Hello, I've got a strange problem with the new 2012 R2 Azure Pack & Service Provider Foundation for SC VMM 2012 R2. On the Service Management Portal, I can create Plans, Users and Abonnements without problem and I also can access the Tenant-Portal with the Users I created. There I can create, Start/Stop and delete VMs, but there is one thing I can't do: Connect to the machines via Console or RDP. No matter from which Server/Client, or with which Browser and security settings, its not working.

While using Internet Explorer, after clicking on connect simply nothing happens. When I use Firefox or Chrome, following Errormessage is displayed: "Error downloading the Remote Desktop File for the virtual Computer: [Name]" (crudely translated from german).

This happens with Linux and Windows VMs.

On the Azure Pack Server, the following message is logged every time I try to connect:

Resource provider unexpected exception for request with verb 'GET', operation name 'Outgoing tenant proxy call', request URI 'https://r2-sc2:8090/SC2012R2/VMM/fe8fd994-4377-46d1-a0f3-414ecb4fbbe7/Microsoft.Management.Odata.svc/VirtualMachines(ID=guid'2255635b-f336-4d48-9e84-d726bc50b19a',StampId=guid'd97edce9-d910-4de9-b84c-a62a2271076b')/VMConnection',  version '', client request Id '', server request Id 'f6222642dfd446278922a22dd7ab9ccb.2013-07-24T15:02:19.9992631Z', status code 'InternalServerError', reason 'Internal Server Error', body '<?xml version="1.0" encoding="utf-8"?><m:error xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata"><m:code /><m:message xml:lang="de-DE">An error occurred while processing this request.</m:message><m:innererror><m:message>Invoking method GetReadStream of type Microsoft.SystemCenter.Foundation.Psws.Spf.SpfOperationManager failed. Cause of the problem: Die globalen VmConnect-Einstellungen wurden nicht festgelegt. Fehlende Einstellung: CertificateThumbprint</m:message><m:type>Microsoft.Management.Odata.CustomModuleInvocationFailedException</m:type><m:stacktrace>   bei Microsoft.Management.Odata.Core.OperationManagerAdapter.InvokeMethod(IInvoker invoker, String functionName, String resourceTypeName, Boolean ignoreNotImplementedException)&#xD;
   bei Microsoft.Management.Odata.Core.OperationManagerAdapter.InvokeOperationManagerFunction[T](Func`1 func, String functionName, String resourceTypeName, Boolean ignoreNotImplementedException, T defaultResultForNotImplementedException)&#xD;
   bei Microsoft.Management.Odata.Core.OperationManagerAdapter.GetReadStream(DSResource resource, ResourceProperty streamProperty)&#xD;
   bei System.Data.Services.Providers.DataServiceStreamProviderWrapper.&lt;&gt;c__DisplayClass4.&lt;GetReadStream&gt;b__1()&#xD;
   bei System.Data.Services.Providers.DataServiceStreamProviderWrapper.InvokeApiCallAndValidateHeaders[T](String methodName, Func`1 apiCall, DataServiceOperationContext operationContext)&#xD;
   bei System.Data.Services.Providers.DataServiceStreamProviderWrapper.GetReadStream(Object entity, ResourceProperty streamProperty, DataServiceOperationContext operationContext)&#xD;
   bei System.Data.Services.ResponseBodyWriter..ctor(IDataService service, QueryResultInfo queryResults, RequestDescription requestDescription, IODataResponseMessage actualResponseMessageWhoseHeadersMayBeOverridden)&#xD;
   bei System.Data.Services.DataService`1.CreateResponseBodyWriter(RequestDescription requestDescription, IDataService service, QueryResultInfo queryResults, IODataResponseMessage responseMessage)&#xD;
   bei System.Data.Services.DataService`1.WriteSingleElementResponse(RequestDescription description, QueryResultInfo queryResults, Int32 parentResourceIndex, String etagValue, IDataService dataService, IODataResponseMessage responseMessage)&#xD;
