验证 Azure Stack Hub 系统状态Validate Azure Stack Hub system state

Azure Stack Hub 操作员必须能够按需确定系统的运行状况和状态,这一点至关重要。As an Azure Stack Hub operator, being able to determine the health and status of your system on demand is essential. Azure Stack Hub 验证工具 (Test-AzureStack) 是一个 PowerShell cmdlet,可让你在系统上运行一系列测试来识别故障(如果有)。The Azure Stack Hub validation tool (Test-AzureStack) is a PowerShell cmdlet that lets you run a series of tests on your system to identify failures if present. 联系 Azure 客户服务支持(Azure 支持)以解决问题时,他们通常要求你通过特权终结点 (PEP) 来运行此工具。You'll typically be asked to run this tool through the privileged end point (PEP) when you contact Azure Customer Services Support (Azure Support) with an issue. 使用现有的系统范围运行状况和状态信息,Azure 支持可以收集和分析详细的日志,专注于发生错误的区域,与你一起解决问题。With the system-wide health and status information at hand, Azure Support can collect and analyze detailed logs, focus on the area where the error occurred, and work with you to fix the issue.

运行验证工具并访问结果Running the validation tool and accessing results

如上所述,验证工具通过 PEP 运行。As stated above, the validation tool is run via the PEP. 每项测试在 PowerShell 窗口中返回 PASS/FAIL(通过/失败)状态。Each test returns a PASS/FAIL status in the PowerShell window. 下面概述了端到端的验证测试过程:Here's an outline of the end-to-end validation testing process:

  1. 建立信任。Establish the trust. 在集成系统中,从权限提升的 Windows PowerShell 会话运行以下命令,将 PEP 添加为硬件生命周期主机或特权访问工作站上运行的强化 VM 的受信任主机。On an integrated system, run the following command from an elevated Windows PowerShell session to add the PEP as a trusted host on the hardened VM running on the hardware lifecycle host or the Privileged Access Workstation.

    winrm s winrm/config/client '@{TrustedHosts="<IP Address of Privileged Endpoint>"}'

    如果运行的是 Azure Stack Hub 开发工具包 (ASDK),请登录到开发工具包主机。If you're running the Azure Stack Development Kit (ASDK), sign in to the development kit host.

  2. 访问 PEP。Access the PEP. 运行以下命令建立 PEP 会话:Run the following commands to establish a PEP session:

    Enter-PSSession -ComputerName "<ERCS VM-name/IP address>" -ConfigurationName PrivilegedEndpoint -Credential $localcred 


    若要访问 Azure Stack 开发工具包 (ASDK) 主机上的 PEP,请使用 AzS-ERCS01 作为 -ComputerName。To access the PEP on an Azure Stack Development Kit (ASDK) host computer, use AzS-ERCS01 for -ComputerName.

  3. 进入 PEP 后,运行:Once you're in the PEP, run:


    有关详细信息,请参阅参数注意事项用例For more information, see Parameter considerations and Use case examples.

  4. 如果有任何测试报告了“失败”,请运行 Get-AzureStackLogIf any tests report FAIL, run Get-AzureStackLog. 有关集成系统的说明,请参阅在 Azure Stack Hub 集成系统上运行 Get-AzureStackLogFor instructions on an integrated system, see how to run Get-AzureStackLog on Azure Stack Hub integrated systems.

    该 cmdlet 收集 Test-AzureStack 生成的日志。The cmdlet gathers logs generated by Test-AzureStack. 如果测试报告“WARN”(警告),建议你不要改为收集日志并联系 Azure 支持。We recommend you don't collect logs and contact Azure Support instead if tests report WARN.

  5. 如果 Azure 支持已指示你运行验证工具,Azure 支持代表会请求你提供收集的日志,以便继续排查问题。If you're instructed to run the validation tool by the Azure Support, the Azure Support representative will request the logs you collected to continue troubleshooting your issue.

