I recently created inside one of my resource groups an Azure Container App (with an environment & the rest) just for learning reasons (at the West Europe region). After I played with that, I decided to delete it. I tried to delete it without any success from the portal.
Looking around in the portal I found out that a new resource group had been created with name MC_braverock-518cbd83-rg_braverock-518cbd83_westeurope. This resource group was never generated by me. It appears that inside it there are a public IP address, a NSG & 2 Kubernetes Load Balancers.
I tried then to delete that auto-generated (somehow) resource group but again with no success. I literarily can't even touch it. I tried to delete all resources one by one. Nothing again. I even issued the command az group delete --resource-group "MC_braverock-518cbd83-rg_braverock-518cbd83_westeurope" from inside the Azure Cloud Shell and it seems that the cli gets stuck in Running.... When I had issued the command from the portal it was still running for a whole hour. So, obviously something is going wrong.
I visited the page https://resources.azure.com/, then I visited that resource group and the Json in the resource group that returned is having the following:
"provisioningState": "Deleting".
Do you know how I can delete the resources & the resource group?
I am almost confident that this is not being deleted... :(
EDIT:
Trying to delete manually one of the Load Balancers in that resource group I get a message that the Load Balancer in that subscription can not be deleted as it is in use by a virtual machine scale set that it is on a totally different subscription (a subscription that I am not aware off).
To delete the resources and the resource group, you can try using Resource Explorer (azure.com) portal as there might be some dependencies to delete the resource group/resources.
You can try deleting the resources like below:
Go to Resource Explorer (azure.com) portal -> Click on your subscription -> Expand Resource groups -> Select your Resource Group
Expand Providers -> Microsoft.Network -> networkSecurityGroups -> Select your NSG -> Action(POST,DELETE) -> Delete
In my environment testnsg networkSecurityGroup deleted successfully in the Azure Portal.
You can try deleting the required Azure Resources by following the same process. If still, you are not able to delete the Azure resource Group try checking the child resources associated to that resource group.
I tried to reproduce the same in my environment and got the same error like below:
az network lb delete -g ResourceGroupName -n LoadBalancerName
The error "LoadBalancerUseByVirtualMachineScaleSet" usually occurs if backendpool is being used by any other resource.
To resolve the error, try executing below commands in CloudShell like below:
Delete the load balancer associated with the VMSS:
az vmss update --resource-group ResourceGroupName1 --name VmssName --remove virtualMachineProfile.networkProfile.networkInterfaceConfigurations[0].ipConfigurations[0].loadBalancerBackendAddressPools 0
Update the VMSS instance:
az vmss update-instances --instance-ids "*" -n VmssName -g ResourceGroupName1
Now, delete load balancer and it will be deleted successfully like below:
az network lb delete -g ResourceGroupName -n LoadBalancerName
Reference:
Update or delete an existing load balancer used by virtual machine scale sets - Azure Load Balancer
This is a side artifact of Container app managedEnvironment resource. You need to first delete the environment in order to get artifacts to get automatically removed.
As JJ mentioned, the MC_* resource group is created when you create ACAs with the internal configuration. You try to find whether you have any container app environments in your subscription. Could be that you created your test app in a wrong resource group and can't find it now. :)
Try deleting all container app envs this resource group will automatically be gone.
Related
After running a DevOps pipeline that created several resources, only two (a new resource group and a Functions app) show up in Azure CLI using az ... list --subscription ....
Other resources, like Static Web Apps and a SQL Server don't show up in that list or when running az staticwebapp list --subscription ... or az sql server list --subscription ... with the subscription argument specified. I have confirmed that these resources DO show up in the portal, and my account is listed as an owner (inherited from subscription) for them in the portal.
I have deployed Azure Static WebApp using Azure Devops.
Followed this MSDoc to publish the static web app.
By using,
az staticwebapp list --resource-group YourRGName
and
az staticwebapp list --subscription YourSubscriptionID
,Iam able to get the StaticWeb App list
For anyone else running into this:
I have not found a solution to getting the az staticwebapp list command to work for my use case, as the results that show up immediately after creating a resource are just inconsistent. However, as a workaround that should satisfy most use cases, using this API (using az rest command) to find all resources associated with the group created by the pipeline, then filtering those down to find the Static Web App I want, seems to work.
Then, when using other APIs that reference that app before it shows up in the normal list, fully specifying subscription and resource group alongside the app's name seems to make things more reliable too.