   bei System.Data.Services.DataService`1.CompareETagAndWriteResponse(RequestDescription description, IDataService dataService, IODataResponseMessage responseMessage)&#xD;
   bei System.Data.Services.DataService`1.SerializeResponseBody(RequestDescription description, IDataService dataService, IODataResponseMessage responseMessage)&#xD;
   bei System.Data.Services.DataService`1.HandleRequest()</m:stacktrace><m:internalexception><m:message>Die globalen VmConnect-Einstellungen wurden nicht festgelegt. Fehlende Einstellung: CertificateThumbprint</m:message><m:type>Microsoft.SystemCenter.Foundation.WebServiceOperationException</m:type><m:stacktrace>   bei Microsoft.SystemCenter.Foundation.RemoteDesktop.RdpFileGeneratorHelper.SignToken(String token, VmConnectGlobalSettings vmConnectGlobalSettings)&#xD;
   bei Microsoft.SystemCenter.Foundation.RemoteDesktop.RdpFileGeneratorHelper.GenerateRdpFile(ISpfOperationManagerContext context, PSObject virtualMachine)&#xD;
   bei Microsoft.SystemCenter.Foundation.Psws.Spf.VmmVmRequestInvoker.&lt;&gt;c__DisplayClass2.&lt;GetReadStream&gt;b__1()&#xD;
   bei Microsoft.ManagementServices.Diagnostics.Activity.ActivityMonitorExtensions.TryCatchRethrow[TResult](IActivityMonitor monitor, Func`1 instrumentedAction)&#xD;
   bei Microsoft.SystemCenter.Foundation.Psws.RequestInvokerDecorator.&lt;&gt;c__DisplayClass2b.&lt;GetReadStream&gt;b__2a()&#xD;
   bei Microsoft.ManagementServices.Diagnostics.Activity.ActivityMonitorExtensions.TryCatchRethrow[TResult](IActivityMonitor monitor, Func`1 instrumentedAction)&#xD;
   bei Microsoft.SystemCenter.Foundation.Psws.RequestInvokerDecorator.&lt;&gt;c__DisplayClass2b.&lt;GetReadStream&gt;b__2a()&#xD;
   bei Microsoft.ManagementServices.Diagnostics.Activity.ActivityMonitorExtensions.TryCatchRethrow[TResult](IActivityMonitor monitor, Func`1 instrumentedAction)&#xD;
   bei Microsoft.SystemCenter.Foundation.Psws.RequestInvokerDecorator.&lt;&gt;c__DisplayClass2b.&lt;GetReadStream&gt;b__2a()&#xD;
   bei Microsoft.ManagementServices.Diagnostics.Activity.ActivityMonitorExtensions.TryCatchRethrow[TResult](IActivityMonitor monitor, Func`1 instrumentedAction)&#xD;
   bei Microsoft.SystemCenter.Foundation.Psws.Spf.HybridInvocationDecorator.&lt;&gt;c__DisplayClass3a.&lt;GetReadStream&gt;b__39()&#xD;
   bei Microsoft.ManagementServices.Diagnostics.Activity.ActivityMonitorExtensions.TryCatchRethrow[TResult](IActivityMonitor monitor, Func`1 instrumentedAction)&#xD;
   bei Microsoft.SystemCenter.Foundation.Psws.RequestInvokerDecorator.&lt;&gt;c__DisplayClass2b.&lt;GetReadStream&gt;b__2a()&#xD;
   bei Microsoft.ManagementServices.Diagnostics.Activity.ActivityMonitorExtensions.TryCatchRethrow[TResult](IActivityMonitor monitor, Func`1 instrumentedAction)&#xD;
   bei Microsoft.SystemCenter.Foundation.Psws.RequestInvokerDecorator.&lt;&gt;c__DisplayClass2b.&lt;GetReadStream&gt;b__2a()&#xD;
   bei Microsoft.ManagementServices.Diagnostics.Activity.ActivityMonitorExtensions.TryCatchRethrow[TResult](IActivityMonitor monitor, Func`1 instrumentedAction)&#xD;
   bei Microsoft.SystemCenter.Foundation.Psws.Spf.SpfOperationManager.&lt;&gt;c__DisplayClass1f.&lt;GetReadStream&gt;b__1e()&#xD;
   bei Microsoft.ManagementServices.Diagnostics.Activity.ActivityMonitorExtensions.TryCatchRethrow[TResult](IActivityMonitor monitor, Func`1 instrumentedAction)&#xD;
   bei Microsoft.Management.Odata.Core.OperationManagerAdapter.&lt;&gt;c__DisplayClass18.&lt;GetReadStream&gt;b__14()&#xD;
   bei Microsoft.Management.Odata.Core.OperationManagerAdapter.FunctionInvoker`1.Invoke()&#xD;
   bei Microsoft.Management.Odata.Core.OperationManagerAdapter.InvokeMethod(IInvoker invoker, String functionName, String resourceTypeName, Boolean ignoreNotImplementedException)</m:stacktrace></m:internalexception></m:innererror></m:error>'.

