Enable PaaS (Web Apps) in Azure Stack TP1 – Part II

PART I: Enable PaaS (Web Apps) in Azure Stack TP1

Welcome back at part 2 of the Web App Service deployment in Azure Stack. We left off on the part where the deployment of the SQL VM is finished and the WebSites VM’s are being deployed. When that’s finished log in to the portal and go to the WebsitesSQL resource group. In the resources section select the front-end loadbalancer and make note of the IP address:


Create an DNS wildcard record for the websites on the ADVM. The A record should be *.webapps.azurestack.local:


Go back to the portal and select the ManagementServerLoadBalancer and take note of the IP address:


Create for the IP an A record management.azurestack.local:


If you have followed the SQL tutorial there is already a *.azurestack.local wildcard certificate. Grab it from D:\SQLRP\AzureStack.SqlRP.Deployment.\content\Deployment\Certificate. If you haven’t follow it, create one on the PORTALVM using the first part of the SQL Provider blog post. Also grab the Root CA from the ADVM (\\advm\c$\Windows\System32\CertSrv\CertEnroll\ADVM.AzureStack.local_AzureStackCertificationAuthority.crt) When done open on the Hyper-V host the console session to the MN0-VM (you can see in the description in Hyper-V manager what the machine name is. The VM names are all guids for Web Apps. When logged in the VM copy from the portal or CLIENTVM the certificate to the box and import it:





Place the RootCA in the Trusted Root:



On the Controller VM (CN0-VM) run this script:


You can check the websites installation by opening the MMC and verify that the status under Managed Servers is ready :


In my install I had a continues repair of the Management VM and the FrontEnd VM. It turned out they needed a reboot for a windows feature installation. In my opinion this should have happen automatically as I can recall the same behavior when installing websites in Windows Azure Pack. When a failed attempt is reach to many times a reboot is initiated. This didn’t happen in my case. So if you experience issues with the website roles – reboot.


When all servers are in a “Ready” state open the Azure Stack Portal and log in as Service Admin and register the resource provider:



Or use Powershell:



When the resource provider is registered deploy a A2 VM in the same Resource group as the WebSitesSQL resource group and in the same network as the other websites machines (ServicesVirtualNetwork should be listed as default network when you select that resource group). This VM will be a shared website worker role that we will add to the deployment as no workers are deployed at this moment. We need at least one for websites to run on and I never found the parameter in the script for the # shared workers (it should have according to the documentation), so will do it now manually. Now we also know how to scale workers in the future.


When the deployment is finished log in to the VM and rename the admin account you specified to admin. This is required as the deployment credentials we specified in the deployment didn’t allowed to be “admin”. Now back in the Azure Stack Portal as Service Admin look up the IP address from the VM:


Next go to the Resource Providers blade and choose the WebApp-LOCAL. Then go to the Resource Provider Management and go to Roles. Then choose Add Role:


Notice we need to run one command on the worker before we can install the worker. Run this command, after it, reboot the vm.


So before click on OK run this on the worker VM and reboot:


Back in the portal click OK. But very short after the creation I got this error:


But when I looked in the Controller VM I see it is added and deploying the worker role. So I waited the installation to be finished installing the worker role from the console:


In the meantime i was checking back in the portal. I also see there that the worker role is added:


In the meantime the worker is being deployed(Can take up to 60 min) I added the Web App service to a plan. Go to the “POCPlan” we created after the initial deployment of Azure Stack. Choose services and add Microsoft.WebApps. Configure quota’s (I used unlimited).


And finally login as tenant user and create a Web App. But… before you do, make sure the deployment is finished for the shared web worker role:


Create a web app:


And voila:



UPDATE 15-2: Florent mentioned to me that when you try to deploy websites with dependencies on SQL that the deployment failed. The cause was that the Worker VMs where not able to resolve the DB server name. Its trying to resolve on netbios name only. We had the same issue in Azure Pack when adding SQL AO to the Admin site for DBaaS. The solution is simple. On the worker vm open the network settings and go to properties:


Select Advanced and under the DNS tab add the azurestack.local to the search suffix.

Have fun with your Web App Service!

Mark Scholman

Spread the word. Share this post!

  • Cyrill Hug

    Hi there, thanks a lot for your great posts. I followed your CentOS configuration and the WebApps deployment. CentOS is working like a charm. However, I have an issue with the WebApps part. I’m not able to deploy any WebApp. The tile for the configuration of the service just keeps loading without an error. Everything else worked as you described it. All servers are in the ready state in the Microsoft Azure Stack App Service Console. The Endpoint registration and the deployment of a new Web Worker was successful as well. Do you have any idea what I’m missing? Any suggestion is welcome. Cheers.

    • Mark Scholman

      Hi, Did you also import the RootCA in the Management (MN0-VM) in the trusted store? Start from here (Also grab the Root CA from the ADVM …)

      • Cyrill Hug

        Hi Mark, Thanks for your hint. You were right. I forgot the RootCA. It was getting late that evening 😉
        Solved the problem for me.

        • Mark Scholman

          Good to hear it worked out for you! Have fun with the web App Service

  • Kyle Engibous

    Mark thank you so much for so many wonder posts. I have been working through this post but I am stuck at adding roles the the webapp-local resource provider, I am getting the following error when click the Go To Resource Provider Management button. Any thoughts? Thanks much!

  • Mark Dommisse

    Hi Mark, the PowerShell script to add the resource provider fails at $azAccount = Add-AzureRmAccount -Environment $azEnvironment”

    The error is: Add-AzureRmAccount : Cannot bind parameter ‘Environment’. Cannot convert the “AzureStack” value of type “System.String” to type “Microsoft.Azure.Common.Authentication.Models.AzureEnvironment”.

    I solved this using $azAccount = Add-AzureRmAccount -EnvironmentName $azEnvironment

    • Mark Scholman

      Hi Mark, Thanks for you comment, You did installed the latest version of the PowerShell tools on the machine where you run the cmd?

      • Mark Dommisse

        Yes, Azure Powershell February 2016 is installed. The version number is 1.2.1.

      • Mark Dommisse

        Oh well, I just tried again. Now it works flawlessly.

  • Mark Dommisse

    Another note: During my attempt of deploying WebApps, a worker role was deployed automatically. The VM-name is WW0-VM.

    • Mark Scholman

      Ah that is great news. I don’t know what caused mine to decide not deploy it 🙂 will add this to the blog to check if it exist.