question

AndreasMerzMETA10-5326 avatar image
0 Votes"
AndreasMerzMETA10-5326 asked TravisCragg-MSFT answered

Secret Rotation on Azure Stack Development Kit fails

We have successfully installed ASDK 1.2008.0.59, and everything is working fine. Test-AzureStack is passing all Tests.

After a while i wanted to Rotate the Certs, and as stated in https://docs.microsoft.com/en-us/azure-stack/operator/azure-stack-rotate-secrets?view=azs-2008, i prepared everything, and started Start-SecretRotation. All Tests and Checks were running successfull, but then the following error appears:
System.InvalidOperationException: The specified ActionPlan 'ExternalCertRotation' does not exist.

The docs.microsoft.com page especially mention also the ASDK for the secret rotation, so i assumed it should work fine.

Any idea what to do?


Here the Log from running Start-SecretRotation:


 PS C:\Certificates> Invoke-Command -Session $PEPSession -ScriptBlock {
 >>     Start-SecretRotation -PfxFilesPath $using:CertSharePath -PathAccessCredential $using:CertShareCreds -CertificatePassword $using:CertPassword
 >> }
 VERBOSE: Invoke-ScriptBlockWithRetries: attempt #1 of 2, retry sleep time is 30 seconds.
 VERBOSE: Create client to use for querying for status of actions
 VERBOSE: Invoke-ScriptBlockWithRetries: attempt #1 of 2, retry sleep time is 30 seconds.
 VERBOSE: Create client to use for querying for status of actions
    
    
 PSComputerName   : 192.168.200.224
 RunspaceId       : d572909e-b4e7-468e-a134-69334e4f4bee
 LocalPath        :
 RemotePath       : \\192.168.200.1\Certificates
 RequireIntegrity : False
 RequirePrivacy   : False
 Status           : 0
 UseWriteThrough  : False
    
