Failed to deploy HCIBox: failure when processing extension 'Bootstrap' Missing an argument for parameter 'spnProviderId'

[ewouds]

Is your issue related to a Jumpstart scenario, ArcBox, HCIBox, or Agora? HCIBox

Describe the issue or the bug The deployment of HCIbox via AZD failed during the : Creating/Updating resources fase.

Deployment Error Details:

VMExtensionProvisioningError: VM has reported a failure when processing extension 'Bootstrap' (publisher 'Microsoft.Compute' and type 'CustomScriptExtension'). Error message: 'Command execution finished, but failed because it returned a non-zero exit code of: '1'. The command had an error output of: 'C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.10.15\Downloads\0\Bootstrap.ps1 : Missing an argument
for parameter 'spnProviderId'. Specify a parameter of type 'System.String' and try again.
    + CategoryInfo          : InvalidArgument: ...' For more information, check the instance view by executing Get-AzVmssVm or Get-AzVm (https://aka.ms/GetAzVm). These commands can be executed using CloudShell (https://aka.ms/CloudShell)'. More information on troubleshooting is available at https://aka.ms/VMExtensionCSEWindowsTroubleshoot.

TraceID: b81dd39d313a152cd24fdc30f68c7465

To Reproduce

1. azd auth login
2. cd .\azure_jumpstart_hcibox\
3. azd init

Expected behavior deployement finished successfully

Environment summary azd version 1.9.0 (commit 651394c3ddcfadff194d177f8b0ddf06fe3752bf) git: a7da53c52 (HEAD -> main, origin/main, origin/HEAD) Merge pull request #2526 from sebassem/agora_update_base_image_path

Have you looked at the Troubleshooting and Logs section? yes, no logshave been created under c:\HCIbox

[microsoft-github-policy-service[bot]]

Hi ewouds! Thank you for opening this issue. We appreciate your contribution and welcome you to our community! We are glad to have you here and to have your input on the Azure Arc Jumpstart.

[janegilring]

@ewouds When you are in the directory azure_jumpstart_hcibox from a PowerShell session, could you run dir -Recurse -Include .env | Get-Content and check if the output contains a line starting with SPN_PROVIDER_ID=?

If not, did you notice any errors when running azd up?

Specifically on this step:

I just tested on my end, and could not repro - but there could be an issue retrieving the SPN provider id in your environment. Could you run the following to check if the output is similar to mine?

$(az ad sp list --display-name "Microsoft.AzureStackHCI" --output json) | ConvertFrom-Json

[ewouds]

SPN_PROVIDER_ID is not provided in the .env file.

This is output

PS C:\Users\ewoudsmets\Desktop\Adaptive Cloud\azure_arc\azure_jumpstart_hcibox> dir -Recurse -Include .env | Get-Content
AZURE_ENV_NAME="ewshcibox"
AZURE_LOCATION="eastus"
AZURE_SUBSCRIPTION_ID="36xxxxxxxxxxxxxxxxxx4e"
JS_DEPLOY_BASTION="True"
JS_RDP_PORT=3389
JS_WINDOWS_ADMIN_USERNAME="arcdemo"
SPN_CLIENT_ID="3bxxxxxxxxxxxxxxxxxxc0"
SPN_CLIENT_SECRET="rAxxxxxxxxxxxxxxxxxxXk"
SPN_TENANT_ID="92xxxxxxxxxxxxxxxxxxb2"

I did receive the following ERROR:

Provisioning Azure resources (azd provision)
ERROR: Insufficient privileges to complete the operation.
Checking for existing stored Azure service principal...
Attempting to create new service principal with scope /subscriptions/36xxxxxxxxxxxxxxxxxxxxxxxx4e...

[janegilring]

Thanks, it seems like the azd pre-provisioning script are currently continuing the deployment even if the command to retrieve the SPN_PROVIDER_ID is failing. We will make sure to resolve that, so the script will return a terminating error and not go on with a deployment which will fail due to the missing parameter value.

For your scenario, it seems like the user authenticated in Azure CLI does not have sufficient privileges to query service principals in the tenant.

I would suggest one of the following:

1. Request access from a tenant administrator to get read-permissions to service principals
2. Ask a tenant administrator to run the command $(az ad sp list --display-name "Microsoft.AzureStackHCI" --output json) | ConvertFrom-Json and send you the ID from the output. You can then manually add that value to the .env file: SPN_PROVIDER_ID="xxx". After doing so, azd up should provision a working instance.