Can someone please help me?

• Moved by WZhaoMicrosoft employee Wednesday, August 21, 2013 8:01 AM now is a SC 2012 R2 specifc issue

Are you connecting to a Windows VM?
When you click connect an RDP file is automatically downloaded.

Do you see this RDP file? What IP is it connecting to?

You must make sure the VM has an IP address and you must have a network path to that address.

~Best Regards
Alex Allen C.

This happens regardless of the OS, with Linux and Windows VMs.

No, no RDP-File is being downloaded. Like I said, in Internet Explorer just nothing happens after klicking on connect. Using other Browsers "Error downloading RDP file" gets displayed.

The VMs have IP-Adresses and I can open a RDP connection from every Workstation where connecting via the SMP failed.

I found another Error in the Azure Portal Log, perhaps this will help some more:

Error:JsonException: Fehler beim Herunterladen der RDP-Datei vom Hoster.
<Exception>
  <Type>JsonException</Type>
  <Message>Fehler beim Herunterladen der RDP-Datei vom Hoster.</Message>
  <StackTrace><![CDATA[
   bei Microsoft.WindowsAzure.Server.VM.TenantExtension.Controllers.VMController.<CreateRdpFileFromUri>d__12a.MoveNext()
--- Ende der Stapelberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelst wurde ---
   bei System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   bei System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
   bei Microsoft.WindowsAzure.Server.VM.TenantExtension.Controllers.VMController.<GetRdpFileForConsoleConnect>d__11d.MoveNext()
--- Ende der Stapelberwachung vom vorhergehenden Ort, an dem die Ausnahme ausgelst wurde ---
   bei System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   bei System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   bei lambda_method(Closure , Task )
   bei System.Web.Mvc.Async.TaskAsyncActionDescriptor.EndExecute(IAsyncResult asyncResult)
   bei System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass3f.<BeginInvokeAsynchronousActionMethod>b__3e(IAsyncResult asyncResult)
   bei System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass37.<>c__DisplayClass39.<BeginInvokeActionMethodWithFilters>b__33()
   bei System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49()
   bei System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49()
   bei System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49()
   bei System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49()
   bei System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49()
   bei System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass37.<BeginInvokeActionMethodWithFilters>b__36(IAsyncResult asyncResult)
   bei System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass25.<>c__DisplayClass2a.<BeginInvokeAction>b__20()
   bei System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult)]]></StackTrace>
  <HttpContext>
    <User IsAuthenticated="true" Name="arne.weinmann@globalways.net" />
    <Request>
      <RawUrl>/VM/GetRdpFileForConsoleConnect?stampId=d97edce9-d910-4de9-b84c-a62a2271076b&amp;subscriptionId=fe8fd994-4377-46d1-a0f3-414ecb4fbbe7&amp;virtualMachineId=dd87773b-db81-458a-8deb-83883cad7571&amp;vmName=2012R2_Test</RawUrl>
