(Solution) Azure Stack Readiness Checker Fail When Validating Azure Registration

3 min read

Introduction

Azure Stack subscription validation is part of the Azure Stack Readiness Checker tool known as (AzsReadinessChecker). You can use that tool to validate your Azure subscription before you begin an Azure Stack deployment, so you can make sure that your Azure subscription is ready to use with Azure Stack. The Readiness Checker Tool validates the following:

  • The Azure subscription you use is a supported type. Subscriptions must be a Cloud Service Provider (CSP) or Enterprise Agreement (EA).
  • The account you use to register your subscription with Azure can sign in to Azure and is a subscription owner.

For more information about Azure Stack registration, please check Register Azure Stack with Azure.

The issue

The other day, I was preparing for an Azure Stack Integrated Systems deployment and I am going through all the validation steps before I begin with the actual deployment.

When I ran the Invoke-AzsRegistrationValidation command against my Azure subscription, I received the following error message:

Invoke-AzsRegistrationValidation v1.1811.1101.1 started.
Checking Registration Requirements: Fail
Get-AzureSubscriptionDetail threw an error: A parameter cannot be found that matches parameter name ‘function’.
Additional help URL https://aka.ms/AzsRemediateRegistration

Log location (contains PII): C:\Users\AZURES~1\AppData\Local\Temp\AzsReadinessChecker\AzsReadinessChecker.log
Report location (contains PII): C:\Users\AZURES~1\AppData\Local\Temp\AzsReadinessChecker\AzsReadinessCheckerReport.json
Invoke-AzsRegistrationValidation Completed.

As noted in the error message, I followed all the validation failures as documented by Microsoft here, but none of them addresses my issue.

Finding the cause

As part of the validation, the Azure Stack Readiness Checker tool check the account that you will use to register Azure Stack with Azure that can sign in to Azure and is a subscription owner.

My account has a full owner on the Azure subscription and I can sign to Azure. I also disabled multi-factor authentication (MFA) for that account for testing purposes but still, the validation keeps failing.

After reviewing the role definition for that user by running the following PowerShell script, I find out that the Get-AzureRmRoleAssigment command did not return any results.

$subscriptionId = 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX'
Login-AzureRmAccount -Subscription $subscriptionId
$context = Get-AzureRmContext
Get-AzureRmSubscription
Get-AzureRmTenant
$objectId = (Get-AzureRmADUser -UserPrincipalName $context.Account.id).id
Get-AzureRmRoleAssignment -objectid $objectid.Guid -Scope "/subscriptions/$subscriptionId" 

The account I am using to validate Azure subscription is a member of an Azure AD Security Group, and that group is an owner on that subscription!

I ran the Get-AzureRmRoleAssigment against the AAD security group this time and I got the role definition which is Owner as expected. So what is the issue with that account?

Fixing the issue

At the time of this writing, if you encountered this issue, you need to add the account you use to validate Azure Stack registration on the Azure subscription directly as owner, and NOT the Azure AD Security Group as subscription owner. I don’t know why that could be an issue as of today…

After adding that account directly on the Azure subscription as owner, the validation passed as shown in the next screenshot.

Last but eventually not least, Microsoft is actively working and investigating this issue to determine the root cause and find a permanent solution.

Thanks to the Azure Stack team for their help in getting to the bottom of this.

Hope this helps someone out there!

__
Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

About Charbel Nemnom 545 Articles
Charbel Nemnom is a Cloud Architect, ICT Security Expert, Microsoft Most Valuable Professional (MVP), and Microsoft Certified Trainer (MCT), totally fan of the latest's IT platform solutions, accomplished hands-on technical professional with over 17 years of broad IT Infrastructure experience serving on and guiding technical teams to optimize the performance of mission-critical enterprise systems. Excellent communicator is adept at identifying business needs and bridging the gap between functional groups and technology to foster targeted and innovative IT project development. Well respected by peers through demonstrating passion for technology and performance improvement. Extensive practical knowledge of complex systems builds, network design, business continuity, and cloud security.

Be the first to comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.