I'm having an error when i try to create my SSIS Integration Runtime on Azure Data Factory :
Microsoft.Batch resource provider is not registered under the same subscription of VNet
And here is the detail of the error :
Thank you
A resource provider is a service that supplies the resources you can deploy and manage through Resource Manager. Each resource provider offers a set of resources and operations for working with an Azure service. For example, if you want to store keys and secrets, you work with the Microsoft.KeyVault resource provider.
It appears the SSIS Integration runtime requires a batch account. But you are not able to provision a batch account because the resource provider is not registered. To register a resource provider, you must have permission to perform the /register/action operation for the resource provider. This operation is included in the Contributor and Owner roles.
You can use PowerShell to register it:
Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Batch
You can also register it through the portal. Go to Subscriptions -> Resource Providers. Search for Microsoft.Batch and click the register link on that result.
You can find more info in the MS Docs here.
You get this error when you join the SSIS Integration Runtime to Azure VNet.
Go to your Subscription -> Resource Provider -> Microsoft.Batch and register it.
Microsoft.Batch is required because when you join the Integration Runtime to the VNet, Azure, behind the scenes uses Azure Batch service to provision necessary resources like Load Balancer, NSG, Public IP to continue the communication even after IR is within the VNet
Related
I have an Azure subscription with ACR and App Configuration services.
I am implementing a pipeline that access Azure through DevOps Service Connection that has Contributor role for both resources. However, using Az Client task pipeline cannot see or access those resources.
If I execute "az resources list" I don't see those resources even though Service Connection has access to them.
I have the same setup working on my personal subscription. What am I missing?
Tried to reproduce same scenario in my personal subscription and it worked with the same level of access for Service Connection.
Also it works in PowerShell console with a user account with the same permissions.
I am getting the following errors when I try to create the azure sql dependency:
Microsoft.WebTools.Shared.Exceptions.WebToolsException:
Unsupported resourceID '/subscriptions/988c01a5-638b-4385-9cfd-9bc40f3ad17c/resourcegroups/OnlineShopping20210607161055ResourceGroup/providers/Microsoft.Web/sites/2021GRP28'.
Failed to configure dependency Azure SQL Database mssql1.
I have deployed this application a few months back under a different account and with a different resource group, app service and subscription. Could that be the issue because the resource group mentioned above in the error code is from the other account and if so, how do I fix this?
Location might not be supported for the resource type.
You can see the registration status and register a resource provider namespace through the portal.
From the portal, select All services.
Select all services. Select Subscriptions.
Select subscriptions
From the list of subscriptions, select the subscription you want to use for registering the resource provider. Select subscription to register resource provider
For your subscription, select Resource providers.
Look at the list of resource providers, and if necessary, select the Register link to register the resource provider of the type you're trying to deploy.
I'm an owner of an Azure resource group but not have permissions on the subscription or on the management group.
When configuring the "azurerm" provider inside my .tf file, I've added subscription id and tenant id (I'm not the owner of that subscription).
--------------------- UPDATE ---------------------
I'm trying to apply Linux virtual machine using Terraform but having authorization issues while planning the .tf file.
I've listed all my accounts using Azure CLI (want to connect the second subscription in the output below):
I've succeeded authenticating to the subscription using Azure CLI with the command (it worked):
az account set --subscription="SUBSCRIPTION_ID"
It's my default and current subscription:
Also, I was able to create and manage resources inside my resource group in that subscription using Azure CLI.
However, I added the exact tenant ID and the exact subscription ID inside my .tf file and still got the same credentials errors during the "terraform plan".
Using Azure CLI or Azure portal I am able to create and manage resources inside the resource group's scope, although using terraform I'm facing problems.
Thank you :)
According to your story, you just set the tenant id and subscription id in the azure provider, so it seems you authenticate via Azure CLI. No matter you have a user account or a service principal, the owner role of the resource group is enough to create virtual machine in the resource group. In this way, you need to logging into the Azure CLI first. As it shows in the link I have provided.
In my Azure DevOps release pipeline, I would like to start a VM. So I have an "Azure resource group deployment" task with the action "Start virtual machines". However, when I run this task, I get the error:
"Failed to fetch the list of virtual machines from resource group: ...
Error: "Could not fetch access token for Managed Service Principal.
Please configure Managed Service Identity (MSI) for virtual machine
'https://aka.ms/azure-msi-docs'. Status code: 400, status message: Bad
Request"
In my VM I already enabled system-assigned managed identity, so I don't know why this error is appearing. Any thoughts?
You will also need a service connection in Azure DevOps to connect to your Azure subscription using the MSI.
You can configure Azure Virtual Machines (VM)-based agents with an Azure Managed Service Identity in Azure Active Directory (Azure AD). This lets you use the system assigned identity (Service Principal) to grant the Azure VM-based agents access to any Azure resource that supports Azure AD, such as Key Vault, instead of persisting credentials in Azure DevOps for the connection.
In Azure DevOps, open the Service connections page from the project settings page. In TFS, open the Services page from the "settings" icon in the top menu bar.
Choose + New service connection and select Azure Resource Manager.
Choosing a service connection type
Select the Managed Identity Authentication option.
Opening the managed service identity settings
Enter a user-friendly Connection name to use when referring to this service connection.
Select the Environment name (such as Azure Cloud, Azure Stack, or an Azure Government Cloud).
Enter the values for your subscription into these fields of the connection dialog:
Subscription ID
Subscription name
Tenant ID
After the new service connection is created:
If you are using it in the UI, select the connection name you assigned in the Azure subscription setting of your pipeline.
If you are using it in YAML, copy the connection name into your code as the azureSubscription value.
Ensure that the VM (agent) has the appropriate permissions. For example, if your code needs to call Azure Resource Manager, assign the VM the appropriate role using Role-Based Access Control (RBAC) in Azure AD. For more details, see How can I use managed identities for Azure resources? and Use Role-Based Access Control to manage access to your Azure subscription resources.
https://learn.microsoft.com/en-us/azure/devops/pipelines/library/connect-to-azure?view=azure-devops#create-an-azure-resource-manager-service-connection-to-a-vm-with-a-managed-service-identity
How can I see the configuration of a resource in a resource group? I've provisioned a database through the portal and I'd like to see what that configuration is in the template language.
You can use the Azure Resource Manager REST API to list the template deployments for your resource group. A reference to the API is here.
Near the top of the response is a templateLink that you can follow to get the deployment template. For example, this is what I get back for one of my deployments where I used the Web App + SQL Database configuration from the Azure Portal to create a new web app.