      <UserHostAddress>[internal IP]</UserHostAddress>
      <Headers>
        <Header Key="Connection" Value="Keep-Alive" />
        <Header Key="Accept" Value="image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */*" />
        <Header Key="Accept-Encoding" Value="gzip, deflate" />
        <Header Key="Accept-Language" Value="de-DE" />
        <Header Key="Host" Value="sc-az:30081" />
        <Header Key="Referer" Value="https://sc-az:30081/" />
        <Header Key="User-Agent" Value="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729)" />
        <Cookies>
          <Cookie Name="TenantSiteFedAuth" Secure="false" Expires="0001-01-01T00:00:00Z" Domain="" Path="/" Value="berarbeitet (1400 Zeichen)" />
          <Cookie Name="__RequestVerificationToken_Tenant" Secure="false" Expires="0001-01-01T00:00:00Z" Domain="" Path="/" Value="berarbeitet (128 Zeichen)" />
          <Cookie Name="__aux" Secure="false" Expires="0001-01-01T00:00:00Z" Domain="" Path="/" Value="berarbeitet (152 Zeichen)" />
          <Cookie Name="MembershipSiteFedAuth" Secure="false" Expires="0001-01-01T00:00:00Z" Domain="" Path="/" Value="berarbeitet (1688 Zeichen)" />
        </Cookies>
      </Headers>
    </Request>
  </HttpContext>
</Exception>, operationName:VM.GetRdpFileForConsoleConnect, version:, accept language:de-DE, subscription Id:fe8fd994-4377-46d1-a0f3-414ecb4fbbe7, client request Id:, principal Id:arne.weinmann@globalways.net, page request Id:, server request id:

• Edited by GW_AW Monday, July 29, 2013 9:08 AM internal ip removed

Tenant portal  send a HTTP(S) request to SPF get the RDP file. This error means the HTTP request failed. So, it wrap it and returns JSON exception.

Hi,

Could you solved this issue? I run into the same problem and I can't find the solution.

Thanks.

No, no clue at all. I installed another Lab Environment in which I get other Errors. But at least its good to know that I'm not alone with this!

@WZhao

Yeah I understand that, too. But sadly, it doesen't help me solve this issue...

• Edited by GW_AW Tuesday, August 06, 2013 3:12 PM

In the exception, there is a URI. Can you try that in IE?

https://r2-sc2:8090/SC2012R2/VMM/fe8fd994-4377-46d1-a0f3-414ecb4fbbe7/Microsoft.Management.Odata.svc/VirtualMachines(ID=guid'2255635b-f336-4d48-9e84-d726bc50b19a',StampId=guid'd97edce9-d910-4de9-b84c-a62a2271076b')/VMConnection

In the exception, there is a URI. Can you try that in IE?

https://r2-sc2:8090/SC2012R2/VMM/fe8fd994-4377-46d1-a0f3-414ecb4fbbe7/Microsoft.Management.Odata.svc/VirtualMachines(ID=guid'2255635b-f336-4d48-9e84-d726bc50b19a',StampId=guid'd97edce9-d910-4de9-b84c-a62a2271076b')/VMConnection

so, we need to address this access denied issue, then WAP will work.

Unfortunately, I am not a SC2012 guy.

If you try the user name and password you used to register the SPF, did it work?

Hi I have created a private Cloud using 

• Windows server 2012 R2 Preview
• SCVMM 2012 R2 Preview
• Azure Pack

After login as a Tenant site  able to create VM'S Successfully , but if is click Connect Console 

Getting the following error "Failed to download remote desktop file for virtual machine"

Need help on resolving this issue.

