![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 57.99999999999999%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
Azure Site Recovery
An Azure native disaster recovery service. Previously known as Microsoft Azure Hyper-V Recovery Manager.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 68%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBY%3C/text%3E%3C/svg%3E)
Hello Andreas | Lechner - IT
Error: Container registration failed with error code:13 due to an issue acquiring the Azure Active Directory (AAD) token. This error usually signifies an issue with authentication or certificate permissions during the registration or re-registration of the vault container with Azure Active Directory (AAD) in Azure Site Recovery (ASR)
Here are the steps to validate and perform Certificate renewal if the certificate is expired on Config/Process server:
- Certificate Renewal Limitation: Once certificates expire, they cannot be renewed via the Azure portal. Before proceeding, ensure all components-scale-out process servers, master target servers, and mobility agents are updated to the latest version and are online.
- Manual Renewal (for expired certificates only):
- Log in to the configuration server.
- Navigate to:
-
C:\ProgramData\ASR\home\svsystems\bin - Run the RenewCerts tool as administrator.
- Certificate Renewal Process:
- A PowerShell window will open and begin the renewal.
- This process may take up to 15 minutes.
- Do not close the window until the renewal completes.
- Permissions Check:
- The user account running
cspsconfigtool.exemust have at least the "Contributor" role assigned on the Recovery Services vault. - Run all tools with elevated (Administrator) permissions.
- If registration fails with permission errors, review the directory and file permissions of all involved paths to ensure write access.
- Review Logs for Further Errors
- Check log files in:
-
C:\ProgramData\ASR\home\svsystems\logs - for more specific error details about the renewal or registration process.
- Retry Registration After Renewal
- After successful certificate renewal:
- Re-register the appliance/configuration server using the latest vault credentials file
(*.VaultCredentials)downloaded from the Azure portal. - Confirm that proxy settings and network connectivity to Azure endpoints are correct.
-
C:\ProgramData\ASR\home\svsystems\logs
If renewal or registration still fails:
- Check Registry and Clean Up Stale Data: Remove stale ASR registration entries in the Windows Registry per Microsoft guidance. Vault registration fails in Azure Site Recovery with error - Azure | Microsoft Learn
- Reboot the server after cleaning up before re-attempting renewal and registration steps. Please let us know if you have any queries and if the issue remains let us know.