无法验证域(添加自定义域) [英] Unable to verify domain (add custom domain)
问题描述
我已将自定义域添加到我的Azure免费试用订阅中
自定义域名为globalrescue.com
我已经在DNS中添加了TXT记录,并且还验证了DNS传播已完成
但是,当我验证域名时,会得到:
无法验证域名.确保您已在"globalrescue.com"注册商处添加了上面的记录,然后过一会儿再试.
TXT,其值为MS = ms5
已添加到公共dns服务器中,并且我已经使用了几种在线dns传播工具来验证是否在整个dns中都发布了该工具.
例如:https://dnschecker.org/#TXT/globalrescue.com/MS=ms5
显示该记录已发布在其列表中的所有服务器上
通常花费不到15至20分钟的时间
我过去添加了许多域
但是这不会验证
目录为grplxxxxoutlook.xxxx.com
订阅ID为b26575a7-02b3-4e97-86b7-xxxx
================================================ ====================
站点:https://azure.microsoft.com/zh-CN/resources/knowledge-center/technical-chat/
2018年9月4日太平洋标准时间上午12:27
文字ID:q86p5vJMmtSHQvDX1b6pq0K66j13ik6B
您最近与David聊天
你
你好
你在那儿吗?
大卫
;你好!这是来自Azure技术聊天室的David.今天很高兴为您提供帮助
您
嘿,大卫.
我已将自定义域添加到我的Azure免费试用订阅
自定义域名为globalrescue.com
我已经在DNS中添加了TXT记录,并且还验证了DNS传播已完成
但是,当我验证域时,我得到:
无法验证域名.确保已在"globalrescue.com"注册商处添加了上面的记录,然后过一会儿再试.
大卫
好的,让我看一下
您
值为MS = ms598xxx的TXT
被添加到公共dns服务器,并且我已经使用了几种在线dns传播工具来验证是否在整个dns中都发布了该工具.
例如:https://dnschecker.org/#TXT/globalrescue.com/MS=ms598xxxx
显示记录已发布在其列表中的所有服务器上
大卫
域是何时创建/添加的?
您
现在已经两天了
大卫
好的,谢谢你的
您
通常只需不到15至20分钟
我在过去添加了许多域
但这不会验证
目录为grpxxxxxtlook.onmicrosoft.com
订阅ID为b26575a7-02b3-4e97-86b7-xxxxxx
大卫
您能告诉我有关无法验证域主域名的消息显示在哪里吗?
您
我进入portal.azure.com
大卫
我现在正在看站点,看起来不错.
您
然后转到Azure Active Directory
然后添加自定义域
在自定义域列表中,我将globalrescue.com视为未验证的
我点击GlobalRescue.com,然后点击验证
然后显示此错误
上传的文件:https://olark-file-uploads.s3.us-west-1.amazonaws.com/processed/513cab62-f513-4366-b7ed-82dxxxxx5dd10e69e.png
上传的文件:https://olark-file-uploads.s3.us-west-1.amazonaws.com/processed/e47592e8-1d22-487e-8f69-64dxxxxxe5cc5d120.png
大卫
非常感谢您
您
欢迎
大卫
您为此使用了高迪吗?
您
不.该域来自网络解决方案,DNS也由网络解决方案托管
使用网络解决方案站点创建TXT记录
大卫
是否也可以在网络解决方案站点上进行验证,您可以在GoDaddy上进行验证,这就是我之前询问它的原因?
您
在netsol站点上,我们所能做的就是添加dns记录
我已经完成了
大卫
您是否遵循本指南https://docs.microsoft.com/zh-CN/azure/active-directory/fundamentals/add-custom-domain#troubleshooting
您
并且dns记录已正确发布
大卫
好的完美
您
是的,我们是Microsoft合作伙伴.我为许多客户添加了许多域,但从未遇到过此问题
通常情况下,域名会在几分钟之内完成验证,但要花几个小时才能完成,但这一工作无法完成其验证,在验证域名之前,我们无法继续进行POC验证
大卫
您能尝试此页面上的命令并让我知道它返回的内容吗?
https://docs.microsoft.com/zh-cn/powershell/module/azuread/get-azureaddomainverificationdnsrecord?view=azureadps-2.0
您
好的.
