Deploying Azure Local (Stack) HCI
- alynpeden
- Nov 23, 2024
- 6 min read
Updated: Apr 23
These deployment steps are now out of date as some parts are no longer required however leaving post intact for reference but will be replaced with a V2 post coming soon
With the changes in EUC Azure Stack HCI (now Azure Local) has become a popular option and even more so now that it supports the deployment of Azure Virtual Desktop (AVD) in this post we will share our documented deployment steps for Azure stack including solutions to common errors along the way. Errors will also be shared on individual posts for ease of finding \ reading.
High Level Steps
1. Prepare Servers
Install Network cards, TPM modules and Storage.
Upgrade Firmware
Install HCI OS
Configure IP/Name
Enable RDP
Cluster Validation Tests
Enable Hyper-V Role
BitLocker Key Backup
2. Prepare AD
Configure On-Prem AD
3. Configure Azure
Enable Resource Providers
Register nodes wit Azure ARC
Create HCI Cluster
Create Storage Volumes
Create Logical Network
Create Monitoring Alerts
Post Deployment Steps
This particular example is a 2 node cluster in switchless storage configuration deployed in the Auxilium Lab environment. You can have a maximum of 3 nodes in a switchless storage configuration before requiring a Top of Rack Switch (TOR) preferably dedicated to storage and running at 25GB

1. Prepare Servers
Pay attention to the hardware requirements and ensure you are running the latest supported firmware prior to starting. Hardware must have RDMA supported Network cards and also a trusted platform module, ensure this is also enabled in the BIOS along with secure boot.
HCI OS can be downloaded from the Azure Portal by searching for Azure Stack HCI which will soon be renamed. When you install the HCI OS configure the IP address \ DNS etc and also enable RDP to make pasting Powershell commands easier.
DO NOT Domain Join it otherwise it will fail at the deployment stage as domain join happens later.
Download Install the Vendor Network Drivers as in box drivers are not supported and validation will fail. To verify what drivers are in use on the NIC run the following Powershell commands
Get-NetworkAdapter

get-netadapter -name "Embedded LOM 1 Port 1" | select Driver*

If the provider is Microsoft the Inbox driver is being used and validation will fail.
From Powershell on the node run get-netadapterrdma to confirm it’s enabled and operational

Run Cluster Validation from the node(s)
Run the Environment Checker to identify potential issues. If using a proxy check the link for the command to set proxy.
https://learn.microsoft.com/en-us/azure/azure-local/manage/use-environment-checker?tabs=connectivity
Installing the modules
Install-Module PowerShellGet -AllowClobber -Force
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
Install-Module -Name AzStackHci.EnvironmentChecker
Run the connectivity checker
Invoke-AzStackHciConnectivityValidation
Run the Hardware Checker
Invoke-AzStackHciHardwareValidation
Install hyper V on all nodes
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
Ensure you back up the Bitlocker key as it will be required when firmware updates are completed on the node and not having keys will likely result in data loss
Get-AsRecoveryKeyInfo | ft ComputerName, PasswordID, RecoveryKeyÂ
Disable DCBX willing
QOS should be disabled for switchless storage mode. DCBX is enabled by default. This recommendation is not documented by Microsoft and was a recommendation after a call around storage performance.
Set-NetQoSDCBXSetting -Willing $false -Confirm:$false
Prepare AD
Install the HCI PS module on a DC or PC with RSAT
Install-Module -Name AsHciADArtifactsPreCreationTool
Run the command to create the OU and Deployment account
New-HciAdObjectsPreCreation -AzureStackLCMUserCredential (Get-Credential) -AsHciOUName "OU=<OU>,OU=<OU>,DC=<Domain>,DC=<domain>"
You will be prompted for a new user account, give it a name and secure password.
NOTE Password must comply with Azure policy

You should now see the OU and Deployment account in AD

3. Configure Azure
Now that the AD prep is complete and the Nodes are passing connectivity checks its time to register the nodes with ARC and create the cluster to complete the initial build
You can find the documentation for ARC registration here
Please be aware of the Supported regions for Azure Stack HCI

Enable the following Resource Providers on your Azure subscription that will have HCI Stack deployed
Microsoft.Compute
Microsoft.GuestConfiguration
Microsoft.AzureStackHCI
Microsoft.HybridCompute
Install the required modules
The following steps must be done for each node
#Register PSGallery as a trusted repo
Register-PSRepository -Default -InstallationPolicy Trusted
#Install required PowerShell modules in your node for registration
Install-Module Az.Accounts -RequiredVersion 2.13.2
Install-Module Az.Resources -RequiredVersion 6.12.0
Install-Module Az.ConnectedMachine -RequiredVersion 0.5.2
#Install Arc registration script from PSGallery
Install-Module AzsHCI.ARCinstaller
#Update AZ Modules
Update-module az*
Define Variables
#Define the subscription where you want to register your server as Arc device
$Subscription = "SubscriptionID"
#Define the resource group where you want to register your server as Arc device
$RG = "RGName"
#Define the region you will use to register your server as Arc device
$Region = "West Europe"
#Define the tenant you will use to register your server as Arc device
$Tenant = "TenantID"
Connect to Azure
#Connect to your Azure account and Subscription
Connect-AzAccount -SubscriptionId $Subscription -TenantId $Tenant -DeviceCode
#Get the Access Token for the registration
$ARMtoken = (Get-AzAccessToken).Token
#Get the Account ID for the registration
$id = (Get-AzContext).Account.Id
Note: if you get the error Get-AzAccessToken : Authentication failed against tenant run the following command and try again
Update-AzConfig -EnableLoginByWam $false
Register with ARC
#Invoke the registration script. Use a supported region.
Invoke-AzStackHciArcInitialization -SubscriptionID $Subscription -ResourceGroup $RG -TenantID $Tenant -Region $Region -Cloud "AzureCloud" -ArmAccessToken $ARMtoken -AccountID $id
*Repeat steps for each node
If you configure the stack against the wrong zone/RG you will need to unregister your server(s)
Command to Undo the registration
Remove-AzStackHciArcInitialization -SubscriptionID $Subscription -ResourceGroup $RG -TenantID $Tenant -Cloud "AzureCloud" -ArmAccessToken $ARMtoken -AccountID $id
You will now see your node(s) registered in Azure ARC. Give it 10 minutes or so before creating the cluster as the LCM extension may take some time to register.