• Merged by WZhaoMicrosoft employee Wednesday, August 21, 2013 7:56 AM same issue

http://social.msdn.microsoft.com/Forums/windowsazure/en-US/fc57e076-a3bd-472b-8ac4-aed8a8037a80/service-management-portal-azure-pack-cant-connect-to-vm-console

Are you hitting the same issue?

so, we need to address this access denied issue, then WAP will work.

Unfortunately, I am not a SC2012 guy.

If you try the user name and password you used to register the SPF, did it work?

I think the root cause (as stand in the error message) is certificate based.

If I check the Application and Services Logs-->Microsoft-->WindowsAzure-->Server-TenantPortal-->Operaional log on the svcmgmtportal machine I find this error message:

Error:Failed to download RDP file from plugin, request uri: 'https://svcmgmtportal:30005/e0e9e60d-71b1-42f5-9216-a275bd36b267/services/systemcenter/vmm/VirtualMachines(ID=guid'a3191832-b8d7-4bd2-90e2-141b5c180413',StampId=guid'46e9623f-c57a-4aeb-bec6-9ef1d7825378')/VMConnection'
System.Net.WebException: The remote server returned an error: (500) Internal Server Error.
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
   at Microsoft.WindowsAzure.Server.VM.TenantExtension.Controllers.VMController.<CreateRdpFileFromUri>d__12a.MoveNext(), operationName:VM.GetRdpFileForConsoleConnect, version:, accept language:en-US, subscription Id:e0e9e60d-71b1-42f5-9216-a275bd36b267,
 client request Id:, principal Id:elemie@mylab.demo, page request Id:, server request id:

Resource provider unexpected exception for request with verb 'GET', operation name 'Outgoing tenant proxy call', request URI 'https://scvmm.mylab.demo:8090/SC2012R2/VMM/e0e9e60d-71b1-42f5-9216-a275bd36b267/Microsoft.Management.Odata.svc/VirtualMachines(ID=guid'a3191832-b8d7-4bd2-90e2-141b5c180413',StampId=guid'46e9623f-c57a-4aeb-bec6-9ef1d7825378')/VMConnection', 
 version '', client request Id '', server request Id '8f3e82f03a324ad9bb4abc24fd5b766c.2013-08-26T09:01:07.4210188Z', status code 'InternalServerError', reason 'Internal Server Error', body '<?xml version="1.0" encoding="utf-8"?><m:error xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata"><m:code
 /><m:message xml:lang="en-US">An error occurred while processing this request.</m:message><m:innererror><m:message>Invoking method GetReadStream of type Microsoft.SystemCenter.Foundation.Psws.Spf.SpfOperationManager failed. Cause
 of the problem: VmConnect global settings are not set. Missed setting = 'CertificateThumbprint'.</m:message><m:type>Microsoft.Management.Odata.CustomModuleInvocationFailedException</m:type><m:stacktrace>   at Microsoft.Management.Odata.Core.OperationManagerAdapter.InvokeMethod(IInvoker
 invoker, String functionName, String resourceTypeName, Boolean ignoreNotImplementedException)&#xD;

• Edited by Zsolteey Monday, August 26, 2013 9:27 AM format

http://social.msdn.microsoft.com/Forums/windowsazure/en-US/fc57e076-a3bd-472b-8ac4-aed8a8037a80/service-management-portal-azure-pack-cant-connect-to-vm-console

Are you hitting the same issue?

After Login into tenant site

for the VM you will get 2 options in Connect

1. Console
2. Desktop

Desktop option is working fine but when you try to select Console it is giving error.

Thanks

Pradeep

Today I reinstalled the SVCMGMTPORTAL machine (it hosts the Admin API, Admin Portal, Tenant API, Tenant Portal, etc) but the error is still the same.

