Problems in registering azure stack hci cluster with Azure.

Question

Hello Experts,

I have deployed a 2 node Azure stack HCI cluster on HPE servers, The cluster is healthy and I have HCI enabled on my Azure subscription.

When I am trying to register the Cluster with Azure it is failing and here's the snippet from log.

VERBOSE: Command [ New-AzureADApplicationKeyCredential -ObjectId $ObjectId -Type AsymmetricX509Cert -Usage Verify -Value $CertBase64 -StartDate $now -EndDate $Cert.NotAfter] succeeded. Non null result received.
VERBOSE: Command [ Get-AzureADApplicationKeyCredential -ObjectId $ObjectId | where {​​​​​​​($.KeyId -eq $appCredential.KeyId)}​​​​​​​ ] succeeded. Non null result received.
******PS>TerminatingError(): "The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: Failed to validate and set registration certificate."*
DEBUG: Exception occured in Set-AzureStackHCIRegistrationCertificate. ErrorMessage : Failed to validate and set registration certificate.
DEBUG: Failed to validate and set registration certificate.*
VERBOSE: Command [ New-AzureADApplicationKeyCredential -ObjectId $ObjectId -Type AsymmetricX509Cert -Usage Verify -Value $CertBase64 -StartDate $now -EndDate $Cert.NotAfter] succeeded. Non null result received.
VERBOSE: Command [ Get-AzureADApplicationKeyCredential -ObjectId $ObjectId | where {​​​​​​​($.KeyId -eq $appCredential.KeyId)}​​​​​​​ ] succeeded. Non null result received.
PS>TerminatingError(): "The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: Failed to validate and set registration certificate."
DEBUG: Exception occured in Set-AzureStackHCIRegistrationCertificate. ErrorMessage : Failed to validate and set registration certificate.
DEBUG: Failed to validate and set registration certificate.
PS>TerminatingError(Register-AzStackHCI): "The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: Failed to register. Couldn't generate self-signed certificate on node(s) . Couldn't set and verify registration certificate on node(s) HCI01,HCI02. Make sure every clustered node is up and has Internet connectivity (at least outbound to Azure)."
Register-AzStackHCI : Failed to register. Couldn't generate self-signed certificate on node(s) . Couldn't set and
verify registration certificate on node(s) HCI01,HCI02. Make sure every clustered node is up and has Internet

Note: I have validated internet connectivity and I am using global administrator account

Any help would be appreciated.

Answer 1

Hi @Yash ,

Based on the error, it sounds like there is an issue with a certificate that is being found on the node during the registration process. It is possible that a certificate that is being published automatically on your domain is interfering with this process. Can you try removing all certificates from the node then trying the registration process again? This should allow the self-signed registration certificate to be generated and used for this process.

You can also get more information on the actual failure by enabling the Microsoft-AzureStack-HCI/Debug event logs, retrying the registration then pulling and reviewing the debug logs. If you need assistance with this, you may want to consider opening a support ticket.

Just for information, the final error is very generic and appears regardless of the actual cause of the registration failure. You can verify internet connectivity by running Test-AzStackHCIConnection. If this returns as 'Succeeded', connectivity should be fine.

Answer 2

@Trent Helms - MSFT
How can i remove all certificates on the node??