As far as I can tell, this is probably just a limitation with the inconsistency of how long information about newly deployed resources takes to propagate that shows up when trying to find a resource immediately after creating it.
While trying to create Azure Virtual Desktop, I have created one resource group with Azure AD Domain Service to bind Active Directory with Virtual Network.
At the cleanup time, I tried to delete the resource group which contains the Azure AD Domain service.
I tried to delete the resource group from Portal as well as from Powershell. Using the following command -
Get-AzureRmResourceGroup -Name AADS | Remove-AzureRmResourceGroup -Verbose -Force
But I am receiving following error.
Cannot modify resource with id '/subscriptions//resourceGroups/AADS/providers/Microsoft.AAD/domainServices/' because the resource entity provisioning state is not terminal. Please wait for the provisioning state to become terminal and then retry the request.
I attempted delete operation multiple times with an interval of around 2-3 hours but still getting the same error.
This issue belongs to troubleshooting and was fixed by the Microsoft support team.
You can raise a support ticket on azure portal by following this link: https://learn.microsoft.com/en-us/azure/azure-supportability/how-to-create-azure-support-request
Currently im trying to create dynamic environments via AzureDevops.
One of these steps to achieve this is to take a copy of our production databases and place them in a temp resource group (Production Subscription) and then move the sql server and associated databases to our non-production subscription. From here we then create the web apps and deploy code.
When i run this via Az Cli i am able to move the resources with the following
SQLSERVERID=$(az resource show -g $RSGNAMETEMP -n $SQLSERVERNAME --resource-type "Microsoft.Sql/servers" --query id --output tsv)
az resource move --destination-group $RSGNAME --ids $SQLSERVERID --destination-subscription-id $SANDBOXSUBSCRIPTIONID
However when i run this via AzureDevops i get the following error
ERROR: The client (...) with object id (...) has permission to perform action on scope however, it does not have permission to perform action (...) on the linked scope(s).
I believe this problem is happening when you configure the AZ Cli step in AzureDevops you select the Subscription from the drop down list. The account / service principal only has access rights to that specific subscription and not to multiple. Is it possible to configure a service principal (that can be used in AzureDevops) that can connect to multiple subscriptions?
Yes, just go to Azure portal, navigate to the desired subscription blade, go to Access Control, press + sigh at the top and add your principal as a contributor to the subscription.
to find service principal name use this:
Click Manage link in the Azure Subscription field in your VSTS job, it will navigate you to a new blade. Click Manage Service Principal there. It will take you to the application page in Azure AD. After that you can copy name under Managed application in local directory field and use that name to grant it Key Vault permissions.
Today I tried to add new VM into an Azure Resource Group that already has VMs and other resources and it was successful. I removed it and after a while, when a new VM was being added into the same Resource Group, it prompts a new Resource Group would be needed to store the new VM.
I was wondering when a new VM could and could not be added into a Resource Group taken by other resources.
Thanks.
No, this is not the case, you can put almost any resources together in a resource group. there are some weird exception like: windows and linux app service plans cant exist in the same resource group.
you can add resources to different regions in the same resource group as well
you cannot add resources with the same name and type to the resource group, because name + type combination has to be the same
so you can add VM called new and VM called new1, but not VM called new and another VM called new; but you can add VM called new and Azure SQL called new into the same resource group (give that Azure SQL instance called new is available, but this has nothing to do with the resource group)
This can now be done from the portal. In your portal at the Home page click Virtual Machines, then Add. You can then choose the current resource group and add the machine in to it. May be of use to someone else coming along later like I did.
Some times we had deleted the 'resource group' accidentally on azure cloud, its fine that if our/your resource group does not have any deployments on it and we can create immediately newer one and will proceed our stuff, but if we had deployments on it, then its becomes major problem/task.
So can we recover Resource Group? like a recovery of Virtual machine in Azure.
You can export service configurations that belong to a resource group as JSON. Within the portal, there is an option "Export Template" under the Resource Management Navigation Group.
So can we recover Resource Group? like a recovery of Virtual machine in Azure.
Unfortunately, we have no way to recovery it, if the resource group is deleted . We could get the warning if we try to delete resource group from the azure portal. Connect to Azure support team for help maybe a way, but I don't think it could be easy for restoring.
Note : based on my understanding even if we could re-create the resource with ARM template(If we have exported the ARM template before delete), it seems that just with the same resource names with deleted resource that is not equal recovery action.