a-6666-4444-9e95-d6a68070b5ed}][Reason=Failed to set folder access [Folder=C:\ProgramData\Microsoft\System Center\Orchestrator\7.2\SMA\Sandboxes\jkifd89ujg.3eh]][Exception=System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
at System.Security.Principal.NTAccount.Translate(Type targetType)
at System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified)
at System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(AccessRule rule)
at Orchestrator.Runtime.SandboxSecurity.AddUserPermissionsToFolder(String user, String folder) in X:\bt\1224905\repo\src\Shared\Orchestrator.Runtime\SandboxSecurity.cs:line 204
]

15106
Hybrid sandbox manager failed to create sandbox. [AccountId={sdgsdgsdg3532-aaaa-46e2-bbbb-3453453453}] [RunbookWorkerGroup=MyHWGroup] [MachineName=Server01.MyDomain.com] [MachineId={ID-fd9f-45fe-aff5-cfffb505eceb8}] [SandboxId={sfsfsfsf-ssss-ffff-9e95-sdgsdgsdg}] [SandboxHubEndpoint=] [Exception=System.AggregateException: One or more errors occurred. ---> Orchestrator.Runtime.SandboxCreationException: Failed to set folder access [Folder=C:\ProgramData\Microsoft\System Center\Orchestrator\7.2\SMA\Sandboxes\jgzhwcon.3eh] ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.


What I'm doing wrong?

azure-automation
· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

tbgangav-MSFT avatar image tbgangav-MSFT ·

Hi @AlexanderHeidelberg-0645,

Did you get chance to check my earlier response? Let me know if you were able to resolve the issue or else if have any further queries with regards to it.

0 Votes 0 ·

1 Answer

tbgangav-MSFT avatar image
0 Votes"
tbgangav-MSFT answered

Hi @AlexanderHeidelberg-0645,

I believe your Arc enabled on-premise machine is within the supported OS and other prerequisites have met as per this and this Azure documents. If that's the case then these errors with code 15156, 15181 and 15106 are generally seen if you have used custom account which is lacking permissions. I would recommend to try it using domain admin account.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.