Systems Management
Building a ConfigMgr Lab from Scratch: Step 14 – Cloud Management Gateway (CMG) – Azure Subscription
Topics: Systems Management
Building a ConfigMgr Lab from Scratch: Step 14
Cloud Management Gateway (CMG) – Azure Subscription
I’m going to go over what I had to do in our Azure Portal to get things ready. This was the biggest thing that tripped me up, mostly because I was using an account that didn’t work properly. So just a note, if you don’t log into your Azure Portal Directory with the Same “domain name” as the one you’re managing, you’ll run into issues.
Here is what happened to me. It’s no secret, that our domain name is recastsoftware.com, and that is the domain in our accounts are all set up in. Our DEV lab has its own Azure Directory which is dev.recastsoftware.com. When I was logging into the portal, I was using my recastsoftware.com account and even though I had global admin rights, and was an owner of the subscription, I ran into issues.
Here below you can see the account I was using was a “guest”, which should have been a red flag, but I still had all of the proper rights, so I just overlooked it.
But the issue was, when I was in the CM Console trying to run the setup, I kept getting errors on logon attempts.
While configuring the Cloud Management Gateway (CMG) at different client sites, we stumbled on an issue ‘Failed to sign in to Azure‘ to create the Azure web applications. When I googled, I found this blog post by Jonathan Lefebvre (@JLefebvreGloben) which was very interesting and helped me understand what was going on behind the scenes, so while it wasn’t the resolution I needed, it was very helpful in my understanding of what the CM Console creates on the backend.
Troubleshooting… Call my Friend Adam Gross (@AdamGrossTX) who is a Cloud Expect and ask for help. We confirmed my account had the rights and that Azure was set up. But still, nothing was working. Then he tried using his Azure Subscription on in my lab, and it worked fine, so we knew it was not my local lab servers, but an issue on the Azure side. He then noticed the “guest” associated with my name and suggested I make a new account. That was the key to this.
I created a new account and gave it all the same rights. [MS Docs, difference between Members & Guests]
Account: Gary Blok Dev (garyb@dev.recastsoftwarecom) then:
- Then made it a Global Admin in the dev.recastsoftwarecom site. [MS Docs]
- Made it an owner on the Subscription [MS Docs]
- Made it a Co-Administrator on the Subscription [MS Docs]
After that, I was able to follow the process as described in the Docs & in the Youtube Video Justin created.
Images to help clear anything up:
Building a ConfigMgr Lab from Scratch Series
Series Introduction – Building a CM Lab from Scratch
- Setting up your Domain Controller
- Creating a Router for your Lab using Windows Server
- Certificate Authority – On Domain Controller [Optional]
- ConfigMgr Server Pre-Reqs (Windows Features)
- Configuration Settings (AD & GPOs)
- Source Server (File Share)
- ConfigMgr SQL Install
- ConfigMgr Install
- ConfigMgr Basic Settings
- ConfigMgr Collections & App Deployment
- ConfigMgr OSD
- ConfigMgr Reporting Services
- Cloud Management Gateway (CMG) – Certs PreReq
- Cloud Management Gateway (CMG) – Azure Subscription – You are Here
- Azure Services Connection
- Setting up CMG in the Console
- Cloud Management Gateway (CMG) – Post CMG Config
- Cloud Management Gateway – Client CMG Endpoints
