mattmcspirit / hybridworkshop Goto Github PK

Hey Matt!

Tried again your workshop and here goes a couple of feedback for the AKS part, which got updated from what I can see:

"In the Add a node pool blade, enter the following, then click Add
Node pool name: LinuxPool1"

However, this pool name isn't supported anymore:

"Next, you'll scale your Kubernetes cluster to have 2 Linux worker nodes and 1 Windows worker node:"

As far as I understood in the documentation, the PS commands changed to:

And, at the end when I tried to use kubectl:

So, I'm sure if kubectl it still installed by default, of if it was just a transient error. However, I was able to install it easily with choco!

I received the message Ensure that you have authenticated with a developer tool that supports Azure single sign on.'

I have multiple AZ tenants with some that require MFA.

I had to download Azure CLI and login with the specific tenant to get around the issue.

az login --tenant TENANT_ID

Hi Matt,

Thanks for this workshop! Really an awesome hands-on experience.

I've a couple of suggestions from the experience I had:

1. Although I was able to register HCI cluster, I got the following message:

And from Azure Portal:

I don't know if the nodes are using the latest HCI version, or if this is expected, but just double checking that with you.

2. Scale AKS nodes:

The command you describe isn't available anymore. It changed to the one I'm sharing above.

Also, the message should say we're scaling to 2 linux worker nodes and 1 windows worker nodes, since no windows worker nodes were there before.

3. Adding NAT rule

I wasn't able to create the NAT rule as described in the guide, because the name isn't right, as you can see below:

Once I changed the name to HYBRIDNAT, it worked perfectly.

Thank you,
Francisco Teles

Azure Vm Deployment issue , failing intermittently

Error Message:
{
"status": "Failed",
"error": {
"code": "VMExtensionProvisioningError",
"message": "VM has reported a failure when processing extension 'ConfigureHybridHost'. Error message: "DSC Configuration 'HybridHost' completed with error(s). Following are the first few: WinRM cannot process the request. The following error with errorcode 0x80090350 occurred while using Negotiate authentication: An unknown security error occurred. \r\n Possible causes are:\r\n -The user name or password specified are invalid.\r\n -Kerberos is used when no authentication method and no user name are specified.\r\n -Kerberos accepts domain user names, but not local user names.\r\n -The Service Principal Name (SPN) for the remote computer name and port does not exist.\r\n -The client and remote computers are in different domains and there is no trust between the two domains.\r\n After checking for the above issues, try the following:\r\n -Check the Event Viewer for events related to authentication.\r\n -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.\r\n Note that computers in the TrustedHosts list might not be authenticated.\r\n -For more information about WinRM configuration, run the following command: winrm help config."\r\n\r\nMore information on troubleshooting is available at https://aka.ms/VMExtensionDSCWindowsTroubleshoot "
}
}

Hi Matt,

Trying the lab here, all goes well till the cluster creation. But after that we re not able to either create additional volumes either through WAC portal and with powershell as well, there is no failure message as well. In the WAC Browser after following all the steps, nothing happens, no error message or any other activity. When we run powershell command "new-Volume, after entering the command nothing happens not even a failure message.
Similarly after VM creation if we try to move the VMs from one node to another, the source switch and target switch never appears, and we cant select them so not able to complete "move" process.

In the Step 5 documentation I came across an error while executing the command to create a new WindowsPool:
Now there is:
New-AksHciNodePool -clusterName akshciclus001 -name windowspool -count 1
and I think it should be:
New-AksHciNodePool -clusterName akshciclus001 -OSType Windows -name windowspool -count 1

Any idea why the DSC deployment has been going into an error since a couple of days when trying to deploy to azure?

Getting this error:
{
"code": "DeploymentFailed",
"message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.",
"details": [
{
"code": "VMExtensionProvisioningError",
"message": "VM has reported a failure when processing extension 'ConfigureHybridHost'. Error message: "DSC Configuration 'HybridHost' completed with error(s). Following are the first few: PowerShell DSC resource MSFT_ScriptResource failed to execute Set-TargetResource functionality with error message: PowerShell Desired State Configuration does not support execution of commands in an interactive mode. Please ensure that the underlying command is not prompting for user input, such as missing mandatory parameter, confirmation prompt etc. PowerShell DSC resource MSFT_ScriptResource failed to execute Set-TargetResource functionality with error message: PowerShell Desired State Configuration does not support execution of commands in an interactive mode. Please ensure that the underlying command is not prompting for user input, such as missing mandatory parameter, confirmation prompt etc. The SendConfigurationApply function did not succeed."\r\n\r\nMore information on troubleshooting is available at https://aka.ms/VMExtensionDSCWindowsTroubleshoot "

I have tried to update the WAC from WAC. But for some reason, it isn't doing anything. So I went to update using the download update link from WAC. This next part I am not sure how to complete it. When you go to run the WAC installer it says it can't install on a domain controller. I looked for some sort of -force command that would install or update WAC. Do you know what can be used to do this?

Having issue while setting up the Kubernetes cluster using WAC..
Failed with errors
Install-AksHci - Importing Configuration Completed
Duration: 0 minutes 3 seconds
[Install-AksHci]:GetRelease error returned by API call: run: read /dev/stdin: The handle is invalid.

Even the installation of AksHci is already finished.

Please find the screenshot below for the details.

In the next steps paragraph, it should say part 6 in the link. The link however points correctly to page 6

Hi

I made it to step 5 but when setting up the AKS cluster, the steps point to the InternalNAT switch. I can only select the Compute switch but I get the error that there is no interface connected on. (I guess because of it being a type Internal)

I could setup a new vSwitch (type Extended) but that seems to mess up things with the management adapter.

What am I missing?

HI,

I have found an issue while deploying the Kubernetes cluster, While enabling the CredSSP, I have faced issues related to WinRM. this is due to the certificate and HTTP listener is not enabled on WinRM.
I am able to fix the issue after installing the IIS server, WinRM extension, and with help of using the below commands.

winrm set winrm/config/service @{​​​​​EnableCompatibilityHttpsListener="true"}
winrm set winrm/config/service @{​​​​​EnableCompatibilityHttpListener="true"}
winrm set winrm/config/service @{CertificateThumbprint="WAC certificate thumbprint"}

Hi Matt,

As mentioned before, we're trying your workshop again and we're facing a lot of deployment errors. All of them with the same message:

{
"status": "Failed",
"error": {
"code": "VMExtensionProvisioningError",
"message": "VM has reported a failure when processing extension 'ConfigureHybridHost'. Error message: "DSC Configuration 'HybridHost' completed with error(s). Following are the first few: WinRM cannot process the request. The following error with errorcode 0x80090350 occurred while using Negotiate authentication: An unknown security error occurred. \r\n Possible causes are:\r\n -The user name or password specified are invalid.\r\n -Kerberos is used when no authentication method and no user name are specified.\r\n -Kerberos accepts domain user names, but not local user names.\r\n -The Service Principal Name (SPN) for the remote computer name and port does not exist.\r\n -The client and remote computers are in different domains and there is no trust between the two domains.\r\n After checking for the above issues, try the following:\r\n -Check the Event Viewer for events related to authentication.\r\n -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or use HTTPS transport.\r\n Note that computers in the TrustedHosts list might not be authenticated.\r\n -For more information about WinRM configuration, run the following command: winrm help config."\r\n\r\nMore information on troubleshooting is available at https://aka.ms/VMExtensionDSCWindowsTroubleshoot "
}
}

Could you please help us understand why is the error occurring and what can we do to correct it? We're just using your ARM template deployment as is.

Thanks,
Francisco