I started installing AzureStack by quickly skimming over the install instructions here.
This not paying attention to the detail resulted in multiple failed deployments.
After reading the first point in a hurry.
I ended up using the Microsoft account (Global-admin for my subscription), associated with my Azure subscription. Note that using Microsoft account is supported as per the documentation, below is a screenshot from here.
![]()
But this ended up miserably, as my Microsoft account email is of the format -> 'dexterrocks@yahoo.in' .
Now the problem with the above email address is that on Azure AD it registers a tenant with domain name -> dexterrocksyahoo.onmicrosoft.com
So the Azure AD authentication will never go through, as the tenant ID is not resolvable using the above mentioned mail id.
Why this won't work is easy to see as the Azure tenant ID is not resolvable, see below :
If you have a custom domain and you have registered it in Azure AD then it should work and even Microsoft accounts which are of the below format will work :
<username>@Microsoft.com
<username>@outlook.com
<username>@live.com
Or any other domains which MSFT owns and are resolvable (the tenant ID).
The above similar technique to fetch the tenant ID was mentioned at the Azure stack documentation, which seems to have been removed now but thanks to GitHub you can find the commit here which made this change.
I had to create a new user in my default directory on Azure and then grant him service-admin access, his email was of the format -> "testuser@dexterrocksyahoo.onmicrosoft.com"
I supplied this user credentials to the AzureStack deployment later.
I already had Server 2016 installed, so I never went to the process of doing the VHD boot and skipped the step where it says:
To be on safer side configure the BIOS time and OS Time to match (also set the OS timezone to your local timzone).
After I fixed above two things, I am not sure on which one fixed my deployment but this did the trick and re-running the AzureStack install went through fine and the POC got deployed.
The two very important aspects of the Azure Stack deployment that I screwed up are :
- Entering the credentials for your Azure Active Directory Account. This user must be the Global Admin in the directory tenant
- Timezone settings on the host where Azure Stack deployment is running must be same as the local time zone.
Credentials
After reading the first point in a hurry.
I ended up using the Microsoft account (Global-admin for my subscription), associated with my Azure subscription. Note that using Microsoft account is supported as per the documentation, below is a screenshot from here.
But this ended up miserably, as my Microsoft account email is of the format -> 'dexterrocks@yahoo.in' .
Now the problem with the above email address is that on Azure AD it registers a tenant with domain name -> dexterrocksyahoo.onmicrosoft.com
So the Azure AD authentication will never go through, as the tenant ID is not resolvable using the above mentioned mail id.
Why this won't work is easy to see as the Azure tenant ID is not resolvable, see below :
001 002 003 | $MSFTAccount = 'dexterrocks@yahoo.in' $AADDomain = ($MSFTAccount -split '@')[-1] (Invoke-WebRequest "https://login.windows.net/$($AADDomain)/.well-known/openid-configuration"|ConvertFrom-Json).token_endpoint.Split('/')[3] |
If you have a custom domain and you have registered it in Azure AD then it should work and even Microsoft accounts which are of the below format will work :
<username>@Microsoft.com
<username>@outlook.com
<username>@live.com
Or any other domains which MSFT owns and are resolvable (the tenant ID).
The above similar technique to fetch the tenant ID was mentioned at the Azure stack documentation, which seems to have been removed now but thanks to GitHub you can find the commit here which made this change.
I had to create a new user in my default directory on Azure and then grant him service-admin access, his email was of the format -> "testuser@dexterrocksyahoo.onmicrosoft.com"
I supplied this user credentials to the AzureStack deployment later.
Timezone
I already had Server 2016 installed, so I never went to the process of doing the VHD boot and skipped the step where it says:
Configure the BIOS to use Local Time instead of UTC
To be on safer side configure the BIOS time and OS Time to match (also set the OS timezone to your local timzone).
After I fixed above two things, I am not sure on which one fixed my deployment but this did the trick and re-running the AzureStack install went through fine and the POC got deployed.