 VERBOSE: Mapped network drive for source: \\192.168.200.1\Certificates
 Testing: \ARM Public
 Thumbprint: E31681****************************5975A7
         PFX Encryption: OK
         Expiry Date: OK
         Signature Algorithm: OK
         DNS Names: OK
         Key Usage: OK
         Key Length: OK
         Parse PFX: OK
         Private Key: OK
         Cert Chain: OK
         Chain Order: OK
         Other Certificates: OK
 Testing: \ARM Admin
 Thumbprint: E31681****************************5975A7
         PFX Encryption: OK
         Expiry Date: OK
         Signature Algorithm: OK
         DNS Names: OK
         Key Usage: OK
         Key Length: OK
         Parse PFX: OK
         Private Key: OK
         Cert Chain: OK
         Chain Order: OK
         Other Certificates: OK
 Testing: \Public Portal
 Thumbprint: E31681****************************5975A7
         PFX Encryption: OK
         Expiry Date: OK
         Signature Algorithm: OK
         DNS Names: OK
         Key Usage: OK
         Key Length: OK
         Parse PFX: OK
         Private Key: OK
         Cert Chain: OK
         Chain Order: OK
         Other Certificates: OK
 Testing: \Admin Portal
 Thumbprint: E31681****************************5975A7
         PFX Encryption: OK
         Expiry Date: OK
         Signature Algorithm: OK
         DNS Names: OK
         Key Usage: OK
         Key Length: OK
         Parse PFX: OK
         Private Key: OK
         Cert Chain: OK
         Chain Order: OK
         Other Certificates: OK
 Testing: \KeyVault
 Thumbprint: E31681****************************5975A7
         PFX Encryption: OK
         Expiry Date: OK
         Signature Algorithm: OK
         DNS Names: OK
         Key Usage: OK
         Key Length: OK
         Parse PFX: OK
         Private Key: OK
         Cert Chain: OK
         Chain Order: OK
         Other Certificates: OK
 Testing: \KeyVaultInternal
 Thumbprint: E31681****************************5975A7
         PFX Encryption: OK
         Expiry Date: OK
         Signature Algorithm: OK
         DNS Names: OK
         Key Usage: OK
         Key Length: OK
         Parse PFX: OK
         Private Key: OK
         Cert Chain: OK
         Chain Order: OK
         Other Certificates: OK
 Testing: \ACSTable
 Thumbprint: E31681****************************5975A7
         PFX Encryption: OK
         Expiry Date: OK
         Signature Algorithm: OK
         DNS Names: OK
         Key Usage: OK
         Key Length: OK
         Parse PFX: OK
         Private Key: OK
         Cert Chain: OK
         Chain Order: OK
         Other Certificates: OK
 Testing: \ACSQueue
 Thumbprint: E31681****************************5975A7
         PFX Encryption: OK
         Expiry Date: OK
         Signature Algorithm: OK
         DNS Names: OK
         Key Usage: OK
         Key Length: OK
         Parse PFX: OK
         Private Key: OK
         Cert Chain: OK
         Chain Order: OK
         Other Certificates: OK
 Testing: \ACSBlob
 Thumbprint: E31681****************************5975A7
         PFX Encryption: OK
         Expiry Date: OK
         Signature Algorithm: OK
         DNS Names: OK
         Key Usage: OK
         Key Length: OK
         Parse PFX: OK
         Private Key: OK
         Cert Chain: OK
         Chain Order: OK
         Other Certificates: OK
 Testing: \Admin Extension Host
 Thumbprint: E31681****************************5975A7
         PFX Encryption: OK
         Expiry Date: OK
         Signature Algorithm: OK
         DNS Names: OK
         Key Usage: OK
         Key Length: OK
         Parse PFX: OK
         Private Key: OK
         Cert Chain: OK
         Chain Order: OK
         Other Certificates: OK
 Testing: \Public Extension Host
 Thumbprint: E31681****************************5975A7
         PFX Encryption: OK
         Expiry Date: OK
         Signature Algorithm: OK
         DNS Names: OK
         Key Usage: OK
         Key Length: OK
         Parse PFX: OK
         Private Key: OK
         Cert Chain: OK
         Chain Order: OK
         Other Certificates: OK
    
    
    
