In Azure pipeline when creating a VM through deployment template, we have the option to 'Configure with WinRM agent' as given below.
This acts as a custom extension behind the scenes. But the downloading of this custom extension can be blocked by an internal vnet in Azure. This is the error we are getting.
<datetime> Adding extension 'WinRMCustomScriptExtension' on virtual machine <vmname>
<datetime> Failed to add the extension to the vm: <vmname>. Error: "VM has reported a failure when processing extension 'WinRMCustomScriptExtension'. Error message: \"Failed to download all specified files. Exiting. Error Message: The underlying connection was closed: An unexpected error occurred on a send.\"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/VMExtensionCSEWindowsTroubleshoot "
Since the files cannot be downloaded, I am thinking of a couple of solutions:
How can I know which powershell files azure is using to setup winrm?
Location to store files would be storage account (same vnet as VM)
Perhaps not use WinRM at all and use custom script extension to resolve
everything (with all files from storage account). I hope error from extension stops the pipeline if it happens.
Is there a better solution to resolve this? To me it looks like a bad design by azure as it is not covering non-public VMs.
EDIT:
Found answer to #1) https://aka.ms/vstsconfigurewinrm. This was shown in Raw logs of the pipeline when diagnostics were enabled
Even if you know - how does it help you? It won't be able to download them anyway and you cant really tell it to use local files
If you enable service endpoins and allow your subnet to talk to the storage account - it should work
there is a way to configure WinRM when you create the VM. Keyvault example
You could use script extension like you wanted to as well, but script extension has to download stuff to the Vm as well. Example
Related
I want to create an Azure "Managed App" definition, in preparation for making an Azure Marketplace offering. I am following these MS instructions, and I had specifically been using this MS example managed app. There were was an error(s) in the documentation, which I posted to the MS team (along with my proposed fixes). Nevertheless, I did get the MS example working!
My next step was to replace the original MS sample deployment bundle...
https://raw.githubusercontent.com/Azure/azure-managedapp-samples/master/Managed%20Application%20Sample%20Packages/201-managed-storage-account/managedstorage.zip
...with my own deployment bundle...
https://github.com/brentarias/azureStaticEmpty/raw/master/baselinepocapp.zip
This didn't work. When issuing the az managedapp definition create command, I received the following error:
(DownloadItemFromBlobFailed) Download of the item from blob at 'https://github.com/brentarias/azureStaticEmpty/raw/master/baselinepocapp.zip' failed due to a failed connection.
Code: DownloadItemFromBlobFailed
Message: Download of the item from blob at 'https://github.com/brentarias/azureStaticEmpty/raw/master/baselinepocapp.zip' failed due to a failed connection.
It makes no sense to have a "connection" error, so I assumed that the REAL error was something inside of my deployment bundle. To test that theory, I copied the original MS sample bundle to a variety of places that I control, including Azure BLOB storage. One example location I placed the copied MS deployment file was here:
https://github.com/brentarias/azureStaticEmpty/raw/master/managedstorage.zip
When using this latter URL, I still received the same "connection" error.
In short, the only way for me to bypass the "connection" error is if I use the original sample MS deployment, from the original path that MS supplied. Incidentally, I also tried a variant URL of the original MS sample:
https://github.com/Azure/azure-managedapp-samples/raw/master/Managed%20Application%20Sample%20Packages/201-managed-storage-account/managedstorage.zip
Suddenly the deployment works! However, that location is still the original MS-owned repo "azure-managedapp-samples". This simply seems to confirm that if the deployment does not come from a MS-owned repo, I am then unable to make the deployment.
What am I doing wrong?
Update 2/3/2023
I finally found a way to make this work! When using an Azure storage account, simply having a publicly visible URL for the deployment bundle is insufficient. I need to have a "shared access signature" URL for that deployment bundle...and then the az managedapp definition create command works!
However, my overall question still is unanswered:
What are the valid file-share platforms that the az managedapp definition create supports? Besides github and Azure BLOB, what else?
What exact configuration do I need to make with a github raw link, before it is considered "kosher" by the managedapp definition create?
In the process of Nuntanix Virtual Machine migration to Azure, I had copied ral-rdmbuild-02 copy.ova file into a windows machine and extracted to get .vmdk and .mf. From the extracted file the .vhd file was created, later it was resized on a ubuntu to meet 1MB requirement.
Subsequently, the .vhd was copied to azure and attempted to create a vm to face the following error. Could someone can help me to overcome this issue.
{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"OSProvisioningTimedOut","message":"OS Provisioning for VM '' did not finish in the allotted time. The VM may still finish provisioning successfully. Please check provisioning state later. Also, make sure the image has been properly prepared (generalized).\r\n * Instructions for Windows: https://azure.microsoft.com/documentation/articles/virtual-machines-windows-upload-image/ \r\n * Instructions for Linux: https://azure.microsoft.com/documentation/articles/virtual-machines-linux-capture-image/ \r\n * If you are deploying more than 20 Virtual Machines concurrently, consider moving your custom image to shared image gallery. Please refer to https://aka.ms/movetosig for the same."}]}
• Please check whether the Nutanix VM hard disk is configured as a dynamic disk or not because dynamic disks don’t work with Azure, and they can’t be migrated. Also, the image of the Nutanix VM may not be prepared correctly, thus would suggest you recreate the image of the Nutanix VM and try migrating it to Azure once again.
