Missing ADWS when deploying Azure Stack HCI

Daniel SHEN 5

Hi,

I encounter such an error during the validation of Azure Stack HCI cluster deployment, please advise how can I troubleshoot, thanks!

Type 'InvokeEnvironmentChecker' of Role 'DeploymentService' raised an exception: Fail to initialize cloud deployment: Unable to find a default server with Active Directory Web Services running..ToString() Command Arguments ------- --------- Initialize-CloudDeployment.ps1 {JSONFilePath=C:\Deployment\Unattended.json, RegistrationResourceGroupName=DFS-SIN-LZ-... {} <ScriptBlock> {CloudEngine.Configurations.EceInterfaceParameters, DeploymentService, InvokeEnvironme... Invoke-EceInterfaceInternal {CloudDeploymentModulePath=C:\NugetStore\Microsoft.AzureStack.Solution.Deploy.CloudDep... at Trace-Error, C:\CloudDeployment\Common\Tracer.psm1: line 63 at <ScriptBlock>,

User's image

vipullag-MSFT 26,316 Reputation points

2024-06-07T01:23:50.0033333+00:00

Hello Daniel SHEN

Welcome to Microsoft Q&A Platform, thanks for posting your query here.

Make sure the networking on the nodes is correct (IP, DNS, gateway), that the proper domain name is used, and that DHCP (and maybe IPv6) is disabled on all NICs.

One quick validation for some of this is to just try to do nslookup contoso.com

(with the right domain) on all nodes and make sure that it resolves to domain controllers.

Hope this helps.
Daniel SHEN 5 Reputation points

2024-06-07T01:28:43.0166667+00:00

Hi vipullag,

I've tried nslookup domain, and the result is correctly pointing to the dc.

Is there more detailed we can get for this error? I've tried to run the checker on the node itself and no such error:
Daniel SHEN 5 Reputation points

2024-06-07T01:30:21.75+00:00

Hi vipullag,

I've tried nslookup and the result is correctly pointing to dc.

I also run the checker directly on the node and there is no such error:
vipullag-MSFT 26,316 Reputation points

2024-06-07T05:11:05+00:00

Hello Daniel SHEN

Do you have a firewall between your HCI cluster and your internal Active Directory servers?
Daniel SHEN 5 Reputation points

2024-06-07T05:15:20.8966667+00:00

I believe firewall is there, but the node should be able to reach DC, do you have a command that I can verify the connectivity? Thanks!
vipullag-MSFT 26,316 Reputation points

2024-06-10T15:38:06.46+00:00

Hello Daniel SHEN

I am checking with internal team on this. Will update you back.
vipullag-MSFT 26,316 Reputation points

2024-06-20T04:52:28.0666667+00:00

Hello Daniel SHEN

Firstly, apologies for the delayed response on this.

That is not a configuration that can be validated against. It's overall support is documented here:
https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/single-label-domains-support-policy

Hope this helps.

1 answer

vipullag-MSFT 26,316 Reputation points

2024-06-11T02:51:41.2633333+00:00

Hello Daniel SHEN

As you have confirmed that there is a firewall in between it is possible that you have not opened up all the necessary ports which are listed here: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd772723(v=ws.10)?redirectedfrom=MSDN#communication-to-domain-controllers

You will note one of those ports is 9389 which is the AD DS Web Services port. Note for the RPC ports you may want to scope that down.

Hope this helps
Please sign in to rate this answer.
Daniel SHEN 5 Reputation points

2024-06-11T02:54:08.39+00:00

I've made some progress with the ADWS thing, it's due to AllowSingleLabelDnsDomain in registry. However this raises the question: does Azure Stack HCI support single label dns, like instead of ms.com, the domain is just "ms"?
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Missing ADWS when deploying Azure Stack HCI

1 answer

Your answer