You can now create the Cluster from the Azure portal

Basics
Subscription: Select Subscription
Resource Group: Select RG previously defined
Cluster Name: Set cluster name
Region: Select previously defined region
Key vault Name (use Existing or create new)
Add Machines - Select the machines you want to add to the cluser then select Validate Servers
If you receive the following error when doing validaiton it means the LCM extension installation has not completed ad requires more time
Exception [Arc extensions installed on Arc Machine [/subscriptions/3b0bdc2b-3dd1-4dfc-a34e-1e7a11d7aa45/resourceGroups/new/providers/Microsoft.HybridCompute/machines/HCI_Node_A] are [TelemetryAndDiagnostics, DeviceManagementExtension, EdgeRemoteSupport] while required list of mandatory arc extensions are [TelemetryAndDiagnostics, DeviceManagementExtension, LcmController]. Mandatory extensions not yet installed are [LcmController]]Â occured while fetching Arc extensions for Arc Machine [/subscriptions/3b0bdc2b-3dd1-4dfc-a34e-1e7a11d7aa45/resourceGroups/new/providers/Microsoft.HybridCompute/machines/HCI_Node_A]
Configuration
Source* New configuration
You can create deployment templates ideal for environments that will have multiple stack deployments
Networking
Network section allows you to configure the traffic on your nodes and what adapters are used for certain traffic as well as allowing you to team adapters. Unless you are deploying a single node you may want to separate storage traffic from management traffic.
In this section you will also need to reserve some IP addresses that are used for roles within the cluster then validate the subnet before proceeding.
Management
This is the section where you provide information created in previous steps. if passwords are incorrect the deployment will fail within a couple minutes.
Security
Recommended security settings or custom if you need to make changes.
Advanced
This section will specify how volumes are initially created. Create the required infrastructure volumes only and then review the volumes section of the documentation here to choose the appropriate configuration for your workload.
Please see blog for what not to do when creating a volume
Tags
self explanatory
Validation
at this point you will run the final validation before creating the cluster. if you receive and error relating to External Active Directory it is likely permissions on the OU which can be resolved by following instructions below;

If your validation fails at the disk section then you may need to clean the drives
Find out the disk numbers for the disks to be used as cluster storage using Get-disk
Run the following commands against the disks and then reboot, run the invoke-azstackhcihardwarevalidation and it should now work fine.
Â
set-disk -number 0 -isoffline $false
set-disk -number 1 -isoffline $false
set-disk -number 2 -isoffline $false
set-disk -number 3 -isoffline $false
set-disk -number 4 -isoffline $false
set-disk -number 5 -isoffline $false
set-disk -number 6 -isoffline $false
set-disk -number 7 -isoffline $false
Â
set-disk -number 0 -isreadonly $false
set-disk -number 1 -isreadonly $false
set-disk -number 2 -isreadonly $false
set-disk -number 3 -isreadonly $false
set-disk -number 4 -isreadonly $false
set-disk -number 5 -isreadonly $false
set-disk -number 6 -isreadonly $false
set-disk -number 7 -isreadonly $false
Clear-Disk -number 0 -RemoveData -RemoveOEM -Confirm:$false
Clear-Disk -number 1 -RemoveData -RemoveOEM -Confirm:$false
Clear-Disk -number 2 -RemoveData -RemoveOEM -Confirm:$false
Clear-Disk -number 3 -RemoveData -RemoveOEM -Confirm:$false
Clear-Disk -number 4 -RemoveData -RemoveOEM -Confirm:$false
Clear-Disk -number 5 -RemoveData -RemoveOEM -Confirm:$false
Clear-Disk -number 6 -RemoveData -RemoveOEM -Confirm:$false
Clear-Disk -number 7 -RemoveData -RemoveOEM -Confirm:$false
Â
Set-Disk -number 0 -isreadonly:$true
Set-Disk -number 1 -isreadonly:$true
Set-Disk -number 2 -isreadonly:$true
Set-Disk -number 3 -isreadonly:$true
Set-Disk -number 4 -isreadonly:$true
Set-Disk -number 5 -isreadonly:$true
Set-Disk -number 6 -isreadonly:$true
Set-Disk -number 7 -isreadonly:$true
Â
Set-Disk -number 0 -isoffline:$true
Set-Disk -number 1 -isoffline:$true
Set-Disk -number 2 -isoffline:$true
Set-Disk -number 3 -isoffline:$true
Set-Disk -number 4 -isoffline:$true
Set-Disk -number 5 -isoffline:$true
Set-Disk -number 6 -isoffline:$true
Set-Disk -number 7 -isoffline:$true
Final Validation should now look like the screenshot below you can now go ahead to the summary screen and create your Azure Local cluster

Once created you are ready to go and deploy workloads onto your Azure Local cluster.
