I would like to create a free Managed Certificate for my web app.
When I create the certificate I get the error Resource under Resource group xxx not found... Despite the error, the certificate is created, but also the inexistent resource group is created. The resource group is an old group I deleted times ago.
Everythings seems to be worked correctly but I would like to have a consistent situation.
I let you see in details:
What you see in the image above is my web app that is in the resource group dev-p...l-rg-westeu.
The I go in the TLS/SSL settings page (or in the TLS/SSL settings (preview) page.. nothing change, I get same error) and I create a managed certificate.. Here it is what I get:
I get the error that the web app xxx is not found under resource group dev-m...o-rg-westeu.. That's correct!! Because the web app is under the resource group dev-p...l-rg-westeu, not under dev-m...o-rg-westeu.
However the certificate is created, but under the wrong resource group:
Then I deleted the certificate. I deleted also the wrong resource group, because I do not need it and try and try again. Always same error. I also tryed to create the certificate via powershall:
New-AzWebAppCertificate -ResourceGroupName "dev-p...l-rg-westeu" -WebAppName "xxx" -Name "xxxx" -HostName "xxxx" -SslState 'SniEnabled'
As you can see I set explicitely the resource group name. But the certificate is always created in the wrong resource group. I debugged the command. It seems a cache exists. Can I clear it? Could it be the problem?
I also deleted and created a new web app. Nothing...
Can you help me please?
Thank you
We have tested in our environment with your given PowerShell command and can able to add in our own resource group as well.
We have only one resource group in which we created an app service
Run the below command for create an App Service Managed Certificate for the given WebApp in our resource group.
New-AzWebAppCertificate -ResourceGroupName "RGNAME" -WebAppName "appname" -Name "nameofCert" -HostName "www.name.com"
After running its added succesfully to our resource group.
Please make sure that you have provided the correct resource group where your app service is created. And you have deleted the old resource group successfully .
Once the the command successfully run make a refresh of the Azure portal then goto TLS/SSL settings (preview) binding and check the certificate.
OUTPUT DETAILS FOR REFERENCE:-
Certificate added to our own resource group
For more information please refer the below links:
MICROSOFT Q&A- Azure App Service creates certificate under defunct Resource Group as suggested by #SnehaAgrawal-MSFT & This discussion as well.
Related
I recently created inside one of my resource groups an Azure Container App (with an environment & the rest) just for learning reasons (at the West Europe region). After I played with that, I decided to delete it. I tried to delete it without any success from the portal.
Looking around in the portal I found out that a new resource group had been created with name MC_braverock-518cbd83-rg_braverock-518cbd83_westeurope. This resource group was never generated by me. It appears that inside it there are a public IP address, a NSG & 2 Kubernetes Load Balancers.
I tried then to delete that auto-generated (somehow) resource group but again with no success. I literarily can't even touch it. I tried to delete all resources one by one. Nothing again. I even issued the command az group delete --resource-group "MC_braverock-518cbd83-rg_braverock-518cbd83_westeurope" from inside the Azure Cloud Shell and it seems that the cli gets stuck in Running.... When I had issued the command from the portal it was still running for a whole hour. So, obviously something is going wrong.
I visited the page https://resources.azure.com/, then I visited that resource group and the Json in the resource group that returned is having the following:
"provisioningState": "Deleting".
Do you know how I can delete the resources & the resource group?
I am almost confident that this is not being deleted... :(
EDIT:
Trying to delete manually one of the Load Balancers in that resource group I get a message that the Load Balancer in that subscription can not be deleted as it is in use by a virtual machine scale set that it is on a totally different subscription (a subscription that I am not aware off).
To delete the resources and the resource group, you can try using Resource Explorer (azure.com) portal as there might be some dependencies to delete the resource group/resources.
You can try deleting the resources like below:
Go to Resource Explorer (azure.com) portal -> Click on your subscription -> Expand Resource groups -> Select your Resource Group
Expand Providers -> Microsoft.Network -> networkSecurityGroups -> Select your NSG -> Action(POST,DELETE) -> Delete
In my environment testnsg networkSecurityGroup deleted successfully in the Azure Portal.