 Path                   Test                Result
 ----                   ----                ------
 \ARM Public            PFX Encryption      OK
 \ARM Public            Expiry Date         OK
 \ARM Public            Signature Algorithm OK
 \ARM Public            DNS Names           OK
 \ARM Public            Key Usage           OK
 \ARM Public            Key Length          OK
 \ARM Public            Parse PFX           OK
 \ARM Public            Private Key         OK
 \ARM Public            Cert Chain          OK
 \ARM Public            Chain Order         OK
 \ARM Public            Other Certificates  OK
 \ARM Admin             PFX Encryption      OK
 \ARM Admin             Expiry Date         OK
 \ARM Admin             Signature Algorithm OK
 \ARM Admin             DNS Names           OK
 \ARM Admin             Key Usage           OK
 \ARM Admin             Key Length          OK
 \ARM Admin             Parse PFX           OK
 \ARM Admin             Private Key         OK
 \ARM Admin             Cert Chain          OK
 \ARM Admin             Chain Order         OK
 \ARM Admin             Other Certificates  OK
 \Public Portal         PFX Encryption      OK
 \Public Portal         Expiry Date         OK
 \Public Portal         Signature Algorithm OK
 \Public Portal         DNS Names           OK
 \Public Portal         Key Usage           OK
 \Public Portal         Key Length          OK
 \Public Portal         Parse PFX           OK
 \Public Portal         Private Key         OK
 \Public Portal         Cert Chain          OK
 \Public Portal         Chain Order         OK
 \Public Portal         Other Certificates  OK
 \Admin Portal          PFX Encryption      OK
 \Admin Portal          Expiry Date         OK
 \Admin Portal          Signature Algorithm OK
 \Admin Portal          DNS Names           OK
 \Admin Portal          Key Usage           OK
 \Admin Portal          Key Length          OK
 \Admin Portal          Parse PFX           OK
 \Admin Portal          Private Key         OK
 \Admin Portal          Cert Chain          OK
 \Admin Portal          Chain Order         OK
 \Admin Portal          Other Certificates  OK
 \KeyVault              PFX Encryption      OK
 \KeyVault              Expiry Date         OK
 \KeyVault              Signature Algorithm OK
 \KeyVault              DNS Names           OK
 \KeyVault              Key Usage           OK
 \KeyVault              Key Length          OK
 \KeyVault              Parse PFX           OK
 \KeyVault              Private Key         OK
 \KeyVault              Cert Chain          OK
 \KeyVault              Chain Order         OK
 \KeyVault              Other Certificates  OK
 \KeyVaultInternal      PFX Encryption      OK
 \KeyVaultInternal      Expiry Date         OK
 \KeyVaultInternal      Signature Algorithm OK
 \KeyVaultInternal      DNS Names           OK
 \KeyVaultInternal      Key Usage           OK
 \KeyVaultInternal      Key Length          OK
 \KeyVaultInternal      Parse PFX           OK
 \KeyVaultInternal      Private Key         OK
 \KeyVaultInternal      Cert Chain          OK
 \KeyVaultInternal      Chain Order         OK
 \KeyVaultInternal      Other Certificates  OK
 \ACSTable              PFX Encryption      OK
 \ACSTable              Expiry Date         OK
 \ACSTable              Signature Algorithm OK
 \ACSTable              DNS Names           OK
 \ACSTable              Key Usage           OK
 \ACSTable              Key Length          OK
 \ACSTable              Parse PFX           OK
 \ACSTable              Private Key         OK
 \ACSTable              Cert Chain          OK
 \ACSTable              Chain Order         OK
 \ACSTable              Other Certificates  OK
 \ACSQueue              PFX Encryption      OK
 \ACSQueue              Expiry Date         OK
 \ACSQueue              Signature Algorithm OK
 \ACSQueue              DNS Names           OK
 \ACSQueue              Key Usage           OK
 \ACSQueue              Key Length          OK
 \ACSQueue              Parse PFX           OK
 \ACSQueue              Private Key         OK
 \ACSQueue              Cert Chain          OK
 \ACSQueue              Chain Order         OK
 \ACSQueue              Other Certificates  OK
 \ACSBlob               PFX Encryption      OK
 \ACSBlob               Expiry Date         OK
 \ACSBlob               Signature Algorithm OK
 \ACSBlob               DNS Names           OK
 \ACSBlob               Key Usage           OK
 \ACSBlob               Key Length          OK
 \ACSBlob               Parse PFX           OK
 \ACSBlob               Private Key         OK
 \ACSBlob               Cert Chain          OK
 \ACSBlob               Chain Order         OK
 \ACSBlob               Other Certificates  OK
 \Admin Extension Host  PFX Encryption      OK
 \Admin Extension Host  Expiry Date         OK
 \Admin Extension Host  Signature Algorithm OK
 \Admin Extension Host  DNS Names           OK
 \Admin Extension Host  Key Usage           OK
 \Admin Extension Host  Key Length          OK
 \Admin Extension Host  Parse PFX           OK
 \Admin Extension Host  Private Key         OK
 \Admin Extension Host  Cert Chain          OK
 \Admin Extension Host  Chain Order         OK
 \Admin Extension Host  Other Certificates  OK
 \Public Extension Host PFX Encryption      OK
 \Public Extension Host Expiry Date         OK
 \Public Extension Host Signature Algorithm OK
 \Public Extension Host DNS Names           OK
 \Public Extension Host Key Usage           OK
 \Public Extension Host Key Length          OK
 \Public Extension Host Parse PFX           OK
 \Public Extension Host Private Key         OK
 \Public Extension Host Cert Chain          OK
 \Public Extension Host Chain Order         OK
 \Public Extension Host Other Certificates  OK
    