New OS, new databases, fresh install of the Azure components but still the same issue :(

follow this

hyper-v.nu/archives/marcve/2013/01/

• Edited by Pradeep_babcy Monday, August 26, 2013 2:32 PM

follow this

hyper-v.nu/archives/marcve/2013/01/

Installing and configuring System Center Service Provider Foundation

This article is about the Windows Azure for Windows Server, not the new Azure Pack. Btw the SPF is installed AppPool Identity is OK.

I tried this Set-SCSPFVmConnectGlobalSettings command. I choose a self signed cert which created on the SPF-SCVMM machine.

Now I have another error message and the Connect to console still not working.

When I click on the Connect-->Console on the Tenant portal I can see three new error entry in the ManagementOdataService log:

Operation manager plugin method 'GetReadStream' for resource name 'VMM.VirtualMachine' failed with error messsage 'Invalid algorithm specified.
'.

Custom module operation invocation failed exception. 
Module name: Microsoft.SystemCenter.Foundation.Psws.Spf.SpfOperationManager 
Method Name: GetReadStream. Exception message: Exception
Message = Invalid algorithm specified.

Type = System.Security.Cryptography.CryptographicException, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Source = mscorlib
Stack Trace =    at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
   at System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash, Int32 cbHash, ObjectHandleOnStack retSignature)
   at System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash)
   at System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, Int32 calgHash)
   at Microsoft.SystemCenter.Foundation.RemoteDesktop.RdpFileGeneratorHelper.SignToken(String token, VmConnectGlobalSettings vmConnectGlobalSettings)
   at Microsoft.SystemCenter.Foundation.RemoteDesktop.RdpFileGeneratorHelper.GenerateRdpFile(ISpfOperationManagerContext context, PSObject virtualMachine)
   at Microsoft.SystemCenter.Foundation.Psws.Spf.VmmVmRequestInvoker.<>c__DisplayClass2.<GetReadStream>b__1()
   at Microsoft.ManagementServices.Diagnostics.Activity.ActivityMonitorExtensions.TryCatchRethrow[TResult](IActivityMonitor monitor, Func`1 instrumentedAction)
   at Microsoft.SystemCenter.Foundation.Psws.RequestInvokerDecorator.<>c__DisplayClass2b.<GetReadStream>b__2a()
   at Microsoft.ManagementServices.Diagnostics.Activity.ActivityMonitorExtensions.TryCatchRethrow[TResult](IActivityMonitor monitor, Func`1 instrumentedAction)
   at Microsoft.SystemCenter.Foundation.Psws.RequestInvokerDecorator.<>c__DisplayClass2b.<GetReadStream>b__2a()
   at Microsoft.ManagementServices.Diagnostics.Activity.ActivityMonitorExtensions.TryCatchRethrow[TResult](IActivityMonitor monitor, Func`1 instrumentedAction)
   at Microsoft.SystemCenter.Foundation.Psws.RequestInvokerDecorator.<>c__DisplayClass2b.<GetReadStream>b__2a()
   at Microsoft.ManagementServices.Diagnostics.Activity.ActivityMonitorExtensions.TryCatchRethrow[TResult](IActivityMonitor monitor, Func`1 instrumentedAction)
   at Microsoft.SystemCenter.Foundation.Psws.Spf.HybridInvocationDecorator.<>c__DisplayClass3a.<GetReadStream>b__39()
   at Microsoft.ManagementServices.Diagnostics.Activity.ActivityMonitorExtensions.TryCatchRethrow[TResult](IActivityMonitor monitor, Func`1 instrumentedAction)
   at Microsoft.SystemCenter.Foundation.Psws.RequestInvokerDecorator.<>c__DisplayClass2b.<GetReadStream>b__2a()
   at Microsoft.ManagementServices.Diagnostics.Activity.ActivityMonitorExtensions.TryCatchRethrow[TResult](IActivityMonitor monitor, Func`1 instrumentedAction)
   at Microsoft.SystemCenter.Foundation.Psws.RequestInvokerDecorator.<>c__DisplayClass2b.<GetReadStream>b__2a()
   at Microsoft.ManagementServices.Diagnostics.Activity.ActivityMonitorExtensions.TryCatchRethrow[TResult](IActivityMonitor monitor, Func`1 instrumentedAction)
   at Microsoft.SystemCenter.Foundation.Psws.Spf.SpfOperationManager.<>c__DisplayClass1f.<GetReadStream>b__1e()
   at Microsoft.ManagementServices.Diagnostics.Activity.ActivityMonitorExtensions.TryCatchRethrow[TResult](IActivityMonitor monitor, Func`1 instrumentedAction)
   at Microsoft.Management.Odata.Core.OperationManagerAdapter.<>c__DisplayClass18.<GetReadStream>b__14()
   at Microsoft.Management.Odata.Core.OperationManagerAdapter.FunctionInvoker`1.Invoke()
   at Microsoft.Management.Odata.Core.OperationManagerAdapter.InvokeMethod(IInvoker invoker, String functionName, String resourceTypeName, Boolean ignoreNotImplementedException)

