Top Menu

Category Archives Windows Azure Pack

One of the best practices is run Windows Azure Pack Application Pools on dedicated account. WAP has quite a lot Application Pools and changing each manually is not very comfortable. You can do bulk change using below PowerShell script (Assumption: You use the same identity for each AppPool).

### Change the variables to fit your environment
$userName = "domain\username"
$password = "password"

### Let's start the party!
Import-Module WebAdministration
$appPools = Get-ChildItem IIS:\AppPools | where { $_.Name -like "MgmtSvc-*" }
foreach($appPool in $appPools)
    $appPool.processModel.userName = $userName
    $appPool.processModel.password = $password
    $appPool.processModel.identityType = 3
    $appPool | Set-Item
    $name = $
    Write-Host "$name updated..." -ForegroundColor Green
Write-Host "Done!" -ForegroundColor Yellow

Of course you can easily customize the script to other things than the WAP by changing the condition ūüôā

Update Rollup 8 for System Center 2012 R2 (KB3096378) released ! This time new features and bug fixes cover below components:


  1. First test everything in your test or lab environment, before you deploy an Update Rollup in production environment!
  2. Before you deploy UR8, make sure you applied previous UR releases. You need to keep installation order of UR releases. First install previous releases, if you have not already done.
  3. Make sure you will plan right upgrade sequencing in your production environment. Before it, read this TechNet article: Upgrade Sequencing for System Center 2012 R2.

Happy upgrading ūüôā

In the last project which I worked on, I had strange behavior with out-of-box WAP configuration. Everything was good until I did first tests in WAP like creating new Plans. Each attempt ended in failure with error:

One or more errors occurred while contacting the underlying notification subscribers. The operation may be partially completed.

and with EventID 12 in MgmtSvc-AdminAPI and MgmtSvc-AdminSite log.

Unfortunately event details was not very helpful Рjust standard .NET stack trace exception without any useful information. After long and deep investigation using Fiddler, Network Monitor, and other tools the cause was discovered. That was discrepancy between the encrypted password set on each of the AdminAPI nodes for the UsageService Resource Provider and the local encrypted web.config (The UsageAdminAPIClient is used by the AdminAPI to contact the UsageService).

If you have similar cause, check passwords using below¬†commands –¬†all run on the AdminAPI machine.

The command below will show the UsageService passwords for the AdminEndpoint:

(Get-MgmtSvcResourceProviderConfiguration -DecryptPassword -Name UsageService).AdminEndpoint

The below command can tell you what the initially-configured password with which the UsageService was configured:

$dbServer = ''
$passphrase = 'WapPassphrase'
$connectionString = [string]::Format('Data Source={0};Initial Catalog=Microsoft.MgmtSvc.Config;Integrated Security=SSPI;Persist Security Info=False', $dbServer)
Get-MgmtSvcDatabaseSetting -Namespace UsageService -Passphrase $passphrase -Name UsageAdminAPIPassword -ConnectionString $connectionString

Note that even if the above values match what is in the provider configuration, the actual value used by the UsageService at run-time to validate incoming requests is hashed and stored locally in the web.config of the usage service:

Get-MgmtSvcSetting -Namespace UsageService -Name UsageAdmin*

If you want to update the configured password for the UsageService, you can do so using the following command:

Set-MgmtSvcSetting -Namespace UsageService -Name UsageAdminAPIPassword -Value 'MyNewPassword' -Encode

Now you can try to reset the passwords using the following script. This will grab the existing password out of the database and then set if back to both the web.config and the database (Repeat this script on each AdminAPI node if you have more then one server).

Import-Module MgmtSvcAdmin
$dbServer = ''
$passphrase = 'WapPassphrase'
$connectionString = [string]::Format('Data Source={0};Initial Catalog=Microsoft.MgmtSvc.Config;Integrated Security=SSPI;Persist Security Info=False', $dbServer) 
$usageAdminAPIPassword = (Get-MgmtSvcResourceProviderConfiguration -DecryptPassword -Name UsageService).AdminEndpoint.AuthenticationPassword
Write-Host -ForegroundColor Yellow "Old password"
Get-MgmtSvcDatabaseSetting -Namespace UsageService -Passphrase $passphrase -Name UsageAdminAPIPassword -ConnectionString $connectionString
Write-Host ""
Write-Host -ForegroundColor Yellow "Updating UsageAdminAPIPassword password in web.config and database" 
Write-Host ""
Set-MgmtSvcSetting -Namespace UsageService -Name UsageAdminAPIPassword -Value $usageAdminAPIPassword -Encode
Set-MgmtSvcDatabaseSetting -Namespace UsageService -Name UsageAdminAPIPassword -Value $usageAdminAPIPassword -ConnectionString $connectionString -Force -Passphrase $passphrase

To summarize above:

  • Symptom
    • Provisioning Plans in WAP fail when it is created.
  • Cause
    • Encrypted password for UsageService Resource Provider on the AdminAPI nodes and the local web.config and the database out of sync.
  • Resolution
    • Reset password for the UsageService on both AdminAPI nodes, set same password in the database used attached script.