给我几秒钟
大卫
我也想了解它的基本知识,但无论如何还是要检查一下,还是在Azure或网络解决方案上的TXT记录中添加了www,您是否可以尝试使用其他浏览器或清除缓存,以便也排除掉
您
PS Azure:\> Get-AzureADDomainVerificationDnsRecord cmdlet命令管道位置1的Get-AzureADDomainVerificationDnsRecord提供以下参数的值:名称:globalrescue.com Get-AzureADDomainVerificationDnsRecord:发生错误
执行GetDomainVerificationDnsRecord代码:Authorization_RequestDenied消息:权限不足,无法完成操作. HttpStatusCode:禁止HttpStatus描述:禁止HttpResponseStatus:已完成在第1行:char:1 + Get-AzureADDomainVerificationDnsRecord
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + CategoryInfo:未指定:(:) [Get- AzureADDomainVerificationDnsRecord],ApiException + FullyQualifiedErrorId:Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetDomainVerificationDnsRecord \
大卫
您是否在管理模式下使用了powershell?
您
二手云壳
它已经处于管理员模式
在Azure门户中使用过Powershell
大卫
只是为了确认您是否使用-Name?
好的完美
那个
的thansk
您
运行命令
是,使用-name开关
我键入的命令如下:
Get-AzureADDomainVerificationDnsRecord -name globalrescue.com
大卫
好的,那是正确的.
我刚刚读到一个用户有类似的问题,在txt记录上,他们删除了@,然后可以进行验证,您可以尝试一下吗?
http://gerryhampsoncm.blogspot.com/2015/03/could-not-verify-domain-in-azure.html
您
我先用@添加,但没有用,然后删除了doamin并在Azure中重新添加,然后创建了不带@的记录,但仍然无法验证
大卫
好的,感谢您尝试
您
等待,我正在尝试以其他方式运行命令
大卫
没问题
您
不,
仍然得到相同的错误
大卫
好的,再次感谢您的尝试.
您
Get-AzureADDomainVerificationDnsRecord:执行GetDomainVerificationDnsRecord时发生错误代码:Authorization_RequestDenied消息:权限不足,无法完成操作. HttpStatusCode:禁止HttpStatus描述:禁止HttpResponseStatus:
已在第1行完成:1个字符:1 + Get-AzureADDomainVerificationDnsRecord + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 〜+ CategoryInfo:未指定:(:) [Get-AzureADDomainVerificationDnsRecord],ApiException + FullyQualifiedErrorId:Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetDomainVerificationDnsRecord
文章说要给已读/写苦恼的人做苦工
让我尝试一下
wai
等待
大卫
听起来很有希望
您
请稍候,我正在尝试
大卫
没问题
您
几乎在那里
不,
我已经厌倦了我的合作伙伴帐户,该帐户拥有订阅
但得到了sam eresult
PS Azure:\> Get-AzureADDomainVerificationDnsRecord-名称globalrescue.com Get-AzureADDomainVerificationDnsRecord:执行GetDomainVerificationDnsRecord时发生错误代码:Authorization_RequestDenied消息:权限不足,无法完成
操作. HttpStatusCode:禁止HttpStatus描述:禁止HttpResponseStatus:已完成在第1行:char:1 + Get-AzureADDomainVerificationDnsRecord -Name globalrescue.com + ~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo:未指定:(:) [Get-AzureADDomainVerificationDnsRecord],ApiException + FullyQualifiedErrorId:Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetDomainVerificationDnsRecord
最后,我可以在PC上尝试使用天蓝色Power Shell
等待
在管理模式下
大卫
那是我的下一个建议!