You can try deleting the required Azure Resources by following the same process. If still, you are not able to delete the Azure resource Group try checking the child resources associated to that resource group.
I tried to reproduce the same in my environment and got the same error like below:
az network lb delete -g ResourceGroupName -n LoadBalancerName
The error "LoadBalancerUseByVirtualMachineScaleSet" usually occurs if backendpool is being used by any other resource.
To resolve the error, try executing below commands in CloudShell like below:
Delete the load balancer associated with the VMSS:
az vmss update --resource-group ResourceGroupName1 --name VmssName --remove virtualMachineProfile.networkProfile.networkInterfaceConfigurations[0].ipConfigurations[0].loadBalancerBackendAddressPools 0
Update the VMSS instance:
az vmss update-instances --instance-ids "*" -n VmssName -g ResourceGroupName1
Now, delete load balancer and it will be deleted successfully like below:
az network lb delete -g ResourceGroupName -n LoadBalancerName
Reference:
Update or delete an existing load balancer used by virtual machine scale sets - Azure Load Balancer
This is a side artifact of Container app managedEnvironment resource. You need to first delete the environment in order to get artifacts to get automatically removed.
As JJ mentioned, the MC_* resource group is created when you create ACAs with the internal configuration. You try to find whether you have any container app environments in your subscription. Could be that you created your test app in a wrong resource group and can't find it now. :)
Try deleting all container app envs this resource group will automatically be gone.
I have a web application in azure and I want to make sure that only my build server (or any other VM on the same subnet) are the only ones which are able to access the SCM site. I thought the most obvious thing would be to create an access restriction rule and in fact that works, I am able to create it from the portal with no issue whatsoever.
The problem, however, happens when I try to automate this using powershell. My build server subnet is located on a subscription different from the one where my web application is.
I am executing the following powershell script:
$subnetId = "/subscriptions/$VNETSubscriptionId/resourceGroups/$VNETResourceGroup/providers/Microsoft.Network/virtualNetworks/$buildServerVNET/subnets/$buildServerSubNet"
Add-AzWebAppAccessRestrictionRule -ResourceGroup $webAppRg -WebAppName $webAppname -Name VNETAccess -Priority 1000 -Action Allow -SubnetId $subnetId
And I get the following error:
Add-AzWebAppAccessRestrictionRule : The client '{{my user credential}}' with object id '81fa4eb1-5553-4daa-af44-3c717b19eda2' does not have authorization to perform action 'Microsoft.Network/virtualNetworks/subnets/read' over scope '/subscriptions/{{websiteSubscriptionId}}/resour
ceGroups/{{VNETResourceGroup}}/providers/Microsoft.Network/virtualNetworks/{{buildServerVNET}}/subnets/{{buildServerSubNet}}' or
the scope is invalid. If access was recently granted, please refresh your credentials.
The error seems to indicate that the cmdlet is searching for the subnet on the same subscription id than the website instead of the subscription where the subnet is located, since the resourceId string that is being returned on the error messsage has the wrong subscription Id. It is using the one where the website is instead of using the one where the build server is.
What else needs to be done in order to create this rule through powershell?
The error message is confused.
In fact, after my validation, you need to add the -IgnoreMissingServiceEndpoint parameter when adding a subnet from a different subscription. Read this GitHub case WebApp:Add-AzWebAppAccessRestrictionRule.md - incorrect use of subscription context over SubnetId param
When using a subnet from a different subscription, we cannot validate
the subnet to see if the correct service endpoint (Microsoft.Web) has
been set. If you use -IgnoreMissingServiceEndpoint the rule can be
added.
While trying to create Azure Virtual Desktop, I have created one resource group with Azure AD Domain Service to bind Active Directory with Virtual Network.
At the cleanup time, I tried to delete the resource group which contains the Azure AD Domain service.
I tried to delete the resource group from Portal as well as from Powershell. Using the following command -
Get-AzureRmResourceGroup -Name AADS | Remove-AzureRmResourceGroup -Verbose -Force
But I am receiving following error.
