Solved

Azurestack Hub integration with Commvault 11.24.0

  • 19 July 2021
  • 6 replies
  • 345 views

Badge +2

Hello All,

 

I am trying to setup an integration between Azurestack and Commvault but even after following the URLs below and Azure powershell was installed it keeps on giving the error as below :

Add hypervisor failed. Validate VS credentials failed. Error [100:Failed to connect to virtual machine host [https://portal.azslab.local/a84fbca7-3bba-4c58-8d6a-1426278db8a2/?microsoft_azure_billing_provider=58640284-879b-4ce9-b81f-42f5e38d14b6?SubscriptionId=56BD8014-E521-4DD8-B4CD-A29C05712C2B] as user [Azurestack-commvaultbackup-1272060f-2ae5-40ab-87d4-cc0cf9df3e93] from access node [pcommsrvazs01]. [Failed to get AzureStack URLs, Please make sure Azure PowerShell is installed on the proxy]]

 

I have an ADFS server for authentication with Azurestack. Please guide me on the error.

Environment:

An all in one physical server has been deployed as commserve acting as VSA Proxy for azurestack :

Powershell installed :

Run Powershell in an elevated prompt

Powershell Gallery access (can be done with Internet Access & Offline too)

Install-module -Name PowerShellGet -Force

 

Get-PSRepository -Name "PSGallery"

 

 

 

 

If the repository isn't registered, open an elevated PowerShell session and run the following command:

Register-PSRepository -Default

Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted

 

Procedure - AD FS

  1. Create a service principal for AD FS. Refer to: Create Service Principal for AD FS.
  2. Assign role to the newly created service principal. Refer to: Assign role to service principal.
  3. Log on to the Azure Stack Hub portal. Use the service principal with the following command:

Add-AzureRmAccount -EnvironmentName "<AzureStackEnvironmentName>" -ServicePrincipal -CertificateThumbprint $servicePrincipal.Thumbprint -ApplicationId $servicePrincipal.ApplicationId -TenantId $directoryTenantId

  1. Optional: You can use the predefined Contributor role or define a custom role to specify more limited permissions that can be used for backup and restore operations, either for a specific resource group or for the subscription as a whole. At a minimum, include the permissions listed in the CVBackupRole.json file.

Download the CVBackupRole.json file, which contains minimal permissions needed for Azure backup and restore operations.

Use a JSON editor to modify the following entry and change #SubscriptionID# to your subscription ID:

"AssignableScopes" : ["/subscriptions/#SubscriptionID#"]

 

To complete the setup of the Azure Stack Hub virtualization client in the CommCell Console, you will need the following:

  • Application name
  • Application ID
  • Subscription ID
  • Tenant ID (Directory ID)
  • Application key.

 

  1. For Hypervisor name or Client name, type a descriptive name for the hypervisor.
  2. For Authentication Type, select the deployment type from the following:
    • Azure Active Directory
    • Active Directory Federation Services
  3. For Resource Manager URL, type the web site address that will be used to communicate with your Azure Stack Hub environment.
  4. Enter host or account information:
    • Subscription ID: Enter the subscription ID for your Azure account.
    • Tenant ID: Enter the tenant ID associated with the Azure account.
    • Application ID: Enter the application ID associated with the tenant.
    • Application password: Enter the password for the application.
  5. From the Access node list, select a previously deployed proxy

The VSA proxy must be an Azure virtual machine in the region to be protected.

  1. Click Save.
icon

Best answer by Dipendra 25 July 2021, 17:00

View original

6 replies

Userlevel 7
Badge +23

Appreciate the reply!!

Badge +2

@Mike Struening 

Thankyou for the followup, after login to the portal and verifying the application ID which was mistakenly taken as Application ID from the powershell output rather we should either take it from Azurestack portal or Client ID from the powershell output as App ID during registration.

Userlevel 7
Badge +23

Hey @Dipendra , did you have a chance to review those log files?

Let me know what you found!

Userlevel 7
Badge +23

Sure thing!

Let’s start with cvd and vsdiscovery on the proxy server.

Badge +2

@Mike Struening 

Thankyou very much for the response. Which logs would you like to see so that I can try and scan through them myself before pushing a support case. Please share 

Userlevel 7
Badge +23

Hey @Dipendra !  I reviewed this issue with a few colleagues and the consensus is we should get a support case opened.  We’d want to see the logs in detail and request items you likely wouldn’t put on the public forums.

Can you create a support case and share the case number so I can follow up accordingly?

Reply