• To convert the dynamic disk to fixed type of virtual disk, kindly refer to the below documentation link that guides to use the appropriate command for converting the same: -
Convert-VHD -Path c:\test\child1vhdx.vhdx -DestinationPath c:\test\child1vhd.vhd -VHDType Fixed
https://learn.microsoft.com/en-us/powershell/module/hyper-v/convert-vhd?view=windowsserver2019-ps
• Also, based on the error message that you are encountering, the OS deployment might have also failed from the Portal side as it was unable to pass on some of the required parameters which is why you got ‘TimeOut’ message. The VM also didn’t finish the deployment correctly. I would recommend trying stop(deallocate) and start the VM and see if that resolves the issue.
I would recommend you delete the VM and its related resources if created and take a snapshot of the OS disk, create a disk from the snapshot and then create the machine from that disk. Please refer to the link below for creating a VM from a ‘VHD’ by using the Azure portal: -
https://learn.microsoft.com/en-us/azure/virtual-machines/linux/create-upload-centos
• Finally, to generalize the VM and execute ‘sysprep’ on a VM to take its correct reference image such that it can be successfully migrated to another environment, please refer to the below link that explains the correct steps to perform for generalizing the VM: -
https://portal.nutanix.com/page/documents/details?targetId=Web-Console-Guide-Prism-v6_1:wc-windows-vm-customize-with-sysprep-clone-vm-wc-t.html
I am the admin of this particular azure subscription. I had to add my ssh key to a ubuntu server. But when I try to add the ssh key through "Reset Password", After sometime I'll get the following error message.
VM agent on VM 'Server' has not reported latest status for extension 'enablevmaccess'. Please verify the VM has a running VM agent and can establish outbound connections to Azure storage.
What might be the issue? How to resolve this?
Failed to reset ssh key
vmaccess is enabled
Two simple thing you might try;
Uninstall the VMAccess extension and try reset again.
Use the 'Run Command' to set/reset password.
Hope this helps.
your first error tells you exactly why this happens. vm extension needs to talk to azure storage to report extension status. if it cant - portal operations might fail (this doesnt mean the extension failed; its just unable to report actual extension status).
I am getting a error message while removing the extension from a Linux VM in Azure Resource Manager Mode .
Failed to delete the virtual machine extension 'CustomScriptForLinux'. Error: VM has reported a failure when processing extension 'VMAccessForLinux'. Error message: "Enable failed.".
Removing some VM Extensions is not supported; others have properties that can be set that change VM behavior radically.
You can remove the extension by using Azure PowerShell cmdlets or by using the Service Management REST API operations.
Remove-AzureVMExtension – Use the cmdlet to remove classic VM extension
Remove-AzureRmVMExtension – Use the cmdlet to remove ARM VM extension
For more details on removing the extension check the link Add, Update, or Disable Extensions.
Trying to Create a Virtual Machine Deployment in Azure via Service Management API.
But getting the 404 http error code , though the uri is correct.I am correctly setting the values in the below format,
https://management.core.windows.net//services/hostedservices//deployments/
Anything else is missing ? Also am setting the certificates for SSL authentication.All other services seems to work but this alone is throwing a 404 http error
you mentioned you are using this url:
https://management.core.windows.net//services/hostedservices//deployments/
are you inputing your subscription-id and hosted service on which you wish to deploy?
the url should look like this:
https://management.core.windows.net/<subscription-id>/services/hostedservices/<service-name>/deployments/
taken from http://msdn.microsoft.com/en-us/library/windowsazure/jj157194
though when using the above URL i was also getting 404 responses, i needed to remove the trailing slash at the end. (".../deployments" , not ".../deployments/")
after this i started getting BadRequest Responses but this is probably just because of the XML body not being generated properly.
hope it helps
I think you are asking about Windows Azure Virtual Machines. In that case you might not be using the correct newer Powershell cmdlets to create Azure Virtual Machines because when you make new Virtual Machine cmdlets you don't need to use the management URL. It is all done during very first call when you configure connection using PublishSettings file and then set your subscription. The steps to create a new Azure Virtual Machine using Powershell cmdlets are as below:
Get-AzurePublishSettingsFile (documentation is here)
Import-AzurePublishSettingsFile azuresettings.publishsettings
New-AzureVM ** (documentation/sample script is here)
If you are using PaaS Windows Azure Web/Worker Role then you will use:
New-AzureDeployment (documented here)
A list of all new Windows Azure Powershell CMDlets is documented here.
Finally it worked.There are some errors in MSDN documentation.
uri:https://management.core.windows.net/subscriptionID/services/hostedservices/servicename/deployments
No slash at the end, but MSDN documentation gives a slash at the end.