2019-10-02T04:00:46.7615707Z ##[error]Error: Failed to get resource ID
for resource type 'Microsoft.Web/Sites' and resource name
'morningtonFrontEnd'. Error: Could not fetch access token for Managed
Service Principal. Please configure Managed Service Identity (MSI) for
virtual machine 'https://aka.ms/azure-msi-docs'. Status code: 400,
status message: Bad Request.
Could anyone explain to me what is the issue?
I have "Contributor" access to Azure.
Logs:
2019-10-02T04:00:45.2038473Z ##[section]Starting: Deploy Azure App Service
2019-10-02T04:00:45.2159933Z ==============================================================================
2019-10-02T04:00:45.2160013Z Task : Azure App Service deploy
2019-10-02T04:00:45.2160056Z Description : Deploy to Azure App Service a web, mobile, or API app using Docker, Java, .NET, .NET Core, Node.js, PHP, Python, or Ruby
2019-10-02T04:00:45.2160116Z Version : 4.157.1
2019-10-02T04:00:45.2160154Z Author : Microsoft Corporation
2019-10-02T04:00:45.2160215Z Help : https://learn.microsoft.com/azure/devops/pipelines/tasks/deploy/azure-rm-web-app-deployment
2019-10-02T04:00:45.2160272Z ==============================================================================
2019-10-02T04:00:46.7125417Z Got service connection details for Azure App Service:'morningtonFrontEnd'
2019-10-02T04:00:46.7615707Z ##[error]Error: Failed to get resource ID for resource type 'Microsoft.Web/Sites' and resource name 'morningtonFrontEnd'. Error: Could not fetch access token for Managed Service Principal. Please configure Managed Service Identity (MSI) for virtual machine 'https://aka.ms/azure-msi-docs'. Status code: 400, status message: Bad Request
2019-10-02T04:00:46.7625812Z (node:2404) UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 1): TypeError: Cannot read property 'getApplicationURL' of undefined
2019-10-02T04:00:46.7741572Z Failed to add release annotation. TypeError: Cannot read property 'getApplicationSettings' of undefined
2019-10-02T04:00:46.7782967Z ##[section]Finishing: Deploy Azure App Service
[error]Error: Failed to get resource ID for resource type
'Microsoft.Web/Sites' and resource name 'morningtonFrontEnd'. Error:
Could not fetch access token for Managed Service Principal. Please
configure Managed Service Identity (MSI) for virtual machine
'https://aka.ms/azure-msi-docs'. Status code: 400, status message: Bad
Request
Focus on this error message, the next error line UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 1): TypeError: Cannot read property 'getApplicationURL' of undefined caused by the first service connection could not connect successfully.
For this error, it does not relevant your Contributor role. This generally because the authentication token is expired or invalid. You can first click Verify connection to check whether this connection is nothing goes wrong. If the verification is successful, it will show verified, which means that the current connection is no problem.
If this verified failed, you'd better re-create one new service connection. Please follow this doc and this blog to start the create steps.
After the service connection created successfully, click Verify connection firstly. Just ensure nothing goes wrong, then use it in pipeline.
Also, not forget click Authorized in task configuration:
Finish all above pre-verification steps, the error should not appear again.
Related
When I am trying to create a Service Bus Namespace in Azure. It is failing with the below exception.
Microsoft.Azure.Management.ServiceBus.Models.ErrorResponseException: Operation returned an invalid status code 'NotFound'
Any help on why this error occurs and how to fix this?
Please check if the below steps help to work around:
I have faced similar kind of issue, but the status is Forbidden when creating the Service Bus topic request like Operation returned an invalid statu code: Forbidden
Resolve by adding role assignment to this service bus resource in the Azure Portal.
Go to your service bus resource > Access Control (IAM) > Add Role assignment > Search your service principal name and add it as a role like owner, Save it.
In your case, I believe
Microsoft.Azure.Management.ServiceBus.Models.ErrorResponseException: Operation returned an invalid status code 'NotFound'
There are some causes regarding to similar error in Azure Service Bus Messaging Class like:
The Operation you're trying to perform does not exist.
Or the operation giving null in the request body.
Entity trying to execute the operation against could not be found.
Some troubleshooting steps and recommendations provided by Microsoft Azure in this documentation.
I am running terraform via Azure devOps pipeline, in order to create azure MSSQL along with Blob Auditing Policies. However, when I run the pipeline, I am getting the following error after the pipeline runs for a while. Can some please help me identifying the root cause of this issue?
