Our LCS environment won't rotate secrets

(0) Share

Report

Posted on by Raúl Llorente Peña

685

Hi all!!

We have two boxes (Dynamics 365 for Finance and Operations, Enterprise Edition, PU12) evironment deployed in a LCS project. A Dev and a Build box.

Entering in this environment, in LCS, shows up this message:

ACTION REQUIRED: The SSL certificate on your environment is about to expire or has already expired, and must be rotated. This task can only be completed by a Project owner or Environment manager. To rotate the certificate, navigate to Maintain > Rotate secrets, and then click Rotate the SSL certificates. For more information, see Rotate SSL certificate on your onebox environment in your subscription

So, okay, started completed environment, waited until fully deployed, and then rotated secrets (operation started successfully). But, after 10-15 minutes, enviroment gets in "Incomplete" state. In the History, Environment changes, we can see:

Name: D365
Type: Rotate certificates
Creation date, End date: (Today)
Status: Error

No more details are available in LCS. There's a known issue stating that if VS is open or started, secrets rotation can fail. It's not the case, since machines have been just started. Tried this several times, with no users in.

Any ideas?

Categories:

General

All responses (8)

Answers (1)

Raúl Llorente Peña 685 on at

Like (1)

Report

RE: Our LCS environment won't rotate secrets

We reset the password of axlocaladmin to the initial ones, and yes, finally we got to rotate secrets. The fancy fact is that the VM deployed by LCS forces to change its password periodically by default...

Thanks very much!!
Verified answer

André Arnaud de Cal... 294,711 Super User 2025 Season 1 on at

Like (0)

Report

RE: Our LCS environment won't rotate secrets

Hi Raúl,

Did you change the password of the axlocaladmin? Possibly the script is using the value available on the LCS environment page.
Raúl Llorente Peña 685 on at

Like (0)

Report

RE: Our LCS environment won't rotate secrets

Hi, André. Thanks for your suggestion. We proceeded this way, and althought operation stills becomes incomplete, now there's a reason shown:

Failure details

Error code

95016

Error message

Error running script. RemoteMachine: '[View:https://d365exXXXbuild.uksouth.cloudapp.azure.com:0:0]' Username: 'builtin\axlocaladmin'. [5]:Connecting to remote server d365exXXXbuild.uksouth.cloudapp.azure.com failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.

Error code

95016

Error message

Error running script. RemoteMachine: '[View:https://d365exXXXbuild.uksouth.cloudapp.azure.com:0:0]' Username: 'builtin\axlocaladmin'. [5]:Connecting to remote server d365exXXXbuild.uksouth.cloudapp.azure.com failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.

We will look for this topic. This is somehow clearer...
André Arnaud de Cal... 294,711 Super User 2025 Season 1 on at

Like (0)

Report

RE: Our LCS environment won't rotate secrets

Hi Raul,

There was an issue, but already solved, when the original language was not en-us. To be sure, try to use en-us on LCS, and within the environment.

If you still encounter issues, contact Microsoft for support. They are able to assist you.
Raúl Llorente Peña 685 on at

Like (0)

Report

RE: Our LCS environment won't rotate secrets

Konnichi wa.

Absolutely no detail.

Mata ne!

...

...
Daisuke K 86 on at

Like (0)

Report

RE: Our LCS environment won't rotate secrets

¡Hola Raúl!

So your issue was not match as blog post "Issue: Environment is in Incomplete state after the certificate rotation has been completed".

Did you have any error information in LCS Environment detail page (not History of changes page) like as attached images?

Un saludo,

Daisuke
Raúl Llorente Peña 685 on at

Like (0)

Report

RE: Our LCS environment won't rotate secrets

Konnichi wa, Daisuke.

In the link you suggest, the only point that concerns to our issue is "Issue: SSL certificate rotation fails and the environment goes to Incomplete state", and of course we already restarted all machines and retried several times with no success.

In LCS, Enviroment Tab, History of changes, there's no details. In Environment activities log:

Name: (environment name)

Type: Rotate certificates

Created date: 07/05/2018 13:16

End date: 07/05/2018 17:37

Status: Error

Details pane: "There are no details available for the selected element"

Perhaps we will have to rotate secrets manually, but it appears to take a great amount of time...
Daisuke K 86 on at

Like (0)

Report

RE: Our LCS environment won't rotate secrets

Hi Raúl Llorente Peña,

There should be 'Failure detail' section on LCS environment details page. Error information should help to investigate this issue.

Additionally, please refer this blog post if you have not seen yet.

blogs.msdn.microsoft.com/.../known-issues-with-ssl-certificate-rotation-feature-in-lcs

Best regards,

Daisuke