Azure Change Tracking/Inventory (Configuration Management) cannot be enabled - azure

We have an several VMs connected to the Log Analytics workspace and the automation is linked to it. The Update Management is enabled on all VMs and it's working properly.
When trying to enable either the Change Tracking or Inventory in the Configuration Management, it's showing "Cannot enable" status. As far as I know both the Update Management and Configuration Management use the same Agent, so it shouldn't be a problem.
Did I miss something here? If you have any Idea of what is the reason, please share it with me.
Here is the error of the deployment:
OPERATION ID *****
TRACKING ID *****
STATUS BadRequest
STATUS MESSAGE {
"error": {
"code": "BadRequest",
"message": ""
}
}
PROVISIONING STATE Failed
TIMESTAMP 11.6.2019, 14:11:42
DURATION 1 second
TYPE Microsoft.OperationalInsights/workspaces/configurationScopes
RESOURCE ID *******/MicrosoftDefaultScopeConfig-ChangeTracking
RESOURCE som-workspace/MicrosoftDefaultScopeConfig-ChangeTrac

Related

Backup Windows server Azure VM new Azure Recovery Service Vault error code BMSUserErrorContainerObjectNotFound

I have a new vm, Operating system Windows (Windows Server 2016 Datacenter).
When I try to enable backup and select new Recovery Service Vault, I get deployment error:
Deployment to resource group test failed.
Additional details from the underlying API that might be helpful: At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.
Resource
vault242/Azure/iaasvmcontainer;iaasvmcontainerv2;test;web01/vm;iaasvmcontainerv2;test;web01
Type
Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems
Status
Conflict
Status message
{
"status": "Failed",
"error": {
"code": "BMSUserErrorContainerObjectNotFound",
"message": "Item not found"
}
}
Can't find any information for code BMSUserErrorContainerObjectNotFound and why a protected item not created automatically
My apologies for the delay in the response.
Were you able to resolve the issue?
If not, let's review it.
As I understood, you are enabling the Azure VM Back Up by following the next steps:
There could be multiple reasons why you are getting this failure.
Did you perform these steps manually using the Azure Portal? Template deployment? Scripting? I suspect most likely you are doing the template deployment or any kind of scripting and this one is the syntax issue.
Second thought, it was the transmitted issue due to the load of request on the Azure end. In this case, you need to retry the operation.
Additional question to ask, do you get the failure on one specific machine or all machines? Specific region?
Do you get the same failure when you use the existing vault?
If you still can provide information above, it's going to be helpful to narrow down the root cause.
I ran into this error as well today and I think it is is a Azure portal bug when enabling the Backup from the VM blade.
Instead, you can initiate a Backup from the "Recovery Services vaults" blade and add the VM to it.

ResourceMoveProviderValidationFailed Error

while moving VM from one resource group to another this error encountered while there is no SQL VM associated with VM still getting this error
{
**"code": "ResourceMoveProviderValidationFailed",**
"message": "Resource move validation failed. Please see details. Diagnostic information: timestamp '20200908T142742Z', subscription id 'xxx-xxx-xxxx', tracking id 'xxxxxxx-414a-xxxxx-adb4-xxxxxx', request correlation id 'xxxxxxxxxxxx'.",
"details": [
{
"code": "MissingMoveResources",
"target": "Microsoft.SqlVirtualMachine/SqlVirtualMachines",
"message": **"Cannot move resource(s) because following resources /subscriptions/xxxxxxxxx/resourceGroups/myrgroup/providers/Microsoft.SqlVirtualMachine/sqlVirtualMachines/xxxxx0020 need to be included in move request to target resource group as well. Please include these and try again.**"
}
]
}
The error code 409 MissingMoveResources is documented in the Azure SQL VM REST API documentation as:
409 MissingMoveResources - Cannot move resources(s) because some
resources are missing in the request.
So, going by the error details posted above, it does mean that the Virtual Machine you're looking at is linked to a SQL Virtual Machine. The easiest way would be to verify it from the Portal itself:
As seen in the screenshot above:
Presence of the SQL Server Configuration tab under the Settings blade, and
Publisher being MicrosoftSQLServer
confirm the same.
Therefore, you'd have to know the associated SQL Virtual Machine and include that as well in your request to complete the move operation successfully. You can get to the SQL VM by accessing the SQL Server configuration tab.

How to update queue/topic of Azure Service Bus via ARM?