可用的测试Tests available

使用验证工具可以运行一系列的系统级测试和基本云方案,以洞察当前状态,并修复系统中的问题。The validation tool lets you run a series of system-level tests and basic cloud scenarios that provide you with insight to the current state, allowing you to fix issues in your system.

云基础结构测试Cloud infrastructure tests

这些低影响性测试在基础结构级别进行,提供有关各个系统组件和功能的信息。These low impact tests work on an infrastructure level and provide you with information on various system components and functions. 目前,这些测试划分为以下类别:Currently, tests are grouped into the following categories:

测试类别Test Category -Include 和 -Ignore 的参数Argument for -Include and -Ignore
Azure Stack Hub ACS 摘要Azure Stack Hub ACS Summary AzsAcsSummaryAzsAcsSummary
Azure Stack Hub Active Directory 摘要Azure Stack Hub Active Directory Summary AzsAdSummaryAzsAdSummary
Azure Stack Hub 警报摘要Azure Stack Hub Alert Summary AzsAlertSummaryAzsAlertSummary
Azure Stack Hub 应用程序崩溃摘要Azure Stack Hub Application Crash Summary AzsApplicationCrashSummaryAzsApplicationCrashSummary
Azure Stack Hub 备份共享可访问性摘要Azure Stack Hub Backup Share Accessibility Summary AzsBackupShareAccessibilityAzsBackupShareAccessibility
Azure Stack Hub BMC 摘要Azure Stack Hub BMC Summary AzsStampBMCSummaryAzsStampBMCSummary
Azure Stack Hub 云托管基础结构摘要Azure Stack Hub Cloud Hosting Infrastructure Summary AzsHostingInfraSummaryAzsHostingInfraSummary
Azure Stack Hub 云托管基础结构利用率Azure Stack Hub Cloud Hosting Infrastructure Utilization AzsHostingInfraUtilizationAzsHostingInfraUtilization
Azure Stack Hub 控制平面摘要Azure Stack Hub Control Plane Summary AzsControlPlaneAzsControlPlane
Azure Stack Hub Defender 摘要Azure Stack Hub Defender Summary AzsDefenderSummaryAzsDefenderSummary
Azure Stack Hub 托管基础结构固件摘要Azure Stack Hub Hosting Infrastructure Firmware Summary AzsHostingInfraFWSummaryAzsHostingInfraFWSummary
Azure Stack Hub 基础结构容量Azure Stack Hub Infrastructure Capacity AzsInfraCapacityAzsInfraCapacity
Azure Stack Hub 基础结构性能Azure Stack Hub Infrastructure Performance AzsInfraPerformanceAzsInfraPerformance
Azure Stack Hub 基础结构角色摘要Azure Stack Hub Infrastructure Role Summary AzsInfraRoleSummaryAzsInfraRoleSummary
Azure Stack Hub 网络基础结构Azure Stack Hub Network Infra AzsNetworkInfraAzsNetworkInfra
Azure Stack Hub 门户和 API 摘要Azure Stack Hub Portal and API Summary AzsPortalAPISummaryAzsPortalAPISummary
Azure Stack Hub 缩放单元 VM 事件Azure Stack Hub Scale Unit VM Events AzsScaleUnitEventsAzsScaleUnitEvents
Azure Stack Hub 缩放单元 VM 资源Azure Stack Hub Scale Unit VM Resources AzsScaleUnitResourcesAzsScaleUnitResources
Azure Stack Hub 方案Azure Stack Hub Scenarios AzsScenariosAzsScenarios
Azure Stack Hub SDN 验证摘要Azure Stack Hub SDN Validation Summary AzsSDNValidationAzsSDNValidation
Azure Stack Hub Service Fabric 角色摘要Azure Stack Hub Service Fabric Role Summary AzsSFRoleSummaryAzsSFRoleSummary
Azure Stack Hub 存储数据平面Azure Stack Hub Storage Data Plane AzsStorageDataPlaneAzsStorageDataPlane
Azure Stack Hub 存储服务摘要Azure Stack Hub Storage Services Summary AzsStorageSvcsSummaryAzsStorageSvcsSummary
Azure Stack Hub SQL 存储摘要Azure Stack Hub SQL Store Summary AzsStoreSummaryAzsStoreSummary
Azure Stack Hub 更新摘要Azure Stack Hub Update Summary AzsInfraUpdateSummaryAzsInfraUpdateSummary
Azure Stack Hub VM 位置摘要Azure Stack Hub VM Placement Summary AzsVmPlacementAzsVmPlacement