    
 VERBOSE: Certificate Validation finished successfully and found no failures.
 VERBOSE: Invoke-ScriptBlockWithRetries: attempt #1 of 5, retry sleep time is 10 seconds.
 VERBOSE: Retrieved AD Group: CN=Azs-SecretEncryptor,CN=Users,DC=azurestack,DC=local
 VERBOSE: Invoke-ScriptBlockWithRetries: attempt #1 of 5, retry sleep time is 10 seconds.
 VERBOSE: Retrieved AD Group: CN=Azs-SecretEncryptor,CN=Users,DC=azurestack,DC=local
 VERBOSE: Starting health check for Secret Rotation
 VERBOSE: Testing current certificate trust
 03/10/2021 23:55:15 : Starting Test-AzureStack
 VERBOSE: Invoke-ScriptBlockWithRetries: retry #0 of 3, retry sleep time is 30 seconds.
 VERBOSE: Invoke-ScriptBlockWithRetries: retry #0 of 3, retry sleep time is 30 seconds.
 03/10/2021 23:55:42 : Launching AzsExternalCertificates
 VERBOSE: Invoke-ScriptBlockWithRetries: retry #0 of 3, retry sleep time is 30 seconds.
 03/10/2021 23:55:47 : PASS : Azure Stack External Certificate Trust Validation
    
 Azure Stack Validation Summary
 ------------------------------
 PASS Azure Stack External Certificate Trust Validation
    
    
 VERBOSE: Preparing SecretRotationReadiness Test-AzureStack
 VERBOSE: Running regular SecretRotationReadiness Test-AzureStack
 VERBOSE: Invoke-ScriptBlockWithRetries: attempt #1 of 3, retry sleep time is 10 seconds.
 03/10/2021 23:55:48 : Starting Test-AzureStack
 VERBOSE: Invoke-ScriptBlockWithRetries: retry #0 of 3, retry sleep time is 30 seconds.
 VERBOSE: Invoke-ScriptBlockWithRetries: retry #0 of 3, retry sleep time is 30 seconds.
 03/10/2021 23:56:14 : Launching AzsHostingInfraSummary
 03/10/2021 23:56:14 : Launching AzsPortalAPISummary
 03/10/2021 23:56:14 : Launching AzsInfraRoleSummary
 03/10/2021 23:56:14 : Launching AzsStoreSummary
 03/10/2021 23:56:14 : Launching AzsSFRoleSummary
 03/10/2021 23:56:15 : Launching AzsInfraCapacity
 03/10/2021 23:56:15 : Launching AzsAcsSummary
 VERBOSE: Invoke-ScriptBlockWithRetries: retry #0 of 3, retry sleep time is 30 seconds.
 03/10/2021 23:56:40 : PASS : Azure Stack Portal and API Summary
 03/10/2021 23:56:40 : PASS : Azure Stack ARM Certificate Summary
 03/10/2021 23:56:48 : PASS : Azure Stack ACS Blob Service Summary
 03/10/2021 23:56:51 : PASS : Azure Stack Data Store Servers
 03/10/2021 23:56:51 : PASS : Azure Stack Data Store Cluster
 03/10/2021 23:57:09 : PASS : Azure Stack Cloud Hosting Infrastructure Summary
 03/10/2021 23:57:10 : PASS : Azure Stack Privileged Endpoint Service Fabric Cluster
 03/10/2021 23:57:10 : PASS : Azure Stack Privileged Endpoint Service Fabric Nodes
 03/10/2021 23:57:10 : PASS : Azure Stack Privileged Endpoint Service Fabric Applications
 03/10/2021 23:57:10 : PASS : Azure Stack Privileged Endpoint Service Fabric Services
 03/10/2021 23:57:10 : PASS : Azure Stack Support Ring Services endpoint Service Fabric Cluster
 03/10/2021 23:57:10 : PASS : Azure Stack Support Ring Services endpoint Service Fabric Nodes
 03/10/2021 23:57:10 : PASS : Azure Stack Support Ring Services endpoint Service Fabric Applications
 03/10/2021 23:57:10 : PASS : Azure Stack Support Ring Services endpoint Service Fabric Services
 03/10/2021 23:57:10 : PASS : Azure Stack Storage Services Service Fabric Cluster
 03/10/2021 23:57:10 : PASS : Azure Stack Storage Services Service Fabric Nodes
 03/10/2021 23:57:10 : PASS : Azure Stack Storage Services Service Fabric Applications
 03/10/2021 23:57:11 : PASS : Azure Stack Storage Services Service Fabric Services
 03/10/2021 23:57:11 : PASS : Azure Stack Fabric Management Controller Service Fabric Cluster
 03/10/2021 23:57:11 : PASS : Azure Stack Fabric Management Controller Service Fabric Nodes
 03/10/2021 23:57:11 : PASS : Azure Stack Fabric Management Controller Service Fabric Applications
 03/10/2021 23:57:11 : PASS : Azure Stack Fabric Management Controller Service Fabric Services
 03/10/2021 23:57:11 : PASS : Azure Stack Network Controller Service Fabric Cluster
 03/10/2021 23:57:11 : PASS : Azure Stack Network Controller Service Fabric Nodes
 03/10/2021 23:57:11 : PASS : Azure Stack Network Controller Service Fabric Applications
 03/10/2021 23:57:11 : PASS : Azure Stack Network Controller Service Fabric Services
 03/10/2021 23:57:23 : PASS : Azure Stack Infrastructure Capacity
 03/10/2021 23:57:23 : PASS : Azure Stack Shared Volume Capacity
 03/11/2021 00:02:46 : PASS : Azure Stack Infrastructure Role Instance Summary
 03/11/2021 00:02:47 : PASS : Azure Stack Service Resource Consumption Summary
 03/11/2021 00:02:47 : PASS : Azure Stack Infrastructure Clocks
    
