Re-establish trust between the authentication sites and the management portals

 

Applies To: Windows Azure Pack

Run the following script one time from any one of the virtual machines in the Windows Azure Pack deployment . For more information about re-establishing trust, see Reconfigure FQDNs and Ports in Windows Azure Pack.

$MgmtStoreConnectionString="Data Source=$server;Initial Catalog=Microsoft.MgmtSvc.Store;User Id=sa;Password=$password"
$ConnectionString="Data Source=$server;User Id=$userid;Password=$password"
$TenantMetadataEndpoint="https://${AuthSiteLB}:$AuthSitePort/federationMetaData/2007-06/FederationMetadata.xml"
$AdminMetadataEndpoint="https://${WinAuthSiteLB}:$WinAuthSitePort/federationMetaData/2007-06/FederationMetadata.xml"

Set-MgmtSvcRelyingPartySettings -Target Tenant –MetadataEndpoint $TenantMetadataEndpoint  -DisableCertificateValidation -PortalConnectionString $PortalconnectionString  -ManagementConnectionString $MgmtStoreConnectionString
Set-MgmtSvcRelyingPartySettings -Target Admin –MetadataEndpoint $AdminMetadataEndpoint  -DisableCertificateValidation -PortalConnectionString $PortalconnectionString  -ManagementConnectionString $MgmtStoreConnectionString

$AdminSiteMetadataEndpoint="https://${AdminSiteLB}:$AdminSitePort/federationMetaData/2007-06/FederationMetadata.xml"
$TenantSiteMetadataEndpoint="https://${TenantSiteLB}:$TenantSitePort/federationMetaData/2007-06/FederationMetadata.xml"

Set-MgmtSvcIdentityProviderSettings -Target MemberShip –MetadataEndpoint  $TenantSiteMetadataEndpoint -ConnectionString $ConnectionString -DisableCertificateValidation
Set-MgmtSvcIdentityProviderSettings -Target Windows –MetadataEndpoint  $AdminSiteMetadataEndpoint -ConnectionString $ConnectionString -DisableCertificateValidation