云方案测试Cloud scenario tests

除了上述基础结构测试以外,还可以运行云方案测试,以检查各基础结构组件的功能。In addition to the infrastructure tests above, you can also run cloud scenario tests to check functionality across infrastructure components. 由于这些测试涉及到资源部署,因此需要云管理员凭据才能运行这些测试。Cloud admin credentials are required to run these tests because they involve resource deployment.


目前不能使用 Active Directory 联合身份验证服务 (AD FS) 凭据运行云方案测试。Currently you can't run cloud scenario tests using Active Directory Federated Services (AD FS) credentials.

验证工具可测试以下云方案:The following cloud scenarios are tested by the validation tool:

  • 资源组创建Resource group creation
  • 计划创建Plan creation
  • 套餐创建Offer creation
  • 存储帐户创建Storage account creation
  • 虚拟机 (VM) 创建Virtual machine creation (VM)
  • Blob 存储操作Blob storage operation
  • 队列存储操作Queue storage operation
  • 表存储操作Table storage operation

参数注意事项Parameter considerations

  • List 参数可用于显示所有可用的测试类别。The parameter List can be used to display all available test categories.

  • IncludeIgnore 参数可用于包含或排除测试类别。The parameters Include and Ignore can be used to include or exclude test categories. 有关这些参数的详细信息,请参阅以下部分。For more information about these arguments, see the following section.

    Test-AzureStack -Include AzsSFRoleSummary, AzsInfraCapacity
    Test-AzureStack -Ignore AzsInfraPerformance
  • 在云方案测试期间,会部署一个租户 VM。A tenant VM is deployed as part of the cloud scenario tests. 可以使用 DoNotDeployTenantVm 来禁用此 VM 部署。You can use DoNotDeployTenantVm to disable this VM deployment.

  • 用例部分所述,需要提供 ServiceAdminCredential 参数才能运行云方案测试。You need to supply the ServiceAdminCredential parameter to run cloud scenario tests as described in the Use case examples section.

  • 用例部分所述,在测试基础结构备份设置时,需使用 BackupSharePathBackupShareCredentialBackupSharePath and BackupShareCredential are used when testing infrastructure backup settings as shown in the Use case examples section.

  • DetailedResults 可用于获取每个测试以及整个运行的通过/失败/警告信息。DetailedResults can be used to get pass/fail/warning information for each test, as well as the overall run. 如果未指定此参数,未发生失败时,Test-AzureStack 将返回 $true,否则返回 $falseWhen not specified, Test-AzureStack returns $true if there are no failures, and $false if there are failures.

  • TimeoutSeconds 可用于设置每个组完成的特定时间。TimeoutSeconds can be used to set a specific time for each group to complete.

  • 验证工具还支持常用的 PowerShell 参数:Verbose、Debug、ErrorAction、ErrorVariable、WarningAction、WarningVariable、OutBuffer、PipelineVariable 和 OutVariable。The validation tool also supports common PowerShell parameters: Verbose, Debug, ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer, PipelineVariable, and OutVariable. 有关详细信息,请参阅有关通用参数For more information, see About Common Parameters.

