I’ve had a couple of customers lately who’s had sudden issues with Azure Pack reporting a error 500 when used in combination with ADFS after logging on.
It’s because the ADFS Certificate has been updated and the thumbprint in WAP doesn’t match the one presented from ADFS anymore.
Mark has made a great post about it here (all credits to him for the solution): Error 500 Azure Pack tenant portal – Jwt10329 Error
I’ve modified Mark’s script a little bit so I can easily run it at various customers without modifying the URL’s. It will basically read the old value from the config and re-use that hostname for the ADFS dns entry.
This script assumes you are using ADFS for both the tenant and admin sites.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
Import-Module -Name MgmtSvcConfig $DBHOST = "MSSQL01" $DBUSER = "SA" $DBPASS = "Password" $connectionstring = "Server=$DBHOST;Initial Catalog=Microsoft.MgmtSvc.Store;User ID=$DBUSER;Password=$DBPASS" Test-MgmtSvcDatabase -ConnectionString $ConnectionString -Schema Config $TargetTenant = Get-MgmtSvcRelyingPartySettings -ConnectionString $connectionstring -Target Tenant $TargetAdmin = Get-MgmtSvcRelyingPartySettings -ConnectionString $connectionstring -Target Admin $TargetMembership = get-MgmtSvcIdentityProviderSettings -ConnectionString $connectionstring -Target Membership $TargetWindows = get-MgmtSvcIdentityProviderSettings -ConnectionString $connectionstring -Target Windows Set-MgmtSvcRelyingPartySettings -Target Admin -MetadataEndpoint ("https://"+$TargetAdmin.Endpoint.Host+"/FederationMetadata/2007-06/FederationMetadata.xml") -ConnectionString $ConnectionString #-DisableCertificateValidation Set-MgmtSvcIdentityProviderSettings -Target Windows -MetadataEndpoint ("https://"+$TargetWindows.ReplyTo.Host+"/FederationMetadata/2007-06/FederationMetadata.xml") -ConnectionString $ConnectionString #-DisableCertificateValidation Set-MgmtSvcRelyingPartySettings -Target Tenant -MetadataEndpoint ("https://"+$TargetTenant.Endpoint.Host+"/FederationMetadata/2007-06/FederationMetadata.xml") -ConnectionString $ConnectionString #-DisableCertificateValidation Set-MgmtSvcIdentityProviderSettings -Target Membership -MetadataEndpoint ("https://"+$TargetMembership.ReplyTo.Host+"/FederationMetadata/2007-06/FederationMetadata.xml") -ConnectionString $ConnectionString #-DisableCertificateValidation |
Just update the HOST, Username and Password and run the script on the AdminSite server. When done, logon to AzurePack as normal.