Cannot modify resource with id '/subscriptions//resourceGroups/AADS/providers/Microsoft.AAD/domainServices/' because the resource entity provisioning state is not terminal. Please wait for the provisioning state to become terminal and then retry the request.
I attempted delete operation multiple times with an interval of around 2-3 hours but still getting the same error.
This issue belongs to troubleshooting and was fixed by the Microsoft support team.
You can raise a support ticket on azure portal by following this link: https://learn.microsoft.com/en-us/azure/azure-supportability/how-to-create-azure-support-request
Since I am unable to specify the resource group for a new Backup Vault when creating it in the Azure Portal, I created the vault using the New-AzureRMBackupVault powershell commandlet. This appears to work through powershell, and an item shows up in the preview portal under my resource group. However, clicking on the vault in the portal (which redirects to the old portal) results in errors when trying to show any details for it.
Couldn't load dashboard details. Please try after sometime. Contact Microsoft support if issue persists. Please try again. If the problem persists, contact support.
Please try again. If the problem persists, contact support.
Could you post your full code? I use the code below to create a backup vault,
New-AzureResourceGroup -name "test-stackover" -Location "West US"
New-AzureRmBackupVault -ResourceGroupName "test-stackover" -name "test-vault" -Region "West US"
Get-AzureRmBackupVault
When I click the test-vault on the preview portal, it redirects to the old portal without the above error. Please could you provide more details, so I can monitor to catch the error.
Try again after you finish the step:Download, install, and register the Azure Backup agent.
Please see more information from the articles: https://azure.microsoft.com/en-us/documentation/articles/backup-client-automation/, https://azure.microsoft.com/en-us/documentation/articles/backup-azure-dpm-introduction/
Is it possible to move an Azure Website to a different (or new) App Service Plan?
I have already tried both the old and new portals but cannot find the options for this.
The original accepted answer is more than a year old. In Azure world, that's an eternity. The "Change App Plan" button in the Azure Portal is no longer present it appears (as of 2016-06-17), so I'm throwing in the Powershell command I needed to use in order to move a Webapp to another App Service Plan.
Set-AzureRmWebApp -Name <webapp name> -ResourceGroupName <resource group name> -AppServicePlan <new app service plan>
Set-AzureRmWebAppSlot -Name <webapp name> -Slot <slot name> -ResourceGroupName <resource group name> -AppServicePlan <new app service plan>
The option "Change App Service plan" has been moved to the APP SERVICE PLAN menu.
Yes, you can do this from the Web app blade in the Azure portal. You have to expand the toolbar though to see the option. See below.
I needed to move things between different subscriptions, which is quite possible according to documentation. Much is shamelessly copied from the azure website. This solution is taking advantage of the Azure Powershell 1.0.
First off, if you need to move a Web app and it's connected webfarm there are some limitations:
You can move Azure Web App resources using the ARM Move Resources Api.
Azure Web Apps currently supports the following move scenarios:
Moving the entire contents of a resource group (web apps, app service plans, and certificates) to another resource group.
Note: The destination resource group can not contain any Microsoft.Web resources in this scenario
Moving individual web apps to a different resource group, while still hosting them in their current app service plan (the app service
plan stays in the old resource group)
Basically you need to get the resource id from the resources you want to move and use the Move-AzureRmResource command. You'll naturally need an Azure login which is able to read and write to the subscriptions involved.
$webapp = Get-AzureRmResource -ResourceGroupName OldGroup -ResourceName WebApp -ResourceType Microsoft.Web/sites
$plan = Get-AzureRmResource -ResourceGroupName OldGroup -ResourceName Plan -ResourceType Microsoft.Web/serverFarms
Move-AzureRmResource -DestinationResourceGroupName NewGroup -ResourceId ($webapp.ResourceId, $plan.ResourceId) -DestinationSubscriptionId xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
I'd point out that if you're moving the resources to another subscription, there are some caveats. First, that subscription must have rights to provision the website in that region, the API's for that are beyond this scope, but simply creating a website and removing it will give the subscription those rights. In my case i had a second error which is still unresolved, but i suspect that other resources that are connected to the resources being moved are the culprits. Will update with further information if i resolve the issue.
As a final note, there is also the possibility to use the REST API.