Installation and networking troubleshooting
Applies To: Windows Azure Pack
This topic describes troubleshooting issues that pertain to installation and networking configurations for Windows Azure Pack for Windows Server. Recommendations are provided for the following issues:
Access the Admin portal without redirecting the NetBIOS name
Change the DNS subdomain
Change the URL for a tenant portal
Change the URLs to load balance API services
Deploy a virtual machine with a fixed IP address
Get the error message "This page cannot be displayed." when I try to access the management portals
Install Web Sites with Windows Azure Pack
Install WebFarmAgent
Install Windows Azure Pack offline to accommodate a firewall
Reinstall Windows Azure Pack
Switch back to the default Windows Azure Pack authentication sites
For information about updates, see Install Windows Azure Pack updates and verify versions. For information about changing endpoint configurations and ports, see Reconfigure FQDNs and Ports in Windows Azure Pack.
Access the Admin portal without redirecting the NetBIOS name
Pertains to: Install the Windows Azure Pack management portals
Issue
Redirection issues might be caused by FQDN configuration errors.
Recommendation
To fix this issue, you must reconfigure the FQDNs and then re-establish trust as described in the following procedures.
To reconfigure FQDNs
Use the Initialize-MgmtSvcFeature Windows PowerShell cmdlet on the following web sites: AdminSite, TenantSite, AuthSite, and WindowsAuthSite. You must run the cmdlet on each computer where the sites are installed.
Initialize-MgmtSvcFeature -Name AdminSite -Settings @{fullyQualifiedDomainName=YourFQDN;forceUpdate=$true;configStorePassphrase='YourPassphrase';connectionString=$ConnectionString} Initialize-MgmtSvcFeature -Name TenantSite -Settings @{fullyQualifiedDomainName='YourFQDN';forceUpdate=$true;configStorePassphrase='YourPassphrase';connectionString=$ConnectionString} Initialize-MgmtSvcFeature -Name AuthSite -Settings @{fullyQualifiedDomainName='YourFQDN';forceUpdate=$true;configStorePassphrase='YourPassphrase';connectionString=$ConnectionString} Initialize-MgmtSvcFeature -Name WindowsAuthSite -Settings @{fullyQualifiedDomainName='YourFQDN';forceUpdate=$true;configStorePassphrase='YourPassphrase';connectionString=$ConnectionString}Replace YourFQDN with the appropriate FQDN for the site. For example, use myadminfqdn.contoso.com for the AdminSite FQDN.
Replace YourPassphrase with your pass phrase.
Define $ConnectionString with your configuration server settings. The user must have permissions to all databases.
It may take a while for the new configurations to propagate to the web sites. To increase the speed, you can restart each site manually or restart IIS. In a distributed deployment, you must restart all instances of each web site.
To verify that these values were set up correctly, open a browser and download the authentication metadata from each of the web sites. The metadata endpoint is located at https://<your site fqdn>:<your site port>:/FederationMetadata/2007-06/FederationMetadata.xml. You’ll see the redirect endpoint information in these XML files.
If the endpoints in these files are not in the expected format, it means that the Initialize-MgmtSvcFeature cmdlet didn't run correctly or the settings have not yet propagated.The metadata endpoints should look something like this:
https://myadminfqdn.contoso.com:30091/FederationMetadata/2007-06/FederationMetadata.xml
https://mytenantfqdn.contoso.com:30081/FederationMetadata/2007-06/FederationMetadata.xml
https://myauthfqdn.contoso.com:30071/FederationMetadata/2007-06/FederationMetadata.xml
https://mywinauthfqdn.contoso.com:30072/FederationMetadata/2007-06/FederationMetadata.xml
To re-establish trust
Use the Set-MgmtSvcRelyingPartySettings and Set-MgmtSvcIdentityProviderSettings Windows PowerShell cmdlets.
These cmdlets connect to the metadata endpoint that is provided, and they retrieve all the required configuration values, including the new FQDN. These are stored in the Windows Azure Pack configuration databases. Therefore, it is very important to use the correct metadata endpoint with the appropriate FQDN and port. For example, the AdminSite must be configured to trust the Admin Authentication Site in Windows by using the Admin Authentication Site FQDN.
