I've created an instance of APIM. After placing it in a Virtual Network, when I click on API's It just sits there spinning. If I click add, and attempt to add a new API I get the following error message no matter what "Name" I give it. "One or more fields contain incorrect values:
Name is already in use"
There are no API's so this should not occur at all, for the sake if testing I tried several random strings and it's always the same response.
Any thoughts?
Please refer the important section in the enable vnet connection article.
https://learn.microsoft.com/en-us/azure/api-management/api-management-using-with-vnet#-enable-vnet-connection
Related
I am trying go get storage account blob list via azure logic apps. But I am facing this error.
I tried few things like changing logic app and the storage account into different regions as recommended here.
I test with set my storage account with allow access from selected networks instead of allow access from all networks, but the "List blobs" action shows "Forbidden" error, it doesn't show the error message Please check your account infor...... which you mentioned in your question.
But when I create the storage connection manually with incorrect infor(such as a wrong storage name), it shows same error message with yours.
Unlike your situation, the error message shows when I create the connection in my side but shows in you "List blobs" action. I'm not sure which way did you create the logic app and the storage connection in logic app, so please check if you provide the correct info when you create the logic app and the storage connection.
By digging deeper, I was able to get away from this error by pointing to the right connection.
Changed the connection
Point to right connection which you have access for or add a new one.
If new connection, then enter the proper Azure Storage account name you want to connect with.
Attempting to "Generate SAS and connection string" in Azure Shared access signature. The following message is present "Some routing options are disabled because the endpoints are not published." The button "Generate SAS and connection string" is inactive. Is the button inactive because the endpoints are not published? There is one endpoint (ITLLCGlobal (ITLLCGlobal/ITLLCGlobal), service endpoint NQUEUE). If this is the cause how do I publish the endpoint?
You can enable it by selecting one of the resource types. Services, Container, object
In Shared access signature, make sure you have selected an "Allowed resoure type"
Either service, container or object.
That is all it took for me. I needed to do anything under Firewalls and Virtual networks yet.
Gina
I also run into the issue. I solved it by selecting one or more 'Allowed Resource Type'
My role was set to "owner" but needed to be set to the "storage blob data owner". I thought that owner granted all access but it does not. Once I changed to the correct role the routing options became active and changed to the correct option automatically.
We manage an Azure subscription operated by several countries. Each of them is quite independant about they can do (create/edit/remove resources). A guide of good practices has been sent to them, but we (security team) would like to ensure a set of NSG is systematically applied for every new subnet/vnet created.
Giving a look to Azure Triggers, I am not sure that subnet creation belongs to the auditable events. I also was told to give a look to Azure policy, but once again I am not sure this will match our expectations which are : For every new vnet/subnet, automatically apply a set of predefined NSG.
Do you have any idea about a solution for our need ?
I have done work like this in the past (not this exact issue) and the way I solved it was with an Azure Function that walked the subscription and looked for these kinds of issues. You could have the code run as a Managed Identity with Reader rights on the subscription to report issues, or as a Contributor to update the setting. Here's some code that shows how you could do this with PowerShell https://github.com/Azure/azure-policy/tree/master/samples/Network/enforce-nsg-on-subnet
You could consider using a Policy that has a DeployIfNotExists Action, to deploy an ARM template that contains all the data for the NSG. https://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-deploy-resources
You can get the ARM template by creating the NSG and getting the template:
GettingNSGTemplate
Note also that creating a subnet is audited, you can see it in the Activity Log for the VNet. See the screen shot.
AddingASubnet
I created a couple of Azure API connections and it allows me to change the display name, but there is no way to change the name itself. Apparently, it automatically creates the connections based on the connection type. Is there a way to control this?
Yes, you could deploy API connector and change its name with Template. If you already have a API connector, click it then choose Automation script and click Deploy.Like the below pic shows.
Now choose Edit template and for convenience delete the parameters and resources you don't want to use. In here you could change defaultValue as the name ,after modify the template would be like the pic shows, then click save. I fthe name in SETTING is not changed you also could change it here.
And the result shows the API name is not the original default name.
Note: This way is only used to deploy the API connectors.
Hope this could help you, if you still have other questions, please let me know.
I am attempting to delete a virtual network in Azure. When I use the web interface to delete it, it says
Virtual network 'MyVirtualNetwork' is in use and cannot be deleted. If you recently deleted resources, it might take some time to update the virtual network.
Of course, I didn't recently delete resources and there are no VMs using the network. I followed this StackOverflow post here which says that in order to delete a Virtual Network, you must first delete the Virtual Network Gateway.
So, as per the instructions "To delete a virtual network gateway" on MSDN here, I click through the Azure web interface like this:
Virtual Network > *MyVirtualNetwork* > Dashboard > Delete Gateway
And I get this:
Failed to delete the gateway for virtual network 'OneCoreWikiVnet'.
Azure offers no further explanation or other details.
How do I delete this virtual network gateway?
Yes. As you know it correctly that you have to delete all the subnets shown under settings section before you are able to delete the virtual network itself as shown in the snapshot below. As you can see that I've got two subnets namely GatewaySubnet and Subnet 1.
You can delete all the subnets except GatewaySubnet using delete option shown under ... menu at the end of every row.
If you try deleting the GatewaySubnet from the same ... option it gives you an error saying:
The gateway subnet cannot be deleted.
Now the question remains as to how to delete the GatewaySubnet. Here is the step by step process to accomplish the same:
Go to Overview tab and click on the gateway icon shown with a green check mark in the right pane.
On the gateway detail screen click the delete button in left pane:
Click Yes on the warning message which says Are you sure you want to delete this gateway?
This will result in deletion of the GatewaySubnet. You can observe now on the overview tab that icon of Gateway has turned grey and its brief description reads Click here to create a gateway.
Now just click on the delete button to get rid of the virtual network in entirety.
The azure object hierarchy is as follows.
Virtual Network --> Virtual Network Gateway --> Connections
To delete, you should delete from bottom up (or right to left in this case). Essentially, to delete a VNET gateway you need to ensure that any connection on the gateway is removed first.
Have you tried to use the PowerShell cmdlet to do this?
Remove-AzureVNetGateway -VNetName
You can put -Verbose on there if you're still hitting an error and maybe get a better error response.