Error: failure in issuing create/update request for SQL Database "Identity" Blob Auditing Policies(SQL Server ""/ Resource Group ""): sql.ExtendedDatabaseBlobAuditingPoliciesClient#CreateOrUpdate: Failure responding to request: StatusCode=504 -- Original Error: autorest/azure: Service returned an error. Status=504 Code="GatewayTimeout" Message="The gateway did not receive a response from 'Microsoft.Sql' within the specified time period."
on azure-sql-server.tf line 92, in resource "azurerm_mssql_database" "sqlserver":
92: resource "azurerm_mssql_database" "sqlserver" {
failure in issuing create/update request for SQL Database "Identity" Blob Auditing Policies(SQL Server ""/ Resource Group ""): sql.ExtendedDatabaseBlobAuditingPoliciesClient#CreateOrUpdate: Failure responding to request: StatusCode=504 -- Original Error:
autorest/azure: Service returned an error. Status=504
Code="GatewayTimeout" Message="The gateway did not receive a response from 'Microsoft.Sql' within the specified time period.
To resolve the above error, please try the following:
Try removing the azurerm_mssql_database_extended_auditing_policy try replacing with the old extended_auditing_policy block within azurerm_mssql_database .
Using storage requires to enable 'Allow trusted Microsoft services to access this storage account' on the storage account.
Make sure you have Storage Blob Data Contributor for the storage created from terraform.
Enable System Managed Identity on the existing SQL Server.
For the workaround, try editing the state file to remove the "status": "tainted", line from the "azurerm_mssql_server" resource.
For more in detail, please refer below links:
azure - Creating SQL Server vulnerability assessment resource using a private Storage Account fails - Stack Overflow.
mssql_server: breaking change in the azure api · Issue #8915 · hashicorp/terraform-provider-azurerm · GitHub.
Export database fails with "The gateway did not receive a response from 'Microsoft.Sql'" - Microsoft Q&A.
I have a storage account which has
a) Microsoft network routing selected.
b) Publish route-specific endpoint as only Microsoft network routing enabled.
I have an Azure DevOps pipeline agent running terraform plan - before running a plan I get the public ip of the VM (using curl) and run bash script to add thise public ip of the VM to the Network ACL of the storage account.
However the plan fails with not authorized error.
As soon as I also select the "Publish Internet routing" the plan starts working.
Can anyone shed light/explain why this is happening ?
PS: attaching the error details from pipeline..
Error: Error retrieving Container "bootdiag" (Account "xxxxxxxxx" / Resource Group "xx-dev-xx-xxx-001"): containers.Client#GetProperties: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailure" Message="This request is not authorized to perform this operation.\nRequestId:f01c457e-d01e-0036-38b5-f25ba0000000\nTime:2021-01-25T00:57:41.2404471Z"
Azure kubernets deployment fail....
WebserviceException:
Message: Service deployment polling reached non-successful terminal state, current service state: Failed
Operation ID: cf9db31f-0466-41dd-b70f-fe5a9
More information can be found using '.get_logs()'
Error:
{
"code": "KubernetesDeploymentFailed",
"statusCode": 400,
"message": "Kubernetes Deployment failed",
"details": [
{
"code": "CrashLoopBackOff",
"message": "Your container application crashed. This may be caused by errors in your scoring file's init() function.\nPlease check the logs for your container instance: aks-service-fa2. From the AML SDK, you can run print(service.get_logs()) if you have service object to fetch the logs. \nYou can also try to run image c377cabf339b45c71.azurecr.io/azureml/azureml_bd83accc12:latest locally. Please refer to https://aka.ms/debugimage#service-launch-fails for more information."
},
{
"code": "DeploymentFailed",
"message": "Your container endpoint is not available. Please follow the steps to debug:\n1. From the AML SDK, you can run print(service.get_logs()) if you have service object to fetch the logs.
As the error clearly suggests,
Your container application crashed. This may be caused by errors in your scoring file's init() function.\nPlease check the logs for your container instance: aks-service-fa2. From the AML SDK, you can run print(service.get_logs()) if you have service object to fetch the logs. \nYou can also try to run image c377cabf339b45c71.azurecr.io/azureml/azureml_bd83accc12:latest locally. Please refer to https://aka.ms/debugimage#service-launch-fails for more information.
You need to check at the application log (Inspect the Docker log) what is the error and fix it.
# if you already have the service object handy
print(service.get_logs())
# if you only know the name of the service (note there might be multiple services with the same name but different version number)
print(ws.webservices['mysvc'].get_logs())
Didn't provision properly. In a provisioning state of failed. I get the followoing when trying to delete from portal/Azure CLI:
Failed to delete container service 'GTK8s'. Error: 'autorest/azure: Service returned an error. Status=401 Code="InvalidAuthenticationToken" Message="The received access token is not valid: at least one of the claims 'puid' or 'altsecid' or 'oid' should be present. If you are accessing as application please make sure service principal is properly created in the tenant."'
I can't see a service principal relating to this application in Azure AD.
Deleting the resource group worked for me. Thx for the suggestion #4c74356b41