We are debugging our systems to see failed azure posts and want to learn why they failed in the first place.
The AzureMetric and Azure diagnostics are not helping when we are running the query over OMS.
Where do we see which values made us fail ?
Our OMS Query
search *
| where Resource == "xxx-API-NONPRODUCTION"
| where Type == "AzureDiagnostics"
Sample Error from OMS
$table
AzureDiagnostics
TenantId
yyy-0a7b-4833-8fb6-yyy
SourceSystem
Azure
TimeGenerated [UTC]
2017-12-20T15:05:00.845Z
Type
AzureDiagnostics
Environment_s
PROD
lastError_source_s
configuration
lastError_reason_s
OperationNotFound
lastError_message_s
Unable to match incoming request to an operation.
lastError_section_s
backend
OperationName
Microsoft.ApiManagement/GatewayLogs
Category
GatewayLogs
CallerIPAddress
51.yyy.34.yyy
location_s
UK West
method_s
GET
url_s
https://xxx-api-nonproduction.azure-api.net/qa/user/api/zzz/UserAccountExistsByEmailAddressAndIsEnabled/2bdel.qags2012#yopmail.com
cache_s
none
apiId_s
tttt
productId_s
tttt
userId_s
1
apimSubscriptionId_s
vvvv
ResourceId
/SUBSCRIPTIONS/vvvv-2F08-4DED-92B8-vvvv/RESOURCEGROUPS/xxx-CORE-NONPRODUCTION/PROVIDERS/MICROSOFT.APIMANAGEMENT/SERVICE/xxx-API-NONPRODUCTION
SubscriptionId
vvv-vvvv-vvv-vvv-vvv
ResourceGroup
xxx-CORE-NONPRODUCTION
ResourceProvider
MICROSOFT.APIMANAGEMENT
Resource
uuuu-API-NONPRODUCTION
ResourceType
SERVICE
CorrelationId
vvv-vvv-vvv-vvv-vvvvv
isRequestSuccess_b
false
Level_d
4
EventId_d
222
DurationMs
0
responseCode_d
404
responseSize_d
130
By default API management service does not log request body or headers, that can be done but with some extra work. You'll have to use log-to-eventhub policy to send body into eventhub and read it there later to log. Or you could save request body into a variable and return it as a response bidy from on-error section when request fails.
But from your log I can see that you get OperationNotFound: Unable to match incoming request to an operation. That means that URL was called on APIM service that didn't match any operation defined in API. The URL in question is https://xxx-api-nonproduction.azure-api.net/qa/user/api/zzz/UserAccountExistsByEmailAddressAndIsEnabled/2bdel.qags2012#yopmail.com
If we assume that "qa/user" is API suffix, then "/zzz/UserAccountExistsByEmailAddressAndIsEnabled/2bdel.qags2012#yopmail.com" should match URL template of one of operations in such API, and such operation must have method set as GET since that's what is being called.
Related
I created in laravel a scim route with total return results 0 and I got the secret certificate in application registration and generate certificates and secrets but it doesn't work.
SystemForCrossDomainIdentityManagementCredentialValidationUnavailable Details: We received this unexpected response from your application: An HTTP/404 Not Found response was returned rather than the expected HTTP/200 OK response. To address this issue, ensure that the tenant URL is correct. The tenant URL is usually in a format like: https://<>/scim. If this does not resolve the issue, contact the application developer to ensure their SCIM endpoint conforms with the protocol
as is returning my route:
return response()->json(['schemas'=>["urn:ietf:params:scim:api:messages:2.0:ListResponse"],'totalResults' => 0, "Resources" => [],"startIndex" => 1,"itemsPerPage" => 20]);
The AAD provisioning service starts off by sending a few GET requests looking for non-existent resources - i.e.: GET /Users?userName eq "469787bf-b179-4ef9-bc60-ee07cc78fd47". The expected response is a 200/OK with ListResponse type response with totalResults of 0.
The message you're getting back indicates that one of these test API calls is getting a 404 rather than a 200. This could be because the URL is incorrect, or the SCIM implementation is noncompliant and is returning a 404 for a query that returns zero results.
According to
https://learn.microsoft.com/en-us/learn/modules/work-azure-blob-storage/5-set-retrieve-properties-metadata-rest -
"If two or more metadata headers with the same name are submitted for a resource, the Blob service returns status code 400 (Bad Request)".
But According to
https://learn.microsoft.com/en-us/learn/modules/work-azure-blob-storage/4-manage-container-properties-metadata-dotnet -
"If two or more metadata headers with the same name are submitted for a resource, