Azure Automation Hybrid Worker v2 creation

Alexander Heidelberg 1 Reputation point
2022-04-30T00:58:29.663+00:00

Hello,

I'm trying to install Hybrid Worker v2 (extension based) on Arc enabled on premise machine but there are three errors in Event log (Microsoft-SMA)

15156
Failed to set folder access - [Folder=C:\ProgramData\Microsoft\System Center\Orchestrator\7.2\SMA\Sandboxes\jkifd89ujg.3eh][User='scrubbed'][Exception=System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
at System.Security.Principal.NTAccount.Translate(Type targetType)
at System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified)
at System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(AccessRule rule)
at Orchestrator.Runtime.SandboxSecurity.AddUserPermissionsToFolder(String user, String folder) in X:\bt\1224905\repo\src\Shared\Orchestrator.Runtime\SandboxSecurity.cs:line 204
][SandboxId={c473b75a-3e6d-4e35-9e95-d6a68070b5ed}]

15181
Sandbox process user permissions failure [SandboxId={c473b75a-6666-4444-9e95-d6a68070b5ed}][Reason=Failed to set folder access [Folder=C:\ProgramData\Microsoft\System Center\Orchestrator\7.2\SMA\Sandboxes\jkifd89ujg.3eh]][Exception=System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
at System.Security.Principal.NTAccount.Translate(Type targetType)
at System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified)
at System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(AccessRule rule)
at Orchestrator.Runtime.SandboxSecurity.AddUserPermissionsToFolder(String user, String folder) in X:\bt\1224905\repo\src\Shared\Orchestrator.Runtime\SandboxSecurity.cs:line 204
]

15106
Hybrid sandbox manager failed to create sandbox. [AccountId={sdgsdgsdg3532-aaaa-46e2-bbbb-3453453453}] [RunbookWorkerGroup=MyHWGroup] [MachineName=Server01.MyDomain.com] [MachineId={ID-fd9f-45fe-aff5-cfffb505eceb8}] [SandboxId={sfsfsfsf-ssss-ffff-9e95-sdgsdgsdg}] [SandboxHubEndpoint=] [Exception=System.AggregateException: One or more errors occurred. ---> Orchestrator.Runtime.SandboxCreationException: Failed to set folder access [Folder=C:\ProgramData\Microsoft\System Center\Orchestrator\7.2\SMA\Sandboxes\jgzhwcon.3eh] ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.

What I'm doing wrong?

Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,132 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. tbgangav-MSFT 10,386 Reputation points
    2022-05-03T09:32:06.06+00:00

    Hi @Alexander Heidelberg ,

    I believe your Arc enabled on-premise machine is within the supported OS and other prerequisites have met as per this and this Azure documents. If that's the case then these errors with code 15156, 15181 and 15106 are generally seen if you have used custom account which is lacking permissions. I would recommend to try it using domain admin account.

    0 comments