Поділитися через


Installation and networking troubleshooting

 

Applies To: Windows Azure Pack

This topic describes troubleshooting issues that pertain to installation and networking configurations for Windows Azure Pack for Windows Server. Recommendations are provided for the following issues:

  • Access the Admin portal without redirecting the NetBIOS name

  • Change the DNS subdomain

  • Change the URL for a tenant portal

  • Change the URLs to load balance API services

  • Deploy a virtual machine with a fixed IP address

  • Get the error message "This page cannot be displayed." when I try to access the management portals

  • Install Web Sites with Windows Azure Pack

  • Install WebFarmAgent

  • Install Windows Azure Pack offline to accommodate a firewall

  • Reinstall Windows Azure Pack

  • Switch back to the default Windows Azure Pack authentication sites

For information about updates, see Install Windows Azure Pack updates and verify versions. For information about changing endpoint configurations and ports, see Reconfigure FQDNs and Ports in Windows Azure Pack.

Access the Admin portal without redirecting the NetBIOS name

Pertains to: Install the Windows Azure Pack management portals

Issue

Redirection issues might be caused by FQDN configuration errors.

Recommendation

To fix this issue, you must reconfigure the FQDNs and then re-establish trust as described in the following procedures.

To reconfigure FQDNs

  1. Use the Initialize-MgmtSvcFeature Windows PowerShell cmdlet on the following web sites: AdminSite, TenantSite, AuthSite, and WindowsAuthSite. You must run the cmdlet on each computer where the sites are installed.

    Initialize-MgmtSvcFeature -Name AdminSite -Settings @{fullyQualifiedDomainName=YourFQDN;forceUpdate=$true;configStorePassphrase='YourPassphrase';connectionString=$ConnectionString}
    Initialize-MgmtSvcFeature -Name TenantSite -Settings @{fullyQualifiedDomainName='YourFQDN';forceUpdate=$true;configStorePassphrase='YourPassphrase';connectionString=$ConnectionString}
    Initialize-MgmtSvcFeature -Name AuthSite -Settings @{fullyQualifiedDomainName='YourFQDN';forceUpdate=$true;configStorePassphrase='YourPassphrase';connectionString=$ConnectionString}
    Initialize-MgmtSvcFeature -Name WindowsAuthSite -Settings @{fullyQualifiedDomainName='YourFQDN';forceUpdate=$true;configStorePassphrase='YourPassphrase';connectionString=$ConnectionString}
    

    Replace YourFQDN with the appropriate FQDN for the site. For example, use myadminfqdn.contoso.com for the AdminSite FQDN.

    Replace YourPassphrase with your pass phrase.

    Define $ConnectionString with your configuration server settings. The user must have permissions to all databases.

  2. It may take a while for the new configurations to propagate to the web sites. To increase the speed, you can restart each site manually or restart IIS. In a distributed deployment, you must restart all instances of each web site.

  3. To verify that these values were set up correctly, open a browser and download the authentication metadata from each of the web sites. The metadata endpoint is located at https://<your site fqdn>:<your site port>:/FederationMetadata/2007-06/FederationMetadata.xml. You’ll see the redirect endpoint information in these XML files.

    If the endpoints in these files are not in the expected format, it means that the Initialize-MgmtSvcFeature cmdlet didn't run correctly or the settings have not yet propagated.The metadata endpoints should look something like this:

    https://myadminfqdn.contoso.com:30091/FederationMetadata/2007-06/FederationMetadata.xml

    https://mytenantfqdn.contoso.com:30081/FederationMetadata/2007-06/FederationMetadata.xml

    https://myauthfqdn.contoso.com:30071/FederationMetadata/2007-06/FederationMetadata.xml

    https://mywinauthfqdn.contoso.com:30072/FederationMetadata/2007-06/FederationMetadata.xml

To re-establish trust

  1. Use the Set-MgmtSvcRelyingPartySettings and Set-MgmtSvcIdentityProviderSettings Windows PowerShell cmdlets.

    These cmdlets connect to the metadata endpoint that is provided, and they retrieve all the required configuration values, including the new FQDN. These are stored in the Windows Azure Pack configuration databases. Therefore, it is very important to use the correct metadata endpoint with the appropriate FQDN and port. For example, the AdminSite must be configured to trust the Admin Authentication Site in Windows by using the Admin Authentication Site FQDN.

