I am unable to delete app service certificate. I get the error "Please remove the lock and try again”. How do I resolve this?
Resource Manager Locks provide a way for administrators to lock down Azure resources to prevent deletion or changing of a resource.
If you want to delete a certificate that has been locked, Navigate to Locks in App Service certificate and delete it before attempting to delete the certificate:
Go to Azure Portal -> App Service Certificate -> select your certificate-> you will see locks page with in the overview-> Select the lock held on the desired cert name-> Hit delete as shown below:
Related
I have an Azure Batch account setup with system assigned identity (the account was created through TF and User assigned identities are not yet supported).
A certificate is available to the batch account and on the pool as well.
When inspecting the node on the pool (scaled to one for now), it shows a certificate reference:
I've manually created a job and a simple task (/bin/bash -c 'ls -la $AZ_BATCH_CERTIFICATES_DIR/') to list contents and everything comes empty.
This seems to be the case for all self-signed certificates I've used to try this.
Can somebody please point out what I'm doing wrong?
(I've tried all combinations for Task-NonAdmin, TaskAdmin, Pool-NonAdmin, Pool-Admin together with LocalMachine, currentUser).
Thanks all!
Well, this thing happened:
Issue with Windows LocalMachine certificates:
If you are adding certificate references on your pool which install into the Windows LocalMachine certificate store, and are running tasks without admin access which need access to the certificate's private key, your tasks will work on the old agent but not work in the new agent.
Only pfx files where your non-admin task needs access to the private key should be moved to "My" in CurrentUser
https://github.com/Azure/Batch/issues/1
If I upload the certs to CurrentUser\My, the tasks do get the certs.
Getting error ONLY while accessing Blob storage.
No issues in Queues, File Share or table.
Any idea ?
Unable to retrieve child resources.
Details:
["FetchError:request to https://fssaicessunsetsbxv1sa.blob.core.windows.net/?include=metadata&comp=list failed, reason: unable to get local issuer certificate"]
Error : Self-Signed Certificate in Certificate Chain ,Unable to retrieve child resources.
Issue for me: I am attached with office proxy server. But Azure Storage Explorer is not using that proxy.
Solution:
Azure Storage Explorer -> Edit -> Configure Proxy,
Source = No proxy "Changed to" Use System proxy(preview)
After making these changes; I am able access the resources.
Moreover, Verify the permissions do you have on the connection string?
To generate your connection string either through the Azure Portal or some apps. When you generate the connection string, you need to give "Allowed permissions". Beside Read/Write you also need the List permission so Storage Explorer can list the blobs. Here is a screenshot in Azure portal to check/uncheck the permissions:
Have set any RBAC policies?
If you are connected to Azure through a proxy, verify that your proxy settings are correct. If you were granted access to a resource from the owner of the subscription or account, verify that you have read or list permissions for that resource.
If possible can you try to un-install and reinstall the latest version and check for the status of the issue.
Azure Storage Explorer Troubleshooting: "unable to retrieve child resources” or “The request action could not be completed”.
If the issue still persist after trying above mentioned steps, I would like to work closer on this issue. Let me know the status
Warning: For the noobs !
if you got luck you can also fix it by closing and re-opening the visual studio.
Reason: Authorization is tightly coupled with azure
Motivation: To err is Human ! Even Soft. DEV working at Microsoft are Human.
I am cleaning out some old items from my azure account and cannot remove an older version Bacup Vault.
I get the following error when I try to delete it:
Vault cannot be deleted as there are existing resources within the
vault. Please ensure there are no backup items, protected servers or
backup management servers associated with this vault. Unregister the
following containers associated with this vault before proceeding for
deletion : COMPUTER-NAME. Unregister all containers from the vault and then
retry to delete vault
Notice the COMPUTER-NAME
That is the name of my computer, but I can not find the Azure back up agent installed on that computer. I also cannot find the computer name container in any storage containers in my entire azure account.
Can someone help me figure out how to remove these items
thanks in advance
First screenshot shows the Backup vault and the error message I get when I try to delete.
the second screenshot shows the BackupItems that remain, but I cannot delete them.
the red boxes cover my COMPUTER-NAME
Looks like my previous answer was turned into a comment due to brevity. Here's an update to make it a better answer anyway. Answer from that link quoted below for reference.
