Trying to install an Azure Stack Hub (development kit), the installation fails when we try to connect to Azure AD.

Question

Trying to install an Azure Stack Hub (development kit), the installation fails when we try to connect to Azure AD.

MrTenant 26

Issue is this:

Trying to install an Azure Stack Hub (development kit), the installation fails when we try to connect to Azure AD.
We are using the latest setup, Build version 1.2008.0.59.

The command that fails in Powershell is Get-AzureAdTenantDetails, it claims the account is not an administrator in Azure AD:

“Get-AzureAdTenantDetails : The account you entered 'abc.def@X .onmicrosoft.com' is not an
administrator of any Azure Active Directory tenant.”

Here is the thing though, if we run that command in another powershell window (with same account), and load modules manually, the commands works fine (i.e. the account is OK)

Also, if we run the Azure validation tools (https://learn.microsoft.com/sv-se/azure-stack/operator/azure-stack-validate-identity?view=azs-2008&tabs=az),
they work in the powershell we opened manually, however if we try to run that tool in the powershell window that the ASDK installation initiated it fails like this:

Error message:
[Test-AzsServiceAdministrator] Test Test-AzsService[redacted] fail with exception System.Management.Automation.MethodException: Cannot convert argument "redirectUri", with value: "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential", for "AcquireToken" to type "System.Uri": "Cannot convert the "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" value of type "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" to type "System.Uri"." ---> System.Management.Automation.PSInvalidCastException: Cannot convert the "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" value of type "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" to type "System.Uri".

Something is fishy with the Azure Stack hub setup, what can we do?

Please advise...

TravisCragg-MSFT 5,696 Reputation points Microsoft Employee Moderator

2021-02-13T03:25:13.72+00:00

<<Private message note: This is a private message which only you as Original Poster and Microsoft Moderators can view. Please respond directly to this comment to privately share the requested information. For your privacy, please do not share any Personal Identifiable Information (PII) as a public or private comment. All private messages on the thread will be deleted within 30 days.>>
Subject: Survey Feedback Check-in
Hello @MrTenant ,
We noticed your recent experience on the Q&A community platform was rated a 3* star. Thank you for taking time to share your feedback.
We are eager to know what could have been done better to evolve your experience to a 5* star rating.
Your candid feedback is very important to us.
Looking forward to your reply.

Regards,
Travis
AzCommunity@microsoft.com

Accepted answer

0 additional answers

Your answer

TravisCragg-MSFT 5,696 Reputation points Microsoft Employee Moderator

2021-02-13T03:25:13.72+00:00

<<Private message note: This is a private message which only you as Original Poster and Microsoft Moderators can view. Please respond directly to this comment to privately share the requested information. For your privacy, please do not share any Personal Identifiable Information (PII) as a public or private comment. All private messages on the thread will be deleted within 30 days.>>
Subject: Survey Feedback Check-in
Hello @MrTenant ,
We noticed your recent experience on the Q&A community platform was rated a 3* star. Thank you for taking time to share your feedback.
We are eager to know what could have been done better to evolve your experience to a 5* star rating.
Your candid feedback is very important to us.
Looking forward to your reply.

Regards,
Travis
AzCommunity@microsoft.com

Answer 1

Mark Bowler 101

I hit the same problem. Took ages debugging the install scripts to get to the bottom of it.

There's an issue with one of the installation scripts which expects the user to have a role of 'Company Administrator' instead of 'Global Administrator'.

Try editing line 339 in C:\CloudDeployment\Setup\Common\AzureADConfiguration.psm1 and change the description to 'Global Administrator', and then re-run.

You might have to remove the module in PowerShell (Remove-Module) as well before re-running so that it gets imported again.

MrTenant 26 Reputation points

2021-02-12T14:36:17.123+00:00

Yeeehaaa... **COMPLETE: Action 'Deployment' **

I edited line 339 in C:\CloudDeployment\Setup\Common\AzureADConfiguration.psm1 to "Global Administrator" and did a re-run and worked perfectly and didn´t have to remove the module in PowerShell before re-running.

Thanks alot for your help @Mark Bowler

Cheers
Nestori Syynimaa 1 Reputation point

2021-03-23T07:12:02.45+00:00
Found out this too, was really driving me crazy!

I changed the line 339 to following, as the role template id is global & fixed:

$roleOid = Invoke-Graph -method Get -uri $getUri -authorization $authorization | Select-Object -ExpandProperty Value | Where roleTemplateId -eq "62e90394-69f5-4237-9190-012177145e10" | Select-Object -ExpandProperty objectId

Also, I noticed that the AAD Directory MUST be the default domain, which in my case was not <tenant>.onmicrosoft.com but like company.com.

Share via

Trying to install an Azure Stack Hub (development kit), the installation fails when we try to connect to Azure AD.

0 additional answers

Your answer