none
ConfigARMAutoGrowShrinkCert TenantId Parameter not found

    Question

  • When trying to follow https://docs.microsoft.com/en-us/azure/virtual-machines/windows/classic/hpcpack-cluster-node-autogrowshrink to set up Autoscale for a cluster created using the template `Create HPC Pack cluster for Excel workloads` and `Resource Manager` I've encountered an issue on step 4 of the prerequisites. An error message of "A parameter cannot be found that matches the parameter 'TenantId'." I used "Get-Help .\ConfigARMAutoGrowShrinkCert.ps1 -full" to examine the parameters and it wasn't in the list either.

    Running it without the parameter came up with "Failed to assign 'Contributor' role for the service Principal, try again...".

    I was able to send a request to the cluster and have it calculate and return results, but no nodes were added to the cluster.

    Wednesday, July 26, 2017 11:32 PM

All replies

  • Hi IvenBach,

    This could be caused by a newer version of Microsoft Azure PowerShell in which the property names changes. Please update the script ConfigARMAutoGrowShrinkCert.ps1 under %CCP_HOME%Bin in the following lines and retry it.

    Line 77: Get-AzureRmContext|%{$_.Tenant.TenantId} --> Get-AzureRmContext|%{$_.Tenant.Id}

    Line 88: Get-AzureRmContext|%{$_.Subscription.SubscriptionId} --> Get-AzureRmContext|%{$_.Subscription.Id}

    You may also check if the latest Microsoft Azure PowerShell with version 4.2.1 is installed. To check the version, run:

    (Get-Module -ListAvailable | Where-Object{ $_.Name -eq 'Azure' }) | Select Version, Name, Author, PowerShellVersion | Format-List;

    Regards,

    Yutong Sun


    Thursday, July 27, 2017 6:26 AM
  • Yutong,

    I ran the command you provided and the Azure HeadNode version is 1.5.0. I think this is the main reason why it wasn't working.

    The file ConfigARMAutoGroShrinkCert.ps1 for line 77 was the try-catch block below

    try
    {
        $sub = Get-AzureRmSubscription -SubscriptionId $SubscriptionId
    }
    catch
    {
        throw "The AzureRm subscription $SubscriptionId not found, run Login-AzureRmAccount to login first"
    }

    line 88 was the following if-else block

    if($PsCmdlet.ParameterSetName -eq "Thumbprint")
    {
        $cert = Get-Item Cert:\CurrentUser\My\$CertificateThumbprint -ErrorAction SilentlyContinue
        if($null -eq $cert)
        {
            $cert = Get-Item Cert:\LocalMachine\My\$CertificateThumbprint -ErrorAction SilentlyContinue
        }

        if($null -eq $cert)
        {
            throw "The certificate with thumbprint $CertificateThumbprint not found, you shall import the certificate under Cert:\CurrentUser\My or Cert:\LocalMachine\My"
        }
    }
    else
    {
        $retry = 0
        while($true)
        {
            try
            {
                $cert = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList @($PfxFile, $Password)
                break
            }
            catch
            {
                if($_.Exception.HResult -eq 0x80070056)
                {
                    if([String]::IsNullOrEmpty($Password))
                    {
                        $prompt = "The certificate file $PfxFile is password protected. Please input the password"
                    }
                    else
                    {
                        $prompt = "The password for the certificate file $PfxFile is incorrect. Please input the correct password"
                    }
                    
                    if($retry -lt 3)
                    {
                        $secPsw = Read-Host -Prompt $prompt -AsSecureString
                        $Password = ConvertSecureStrToPlain -SecurePassword $secPsw 
                        $retry++
                    }
                    else
                    {
                        throw "The password for the certificate file $PfxFile is incorrect."
                    }
                }
                elseif($_.Exception.HResult -eq 0x80092009)
                {
                    throw "The file $PfxFile is not a valid PFX file."
                }
                else
                {
                    throw "Failed to read the certificate file $PfxFile : $_"
                }
            }
        }

        $CertificateThumbprint = $cert.Thumbprint
        $foundCert = Get-Item Cert:\CurrentUser\My\$CertificateThumbprint -ErrorAction SilentlyContinue
        if($null -eq $foundCert)
        {
            $foundCert = Get-Item Cert:\LocalMachine\My\$CertificateThumbprint -ErrorAction SilentlyContinue
        }
        if($null -eq $foundCert)
        {
            $secPsw = ConvertTo-SecureString -String $Password -AsPlainText -Force
            Write-Host "Import Certificate $PfxFile to Cert:\CurrentUser\My\$CertificateThumbprint"
            Import-PfxCertificate -FilePath $PfxFile -CertStoreLocation Cert:\CurrentUser\My -Password $secPsw
        }
        else
        {
            Write-Host "The Certificate with same thubprint $CertificateThumbprint was already in certificate store"
        }
    }

    Thursday, July 27, 2017 5:24 PM
  • Hi ExcelGrunt,

    Suppose you are using HPC Pack 2012 R2, since we updated the script in HPC Pack 2016, so the lines do not match.

    For the script in HPC Pack 2012 R2, the TenantId parameter does not exist and is not needed. For the error "Failed to assign 'Contributor' role for the service Principal, try again...", it may be caused by the timing issue when assigning role for newly created service principal, you may add a line '$_' in the following script section to verify the error message:

                if($retry -lt 10)
                {
                    $retry++
                    Write-Host "Failed to assign 'Contributor' role for the service Principal, try again..."
    $_
                    Start-Sleep -Seconds 10
                }
                else
                {
                    throw
                }

    The script has built-in 10 retries with 10 seconds interval to assign the 'Contributor' role to the Service Principal.

    Regards,

    Yutong Sun

    Friday, July 28, 2017 5:22 AM