 Azure Stack Validation Summary
 ------------------------------
 PASS Azure Stack Cloud Hosting Infrastructure Summary
 PASS Azure Stack Infrastructure Role Instance Summary
 PASS Azure Stack Infrastructure Capacity
 PASS Azure Stack Shared Volume Capacity
 PASS Azure Stack Portal and API Summary
 PASS Azure Stack ARM Certificate Summary
 PASS Azure Stack Data Store Cluster
 PASS Azure Stack Data Store Servers
 PASS Azure Stack ACS Blob Service Summary
 PASS Azure Stack Privileged Endpoint Service Fabric Cluster
 PASS Azure Stack Privileged Endpoint Service Fabric Nodes
 PASS Azure Stack Privileged Endpoint Service Fabric Applications
 PASS Azure Stack Privileged Endpoint Service Fabric Services
 PASS Azure Stack Support Ring Services endpoint Service Fabric Cluster
 PASS Azure Stack Support Ring Services endpoint Service Fabric Nodes
 PASS Azure Stack Support Ring Services endpoint Service Fabric Applications
 PASS Azure Stack Support Ring Services endpoint Service Fabric Services
 PASS Azure Stack Storage Services Service Fabric Cluster
 PASS Azure Stack Storage Services Service Fabric Nodes
 PASS Azure Stack Storage Services Service Fabric Applications
 PASS Azure Stack Storage Services Service Fabric Services
 PASS Azure Stack Fabric Management Controller Service Fabric Cluster
 PASS Azure Stack Fabric Management Controller Service Fabric Nodes
 PASS Azure Stack Fabric Management Controller Service Fabric Applications
 PASS Azure Stack Fabric Management Controller Service Fabric Services
 PASS Azure Stack Network Controller Service Fabric Cluster
 PASS Azure Stack Network Controller Service Fabric Nodes
 PASS Azure Stack Network Controller Service Fabric Applications
 PASS Azure Stack Network Controller Service Fabric Services
 PASS Azure Stack Infrastructure Clocks
 PASS Azure Stack Service Resource Consumption Summary
    
