Forum Discussion
Azure Stack HCI Cluster deployment fails in the ValidateExternalAD step
Hi experts,
I'm trying to deploy an hybrid cluster with Azure Stack HCI 23H2 servers, I follow the steps in the documentation:
https://learn.microsoft.com/en-us/azure-stack/hci/deploy/deployment-introduction
I'm deploying the cluster from Azure portal and I get this error message:
I reviewed the C:\MASLogs\AzStackHciEnvironmentChecker.log log and this is the error:
[5/25/2024 2:52:12 PM] [INFORMATIONAL] [Add-AzStackHciEnvJob] Adding current job to progress: System.Collections.Hashtable
[5/25/2024 2:52:12 PM] [INFORMATIONAL] [Test-OrganizationalUnit] Executing Test-OrganizationalUnit
[5/25/2024 2:52:12 PM] [INFO] [Test-OrganizationalUnitOnSession] Executing test on LAB-HCI1
[5/25/2024 2:52:12 PM] [INFO] [Test-OrganizationalUnitOnSession] Executing tests with parameters:
[5/25/2024 2:52:12 PM] [INFO] [Test-OrganizationalUnitOnSession] ClusterName : mscluster
[5/25/2024 2:52:12 PM] [INFO] [Test-OrganizationalUnitOnSession] UsersADOUPath : OU=Users,OU=ms309,DC=mycompany,DC=com
[5/25/2024 2:52:12 PM] [INFO] [Test-OrganizationalUnitOnSession] AdServer : mycompany.com
[5/25/2024 2:52:12 PM] [INFO] [Test-OrganizationalUnitOnSession] NamingPrefix : HCI01
[5/25/2024 2:52:12 PM] [INFO] [Test-OrganizationalUnitOnSession] PhysicalMachineNames : LAB-HCI1 LAB-HCI2
[5/25/2024 2:52:12 PM] [INFO] [Test-OrganizationalUnitOnSession] AdCredentialsUserName : msdeployuser
[5/25/2024 2:52:12 PM] [INFO] [Test-OrganizationalUnitOnSession] ADOUPath : OU=ms309,DC=mycompany,DC=com
[5/25/2024 2:52:12 PM] [INFO] [Test-OrganizationalUnitOnSession] DomainFQDN : mycompany.com
[5/25/2024 2:52:12 PM] [INFO] [Test-OrganizationalUnitOnSession] ComputersADOUPath : OU=Computers,OU=ms309,DC=mycompany,DC=com
[5/25/2024 2:52:12 PM] [INFO] [Test-OrganizationalUnitOnSession] AdCredentials : System.Management.Automation.PSCredential
[5/25/2024 2:52:12 PM] [INFO] [Test-OrganizationalUnitOnSession] Executing test RequiredOrgUnitsExist
[5/25/2024 2:52:12 PM] [INFO] [RequiredOrgUnitsExist] Checking for the existance of OU: OU=ms309,DC=mycompany,DC=com
[5/25/2024 2:52:12 PM] [INFO] [Test-OrganizationalUnitOnSession] Test RequiredOrgUnitsExist completed with: System.Collections.Hashtable
[5/25/2024 2:52:12 PM] [INFO] [Test-OrganizationalUnitOnSession] Executing test LogPhysicalMachineObjectsIfExist
[5/25/2024 2:52:12 PM] [INFO] [PhysicalMachineObjectsExist] Validating seednode : LAB-HCI1 is part of a domain or not
[5/25/2024 2:52:13 PM] [ERROR] [PhysicalMachineObjectsExist] Seed node LAB-HCI1 joined to the domain. Disconnect the seed node from the domain and proceed with the deployment
[5/25/2024 2:52:13 PM] [INFO] [Test-OrganizationalUnitOnSession] Test LogPhysicalMachineObjectsIfExist completed with: System.Collections.Hashtable
[5/25/2024 2:52:13 PM] [INFO] [Test-OrganizationalUnitOnSession] Executing test GpoInheritanceIsBlocked
[5/25/2024 2:52:17 PM] [INFO] [Test-OrganizationalUnitOnSession] Test GpoInheritanceIsBlocked completed with:
[5/25/2024 2:52:17 PM] [INFO] [Test-OrganizationalUnitOnSession] Executing test ExecutingAsDeploymentUser
[5/25/2024 2:52:17 PM] [WARNING] [ExecutingAsDeploymentUser] User 'msdeployuser not found in ' hence skipping the rights permission check. This may cause deployment failure during domain join phase if the user doesn't have the permissions to create or delete computer objects
[5/25/2024 2:52:17 PM] [INFO] [Test-OrganizationalUnitOnSession] Test ExecutingAsDeploymentUser completed with: System.Collections.Hashtable
[5/25/2024 2:52:17 PM] [INFORMATIONAL] [Close-AzStackHciEnvJob] Updating current job to progress with endTime: 2024/05/25 14:52:17 and duration 5
[5/25/2024 2:52:17 PM] [INFORMATIONAL] [Write-AzStackHciEnvProgress] AzStackHCI progress written: \MASLogs\AzStackHciEnvironmentReport.xml
[5/25/2024 2:52:17 PM] [INFORMATIONAL] [Write-AzStackHciEnvReport] JSON report written to \MASLogs\AzStackHciEnvironmentReport.json
[5/25/2024 2:52:17 PM] [INFORMATIONAL] [Write-AzStackHciFooter] Log location: \MASLogs\AzStackHciEnvironmentChecker.log
[5/25/2024 2:52:17 PM] [INFORMATIONAL] [Write-AzStackHciFooter] Report location: \MASLogs\AzStackHciEnvironmentReport.json
[5/25/2024 2:52:17 PM] [INFORMATIONAL] [Write-AzStackHciFooter] Use -Passthru parameter to return results as a PSObject.
[5/25/2024 2:52:17 PM] [INFORMATIONAL] [Write-AzStackHciFooter] Invoke-AzStackHciExternalActiveDirectoryValidation completed. Id:ArcInitialization\ExternalActiveDirectory\c04daeb4
I assigned all admin permissions in the AD (like Administrators and Domain Admins Groups) and Delegate Control of the OU for msdeployuser
Regards.