    Set-MgmtSvcRelyingPartySettings –Namespace AdminSite  –MetadataEndpoint ‘https:// YourFQDN:30072/FederationMetadata/2007-06/FederationMetadata.xml’ -ConnectionString $ConnectionString
    Set-MgmtSvcRelyingPartySettings –Namespace TenantSite  –MetadataEndpoint ‘YourFQDN https:// YourFQDN :30071/FederationMetadata/2007-06/FederationMetadata.xml’ -ConnectionString $ConnectionString
    Set-MgmtSvcIdentityProviderSettings –Namespace AuthSite –MetadataEndpoint ‘https:// YourFQDN:30081/FederationMetadata/2007-06/FederationMetadata.xml’ -ConnectionString $ConnectionString -ConfigureTenant
    Set-MgmtSvcIdentityProviderSettings –Namespace WindowsAuthSite –MetadataEndpoint ‘https:// YourFQDN:30091/FederationMetadata/2007-06/FederationMetadata.xml’ -ConnectionString $ConnectionString –ConfigureAdmin
    

    In the previous example, replace YourFQDN with the appropriate FQDN for the site.

    Replace YourPassphrase with your pass phrase.

    Define $ConnectionString with your configuration server settings. The user must have permissions to all databases.

    If the SSL certificate that you are using is a self-signed certificate, you must add the following parameter to the cmdlets: -DisableCertificateValidation.

  2. It may take a while for the new configurations to propagate to the web sites. To increase the speed, you can restart each site manually or restart IIS. In a distributed deployment, you must restart all instances of each site.

Back to top

Change the DNS subdomain

Pertains to: Deploy Windows Azure Pack for Windows Server

Issue

To change a DNS subdomain for a Windows Azure Pack web site, use the following procedure.

Recommendation

  1. On the computer that is hosting the Web Sites Controller, run the following Windows PowerShell command:

    Import-Module WebSitesSet-WebSitesConfig Global -DnsSuffix newdns.com

  2. In the Hosting Database admin.WebSystems table, change the PublishingDns, FtpDns, and Subdomain as desired.

Back to top

Change the URL for a tenant portal

Pertains to: Reconfigure FQDNs and Ports in Windows Azure Pack

Issue

Need to change the URLs to the management portal for tenants.

Recommendation

You can change the URLs for Windows Azure Pack web sites by updating the FQDN and port settings, and then re-establishing trust. For more information, see Reconfigure FQDNs and Ports in Windows Azure Pack. Also see the blog post Reconfigure portal names, ports and use trusted certificates.

Back to top

Change the URLs to load balance API services

Pertains to: Install the Windows Azure Pack Service Management APIs

Issue

Need to change URLs to achieve load balancing.

Recommendation

You can use Windows PowerShell cmdlets to change the URLs for your API services. After you set up your computers under the load balancer, run the following Windows PowerShell command to balance API services:

$server="YourServer"
$userid="YourID"
$password="YourPassword"
$PortalconnectionString="Data Source=$server;Initial Catalog=Microsoft.MgmtSvc.PortalConfigStore;User Id=$userid;Password=$password"

$AdminApiLB="10.1.1.5"
$TenantApiLB="10.1.1.6"
$TenantPublicApiLB="10.1.1.7"
Set-MgmtSvcDatabaseSetting -Namespace AdminSite -Name Microsoft.Azure.Portal.Configuration.AppManagementConfiguration.AntaresGeoMasterUri -Value "https://10.1.1.5:30004/services/webspaces/" -ConnectionString $PortalconnectionString -Force
Set-MgmtSvcDatabaseSetting -Namespace AdminSite -Name Microsoft.Azure.Portal.Configuration.AppManagementConfiguration.RdfeAdminManagementServiceUri -Value "https://10.1.1.5:30004/" -ConnectionString $PortalconnectionString -Force 
Set-MgmtSvcDatabaseSetting -Namespace AdminSite -Name Microsoft.Azure.Portal.Configuration.AppManagementConfiguration.RdfeUnifiedManagementServiceUri -Value "https://10.1.1.6:30005/" -ConnectionString $PortalconnectionString -Force
Set-MgmtSvcDatabaseSetting -Namespace AdminSite -Name Microsoft.Azure.Portal.Configuration.OnPremPortalConfiguration.RdfeAdminUri -Value "https://10.1.1.5:30004/" -ConnectionString $PortalconnectionString -Force
Set-MgmtSvcDatabaseSetting -Namespace AdminSite -Name Microsoft.Azure.Portal.Configuration.OnPremPortalConfiguration.RdfeProvisioningUri -Value "https://10.1.1.5:30004/" -ConnectionString $PortalconnectionString -Force
Set-MgmtSvcDatabaseSetting -Namespace TenantSite -Name Microsoft.Azure.Portal.Configuration.AppManagementConfiguration.RdfeUnifiedManagementServiceUri -Value "https://10.1.1.6:30005/" -ConnectionString $PortalconnectionString -Force
Set-MgmtSvcDatabaseSetting -Namespace TenantSite -Name Microsoft.WindowsAzure.Server.Configuration.TenantPortalConfiguration.PublicRdfeProvisioningUri  -Value "https://10.1.1.7:30006/" -ConnectionString $PortalconnectionString –Force

Back to top

Deploy a virtual machine with a fixed IP address

Pertains to: Virtual Machine Manager

Issue

Need to associate a fixed a IP address with a virtual machine.

