My Azure cloud VM fails on the " Installing Mobility Service and preparing target" step of enable protection for Site Recovery.

Admin 1 Reputation point
2020-06-23T14:54:43.877+00:00

The error details say the likely cause is permission based, but after foloowing the recommeneded fix, the step continues to fail.

Error ID
151056
Error Message
Parsing the extension configuration failed.
Possible causes
The operation failed due to incorrect permissions.
Recommendation 

  Ensure that permissions are set to 'Everyone(R,W) and BUILTIN\Administrator(F)' for machine keys.
  To get the value of machinekeys permissions run: 'icacls <systemdrive>\programdata\microsoft\crypto\rsa\machinekeys' in an elevated command prompt.

  Default permissions are:
  Everyone:(R,W)
  BUILTIN\Administrators:(F)

  If you see permissions on MachineKeys directory different than default, please follow below steps to correct permissions, delete the certificate and attempt the operation again.
  Fix permissions on MachineKeys directory.
  Using Explorer Security Properties and Advanced Security Settings on the directory, reset permissions back to the default values, remove any extra (than default) user object from the directory, and ensure that the ‘Everyone’ permissions had special access for:
  -List folder / read data
  -Read attributes
  -Read extended attributes
  -Create files / write data
  -Create folders / append data
  -Write attributes
  -Write extended attributes
  -Read permissions

  Delete all certificates with field ‘Issued To’ = "Windows Azure Service Management for Extensions" or "Windows Azure CRP Certificate Generator”.
  Open Certificates(Local computer) console
  Delete all certificates (under Personal -> Certificates) with field ‘Issued To’ = "Windows Azure Service Management for Extensions" or "Windows Azure CRP Certificate Generator”.
  For Linux:
  Make sure that the base64 and openssl commands are executing without error.

First Seen At
6/22/2020, 11:47:39 AM
Error ID
539
Error Message
The requested action couldn't be performed by the 'A2A' Replication Provider.
Possible causes
The Provider action failed. Check other errors for more information.
Recommendation
Resolve the issue and retry the operation.
First Seen At
6/22/2020, 11:47:39 AM

Azure Site Recovery
Azure Site Recovery
An Azure native disaster recovery service. Previously known as Microsoft Azure Hyper-V Recovery Manager.
671 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SadiqhAhmed-MSFT 40,366 Reputation points Microsoft Employee
    2020-06-23T19:49:37.76+00:00

    Kindly confirm if the below URLS are whitelisted:

    URL

    Details

    *.blob.core.windows.net

    Required so that data can be written to the cache storage account in the source region from the VM. If you know all the cache storage accounts for your VMs, you can allow access to the specific storage account URLs (Ex: cache1.blob.core.windows.net and cache2.blob.core.windows.net) instead of *.blob.core.windows.net

    login.microsoftonline.com

    Required for authorization and authentication to the Site Recovery service URLs.

    *.hypervrecoverymanager.windowsazure.com

    Required so that the Site Recovery service communication can occur from the VM. You can use the corresponding 'Site Recovery IP' if your firewall proxy supports IPs.

    *.servicebus.windows.net

    Required so that the Site Recovery monitoring and diagnostics data can be written from the VM. You can use the corresponding 'Site Recovery Monitoring IP' if your firewall proxy supports IPs.

    Post whitelisting, re-try replication. Let me know the status!