Share via

Azure Site Recovery Appliance not Registering

Paul Marshall 0 Reputation points
2026-06-17T11:00:21.98+00:00

I have an existing ASR setup (VMware) to an old tenant that needs decommissioning. I've create a new Appliance and set up ASR in the new tenant. Ideally both run in parallel

No matter what I do I cannot get the new Appliance to register in the new Tenant, it started off with an SPN error and now I'm getting internal error please wait.

Any ideas?

Azure Site Recovery
Azure Site Recovery

An Azure native disaster recovery service. Previously known as Microsoft Azure Hyper-V Recovery Manager.


2 answers

Sort by: Most helpful
  1. Bharath Y P 10,180 Reputation points Microsoft External Staff Moderator
    2026-06-17T11:38:18.1666667+00:00

    Hello Paul, it sounds like your new Azure Site Recovery (ASR) replication appliance in the new tenant is failing to register (you first hit an SPN-related error, and now it shows an “internal error please wait” during registration). This usually comes down to permissions, connectivity/endpoint access, or stale/orphaned registration data from the previous tenant/old vault.

    Here are the most relevant things to check based on the guidance we have:

    1) Verify the Azure permissions on the new tenant subscription

    For the ASR replication appliance registration to succeed, the identity used during setup needs:

    • Contributor or Owner permissions on the Azure subscription
    • Permissions to register Microsoft Entra apps
    • Owner/Contributor + User Access Administrator on the subscription (needed to create a Key Vault used during appliance registration)

    If any of these are missing/changed in the new tenant, registration can fail.

    2) Check appliance-to-Azure registration prerequisites (proxy, time sync, URLs)

    During modernized appliance deployment/registration, the appliance config manager validates prerequisites like:

    • Internet connectivity
    • Time synchronization
    • System/group policy prerequisites
    • Proxy settings (if used)
    • Required URLs allowed and reachable

    If you’re using a proxy, make sure only HTTP proxy is supported, and toggle on “use proxy to connect to internet” during configuration. Also ensure the appliance can reach the required ASR replication appliance URLs for continuous connectivity.

    3) Look for stale/orphaned registration blocking the new registration

    When a previous ASR setup is being cleaned up (especially across tenants/vaults), the new appliance can be blocked by residual registration info.

    There are known cases where registration fails because the appliance is effectively still “registered” somewhere else (even if you think the environment was removed). In those scenarios, the fixes involve:

    • Renaming/clearing the appliance registration registry key (on the appliance) and re-running registration, or
    • Using a new Recovery Services vault (in the same resource group/region) to register the appliance, then removing the old vault later.

    Also note: there’s a known error pattern where registration fails with “tenant already registered in another vault” due to stale/orphaned entries—same root area as what you’re describing.

    4) Confirm connectivity for ASR components (port 443) and avoid AV interference

    For replication appliance/configuration server registration issues, Microsoft guidance also includes:

    • Verify the configuration server is reachable via port 443 (routing/firewall)
    • Ensure antivirus isn’t blocking required processes (use the documented folder exclusions)

    References documentation

    Resolve common Azure Site Recovery Appliance issues (permissions prerequisites, etc.)

    Deploy Azure Site Recovery replication appliance – Modernized

    Vault registration fails / DRA server already registered (registry-key cleanup scenario)

    Hope this helps. If the information was useful, please consider accepting the answer and upvoting. Feel free to reach out if you need any further assistance. Thank you.

    Was this answer helpful?


  2. AI answer

    2026-06-17T11:00:39.8133333+00:00

    Use the following checks and steps to troubleshoot registration of the new Azure Site Recovery (ASR) replication appliance in the new tenant, while keeping the old setup running until cutover.

    1. Verify Azure-side permissions and prerequisites
      • Ensure the account used to register the appliance in the new tenant has:
        • Contributor or Owner on the subscription where the new Recovery Services vault is created.
        • Permission to register Microsoft Entra apps.
        • Owner or Contributor plus User Access Administrator on the subscription to create the Key Vault used during appliance registration.
      • Confirm that the required resource provider permissions are granted: Microsoft.OffAzure/* and Microsoft.RecoveryServices/*.
      • If different users are configuring appliances for the same vault, each user must be added as an owner to the vault’s Microsoft Entra app (Azure portal → App registrations → select the vault’s AAD app → Manage → Owners → Add owners).
    2. Use a new, dedicated Recovery Services vault
      • Ensure the new replication appliance is being registered to a new and exclusive Recovery Services vault in the new tenant, not reusing the vault from the old tenant or any existing vault. The modernized ASR experience requires a dedicated vault per replication appliance setup.
    3. Register only one appliance at a time
      • Appliance setup and registration must be sequential. If multiple appliances are being registered in parallel (for example, old and new appliances being reconfigured at the same time), registration can fail with internal errors. Complete registration of one appliance before starting another.
    4. Recreate the appliance cleanly using supported methods
      • Prefer the OVF-based deployment for the new appliance so that all prerequisites and configuration are applied automatically:
        1. Download the OVF template for the ASR replication appliance.
        2. Deploy it on-premises, power on the VM, accept the license, set the administrator password, and finalize the setup.
      • If organizational policy prevents OVF use, set up the appliance via PowerShell:
        1. Download the PowerShell-based installer package from the documented location.
        2. Copy and extract it on the appliance VM.
        3. Run DRInstaller.ps1 as administrator to perform the appliance installation and registration workflow.
    5. Avoid Azure Migrate appliance patterns for ASR
      • If any steps from Azure Migrate appliance registration were reused (for example, manually manipulating registry values or reusing a preconfigured Microsoft Entra app), revert those changes. The documented Azure Migrate registry-based Entra app registration approach explicitly does not apply to the Azure Site Recovery replication appliance.
    6. Check for stale registration or conflicting state
      • If the same on-premises server or appliance VM was previously registered to a different vault or tenant, ensure that:
        • The old ASR provider/agent registration is fully removed from that machine.
        • Any old ASR registration keys or configuration are not being reused with the new tenant/vault.
      • For Hyper-V/older ASR provider scenarios, stale registration entries under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Azure Site Recovery\Registration can block registration and may need to be removed after backing up the key. For the modernized VMware appliance, use the supported reinstall path (fresh appliance VM) rather than manual registry edits.
    7. Validate network and firewall for registration
      • Confirm that the appliance can reach Azure endpoints required for ASR (including Microsoft Entra ID, Recovery Services, and OffAzure endpoints) and that no firewall or proxy is blocking outbound connectivity.
      • Ensure antivirus exclusions are applied as per ASR guidance so that installation and registration components are not blocked.
    8. If registration still fails
      • Review the appliance logs under C:\ProgramData\ASR (or the appliance’s log location) for specific registration errors beyond the generic “internal error please wait”.
      • If the tenant is new and was recently created, verify that the tenant itself is active and not blocked due to inactivity before proceeding with ASR registration.

    These steps allow the new appliance to be registered in the new tenant and vault while the old tenant’s ASR setup remains in place until decommissioning.


    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.