Recommendation

In Virtual Machine Manager, users with Admin credentials can configure a specific IP address from the static IP pool when they create virtual machines. You can specify an IP address by using Virtual Machine Manager.

Back to top

Get the error message "This page cannot be displayed." when I try to access the management portals

Pertains to: Install the Windows Azure Pack management portals

Issue

Access issues might occur if Internet Explorer is set to automatically detect proxy settings.

Recommendation

  1. In Internet Explorer, click Tools and then click Internet Options.

  2. Click the Connections tab.

  3. Under Dial-up and Virtual Private Network settings, select the network that you're using.

  4. Click Settings and then clear the Automatically detect settings check box.

  5. Click OK and then click OK again.

Back to top

Install Web Sites with Windows Azure Pack

Pertains to: Deploy Windows Azure Pack: Web Sites

Issue

Having issues with setting up a web site cloud.

Recommendation

Before you set up a web site cloud in Windows Azure Pack management portal for tenants, you must deploy Windows Azure Pack: Web Sites as explained in Deploy Windows Azure Pack: Web Sites. After you complete that task, you can register the web site cloud endpoint in the management portal for administrators and create virtual machine cloud plans.

Back to top

Install WebFarmAgent

Pertains to: Web Farm Framework

Issue

WebFarmAgent requires .NET Framework 3.5.

Recommendation

Confirm that .NET Framework 3.5 is enabled on the computer, and then try to install WebFarmAgent again.

If the installation still fails, run the following command on the computer:

    netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
    netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

Back to top

Install Windows Azure Pack offline to accommodate a firewall

Pertains to: Install an express deployment of Windows Azure Pack, Install a distributed deployment of Windows Azure Pack

Issue

Cannot install Windows Azure Pack from the internet because of firewall issues.

Recommendation

If a firewall cannot be disabled due to Internet issues, installing Windows Azure Pack from offline sources is required. See the blog post Troubleshooting Installation of Windows Azure Pack for a procedure about how to install Windows Azure Pack from an offline source.

Back to top

Reinstall Windows Azure Pack

Pertains to: Deploy Windows Azure Pack for Windows Server 

Issue

How to avoid problems that may occur when unistalling and then installing Windows Azure Pack.

Recommendation

After unistalling Windows Azure Pack, verify the following objects are deleted:

  • SQL Server database and accounts

  • Any User Account Control (UAC) implementations

Back to top

Switch back to the default Windows Azure Pack authentication sites

Pertains to: Configure Active Directory Federation Services for Windows Azure Pack

Issue

When you set up Windows Azure Pack, you have the option to reconfigure your deployment so that it uses Active Directory Federation Services (AD FS).

Recommendation

To switch back to trusting the default authentication sites, use the following Windows PowerShell script replacing the following placeholders with your values:

  • YourDBServer with the name of your database server

  • YourPassword with your sa password

  • YourAdminSite with the FQDN of your admin site

  • YourTenantSite with the FQDN of your tenant site

  • YourAuthSite with the FQDN of your admin authentication site.

$dbServer = YourDBServer 
$dbpassword=YourPassword 
$portalConfigStoreConnectionString = [string]::Format('Data Source={0};Initial Catalog=Microsoft.MgmtSvc.PortalConfigStore;User ID=sa;Password={1}', $dbServer, $dbPassword) 

# Configure Admin and Tenant Site to use their auth sites 
Set-MgmtSvcRelyingPartySettings -Target Admin -MetadataEndpoint https://YourAdminSite:30072/FederationMetadata/2007-06/FederationMetadata.xml -ConnectionString  $portalConfigStoreConnectionString -DisableCertificateValidation 
Set-MgmtSvcRelyingPartySettings -Target Tenant -MetadataEndpoint https://YourTenantSite:30071/FederationMetadata/2007-06/FederationMetadata.xml -ConnectionString  $portalConfigStoreConnectionString -DisableCertificateValidation 

# Configure Auth Site 
Set-MgmtSvcIdentityProviderSettings -Target Membership -MetadataEndpoint https://YourAuthSite:30081/FederationMetadata/2007-06/FederationMetadata.xml -ConnectionString $portalConfigStoreConnectionString -DisableCertificateVaLidation

Replace the following:

  • https://YourAdminSite:30072 with https://YourWindowsAuthSite:30072

  • https://YourTenantSite:30071 with https://YourAuthSite:30071

  • https://YourAuthSite:30081 with https://YourTenantSite:30081

Back to top

See Also

Windows Azure Pack troubleshooting