An Azure native disaster recovery service. Previously known as Microsoft Azure Hyper-V Recovery Manager.
Hello Paul, it sounds like your new Azure Site Recovery (ASR) replication appliance in the new tenant is failing to register (you first hit an SPN-related error, and now it shows an “internal error please wait” during registration). This usually comes down to permissions, connectivity/endpoint access, or stale/orphaned registration data from the previous tenant/old vault.
Here are the most relevant things to check based on the guidance we have:
1) Verify the Azure permissions on the new tenant subscription
For the ASR replication appliance registration to succeed, the identity used during setup needs:
- Contributor or Owner permissions on the Azure subscription
- Permissions to register Microsoft Entra apps
- Owner/Contributor + User Access Administrator on the subscription (needed to create a Key Vault used during appliance registration)
If any of these are missing/changed in the new tenant, registration can fail.
2) Check appliance-to-Azure registration prerequisites (proxy, time sync, URLs)
During modernized appliance deployment/registration, the appliance config manager validates prerequisites like:
- Internet connectivity
- Time synchronization
- System/group policy prerequisites
- Proxy settings (if used)
- Required URLs allowed and reachable
If you’re using a proxy, make sure only HTTP proxy is supported, and toggle on “use proxy to connect to internet” during configuration. Also ensure the appliance can reach the required ASR replication appliance URLs for continuous connectivity.
3) Look for stale/orphaned registration blocking the new registration
When a previous ASR setup is being cleaned up (especially across tenants/vaults), the new appliance can be blocked by residual registration info.
There are known cases where registration fails because the appliance is effectively still “registered” somewhere else (even if you think the environment was removed). In those scenarios, the fixes involve:
- Renaming/clearing the appliance registration registry key (on the appliance) and re-running registration, or
- Using a new Recovery Services vault (in the same resource group/region) to register the appliance, then removing the old vault later.
Also note: there’s a known error pattern where registration fails with “tenant already registered in another vault” due to stale/orphaned entries—same root area as what you’re describing.
4) Confirm connectivity for ASR components (port 443) and avoid AV interference
For replication appliance/configuration server registration issues, Microsoft guidance also includes:
- Verify the configuration server is reachable via port 443 (routing/firewall)
- Ensure antivirus isn’t blocking required processes (use the documented folder exclusions)
References documentation
Resolve common Azure Site Recovery Appliance issues (permissions prerequisites, etc.)
Deploy Azure Site Recovery replication appliance – Modernized
Vault registration fails / DRA server already registered (registry-key cleanup scenario)
Hope this helps. If the information was useful, please consider accepting the answer and upvoting. Feel free to reach out if you need any further assistance. Thank you.