您
当我安装旧版本Versoin时安装Azure Powershell
大卫
完美的
您
已安装
连接到Azure订阅
连接的
Windows PowerShell版权所有(C)Microsoft Corporation.版权所有. PS C:\ WINDOWS \ system32> Connect-AzureRmAccount帐户:grpl2018@outlook.com订阅名称:免费试用订阅ID:b26575a7-02b3-4e97-86b7-6d4011a9cb3b租户ID:673db1a0-9530-46cc-b16a-6496aa84810b
环境:AzureCloud
大卫
出色的
命令Get-AzureADDomainVerificationDnsRecord -name globalrescue.com是否在本地Powershell中返回了任何内容?
任何更新?
我了解您是否必须离开计算机.不幸的是,我需要关闭此聊天.如果您想继续我们的讨论,请重新打开它!
您
我在这里
Ewelina
您好,这是来自Azure Portal聊天室的Ewelina.我今天能为您提供什么帮助?
您
我猜是大卫不在了
好的,只是想向他介绍进度
Ewelina
是的,他目前不在.
他稍后将可以看到我们的对话.
所以您设法连接了吗?
您
好
即使使用本地Powershell,也会出现相同的错误
在管理模式下
上传的文件:https://olark-file-uploads.s3.us-west-1.amazonaws.com/processed/9f30ec12-4d2f-46b6-a1ff-xxxxx.png
我在管理模式下与本地Powershell分享了错误的屏幕截图
上传的文件:https://olark-file-uploads.s3.us-west-1.amazonaws.com/processed/58e5feaa-82ae-43ee-97f8-xxxxx.png
添加以上内容是在线云外壳中的错误
我正在尝试使用其他用户(本地外壳程序)
由于错误提示用户未找到
Ewelina
好的,在这种情况下,我们希望我们的工程团队对此进行检查.至此,似乎可以深入解决聊天问题了.您能否在此论坛上发布此问题,并向我提供您帖子的链接,以便我进行升级
到我们的专家团队:aka.ms/azadMSDNforumq
我还将向他们发送对话的完整记录,以便他们可以看到您已完成的所有步骤以及所有屏幕截图
您
smae
好的,我会向他们发送详细信息
加入超过10,000家依靠Olark Live Chat与客户直接聊天的公司.
Olark在线聊天
我建议您 do强制接管影子租户.在这种情况下,这是我们建议的最佳选择.因此,在强制接管影子租户之后,您可以从该租户的已验证列表中删除该域,然后重新进行验证 在您的原始租户中.
您可以参考以下文档指南进行此过程.看看是否有帮助.
参考:- https://docs.microsoft.com/zh-CN/azure/active-directory/users-groups-roles/domains-admin-takeover
--------------- -------------------------------------------------- ------------------------------
如果此答案有帮助,请单击标记为答案"或投票.要提供有关您的论坛体验的其他反馈,请单击 the custom domain name is globalrescue.com
I have added the TXT record in DNS and also verified that the DNS propogation is complete
however when i verify the domain i get:
Unable to verify domain name. Ensure you have added the record above at the registrar 'globalrescue.com', and try again in a little while.TXT with value MS=ms5
is added to public dns server and i have used several online dns propogation tools to verify that the same is published throughout
for example: https://dnschecker.org/#TXT/globalrescue.com/MS=ms5
shows that record is published on all severs in its listusually it takes less than 15- 20 mins
I have added many domains in the past
but this one wont validate
Directory is grplxxxxoutlook.xxxx.com
subscription id is b26575a7-02b3-4e97-86b7-xxxx====================================================================
Site: https://azure.microsoft.com/en-us/resources/knowledge-center/technical-chat/
2018-09-04 12:27 AM PDT
Transcript ID: q86p5vJMmtSHQvDX1b6pq0K66j13ik6B
Your recent chat with David
You
Hello
U there?
David
;Hello! This is David from Azure Technical Chat. Happy to help you today
You
Hey David.
I have added a custom domain to my Azure Free Trial Subscription
the custom domain name is globalrescue.com
I have added the TXT record in DNS and also verified that the DNS propogation is complete
however when i verify the domain i get:
Unable to verify domain name. Ensure you have added the record above at the registrar 'globalrescue.com', and try again in a little while.