Web Service has got a callback from OData framework about an error. 
Exception message = Invoking method GetReadStream of type Microsoft.SystemCenter.Foundation.Psws.Spf.SpfOperationManager failed. Cause of the problem: Invalid algorithm specified.

Inner exception message = Invalid algorithm specified.

Response status code = 500
Response content type = application/xml;charset=utf-8
Response written = false
Use verbose error = true

I would guess that your self signed cert isn't using the correct signing algorithm?

I tried three type of cert with no luck:

Signature algorithm: sha1RSA
Signature hash algorithm: sha1
Public key: RSA (2048 bits)

Signature algorithm: md5RSA
Signature hash algorithm: md5
Public key: RSA (1024 bits)

Signature algorithm: sha256RSA
Signature hash algorithm: sha256
Public key: RSA (2048 bits)

First is a self-signed cert on the SPF machine, second and third are also self-signed on the SVCMGMTPORTAL machine. Neither of them worked. I got the same error message all time.

I have the same Problem. After some goolge searches I came to the following TechEd Session: http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/MDC-B364#fbid=z7oJz2CZyqx?time=25m22s

In the PowerPoint on slide 17 is the flow of the console connection. It shows that SC2012 R2 generates ans signs tokens. So maybe the certificate must be a signing certificate not a server/client certificate ?

@MSFT: Can someone from Microsoft give us some advises to use this probelm ? Or is this feature simply not working in the preview?

• Edited by J0fe Wednesday, September 04, 2013 12:02 PM

Ok has anyone managed to get this feature to work? I just installed my fourth (and last) lab environment, everything works just fine except this!

Do I need a valid, signed certificate?

Ok I spend my day at google and bing. I found this conversation on twitter: https://twitter.com/stufox/statuses/373377784212492288

And since Stu Fox replied here, could you please give us a hint what the correct signing algorithm should be?

Or perhaps someone can contact https://twitter.com/_marcvaneijk and ask him for help. Sadly I can't...

I would guess that your self signed cert isn't using the correct signing algorithm?

I tried three type of cert with no luck:

Signature algorithm: sha1RSA
Signature hash algorithm: sha1
Public key: RSA (2048 bits)

Signature algorithm: md5RSA
Signature hash algorithm: md5
Public key: RSA (1024 bits)

Signature algorithm: sha256RSA
Signature hash algorithm: sha256
Public key: RSA (2048 bits)

First is a self-signed cert on the SPF machine, second and third are also self-signed on the SVCMGMTPORTAL machine. Neither of them worked. I got the same error message all time.

• Edited by GW_AW Friday, September 06, 2013 1:45 PM

Hi Guys, console connect is working in the preview bits but as Stu already noticed it requires some configurations steps. I have access to these steps through the TAP, but I'm bound by an NDA. I'll ask the product team if they are willing to share these steps before the RTM.

