Azure AD密码保护，注册代理命令失败 [英] Azure AD password protection, Register Proxy command failing

问题描述

当我按照说明部署Azure AD密码保护时，代理的注册失败.当我使用命令时

$ tenantAdminCreds =获取凭据
Register-AzureADPasswordProtectionProxy -AzureCredential $ tenantAdminCreds

尽管服务器具有Internet连接，但它失败了.操作系统是Windows Server 2016数据中心.该服务器是域中的成员服务器.

在C:\ Program Files \ Azure AD密码保护Proxy \ Logs中的RegisterProxy.log中，我看到此部分:

[15:56:26.883] [INFO] [00000008] RegisterProxy:已成功通过Azure authToken.Length:2367
进行身份验证 [15:56:26.883] [INFO] [00000008] RegisterProxy:身份验证成功
[15:56:26.883] [INFO] [00000008] RegisterProxy:创建新的代理证书CSR
[15:56:27.648] [INFO] [00000008] RegisterProxy:创建了新的代理证书CSR
[15:56:27.648] [INFO] [00000008] RegisterProxy:调用Azure来注册代理
[15:56:27.648] [INFO] [00000008] RegisterProxy:调用Azure来注册代理
[15:56:27.648] [INFO] [00000008] BPLServiceProxy:RegisterProxy开始
[15:56:27.648] [INFO] [00000008] BPLServiceProxy:调用Azure RegisterProxy终结点:https://enterpriseregistration.windows.net/aadpasswordpolicy/c1ed8b13-8975-44f6-b918-149236657b19/proxy?api-version=1.0& ; traceid = b8fc1b6d-f3ff-43d5-9eb5-02f16dc3fbb2
[15:56:27.789] [ERR] [00000008] BPLServiceProxy:从服务器接收到错误响应代码:未经授权
[15:56:27.789] [INFO] [00000008] RegisterProxy:注册代理请求返回失败代码:未经授权
[15:56:27.789] [INFO] [00000008] RegisterProxy:恢复原始跟踪ID
[15:56:27.789] [INFO] [00000008] RegisterProxy:RegisterProxy.ExecuteInternal结尾
[15:56:27.789] [ERR] [00000008] RegisterProxy:ExecuteInternal引发了异常:
[15:56:27.789] [ERR] [00000008] RegisterProxy:System.Management.Automation.PSArgumentNullException:无法处理参数，因为参数"exception"的值不正确.一片空白.更改参数"exception"的值设置为非null值.
    at System.Management.Automation.ErrorRecord..ctor(异常异常，字符串errorId，ErrorCategory errorCategory，对象targetObject)
    at ProxyPowershell.Commands.RegisterProxy.ExecuteInternal()
   位于ProxyPowershell.CmdletBase.ExecuteActualBusinessLogic()
[15:56:27.789] [INFO] [00000008] RegisterProxy:未初始化日志记录

请指教.
谢谢&问候，
马丁

When I follow the instructions to deploy Azure AD password protection, the registration of the proxy fails. When I use the commands

$tenantAdminCreds = Get-Credential
Register-AzureADPasswordProtectionProxy -AzureCredential $tenantAdminCreds

it fails, although the server has internet connectivity. OS is Windows Server 2016 Datacenter. The server is a member server in the domain.

In the RegisterProxy.log in C:\Program Files\Azure AD Password Protection Proxy\Logs, I see this section:

[15:56:26.883] [INFO] [00000008] RegisterProxy: Successfully authenticated to Azure authToken.Length:2367
[15:56:26.883] [INFO] [00000008] RegisterProxy: Authentication succeeded
[15:56:26.883] [INFO] [00000008] RegisterProxy: Creating a new proxy certificate CSR
[15:56:27.648] [INFO] [00000008] RegisterProxy: Created a new proxy certificate CSR
[15:56:27.648] [INFO] [00000008] RegisterProxy: Calling Azure to register the proxy
[15:56:27.648] [INFO] [00000008] RegisterProxy: Calling Azure to register the proxy
[15:56:27.648] [INFO] [00000008] BPLServiceProxy: RegisterProxy starting
[15:56:27.648] [INFO] [00000008] BPLServiceProxy: Calling Azure RegisterProxy endpoint: https://enterpriseregistration.windows.net/aadpasswordpolicy/c1ed8b13-8975-44f6-b918-149236657b19/proxy?api-version=1.0&traceid=b8fc1b6d-f3ff-43d5-9eb5-02f16dc3fbb2
[15:56:27.789] [ERR ] [00000008] BPLServiceProxy: Received error response code from the server:Unauthorized
[15:56:27.789] [INFO] [00000008] RegisterProxy: Register proxy request returned failure code:Unauthorized
[15:56:27.789] [INFO] [00000008] RegisterProxy: Restoring original trace id
[15:56:27.789] [INFO] [00000008] RegisterProxy: RegisterProxy.ExecuteInternal ending
[15:56:27.789] [ERR ] [00000008] RegisterProxy: ExecuteInternal threw an exception:
[15:56:27.789] [ERR ] [00000008] RegisterProxy: System.Management.Automation.PSArgumentNullException: Cannot process argument because the value of argument "exception" is null. Change the value of argument "exception" to a non-null value.
   at System.Management.Automation.ErrorRecord..ctor(Exception exception, String errorId, ErrorCategory errorCategory, Object targetObject)
   at ProxyPowershell.Commands.RegisterProxy.ExecuteInternal()
   at ProxyPowershell.CmdletBase.ExecuteActualBusinessLogic()
[15:56:27.789] [INFO] [00000008] RegisterProxy: Uninitializing logging

Please advise.
Thanks & regards,
Martin

推荐答案

You have to give Login credentials  of Active Directory domain administrator for the root domain and supply the necessary domain credentials via the forestcredential parameter.

tenantAdminCreds = Get-凭据-ForestCredential

tenantAdminCreds = Get-Credential -ForestCredential 

Register-AzureADPasswordProtectionProxy -AzureCredential

Register-AzureADPasswordProtectionProxy -AzureCredential

tenantAdminCreds

tenantAdminCreds

这篇关于Azure AD密码保护，注册代理命令失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！