Windows Azure Pack- Admin Portal down after renewal token signing certificate

Category: azure pack

Question

Waleedo on Fri, 03 Aug 2018 18:19:05


i had error 500 for Tenant works fine :


but for admin Site run the below commands it didn't work can someone help  ?


Import-Module -Name MgmtSvcConfig
 
$ConnectionString = 'Data Source=SQL01\WAP;Initial Catalog=Microsoft.MgmtSvc.Config;User ID=sa;Password=your pass'
 
Set-MgmtSvcRelyingPartySettings -Target Admin -MetadataEndpoint 'https://adfs.doman.com/FederationMetadata/2007-06/FederationMetadata.xml' -ConnectionString $ConnectionString #-DisableCertificateValidation
 
Set-MgmtSvcIdentityProviderSettings -Target Windows -MetadataEndpoint 'https://tenant.domane.com/FederationMetadata/2007-06/FederationMetadata.xml' -ConnectionString $ConnectionString #-DisableCertificateValidation
 
#When using self-signed certificates uncomment the "–DisableCertificateValidation".

Event viewer logs from admin site:

Error:Error in controller: Home action: Index
System.AggregateException: One or more errors occurred. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
   at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
   --- End of inner exception stack trace ---

i appreciate if someone face the same issue and resolved ? waiting your feedback


Replies

Cristian Negulescu on Fri, 10 Aug 2018 15:30:40


Hello, 

Can you please share what the Capi2 logs show? 

If capi2 is not enabled please follow https://blogs.msdn.microsoft.com/benjaminperkins/2013/09/30/enable-capi2-event-logging-to-troubleshoot-pki-and-ssl-certificate-issues/ and then share the error we get there.

mouradl on Fri, 10 Aug 2018 17:09:59


Make sure you go through this KB when you renew Token certificate for auth sites:

https://support.microsoft.com/en-us/help/3070790/how-to-renew-windows-azure-pack-authentication-sites-certificates

Let us know if the problem still happens after that.

Thank you

Mourad