Monthly Archives: October 2014

Troubleshoot message flow for Windows Azure Pack

While developing WAP custom resource providers, I have seen myself and others running into the issue of getting 404, resource not found when developing a new API controller.

Typically if we have atleast one API call working against the custom RP, it means that custom resource provider registration is working fine and WAP framework is routing the messages correctly. It is most likely a mismatch between how API client construct the URL or how route configuration is done in Web API. Attaching debugger, doesn’t really help in this scenario, as ASP .NET is not able to find the route to the controller class (yea, that is why it is sending 404). So how do we find out how is the messages get routed.

First and foremost, we need to understand how messages are flowing. Below diagram shows how it will typically be routed in a development boxes (I have marked the default ports in there).


We can use Fiddler tool to capture the traffic and understand the exact messages that are going between various Sites. Since fiddler is a proxy tool, we need to enable proxy at the origin of the message. So if you are interested in finding the messages that Resource Provider API receive, you should set the proxy at Admin API or Tenant API, depending on what specific messages you are trying to look at.

This is what I have done on my test environment (Windows Server 2012 R2), to troubleshoot messages coming to the tenant endpoint on my custom RP.

  • Logged on to server as Administrator
  • Install Fiddler tool (I used the downloads from Telerik)
  • Changed the Identity of ‘Tenant API’ application pool to Administrator


  • Opened a new instance of IE and launched Fiddler from Tools > Fiddler
  • Configure Fiddler to capture HTTPS traffic (Fiddler : Tools > Fiddler Options)


  • Accept the Fiddler Proxy Certificate installation
  • From IE, accessed tenant portal and invoked custom resource provider tabs
  • Now, messages that goes from Tenant API to custom RP starts showing up in Fiddler. Smile

Note: Fiddler captures all traffic that originate from browser as well. To filter the requests that shows up in Fiddler UI, you can update the ‘Rules’ in Fiddler (Rules > Customize Rules). I have used the following rule to see only the messages that land on my custom resource provider.

static function OnBeforeRequest(oSession: Session) {
   if ( != “twe-wap01:30032”){
     oSession[“ui-hide”] = “true”;

Thanks to Manish for helping me with the approach.

Add an existing VM to Windows Azure Pack Subscription

Typically, when we try to set the user role and owner to an existing virtual machine using PowerShell commands, we might get the following error.

Set-SCVirtualMachine: The specified owner is not a valid Active Directory Domain Services account.

Here are couple of blog posts explaining the theory and how to do it correctly.

This is a PowerShell script, you could directly use after fixing the variable names in the first section, as you need.

# Edit the following properties according to the environment
$vmmServerName = “”;
$tenantName = “”;
$tenantSubscription = “99a39f76-b938-4e75-b8e3-78a24f60add7”;
$vmName = “java-devops-03”;

# Connect to VMM Server
Get-SCVMMServer –ComputerName $vmmServerName – ForOnBehalfOf;

# Tenant user is expected to sign up in WAP Portal and added to a plan with VM Resources
# This will ensure that user role is created in SC, with required quota limits

$roleName = $tenantName + “_” + $tenantSubscription;
$role = Get-SCUserRole –Name $roleName;
Get-SCVirtualMachine –Name $vmName | Set-SCVirtualMachine –UserRole $role;
Get-SCVirtualMachine –Name $vmName | Set-SCVirtualMachine –Owner $tenantName –OnBehalfOfUserRole $role –OnBehalfOfUser $role;

My views on technology

Virtualization and some coffee

My views on technology

Thomas Maurer

Cloud and Datacenter Blog focusing on Microsoft Azure

Cloud Administrator in Azure World

Begin Your Azure Management Journey with the Cloud Administrator