Deploy Azure Stack Development Kit on an Azure VM

[Update on 18/10/17] With the new version of the ASDK, this blog post had been updated.

With the recent release of V3 VMs on Azure, you’ve now the possibility to do Nested Hyper-V, running a VM in an Azure VM.

Azure Stack Development Kit just released, it was the opportunity for me to deploy the last version in Azure, because I don’t have the necessary hardware at home to run it.

Be careful, the following article is not supported by Microsoft and can be used only for test.

Daniel Neumann, TSP Azure at Microsoft provided a version for his installation, on L2 nested virtualization:

I will use some parts of his blog for my installation. The difference is that he is deploying Azure Stack in a VM, on the Azure VM. In my case, we will deploy Azure Stack directly on the Azure VM.

Before starting, create an Azure AD account who is Global Admin. This account will be used to connect your Azure Stack to your Azure AD.

To start, deploy a VM on Azure, with the image Windows Server 2016 and with the minimum size E16s v3 (16 cores, 128 GB memory). It’s prerequisites to be able to run Azure Stack:

When the VM is deployed, do not apply any updates, just ignore them. We will rename the local administrator to Administrator, so we don’t have to modify scripts:

Stop the VM through the Azure Portal, and go to Disks. Expand the OS disk to 256GB and add 4 disks for the Storage Spaces Direct part, with 256GB each:

Start the VM and initialize disks. Modify the timezone with your time zone and deactivate the IE Enhanced Security Configuration parameter. You can connect and install prerequisites to gain time for the next part:

Restart the server:

You can now download Azure Stack Development Kit:

When extracted, mount the disk CloudBuilder.vhdx and copy folders CloudDeployment, fwupdate and tools in the root of your C drive. You can eject the disk CloudBuilder. Open a PowerShell console and do:

For IP addresses, use IP addresses that are not used in your Azure VNet and in your Azure Stack environment. You’ll have a first error who will be that your server is not physical. Don’t worry, you need to modify the file C:\CloudDeployment\Roles\PhysicalMachines\Tests\BareMetal.Tests.ps1 and to find $isVirtualizedDeployment. This variable is present 3 times in the file.

Remove the -not before each variable. Launch the installation again with the following command:


If you’ve an error with CredSSP when the script is modifying the number of maximum joined computer, follow this procedure. On the DC server, execute the following command:

On the Hyper-V server, execute the following command:

Open the gpedit.msc console and navigate to Local Computer Policy > Computer Configuration > Administrative Templates > System > Credential Delegation.

Activate Allow Delegating Fresh Credentials with NTLM-only Server Authentication and add the value WSMAN/*. Launch the script again:


When the BGPNAT VM is deployed, execute the following script on the Azure VM to create a new virtual switch that will give Internet access to your VM, by adapting IP addresses with IP that you used when you launched the installation:

Go in the parameter of the BGPNAT VM and change the virtual switch for the network card NAT from PublicSwitch to NATSwitch:

You can now ping external IP addresses:

The deployment of the infrastructure continues:

After few hours, the deployment is finished and you can connect to the admin and user interfaces:

If you’ve the following error message during the deployment of certificates on the Hyper-V host for the Monitoring Agent deployment:

VERBOSE: 1> [MonitoringAgent:Configure] Installing MA Certificate on FLOAPP-ASDK from \\SU1FileServer\SU1_Infrastructure_1\AzureStackCertStore\Internal\Current\MA\MonitoringAgentSsl.pfx – 10/18/2017 12:49:59 PM

VERBOSE: 1> [MonitoringAgent:Configure] Caught error Connecting to remote server FLOAPP-ASDK failed with the following error message : The WinRM client cannot process the request. The authentication mechanism requested by the client is not supported by the server or unencrypted traffic is disabled in the service configuration. Verify the unencrypted traffic setting in the service configuration or specify one of the authentication mechanisms supported by the server.  To use Kerberos, specify the computer name as the remote destination. Also verify that the client computer and the destination computer are joined to a domain. To use Basic, specify the computer name as the remote destination, specify Basic authentication and provide user name and password. Possible authentication mechanisms reported by server:     Negotiate Kerberos For more information, see the about_Remote_Troubleshooting Help topic. : retrying… – 10/18/2017 12:49:59 PM

Execute the following command and rerun the installation:

winrm set winrm/config/service/auth @{CredSSP=”true”}

Thanks to Ned for this solution:

Spread the word. Share this post!

  • Perfect content. I knew MS azure does not support this and certainly this article is worth try.

  • Stack user

    I have changed NIC of BGPNAT VMfrom PublicSwitch to NATSwitch.
    What should I do to continue the deployment of the infrastructure?

    • Hello,
      As explained in the article, the deployment will fail. Just relaunched it

  • Yusuf Anis

    Any clues for how this can be corrected?
    Expanding Microsoft.AzureStack.Solution.Deploy.CloudDeployment. Copying content to C:CloudDeployment.
    Find-Package : No match was found for the specified search criteria and package name ‘Microsoft.AzureStack.Solution.Deploy.CloudDeployment’. Try Get-PackageSource to see all available registered package sources.
    At C:CloudDeploymentSetupExpand-NuGetContent.psm1:62 char:25
    + … etPackage = Find-Package -Source $NugetStorePath -Name $NuGetName -Pr …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (Microsoft.Power…ets.FindPackage:FindPackage) [Find-Package], Exception
    + FullyQualifiedErrorId : NoMatchFoundForCriteria,Microsoft.PowerShell.PackageManagement.Cmdlets.FindPackage

    • Hello,
      It’s strange, did you installed the nuget package?

