Systems Management

Building a ConfigMgr Lab from Scratch: Step 14 – Cloud Management Gateway (CMG) – Azure Subscription

Topics: Systems Management

Building a ConfigMgr Lab from Scratch: Step 14

Cloud Management Gateway (CMG) – Azure Subscription

I’m going to go over what I had to do in our Azure Portal to get things ready. This was the biggest thing that tripped me up, mostly because I was using an account that didn’t work properly. So just a note, if you don’t log into your Azure Portal Directory with the Same “domain name” as the one you’re managing, you’ll run into issues.

Here is what happened to me. It’s no secret, that our domain name is recastsoftware.com, and that is the domain in our accounts are all set up in. Our DEV lab has its own Azure Directory which is dev.recastsoftware.com. When I was logging into the portal, I was using my recastsoftware.com account and even though I had global admin rights, and was an owner of the subscription, I ran into issues.

Here below you can see the account I was using was a “guest”, which should have been a red flag, but I still had all of the proper rights, so I just overlooked it.

I was the Owner of the Subscription
I was a Global Admin

But the issue was, when I was in the CM Console trying to run the setup, I kept getting errors on logon attempts.

While configuring the Cloud Management Gateway (CMG) at different client sites, we stumbled on an issue ‘Failed to sign in to Azure‘ to create the Azure web applications. When I googled, I found this blog post by Jonathan Lefebvre (@JLefebvreGloben) which was very interesting and helped me understand what was going on behind the scenes, so while it wasn’t the resolution I needed, it was very helpful in my understanding of what the CM Console creates on the backend.

Troubleshooting… Call my Friend Adam Gross (@AdamGrossTX) who is a Cloud Expect and ask for help. We confirmed my account had the rights and that Azure was set up. But still, nothing was working. Then he tried using his Azure Subscription on in my lab, and it worked fine, so we knew it was not my local lab servers, but an issue on the Azure side. He then noticed the “guest” associated with my name and suggested I make a new account. That was the key to this.

I created a new account and gave it all the same rights. [MS Docs, difference between Members & Guests]

Account: Gary Blok Dev (garyb@dev.recastsoftwarecom) then:

  • Then made it a Global Admin in the dev.recastsoftwarecom site. [MS Docs]
  • Made it an owner on the Subscription [MS Docs]
  • Made it a Co-Administrator on the Subscription [MS Docs]

After that, I was able to follow the process as described in the Docs & in the Youtube Video Justin created.

Images to help clear anything up:

My User = Member
My User = Global Administrator
My Account is an Owner of the Subscription
My Account is a “Co-administrator” on the subscription.

Building a ConfigMgr Lab from Scratch Series

Series Introduction – Building a CM Lab from Scratch

  1. Setting up your Domain Controller
  2. Creating a Router for your Lab using Windows Server 
  3. Certificate Authority – On Domain Controller [Optional]
  4. ConfigMgr Server Pre-Reqs (Windows Features)
  5. Configuration Settings (AD & GPOs)
  6. Source Server (File Share)
  7. ConfigMgr SQL Install
  8. ConfigMgr Install
  9. ConfigMgr Basic Settings
  10. ConfigMgr Collections & App Deployment
  11. ConfigMgr OSD
  12. ConfigMgr Reporting Services
  13. Cloud Management Gateway (CMG) – Certs PreReq
  14. Cloud Management Gateway (CMG) – Azure Subscription – You are Here
  15. Azure Services Connection
  16. Setting up CMG in the Console
  17. Cloud Management Gateway (CMG) – Post CMG Config
  18. Cloud Management Gateway – Client CMG Endpoints
Back to Top