• State Suggested Answer
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 62 subscribers
  • Views 1178 views
  • Users 0 members are here
Options
Related

New-QADAzureConfigObject : Cannot resolve directory object for the given identity: 'CN=Azure Tenants,CN=Azure Configuration,CN=Azure,CN=Configuration'.

staffan
over 2 years ago

Hi

In a customer environment, I just upgraded ARS to version 7.5 from 7.4.3 with the in-place upgrade method on a 2019 server. My next planned step was to add the Azure tenant in the Configuration Center but the login page turned up blank. I've tried to solve this by adjusting IE security policy settings but none of my actions were successful. Then I decided to add the tenant in powershell instead but that was also unsuccessful. The error message I get from the command is: New-QADAzureConfigObject : Cannot resolve directory object for the given identity: 'CN=Azure Tenants,CN=Azure Configuration,CN=Azure,CN=Configuration'.

I also have a reference environment with a fresh installation of 7.5 and there I had no problems with adding the tenant.

Anyone have a clue on what might be causing this?

/ Staffan

  • 0 over 2 years ago

    Did you use the '-proxy' switch with the command?

    Is your logged in account an AR Admin?

    Are you running in a "Run As Administrator" powershell window?

    Is there some kind of endpoint protection running on the host?

  • 0 over 2 years ago in reply to JohnnyQuest

    Thanks for the quick reply Johnny

    I tried the proxy switch now and now I get a different error:

    New-QADAzureConfigObject : Create AzureTenant with DN: cn=(xxxxxx),CN=Azure Tenants,CN=Azure Configuration,CN=Azure,CN=Configuration failed. Not all required attributes are present

    I suspect that I perhaps need to specify additional parameters. The ones that I have in the command line right now are those mentioned in the administration guide:

    New-QADAzureConfigObject -type "AzureTenant" -name "(customer name)" -AzureTenantId "(Azure GUID)" -AzureTenantDescription "(customer description)" -AzureAdminUserID '(Azure admin account)' -AzureAdminPassword '(pw)' -AzureADTenantType 'SynchronizedIdentity' -Proxy

    And yes, I've tried this with both my ARS Admin account and also in a powershell session logged in with the service account itself.

    I also have the Cisco Secure Endpoint installed.

  • 0 over 2 years ago in reply to staffan

    Update: I managed to lower the IE security settings in registry and then the login page showed up correctly. So now I can continue with the Azure configuration.