I have a ARM (Azure Resource Manager) script that creates Service bus with topic and subscriber inside. It worked perfectly for some time, but I decided to enable session on topic and disable partitioning. Script was changed and during deployment it gives me:
Template deployment returned the following errors:
07:56:00 - Resource Microsoft.ServiceBus/namespaces/topics 'ops-ServiceBus/default-topic' failed with message '{
"error": {
"message": "SubCode=40000. Partitioning cannot be changed for Topic. . TrackingId:<some_guid>_M11CH3_M11CH3_G1, SystemTracker:ops-servicebus.servicebus.windows.net:default-topic, Timestamp:2019-03-28T04:55:56 CorrelationId: <some_guid>",
"code": "BadRequest"
}
}'
07:56:21 - Template output evaluation skipped: at least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.
Is it possible to perform update operation on Queue/Topic using ARM?
We did configure queues\topics with arm templates, but according to the error - some parameters are immutable, so you'd have to recreate in this case.

Azure Service Fabric VMExtensionProvisioningError

I am trying to create secure service fabric cluster from Azure Portal with primary certificate uploaded to key-vault.
All required resources are being created. Exception occurs on Virtual machine scale set, operation Write VirtualMachineScaleSets reports:
"properties": {
"statusCode": "Conflict",
"statusMessage": "{\"status\":\"Failed\",\"error\":{\"code\":\"ResourceDeploymentFailure\",\"message\":\"The resource operation completed with terminal provisioning state 'Failed'.\",\"details\":[{\"code\":\"VMExtensionProvisioningError\",\"message\":\"VM has reported a failure when processing extension 'VMDiagnosticsVmExt_vmNodeType0Name'. Error message: \\\"Monitoring Agent not reporting success after launch\\\".\"}]}}"
}
Because internal operation Write Deployments is being failed, and no detailed message.

Azure VM Resource Deployment Failed: "The system is not authoritative for the specified account"

I have been using an Azure VM for several weeks: (Windows 10, Visual Studio Developer VM), But have been unable to login for several hours.
The machine is reported as running, RDP finds the machine and presents the login box, but Login fails: (Your credentials did not work)
The VM can be restarted, but the same error occurs.
Boot diagnostics shows the Windows 10 'beach cave' image
Attempts to reset the password give errors in the event log:
Failed to reset password At lease one resource deployment operation
failed. Please list deployment operations for details. see
https://aka.ms/arm-debug for usage details.
Then Deployment operations has this error:
Deployment failed Deployment to resource group 'MY_AZURE_GROUP'
failed. Additional details from the underlying API that may be
helpful. At least one deployment operation failed. Please list
deployment operations for details.
Then this error expands to:
Status: Conflict
Provisioning State: Failed
Type: Microsoft.Compute/virtualMachines/extensions
StatusMessage:
{
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "The resource operation completed with terminal provisioning state 'Failed'.",
"details": [
{
"code": "VMExtensionProvisioningError",
"message": "VM has reported a failure when processing extension 'enablevmaccess'. Error message: \"Cannot update Remote Desktop Connection settings for built-in Administrator account. Error: The system is not authoritative for the specified account and therefore cannot complete the operation. Please retry the operation using the provider associated with this account. If this is an online provider please use the provider's online site.\r\n\"."
}
]
}
}
So I then tried Redeploying the VM: Which gave this error
Failed to redeploy the virtual machine 'MY_AZURE_VM'. Error: VM has reported a failure when processing extension 'enablevmaccess'. Error message: "Cannot update Remote Desktop Connection settings for built-in Administrator account. Error: The system is not authoritative for the specified account and therefore cannot complete the operation. Please retry the operation using the provider associated with this account. If this is an online provider please use the provider's online site.
The message "The system is not authoritative for the specified account" hints at some permissions failure somewhere.
What does this mean - and how can I fix it?
Turns out the answer was not obvious and is still a little perplexing.
On first use Cortana had asked for a Microsoft account - so I had supplied details of one I rarely use (Lets call it rarely.used#domain.com) In the background Windows had changed my MY_AZURE_VM\MyLogin (my only login - and the admin user on that VM) to the Microsoft account rarely.used#domain.com!
So now I login with that Microsoft account - and all is well.
If I look in the Computer Management Users - MyLogin still exists - as the only user on the system - but If I try adding it to a Group, Check-Names converts it to rarely.used#domain.com

Resources