(Solution) Azure Stack Readiness Checker Fail When Validating Azure Registration

| ,

Published on | Updated on December 26, 2020

2 Min. Read

Introduction

Azure Stack subscription validation is part of the Azure Stack Readiness Checker tool known as (AzsReadinessChecker). You can use that tool to validate your Azure subscription before you begin an Azure Stack deployment, so you can make sure that your Azure subscription is ready to use with Azure Stack. The Readiness Checker Tool validates the following:

  • The Azure subscription you use is a supported type. Subscriptions must be a Cloud Service Provider (CSP) or Enterprise Agreement (EA).
  • The account you use to register your subscription with Azure can sign in to Azure and is a subscription owner.

For more information about Azure Stack registration, please check Register Azure Stack with Azure.

The issue

The other day, I was preparing for an Azure Stack Integrated Systems deployment and I am going through all the validation steps before I begin with the actual deployment.

When I ran the Invoke-AzsRegistrationValidation command against my Azure subscription, I received the following error message:

Invoke-AzsRegistrationValidation v1.1811.1101.1 started.
Checking Registration Requirements: Fail
Get-AzureSubscriptionDetail threw an error: A parameter cannot be found that matches parameter name ‘function’.
Additional help URL https://aka.ms/AzsRemediateRegistration

Log location (contains PII): C:\Users\AZURES~1\AppData\Local\Temp\AzsReadinessChecker\AzsReadinessChecker.log
Report location (contains PII): C:\Users\AZURES~1\AppData\Local\Temp\AzsReadinessChecker\AzsReadinessCheckerReport.json
Invoke-AzsRegistrationValidation Completed.

As noted in the error message, I followed all the validation failures as documented by Microsoft here, but none of them addresses my issue.

(Solution) Azure Stack Readiness Checker Fail When Validating Azure Registration 1

Finding the cause

As part of the validation, the Azure Stack Readiness Checker tool check the account that you will use to register Azure Stack with Azure that can sign in to Azure and is a subscription owner.

My account has a full owner on the Azure subscription and I can sign to Azure. I also disabled multi-factor authentication (MFA) for that account for testing purposes but still, the validation keeps failing.

After reviewing the role definition for that user by running the following PowerShell script, I find out that the Get-AzureRmRoleAssigment command did not return any results.

$subscriptionId = 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX'
Login-AzureRmAccount -Subscription $subscriptionId
$context = Get-AzureRmContext
Get-AzureRmSubscription
Get-AzureRmTenant
$objectId = (Get-AzureRmADUser -UserPrincipalName $context.Account.id).id
Get-AzureRmRoleAssignment -objectid $objectid.Guid -Scope "/subscriptions/$subscriptionId" 

The account I am using to validate Azure subscription is a member of an Azure AD Security Group, and that group is an owner on that subscription!

I ran the Get-AzureRmRoleAssigment against the AAD security group this time and I got the role definition which is Owner as expected. So what is the issue with that account?

Fixing the issue

At the time of this writing, if you encountered this issue, you need to add the account you use to validate Azure Stack registration on the Azure subscription directly as owner, and NOT the Azure AD Security Group as subscription owner. I don’t know why that could be an issue as of today…

After adding that account directly on the Azure subscription as owner, the validation passed as shown in the next screenshot.

(Solution) Azure Stack Readiness Checker Fail When Validating Azure Registration 2

Last but eventually not least, Microsoft is actively working and investigating this issue to determine the root cause and find a permanent solution.

Thanks to the Azure Stack team for their help in getting to the bottom of this.

Hope this helps someone out there!

__
Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

Previous

Celebrate World Backup Every Day and Win the Contest With @AltaroSoftware

Install System Center 2019 Data Protection Manager on Windows Server 2019 and SQL Server 2017

Next

Leave a comment below...

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to Charbel Nemnom’s Blog

Get the latest posts delivered right to your inbox

The content of this website is copyrighted from being plagiarized! However, you can copy from the 'Code Blocks'.

Please send your feedback to the author using this form for any 'Code' you like.

Thank you for visiting!