用例Use case examples

在不测试云方案的情况下运行验证Run validation without cloud scenarios

在不使用 ServiceAdminCredential 参数的情况下运行验证工具可以跳过云方案测试:Run the validation tool without the ServiceAdminCredential parameter to skip running cloud scenario tests:

New-PSSession -ComputerName "<ERCS VM-name/IP address>" -ConfigurationName PrivilegedEndpoint -Credential $localcred

在测试云方案的情况下运行验证Run validation with cloud scenarios

默认情况下,在验证工具中提供 ServiceAdminCredentials 参数会运行云方案测试:Supplying the validation tool with the ServiceAdminCredentials parameter runs the cloud scenario tests by default:

Enter-PSSession -ComputerName "<ERCS VM-name/IP address>" -ConfigurationName PrivilegedEndpoint -Credential $localcred 
Test-AzureStack -ServiceAdminCredential "<Cloud administrator user name>" 

如果你只想运行云方案而不运行其余的测试,可以使用 Include 参数实现此目的:If you wish to run ONLY cloud scenarios without running the rest of the tests, you can use the Include parameter to do so:

Enter-PSSession -ComputerName "<ERCS VM-name/IP address>" -ConfigurationName PrivilegedEndpoint -Credential $localcred 
Test-AzureStack -ServiceAdminCredential "<Cloud administrator user name>" -Include AzsScenarios   

必须以 UPN 格式键入云管理员的用户名:serviceadmin@contoso.partner.onmschina.cn (Azure AD)。The cloud admin user name must be typed in the UPN format: serviceadmin@contoso.partner.onmschina.cn (Azure AD). 出现提示时,键入云管理员帐户的密码。When prompted, type the password to the cloud admin account.


为了改善操作员体验,已启用 Group 参数以同时运行多个测试类别。To improve the operator experience, a Group parameter has been enabled to run multiple test categories at the same time. 目前定义了三个组:DefaultUpdateReadinessSecretRotationReadinessCurrently, there are three groups defined: Default, UpdateReadiness, and SecretRotationReadiness.

  • 默认:被视为 Test-AzureStack 的标准运行。Default: Considered to be a standard run of Test-AzureStack. 如果未选择其他组,则默认会运行此组。This group is run by default if no other groups are selected.

  • UpdateReadiness:检查是否可以更新 Azure Stack Hub 实例。UpdateReadiness: A check to see if the Azure Stack Hub instance can be updated. UpdateReadiness 组运行时,警告将作为错误显示在控制台输出中,应将其视为更新的阻碍。When the UpdateReadiness group is run, warnings are displayed as errors in the console output, and they should be considered as blockers for the update. 从 Azure Stack Hub 1910 版开始,以下类别属于 UpdateReadiness 组:As of Azure Stack Hub Version 1910 the following categories are part of the UpdateReadiness group:

    • AzsInfraFileValidationAzsInfraFileValidation
    • AzsActionPlanStatusAzsActionPlanStatus
    • AzsStampBMCSummaryAzsStampBMCSummary
  • SecretRotationReadiness:检查 Azure Stack Hub 实例是否处于可以运行机密轮换的状态。SecretRotationReadiness: A check to see if the Azure Stack Hub instance is in a state in which secret rotation can be run. SecretRotationReadiness 组运行时,警告将作为错误显示在控制台输出中,应将其视为机密轮换的阻碍。When the SecretRotationReadiness group is run, warnings are displayed as errors in the console output and they should be considered as blockers for secret rotation. 以下类别属于 SecretRotationReadiness 组:The following categories are part of the SecretRotationReadiness Group:

    • AzsAcsSummaryAzsAcsSummary
    • AzsDefenderSummaryAzsDefenderSummary
    • AzsHostingInfraSummaryAzsHostingInfraSummary
    • AzsInfraCapacityAzsInfraCapacity
    • AzsInfraRoleSummaryAzsInfraRoleSummary
    • AzsPortalAPISummaryAzsPortalAPISummary
    • AzsSFRoleSummaryAzsSFRoleSummary
    • AzsStorageSvcsSummaryAzsStorageSvcsSummary
    • AzsStoreSummaryAzsStoreSummary