    
 VERBOSE: Processing results of Test-AzureStack run after 03/10/2021 23:55:47.
 VERBOSE: Test-AzureStack report did not contain any error.
 VERBOSE: Test-AzureStack completed with warnings.
 VERBOSE: Found the following warnings:
    
 Result Errors TestName
 ------ ------ --------
 WARN   {}     Azure Stack Infrastructure Clocks
    
    
 VERBOSE: The 'Cancel-ActionPlanInstance' command in the ECEClient' module was imported, but because its name does not
 include an approved verb, it might be difficult to find. The suggested alternative verbs are "Stop".
 VERBOSE: Importing function 'Cancel-ActionPlanInstance'.
 VERBOSE: Importing function 'Convert-HashTableToDictionary'.
 VERBOSE: The 'Create-ActionPlanDescriptionObject' command in the ECEClient' module was imported, but because its name
 does not include an approved verb, it might be difficult to find. The suggested alternative verbs are "New".
 VERBOSE: Importing function 'Create-ActionPlanDescriptionObject'.
 VERBOSE: The 'Create-ActionPlanInstanceDescriptionObject' command in the ECEClient' module was imported, but because
 its name does not include an approved verb, it might be difficult to find. The suggested alternative verbs are "New".
 VERBOSE: Importing function 'Create-ActionPlanInstanceDescriptionObject'.
 VERBOSE: The 'Create-CancelActionPlanInstanceDescription' command in the ECEClient' module was imported, but because
 its name does not include an approved verb, it might be difficult to find. The suggested alternative verbs are "New".
 VERBOSE: Importing function 'Create-CancelActionPlanInstanceDescription'.
 VERBOSE: The 'Create-CloudDefinitionDescription' command in the ECEClient' module was imported, but because its name
 does not include an approved verb, it might be difficult to find. The suggested alternative verbs are "New".
 VERBOSE: Importing function 'Create-CloudDefinitionDescription'.
 VERBOSE: The 'Create-ECEAgentClient' command in the ECEClient' module was imported, but because its name does not
 include an approved verb, it might be difficult to find. The suggested alternative verbs are "New".
 VERBOSE: Importing function 'Create-ECEAgentClient'.
 VERBOSE: The 'Create-ECEClientWithApplicationGateway' command in the ECEClient' module was imported, but because its
 name does not include an approved verb, it might be difficult to find. The suggested alternative verbs are "New".
 VERBOSE: Importing function 'Create-ECEClientWithApplicationGateway'.
 VERBOSE: The 'Create-ECEClientWithServiceResolver' command in the ECEClient' module was imported, but because its name
 does not include an approved verb, it might be difficult to find. The suggested alternative verbs are "New".
 VERBOSE: Importing function 'Create-ECEClientWithServiceResolver'.
 VERBOSE: Importing function 'Get-ActionPlanInstance'.
 VERBOSE: Importing function 'Get-CloudDefinition'.
 VERBOSE: Importing function 'Get-ECEServiceEndpoint'.
 VERBOSE: Importing function 'Get-StampInformation'.
 VERBOSE: Importing function 'Invoke-ActionPlanInstance'.
 VERBOSE: Importing function 'Invoke-WithRetries'.
 VERBOSE: The 'Monitor-ActionPlanInstance' command in the ECEClient' module was imported, but because its name does not
 include an approved verb, it might be difficult to find. For a list of approved verbs, type Get-Verb.
 VERBOSE: Importing function 'Monitor-ActionPlanInstance'.
 VERBOSE: Importing function 'Resume-ActionPlanInstance'.
 VERBOSE: Importing function 'Update-Endpoint'.
 VERBOSE: Importing function 'Wait-ForActionPlanInstanceToComplete'.
 VERBOSE: Importing function 'Write-ActionPlanSummaryProgress'.
 VERBOSE: Create Client for execution of action plan
 VERBOSE: Start action plan
 VERBOSE: Action plan instance ID specified: 061b697c-a7d3-47a4-ac82-01a59f21ea2f
    
