• State Not Answered
  • Replies 16 replies
  • Subscribers 26 subscribers
  • Views 11060 views
  • Users 0 members are here
Options
Related

Help troubleshooting Azure archive (powershell)

Emte
over 4 years ago

We are seeing a lot of issues when setting up cloud accounts to Azure. We know the issue is with Azure but since its being configured from RR we are always involved (and blamed)

Could anyone help me find a way to test the information that RR uses to setup a cloud account but outside of RR?

I am thinking it could be done with powershell fairly easy but I am not sure what would be required. I would love it if there was a quick script/ commandlet I could type into powershell to test the customers setup. If it fails in powershell then they know the issue is azure not RR. It also seems like it maybe easier to troubleshoot this way also

I tried to ind enough information from azure logging and RR but they don't seem to pass enough information for me to pull the cmd apart

Thanks in advance

Parents
  • 0 over 4 years ago

    I'm not sure what you mean. You're saying you are trying to configure a cloud account and it gives you an error? Do you have an example of the error? I'm not sure how we would script a validation that would be any better than the validation done when creating the account.

    When you find the issue, what is the cause of it usually? Is it the customer didn't create the correct storage account? Or didn't provide the right subscription ID or something like that?

    I'm at a loss as to what you're trying to validate. Would screenshots of where to get the correct info in Azure help your users? Or maybe a video?

  • 0 over 4 years ago in reply to Tim Seymour

    "I'm not sure how we would script a validation that would be any better than the validation done when creating the account."

    I am not asking for a better validation, I am looking for a way to show this validation fails outside of RR and prove its not a RR issue. These customers are getting upset with RR since everything typically looks right (according to them) on azure but RR is failing. So they beleive its an issue with RR. Its not, but that is not how they see it and I don't have any tools to quickly prove that it is not

    The configuration on azure is a pain (I am not an azure expert) and has a ton of steps where it is easy to make a mistake. Add to that how often the azure portal changes (for example the 6.4 docs are already out of date and not 100% accurate) and its easy to mess it up 

  • 0 over 4 years ago in reply to Emte

    I'll think on ways to deal with this specific issue/request. I'm not a big fan of spending a lot of time coding something to test if the configuration is correct or not when the UI already does that for us and we know it works, because we have it working. I'd prefer to spend time on making sure people understand how to configure it properly. Azure can definitely be confusing.

    Based on the error message you provided, it appears that the App Registration probably doesn't have at least the contributor role on the subscription that is being used.

    I've summarized the configuration steps needed in Azure. All this info comes from https://support.quest.com/technical-documents/rapid-recovery/6.4/user-guide/72#TOPIC-1347318. Hopefully these help you to better understand the process that you are doing:

    1. Create an app registration in Azure AD (this is like creating a user account that will be used to authenticate with Azure).
      1. Make sure you specify a Redirect URI during creation.
      2. Copy the Application ID from the overview page after created.
    2. Create a Client Secret for the app registration (this is like creating a password for the account that will be used to authenticate with Azure).
      1. When viewing the overview page for the app registration click on "Certificates and secrets" -> Click "New client secret" button.
      2. Make sure to copy the secret and store it in a safe place. It won't ever be shown again. You will have to create a new one if you lose this one.
    3. Give the App Registration permissions to the subscription that it is going to use for all the resources it creates in Azure.
      1. Go to Subscriptions -> your subscription -> Access Control (IAM) -> Add role assignment -> choose "contributor" as the role and your app registration name as the object you are applying the permissions to. Save it.
      2. Copy the subscription ID from the summary page of the subscription.
    4. Copy the tenant ID from the Azure Active Directory overview page.

    After doing this you should be able to add the Cloud account in RR.

  • 0 over 4 years ago in reply to Tim Seymour

    Nevermind, I am working on the powershell cmd myself. I was just hoping you guys could give me some insight into what process RR uses since "the UI already does that for us and we know it works, because we have it working"

    "I'd prefer to spend time on making sure people understand how to configure it properly"

    Good luck with that

     

  • 0 over 4 years ago in reply to Emte

    Cool. I'm sure there are others here who would be interested in what you are doing if you wanted to post updates. We appreciate the feedback.

Reply Children
  • 0 over 4 years ago in reply to Tim Seymour

    If you are sure others would be interested in it and you guys already have have it working. Why not help vs decline? 

  • 0 over 4 years ago in reply to Emte

    We have an Azure account setup and working in RR for export. We don't have any collateral or work done around a script that would imitate what Rapid Recovery does when you create a cloud account. All we did to get our cloud account working in RR was to follow the steps I posted above. Sorry if I made it sound like we have something more. We don't. We've just set this up multiple times in our lab and it works for us. So we know with the correct configuration, you don't get errors when creating a cloud account. We don't need any tools outside of RR to test that. We're happy to help by looking at your config if you want to open a support case.

  • 0 over 4 years ago in reply to Tim Seymour

    Tim, I know you help out a lot here and you have given a ton of great info. This is going to sound snarky (at least it does to me) and its not meant that way.

    "So we know with the correct configuration, you don't get errors when creating a cloud account"

    Of course if you have the correct configuration its going to work, I have said it multiple times but the issue I am trying to address here is NOT a RR issue, its an Azure configuration issue. But since RR fails to setup a cloud account due to the azure configuration issue, users of RR blame RR.

    You linked the 6.4 user guide on how to setup Azure Virtual Exports so you know there is nothing simple or straight forward about it. Its long and filled with a ton of steps that are easy to mess up when setting it up on Azure (the RR part is easy) And the 6.4 guide is already out of date thanks to changes made on the Azure portal so its only going to get worse.

    I know you don't have any collateral work done around a script but I was hoping you could take a look at the code and say RR simply sends the following cli/ powershell cmdlet to azure when setting up the cloud account and I could take it from there. I think I have all the commands to get the information requested but working on the full cmd now. Not sure if its new-azvmss or not for example (I dont work with azure often)

  • 0 over 4 years ago in reply to Emte

    Ah, so let me clear up some misconceptions. I don't have any access to the source code. No one in support does. So "take a look at the code" is not something I (or anyone in support) can do. I do know that we don't just use powershell commands to interact with Azure. In almost all cases we use API calls. So even if I could look at the code (which I can't) and I were to pull out what we are doing, what I'd get is a list of functions that make API calls that you couldn't easily put into a powershell script. You'd basically have to design a small application to do exactly what we are already doing, so that's not really helpful to you. Nor would that be quick for you to build (unless your a developer with a good understanding of Azure APIs). 

    So to do this with a powershell script I'd be starting from the same point you did, and would have to start from scratch reading the Azure powershell documentation to figure out how to make calls that imitate or at least test the same functions that RR is doing in the GUI. Even then if you use powershell it isn't using the same functions RR is, so it's not a true apples to apples comparison.

  • 0 over 4 years ago in reply to Tim Seymour

    The API calls to Azure are pretty easy to read, you can look up a few examples if you are interested (https://docs.microsoft.com/en-us/rest/api/azure/)

    So it would be a great starting point to try and translate them from json (for example) to powershell or CLI (and if not, we have developers on our side who could help me)

    As far as access, I am surprised that no one in support has access to at least read code but even so I am sure there is a process for support to ping Dev if you wanted.

    Dont worry, I think I have the powershell script almost done so I can prove its a Azure configuration issue but I still don't know why its failing

  • 0 over 4 years ago in reply to Emte

    To ping dev and ask, I need you to open a support case and we can escalate it. That's the only way I can ping Dev to get that kind info for a customer. That's our policy.

  • 0 over 4 years ago in reply to Tim Seymour

    Makes sense, I think I almost have it complete so no need