Set-MgmtSvcRelyingPartySettings –Namespace AdminSite –MetadataEndpoint ‘https:// YourFQDN:30072/FederationMetadata/2007-06/FederationMetadata.xml’ -ConnectionString $ConnectionString Set-MgmtSvcRelyingPartySettings –Namespace TenantSite –MetadataEndpoint ‘YourFQDN https:// YourFQDN :30071/FederationMetadata/2007-06/FederationMetadata.xml’ -ConnectionString $ConnectionString Set-MgmtSvcIdentityProviderSettings –Namespace AuthSite –MetadataEndpoint ‘https:// YourFQDN:30081/FederationMetadata/2007-06/FederationMetadata.xml’ -ConnectionString $ConnectionString -ConfigureTenant Set-MgmtSvcIdentityProviderSettings –Namespace WindowsAuthSite –MetadataEndpoint ‘https:// YourFQDN:30091/FederationMetadata/2007-06/FederationMetadata.xml’ -ConnectionString $ConnectionString –ConfigureAdminIn the previous example, replace YourFQDN with the appropriate FQDN for the site.
Replace YourPassphrase with your pass phrase.
Define $ConnectionString with your configuration server settings. The user must have permissions to all databases.
If the SSL certificate that you are using is a self-signed certificate, you must add the following parameter to the cmdlets: -DisableCertificateValidation.
It may take a while for the new configurations to propagate to the web sites. To increase the speed, you can restart each site manually or restart IIS. In a distributed deployment, you must restart all instances of each site.
Back to top
Change the DNS subdomain
Pertains to: Deploy Windows Azure Pack for Windows Server
Issue
To change a DNS subdomain for a Windows Azure Pack web site, use the following procedure.
Recommendation
On the computer that is hosting the Web Sites Controller, run the following Windows PowerShell command:
Import-Module WebSitesSet-WebSitesConfig Global -DnsSuffix newdns.com
In the Hosting Database admin.WebSystems table, change the PublishingDns, FtpDns, and Subdomain as desired.
Back to top
Change the URL for a tenant portal
Pertains to: Reconfigure FQDNs and Ports in Windows Azure Pack
Issue
Need to change the URLs to the management portal for tenants.
Recommendation
You can change the URLs for Windows Azure Pack web sites by updating the FQDN and port settings, and then re-establishing trust. For more information, see Reconfigure FQDNs and Ports in Windows Azure Pack. Also see the blog post Reconfigure portal names, ports and use trusted certificates.
Back to top
Change the URLs to load balance API services
Pertains to: Install the Windows Azure Pack Service Management APIs
Issue
Need to change URLs to achieve load balancing.
Recommendation
You can use Windows PowerShell cmdlets to change the URLs for your API services. After you set up your computers under the load balancer, run the following Windows PowerShell command to balance API services:
$server="YourServer"
$userid="YourID"
$password="YourPassword"
$PortalconnectionString="Data Source=$server;Initial Catalog=Microsoft.MgmtSvc.PortalConfigStore;User Id=$userid;Password=$password"
$AdminApiLB="10.1.1.5"
$TenantApiLB="10.1.1.6"
$TenantPublicApiLB="10.1.1.7"
Set-MgmtSvcDatabaseSetting -Namespace AdminSite -Name Microsoft.Azure.Portal.Configuration.AppManagementConfiguration.AntaresGeoMasterUri -Value "https://10.1.1.5:30004/services/webspaces/" -ConnectionString $PortalconnectionString -Force
Set-MgmtSvcDatabaseSetting -Namespace AdminSite -Name Microsoft.Azure.Portal.Configuration.AppManagementConfiguration.RdfeAdminManagementServiceUri -Value "https://10.1.1.5:30004/" -ConnectionString $PortalconnectionString -Force
Set-MgmtSvcDatabaseSetting -Namespace AdminSite -Name Microsoft.Azure.Portal.Configuration.AppManagementConfiguration.RdfeUnifiedManagementServiceUri -Value "https://10.1.1.6:30005/" -ConnectionString $PortalconnectionString -Force
Set-MgmtSvcDatabaseSetting -Namespace AdminSite -Name Microsoft.Azure.Portal.Configuration.OnPremPortalConfiguration.RdfeAdminUri -Value "https://10.1.1.5:30004/" -ConnectionString $PortalconnectionString -Force
Set-MgmtSvcDatabaseSetting -Namespace AdminSite -Name Microsoft.Azure.Portal.Configuration.OnPremPortalConfiguration.RdfeProvisioningUri -Value "https://10.1.1.5:30004/" -ConnectionString $PortalconnectionString -Force
Set-MgmtSvcDatabaseSetting -Namespace TenantSite -Name Microsoft.Azure.Portal.Configuration.AppManagementConfiguration.RdfeUnifiedManagementServiceUri -Value "https://10.1.1.6:30005/" -ConnectionString $PortalconnectionString -Force
Set-MgmtSvcDatabaseSetting -Namespace TenantSite -Name Microsoft.WindowsAzure.Server.Configuration.TenantPortalConfiguration.PublicRdfeProvisioningUri -Value "https://10.1.1.7:30006/" -ConnectionString $PortalconnectionString –Force
Back to top
Deploy a virtual machine with a fixed IP address
Pertains to: Virtual Machine Manager
Issue
Need to associate a fixed a IP address with a virtual machine.