I have not mapped this answer to the corresponding Azure commands, but I was able to find my way to a solution via the Azure Portal. The steps were as follows:
Selected my Recovery Service resource
Under the Manage section, clicked Backup Infrastructure
Under Management Servers, clicked Protected Servers
In the list that followed, clicked on the row where my Protected Server > Count was greater than 0, in my case, Azure Backup Agent (because the backup agent was installed on my Windows Desktop)
Clicked on my server name in the Protected Server list
Clicked Delete in the card for my protected server
After that completed, I was able to delete the entire vault. These steps may be helpful if you have other Backup Infrastructure resources and possibly even Site Recovery Infrastructure resources associated with a vault.
Update: It seems like there's an open issue for Get-AzureRmRecoveryServicesBackupItem not having any capacity to return MARS backup items which is ultimately what the issue here was.
I'm using a Azure Resource Manager(ARM) template to create and update a resource group in a release definition in Visual Studio Team Services(VSTS). I'm using the same template to upload the .pfx certificate to the web app.
For the first deployment the certificate got uploaded perfectly, but from the next deployment the deployment fails with the error "Another certificate exists with same thumbprint ******** at location West US in the Resource Group MyResourceGroup".
I tried recreating the webapp, but to my surprise the deployment fails for the first time itself. Looks like the certificate got uploaded to the resource group.
Is there a way to overwrite the existing .pfx certificate for every deployment.
You do not have to upload certificate for all deployments. The first certificate will become available to all deployments
Certificates are exposed at the resource group level, so deploying the same certificate again will definitely error out.
However, I don't see a reason as to why you need to upload a certificate.
Does your application need to read this certificate? if yes, then there is a different way to do this. See this article:
https://azure.microsoft.com/en-us/blog/using-certificates-in-azure-websites-applications/
Until today I had never encountered this error. I have been able to redeploy my applications, certificates and all, with no issues. I believe in my case that someone had previously manually added the certificate using a different name, possibly through the portal, and then when my pipeline executed it attempted to add the certificate using a different name.
Certificates are child resources of Microsoft.Web under the resource group. There are likely a number of options for resolving but I am going to focus on removing the certificate using Resource Explorer. (I bet that there is a Azure CLI or Azure PowerShell command to do this too.)
In resource explorer, locate the certificates node associated with your resource group using the left hand navigation pane. This will likely be in something like subscriptions -> {subscription name} -> resourceGroups -> {resource group name} -> providers -> Microsoft.Web -> certificates -> {certificate name}
Once located, select your certificate and then can use the Actions (POST, DELETE) tab in the right hand pane to delete the certificate. You should then be able to redeploy.
I'm attempting to use the Virtual Machine Converter 3.1 to convert a VM to Azure VM. I am following the steps here:
https://technet.microsoft.com/en-us/library/dn874004.aspx
and I have created a management certificate using the instructions here:
https://msdn.microsoft.com/library/azure/gg551722.aspx
and I have uploaded this to my Azure Subscription. I have verified that the certificate is in my Personal Store, and I have even copied this to the Local Machine Store. Both Certificates show that they have private keys as expected and the certificate uploaded and shows in the Azure Management Certificates as well.
When I run the MVMC and I provide the Subscription ID and the Certificate Thumbprint I get the message: "No certificate exists with thumbprint XXXXXXXXXXXX...". I cannot get past this screen to successfully migrate the VM to Azure, does anyone have a recommendation or suggestion?
I know this is old, but I thought I would post the answer to help whoever finds this. ;)
From: https://support.microsoft.com/en-us/kb/2977336
"Certificate thumbprint is not found in the personal certificate store" error when you try to migrate to Microsoft Azure using Microsoft Virtual Machine Converter
To resolve this problem, follow these steps:
Start the MMC.exe process.
Click File, click Add/Remove Snap-in, and then click Certificates.
On the Certificates snap-in screen, click Add, and then select My user account. Click Finish, and then click OK.
Expand Console Root, expand Certificates - Current User, expand Personal, and then expand Certificates.
Right-click your Microsoft Azure certificate. By default, this is named Microsoft Azure Tools. Select All Tasks, and then click Export.
Click Next, and then click No, do not export the private key. Click Next.
On the Certificate Export Wizard screen, click DER encoded X.509 (.CER), and then click Next.
Type a file name, click Next, and then click Finish.
Expand Console Root\Certificates - Current User, expand Trusted Root Certification Authorities, and then expand Certificates.
Right-click Certificates, and then click Import.
Click Next, and then locate the file that you exported in step 8.
Follow the steps in the wizard to complete the import process. Verify that the Microsoft Azure Tools certificate now appears in both the Personal and Trusted Root Certification Authorities stores.
Return to MVMC, and then retry the Azure Connection task.