David
ok let me take a look
You
TXT with value MS=ms598xxx
is added to public dns server and i have used several online dns propogation tools to verify that the same is published throughout
for example: https://dnschecker.org/#TXT/globalrescue.com/MS=ms598xxxx
shows that record is published on all severs in its list
David
When was the domain created/added?
You
Its been two days now
David
ok thanks for that
You
usually it takes less than 15- 20 mins
I have added many domains in the past
but this one wont validate
Directory is grpxxxxxtlook.onmicrosoft.com
subscription id is b26575a7-02b3-4e97-86b7-xxxxxx
David
Can you tell me where this message about unable to verify domain main is showing?
You
I go to portal.azure.com
David
Im looking at the site now, looks good.
You
Then go to Azure Active Directory
Then to Add Custom Domains
I the custom domains list i see globalrescue.com as unverified
i click on GlobalRescue.com and click verify
and then this error is displayed
uploaded file: https://olark-file-uploads.s3.us-west-1.amazonaws.com/processed/513cab62-f513-4366-b7ed-82dxxxxx5dd10e69e.png
uploaded file: https://olark-file-uploads.s3.us-west-1.amazonaws.com/processed/e47592e8-1d22-487e-8f69-64dxxxxxe5cc5d120.png
David
Perfect thanks for that
You
welcome
David
Did you use godaddy for this?
You
no. This domain is from Network Solutions and DNS is also hosted by Network Solutions
Used the Network Solutions site to create the TXT record
David
Is it possible to verify on the network solution site as well, you can do this on GoDaddy which is why I asked about it previously?
You
on the netsol site all we can do is add dns records
which i have done
David
Did you follow this guide https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain#troubleshooting
You
and the dns records are published correctly
David
ok perfect
You
Yes, we are Microsoft Partners. I have added many domains for many customers and have never come across this issue
usually domains verify within minutes some take a few hours but this one wont complete its verificaiton and we cannot continue wiht POC until the domain is verified
David
Can you try the command on this page and let me know what it comes back with please
https://docs.microsoft.com/en-us/powershell/module/azuread/get-azureaddomainverificationdnsrecord?view=azureadps-2.0
You
ok.
give me a sec
David
just to rule out a couple of things also, i know its basic but just to check anyway, was www added in Azure or the Records of TXT on network solutions and can you try a different browser or clear your cache just to rule that out also
You
PS Azure:\> Get-AzureADDomainVerificationDnsRecord cmdlet Get-AzureADDomainVerificationDnsRecord at command pipeline position 1 Supply values for the following parameters: Name: globalrescue.com Get-AzureADDomainVerificationDnsRecord : Error occurred while executing GetDomainVerificationDnsRecord Code: Authorization_RequestDenied Message: Insufficient privileges to complete the operation. HttpStatusCode: Forbidden HttpStatusDescription: Forbidden HttpResponseStatus: Completed At line:1 char:1 + Get-AzureADDomainVerificationDnsRecord + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Get-AzureADDomainVerificationDnsRecord], ApiException + FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetDomainVerificationDnsRecord\
David
Did you used powershell in Admin mode?
You
used cloud shell
its already in admin mode
used powershell in azure portal
David
Just to confrim did you use -Name?
ok perfect
thansk for that
You
to run the command
yes used the -name switch
command i typed is as follows:
Get-AzureADDomainVerificationDnsRecord -name globalrescue.com
David
ok thats correct.
O I ve just read that a user had a similar issue and on the txt record they removed the @ and could then verify, can you try that please
http://gerryhampsoncm.blogspot.com/2015/03/could-not-verify-domain-in-azure.html
You
I first added with @ and it did not work then i deleted doamin and re-added in Azure then created record without @ and it still wont verify
David
ok thanks for trying that
You
wait i am trying to run the command a different way
David
no problem
You
nope
still getting same rror
David
hmm ok, again thanks for trying.