 VERBOSE: StartTime: 03/11/2021 00:02:54
 VERBOSE: Timeout estimate: 03/11/2021 04:02:54 .
 VERBOSE:
 Overall action status: 'Pending'
 VERBOSE:
 VERBOSE:
    
 VERBOSE:
 Overall action status: 'Pending'
 VERBOSE:
 VERBOSE:
    
 VERBOSE: ActionPlanInstanceID: '061b697c-a7d3-47a4-ac82-01a59f21ea2f' CurrentStatus: 'Failed'
 VERBOSE: Action plan finished with status: 'Failed'
 Guid                                 PSComputerName
 ----                                 --------------
 061b697c-a7d3-47a4-ac82-01a59f21ea2f 192.168.200.224
    
 PSComputerName             : 192.168.200.224
 RunspaceId                 : d572909e-b4e7-468e-a134-69334e4f4bee
 InstanceID                 : 061b697c-a7d3-47a4-ac82-01a59f21ea2f
 ActionPlanName             :
 ActionTypeName             : ExternalCertRotation
 RolePath                   : Cloud
 ProgressAsXml              :
 Status                     : Failed
 StartDateTime              : 3/11/2021 12:02:54 AM
 EndDateTime                : 3/11/2021 12:03:08 AM
 LastModifiedDateTime       : 3/11/2021 12:03:08 AM
 StartIndex                 :
 EndIndex                   :
 Skip                       : {}
 Retries                    : 2
 ParentActionPlanInstanceID : 00000000-0000-0000-0000-000000000000
 LockType                   : ExclusiveLock
 RuntimeParameters          : {CertificatePassword, PathAccessPassword, PathAccessUserName, PfxFilesPath}
 RemediationInstance        :
 OnCompleteInstance         :
 InstanceType               : None
 AdditionalInformation      : System.InvalidOperationException: The specified ActionPlan 'ExternalCertRotation' does
                              not exist. Please check if it is spelled and capitalized correctly.
                                 at CloudEngine.Configurations.Role.Action(String actionType)
                                 at Microsoft.AzureStack.Solution.Deploy.EnterpriseCloudEngine.ActionPlanExecutionEngine
                              .ActionPlanExecutionEngine.<GetActionPlanDefinitionXml>d__31.MoveNext()
                              --- End of stack trace from previous location where exception was thrown ---
                                 at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                                 at
                              System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
                              task)
                                 at Microsoft.AzureStack.Solution.Deploy.EnterpriseCloudEngine.ActionPlanExecutionEngine
                              .ActionPlanExecutionEngine.<CreateActionPlanObject>d__30.MoveNext()
                              --- End of stack trace from previous location where exception was thrown ---
                                 at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                                 at
                              System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
                              task)
                                 at Microsoft.AzureStack.Solution.Deploy.EnterpriseCloudEngine.ActionPlanExecutionEngine
                              .ActionPlanExecutionEngine.<RunMainActionPlanInstance>d__25.MoveNext()
                              --- End of stack trace from previous location where exception was thrown ---
                                 at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                                 at
                              System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
                              task)
                                 at Microsoft.AzureStack.Solution.Deploy.EnterpriseCloudEngine.ActionPlanExecutionEngine
                              .ActionPlanExecutionEngine.<InternalRunActionPlanInstanceInBackGround>d__23.MoveNext()
 CorrelationRequestId       : 8f2ee6e0-2458-4765-a0a7-979dd67fcfca


76760-screenshot-2021-03-11-185740.jpg





azure-stack-hub
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

TravisCragg-MSFT avatar image
0 Votes"
TravisCragg-MSFT answered

@AndreasMertz-3986 My apologies for the delay on this one!

Secret rotation on the ASDK is not a supported scenario, and the failures you are getting is expected.

We will be updating the documentation as well to state this.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.