Regards, Marc

Thank you very much for replying! It would be great if this info could be made public, its very frustrating to have the "killer-feature" console connect not working.

Have a nice weekend!

Hi MARC

When can the Configuration steps will be released?

Thanks for the info Marc!

It's great news that Microsoft knows about the problem and not we did something wrong at the installation process. I hope you can got the rights to share the information.

Btw, you said RTM. Do you have any info about the release date of RTM?

Fellas, I spoke with some guys from the product team and they asked me to write a blog and allowed me to use the information. You can find the step-by-step instruction for configuring Console Connect for Windows Azure Pack here http://www.hyper-v.nu/archives/marcve/2013/09/windows-azure-pack-console-connect/

Please note that the configuration of Console Connect will change in RTM, because the management of Console Connect on the Hyper-V hosts will move to VMM.

But you should be able to configure it in the Preview bits. Hope this is helpful for you all.

Kind regards,

Marc van Eijk

• Proposed as answer by J0fe Tuesday, September 10, 2013 7:31 PM

It's looks easy :D:D

Thanks for the guideline Marc!

In the following days I completely rebuild our demo environment with R2 RTM and I try the Azure Pack again. I hope the connect to console would be okay.

Wow very nice! Thank you!

You saved my POC Installation... ;-)

Marc

My Lab setup is already up and running.

i am able to connect using RDP file which will download to client machine, but not with console connect

Do i need to go through all the steps mentioned in your blog ?

Pradeep

Hi Pradeep,

If you are testing from your internal environment where the clients has direct access to the hosts you do not need to configure the RD Gateway. All other steps should be performed. There is an additional change that I added to the blog a minute ago and it is:

In a default configuration the SPF service account does not have access to the private key of the Console Connect certificate that is installed on the SPF server.

After configuring all parts and the tenant uses Console Connect, the ManagementODataService log on the SPF server displays the following error. Operation manager plugin method 'GetReadStream' for resource name 'VMM.VirtualMachine' failed with error messsage 'Keyset does not exist'.

Add the SPF domain service account to the local administrator group on the SPF server and a reboot the SPF Server.

If you are still unable to connect after that, please take a look at the application and services logs > ManagementODataService on the SPF server and let me know what is logged.

Kind regards,

Marc van Eijk

Hello Marc,

thank you very much for this guide! I've managed to get Remote Console Connect to work in my lab environment, but only if I'm not using the Remotedesktopgateway!

After I set the Authorization-Plugin with you script, the Remotedesktop-Gateway Service won't start anymore!

So following this:

$g = Get-WmiObject -Namespace root\CIMV2\TerminalServices -Class Win32_TSGatewayServerSettings
$g.SetAuthenticationPlugin(FedAuthAuthenticationPlugin)
$g.SetAuthorizationPlugin(FedAuthAuthorizationPlugin)
$g.RecycleRpcApplicationPools()

I get this error if I want to start the service:

Der Remotedesktop-Gatewaydienst konnte nicht initialisiert werden. Aufgetretener Fehler: 340. berprfen Sie, ob folgende Dienste installiert und gestartet wurden, um mgliche Ursachen des Problems zu diagnostizieren: (1) WWW-Publishingdienst (2), Internetauthentifizierungsdienst (IAS), (3) RPC/HTTP-Lastenausgleichsdienst. berprfen Sie zudem die Ereignisanzeige fr den Netzwerkrichtlinienserver (NPS) und die IIS-Ereignisse, die unter Umstnden Hinweise auf NPS- oder IIS-bezogene Probleme enthalten, und prfen Sie auch, ob die IP-Adresse fr HTTP- und UDP-Transport (Portpaar) verwendet wird.

All required services are running. Prior to setting the authorization the gateway-service can be stopped and started just fine. Of course, without a working RD-Gateway, I'm unable to connect to a vm console from another domain.

Can you help me once more?