You
Get-AzureADDomainVerificationDnsRecord : Error occurred while executing GetDomainVerificationDnsRecord Code: Authorization_RequestDenied Message: Insufficient privileges to complete the operation. HttpStatusCode: Forbidden HttpStatusDescription: Forbidden HttpResponseStatus: Completed At line:1 char:1 + Get-AzureADDomainVerificationDnsRecord + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Get-AzureADDomainVerificationDnsRecord], ApiException + FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetDomainVerificationDnsRecord
article says to give read / wrtite permissons to direcotry
let me try this
wai
wait
David
That sounds promising
You
please wait i am trying
David
No problem
You
almost there
Nope
i tired my partner account which has owner rights on subscription
but got sam eresult
PS Azure:\> Get-AzureADDomainVerificationDnsRecord -Name globalrescue.com Get-AzureADDomainVerificationDnsRecord : Error occurred while executing GetDomainVerificationDnsRecord Code: Authorization_RequestDenied Message: Insufficient privileges to complete the operation. HttpStatusCode: Forbidden HttpStatusDescription: Forbidden HttpResponseStatus: Completed At line:1 char:1 + Get-AzureADDomainVerificationDnsRecord -Name globalrescue.com + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Get-AzureADDomainVerificationDnsRecord], ApiException + FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetDomainVerificationDnsRecord
lastly i can try azure power shell on my pc
wait
in admin mode
David
That was my next suggestion!!
You
Installing Azure Powershell as i had older versoin
David
perfect
You
installed
connecting to azure subscription
connected
Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved. PS C:\WINDOWS\system32> Connect-AzureRmAccount Account : grpl2018@outlook.com SubscriptionName : Free Trial SubscriptionId : b26575a7-02b3-4e97-86b7-6d4011a9cb3b TenantId : 673db1a0-9530-46cc-b16a-6496aa84810b Environment : AzureCloud
David
excellent
Did the commandGet-AzureADDomainVerificationDnsRecord -name globalrescue.com return anything in the local powershell?
Any update?
I understand if you had to step away from your computer. Unfortunately, I will need to close this chat. Please re-open it if you would like to continue our discussion!
You
I am here
Ewelina
Hello, this is Ewelina from Azure Portal Chat. What can I help with today?
You
I am guessing that David is not there any more
its ok just wanted to update him on the progress
Ewelina
yes, he is not available at the moment.
he will be able to see our conversation later on.
so did you manage to connect?
You
well
same error even with local powershell
in admin mode
uploaded file: https://olark-file-uploads.s3.us-west-1.amazonaws.com/processed/9f30ec12-4d2f-46b6-a1ff-xxxxx.png
I have shared screenshot of error with local powershell in admin mode
uploaded file: https://olark-file-uploads.s3.us-west-1.amazonaws.com/processed/58e5feaa-82ae-43ee-97f8-xxxxx.png
add the above is the error in online cloud shell
i am trying with different user (local shell)
as the error says user not found
Ewelina
ok, so in that case, we would like this to be checked by our engineering team. As at this point, this seems to in depth to troubleshoot over the chat. Can you please post this issue on this forum and provide me with the link to your post so I can escalate this to our experts team: aka.ms/azadMSDNforumq
I will also send them the full transcript of your conversations so they can see all the steps you have completed and all the screenshots
You
smae
ok i will send them details
Join over 10,000 companies who rely on Olark Live Chat to chat directly with customers.
Olark Live Chat
解决方案We have checked and found that the domain globalxxx.com is already verified on a previous "shadow tenant" (globalxxx.onmicrosoft.com) that’s the reason you are unable to verify it with your tenant. If earlier you have accessed any application, for let’s say Office 365, and given the domain details - to run the services of the application a "un-managed shadow tenant" would be created with the Domain being verified in that tenant.
I would suggest you to do Force Takeover the Shadow Tenant. In this case, this is the best that we would suggest you. So, after you force take over the shadow tenant, you could remove the domain from the verified list of that tenant and then re-verify the same in your original tenant.
You may refer the following document guide to do this process. See if this helps.
Ref:- https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/domains-admin-takeover
-----------------------------------------------------------------------------------------------
If this answer was helpful, click "Mark as Answer" or Up-Vote. To provide additional feedback on your forum experience, click here.
这篇关于无法验证域(添加自定义域)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!