Recommendation
In Virtual Machine Manager, users with Admin credentials can configure a specific IP address from the static IP pool when they create virtual machines. You can specify an IP address by using Virtual Machine Manager.
Back to top
Get the error message "This page cannot be displayed." when I try to access the management portals
Pertains to: Install the Windows Azure Pack management portals
Issue
Access issues might occur if Internet Explorer is set to automatically detect proxy settings.
Recommendation
In Internet Explorer, click Tools and then click Internet Options.
Click the Connections tab.
Under Dial-up and Virtual Private Network settings, select the network that you're using.
Click Settings and then clear the Automatically detect settings check box.
Click OK and then click OK again.
Back to top
Install Web Sites with Windows Azure Pack
Pertains to: Deploy Windows Azure Pack: Web Sites
Issue
Having issues with setting up a web site cloud.
Recommendation
Before you set up a web site cloud in Windows Azure Pack management portal for tenants, you must deploy Windows Azure Pack: Web Sites as explained in Deploy Windows Azure Pack: Web Sites. After you complete that task, you can register the web site cloud endpoint in the management portal for administrators and create virtual machine cloud plans.
Back to top
Install WebFarmAgent
Pertains to: Web Farm Framework
Issue
WebFarmAgent requires .NET Framework 3.5.
Recommendation
Confirm that .NET Framework 3.5 is enabled on the computer, and then try to install WebFarmAgent again.
If the installation still fails, run the following command on the computer:
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
Back to top
Install Windows Azure Pack offline to accommodate a firewall
Pertains to: Install an express deployment of Windows Azure Pack, Install a distributed deployment of Windows Azure Pack
Issue
Cannot install Windows Azure Pack from the internet because of firewall issues.
Recommendation
If a firewall cannot be disabled due to Internet issues, installing Windows Azure Pack from offline sources is required. See the blog post Troubleshooting Installation of Windows Azure Pack for a procedure about how to install Windows Azure Pack from an offline source.
Back to top
Reinstall Windows Azure Pack
Pertains to: Deploy Windows Azure Pack for Windows Server
Issue
How to avoid problems that may occur when unistalling and then installing Windows Azure Pack.
Recommendation
After unistalling Windows Azure Pack, verify the following objects are deleted:
SQL Server database and accounts
Any User Account Control (UAC) implementations
Back to top
Switch back to the default Windows Azure Pack authentication sites
Pertains to: Configure Active Directory Federation Services for Windows Azure Pack
Issue
When you set up Windows Azure Pack, you have the option to reconfigure your deployment so that it uses Active Directory Federation Services (AD FS).
Recommendation
To switch back to trusting the default authentication sites, use the following Windows PowerShell script replacing the following placeholders with your values:
YourDBServer with the name of your database server
YourPassword with your sa password
YourAdminSite with the FQDN of your admin site
YourTenantSite with the FQDN of your tenant site
YourAuthSite with the FQDN of your admin authentication site.
$dbServer = YourDBServer
$dbpassword=YourPassword
$portalConfigStoreConnectionString = [string]::Format('Data Source={0};Initial Catalog=Microsoft.MgmtSvc.PortalConfigStore;User ID=sa;Password={1}', $dbServer, $dbPassword)
# Configure Admin and Tenant Site to use their auth sites
Set-MgmtSvcRelyingPartySettings -Target Admin -MetadataEndpoint https://YourAdminSite:30072/FederationMetadata/2007-06/FederationMetadata.xml -ConnectionString $portalConfigStoreConnectionString -DisableCertificateValidation
Set-MgmtSvcRelyingPartySettings -Target Tenant -MetadataEndpoint https://YourTenantSite:30071/FederationMetadata/2007-06/FederationMetadata.xml -ConnectionString $portalConfigStoreConnectionString -DisableCertificateValidation
# Configure Auth Site
Set-MgmtSvcIdentityProviderSettings -Target Membership -MetadataEndpoint https://YourAuthSite:30081/FederationMetadata/2007-06/FederationMetadata.xml -ConnectionString $portalConfigStoreConnectionString -DisableCertificateVaLidation
Replace the following:
https://YourAdminSite:30072 with https://YourWindowsAuthSite:30072
https://YourTenantSite:30071 with https://YourAuthSite:30071
https://YourAuthSite:30081 with https://YourTenantSite:30081
Back to top