      Install-PackageProvider nuget –Verbose

  • Sundesh Pawar

    It did go through smoothly after changing “network card NAT from PublicSwitch to NATSwitch:” and i was able to see all the Vm’s getting populated in the Hyper-V manager. However later the script ended with attached Error and i just shutdown the machine. When i turned on the VM after the weekend , i could see just 2 Vm’s (DC and ERCS01) and all others were gone. When i attempted to rerun the installationpoc script, it gave message saying :”In order to run deployment you must be logged in as the Domain Admin account’.” Though i had logged in as Domain admin and also attempted to run the PS as Admin.

  • Philippe PAÏOLA

    On Azure VM host and on guest AzS-DC01, you must set the same timezone, date and hour (tzutil /s “pacific standard time”). Then on Hypervisor, check Time synchronization on Integration services

    • Thanks for this type. It depends where the VM is deployed for sure.

  • Philippe PAÏOLA

    An other error : use this command “Invoke-EceAction -RolePath Cloud -ActionType Deployment -Start 60.160 –Verbose” when installation failed after step “Natswitch”.

  • Pratima

    Hi Florent,
    I am deploying ASDK on Azure VM with VNet with Subnet-, using -NatIPv4Address as and -NATIpv$DefaultGateway as, the InstallAzureStackPOC.ps1 is stuck at Test-Connection to currently is not used by any VM in my Azure Stack infra…Am I doing something wrong..

    • Hello,
      No, normally, it should work without any problem… Strange.

  • Yuval Kashtan

    I got stuck on

    Invoke-EceAction : Task: Invocation of interface ‘Configure’ of role ‘CloudInfrastructureBareMetal’ failed:
    Type ‘Configure’ of Role ‘BareMetal’ raised an exception:
    You do not have the required permission to complete this task. Contact the administrator of the authorization policy
    for the computer ‘TstAzureStackVM’.
    at , C:CloudDeploymentRolesPhysicalMachinesConfigurePhysicalMachines.psm1: line 209
    at ConfigurePhysicalMachines, C:CloudDeploymentRolesPhysicalMachinesConfigurePhysicalMachines.psm1: line 43
    at Configure, C:CloudDeploymentClassesBareMetalBareMetal.psm1: line 39
    at , : line 18
    at , : line 16 – 10/13/2017 4:14:50 PM
    At C:CloudDeploymentSetupDeploySingleNode.ps1:579 char:5
    + Invoke-EceAction -RolePath $masterRole -ActionType $actionPlan @d …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [Invoke-EceAction], Exception
    + FullyQualifiedErrorId : Unspecified,Microsoft.HyperV.PowerShell.Commands.GetVM,CloudEngine.Cmdlets.InvokeCmdlet

    any help would be greatly appriciated

    • Hello,
      Did you launched the PowerShell console as Administrator?

    • Alper Sogukpinar

      Hi Yuval,
      It restarts Host VM at some point(s) of installation, you should login to the host VM with azurestackazurestackadmin after this user created…
      And also maker sure you open powershell console with run as administrator option.

      • Yuval Kashtan

        Yes, I’m getting these errors with the AzureStackAdmin user..
        If I’m running as administrator I get a whole set of different permission issues.
        I’ve also added AzureStackAdmin to the local Administrators group
        maybe I should also add it on the domain?

  • Manish Anand

    For prerequisite we need to have atleast two cpu cores.
    How do you create a vm in azure with dual cpu core?

    • Manish Anand

      Two cpu sockets *

      • Hello,
        No, it’s not possible sorry.

      • Alper Sogukpinar

        Hi Manish,
        Just select “E16s v3 (16 cores, 128 GB memory)” VM size as Florent documented.
        By the way the suggested VM’s system disk size also need to be increased 180 GB which is 128 GB by default.( You should stop the vm before increasing system disk storage size.)

  • Saul_AzureStack

    I am having the following problem… when I change AzS-BGPNAT01 to NATSwitch after some time the Azure VM reboots; if I turn AzS-BGPNAT01 ON again after some seconds the Azure VM reboots again! This is a problem to me because the DNS Lookup only works if AzS-BGPNAT01 is connecting to the internet….and its only happens when I start AzS-BGPNAT01 with NAT Interface marled to NATSwitch (if PuplicNetwork Switch is in use the Azure VM does not reboot but the DNS Lookup does not work and the installation does not continue)

    • Michael Bondarevsky

      I have the same issue. Any pointers?

      • Jun Yao

        On AzS-BGPNAT01’s VNIC, try to clear the advanced feature “Enable device naming”. Then attach it to the NATSwitch.

        • Michael Bondarevsky

          The same issue. Azure VM rebooted.

          • Jun Yao

            Oh. It looks like I am lucky. Actually, I did several changes to manage the problem. First, I disabled the cluster communication on this NAT( Network as I suspected this unexpected reboot was triggered by Failover cluster. But it didn’t help. Then I cleared the “Enable device naming” option as this was the only difference I observed. And then the reboot disappeared.

          • Daniele Scrivano

            Hi all, well I have the same issue, I have been uncleared “Enabled device naming”, unsetted Cluster Network on NATSwitch, and cleared bind to IPv6, but the VM reboot no ending when the VMBGPNAT01 has been started.

            Any idea about this?

            Thanks in advance,

          • David Pilar

            Hi all, well I have the same issue and nothing described is helping. Any other ideas?
            Thanx for help

    • Kenny Lowe

      Disabling IPV6 on the NATSwitch NIC fixed this for me.

  • Diman Buridan

    Hi Florent!
    Please tell me how much resources was spent during initial deployment of azure stack in money?
    Can i use trial azure subscription to do such testing of deploy azure stack?