Group 参数示例Group parameter example

在使用 Group 安装更新或修补程序之前,以下示例会运行 Test-AzureStack 来测试系统就绪状态。The following example runs Test-AzureStack to test system readiness before installing an update or hotfix using Group. 在开始安装更新或修补程序之前,请运行 Test-AzureStack 来检查 Azure Stack Hub 的状态:Before you start the installation of an update or hotfix, run Test-AzureStack to check the status of your Azure Stack Hub:

Test-AzureStack -Group UpdateReadiness

如果 Azure Stack Hub 运行 1811 之前的版本,请使用以下 PowerShell 命令来运行 Test-AzureStackIf your Azure Stack Hub is running a version before 1811, use the following PowerShell commands to run Test-AzureStack:

New-PSSession -ComputerName "<ERCS VM-name/IP address>" -ConfigurationName PrivilegedEndpoint -Credential $localcred 
Test-AzureStack -Include AzsControlPlane, AzsDefenderSummary, AzsHostingInfraSummary, AzsHostingInfraUtilization, AzsInfraCapacity, AzsInfraRoleSummary, AzsPortalAPISummary, AzsSFRoleSummary, AzsStampBMCSummary

运行验证工具以测试基础结构备份设置Run validation tool to test infrastructure backup settings

在配置基础结构备份之前,可以使用 AzsBackupShareAccessibility 测试来测试备份共享路径和凭据。Before configuring infrastructure backup, you can test the backup share path and credential using the AzsBackupShareAccessibility test:

Enter-PSSession -ComputerName "<ERCS VM-name/IP address>" -ConfigurationName PrivilegedEndpoint -Credential $localcred 
Test-AzureStack -Include AzsBackupShareAccessibility -BackupSharePath "\\<fileserver>\<fileshare>" -BackupShareCredential $using:backupcred

配置备份之后,可以运行 AzsBackupShareAccessibility 来验证是否可以从 ERCS 访问共享:After configuring backup, you can run AzsBackupShareAccessibility to validate the share is accessible from the ERCS:

Enter-PSSession -ComputerName "<ERCS VM-name/IP address>" -ConfigurationName PrivilegedEndpoint -Credential $localcred 
Test-AzureStack -Include AzsBackupShareAccessibility

若要使用已配置的备份共享测试新凭据,请运行:To test new credentials with the configured backup share, run:

Enter-PSSession -ComputerName "<ERCS VM-name/IP address>" -ConfigurationName PrivilegedEndpoint -Credential $localcred 
Test-AzureStack -Include AzsBackupShareAccessibility -BackupShareCredential "<PSCredential for backup share>"

运行验证工具以测试网络基础结构Run validation tool to test network infrastructure

此测试绕过 Azure Stack Hub 软件定义网络 (SDN) 检查网络基础结构的连接。This test checks the connectivity of the network infrastructure bypassing the Azure Stack Hub software defined network (SDN). 它演示如何从公共 VIP 连接到配置的 DNS 转发器、NTP 服务器和身份验证终结点。It demonstrates connectivity from a Public VIP to the configured DNS forwarders, NTP servers, and authentication endpoints. 这包括使用 Azure AD 作为标识提供者时与 Azure 的连接,或者在使用 AD FS 作为标识提供者时与联合服务器的连接。This includes connectivity to Azure when using Azure AD as identity provider or the federated server when using AD FS as identity provider.

包括调试参数以获取命令的详细输出:Include the debug parameter to get a detailed output of the command:

Test-AzureStack -Include AzsNetworkInfra -Debug

后续步骤Next steps

若要详细了解 Azure Stack Hub 诊断工具和问题日志记录,请参阅 Azure Stack Hub 诊断工具To learn more about Azure Stack Hub diagnostics tools and issue logging, see Azure Stack Hub diagnostics tools.

若要了解有关故障排除的详细信息,请参阅 Azure Stack Hub 故障排除To learn more about troubleshooting, see Azure Stack Hub troubleshooting.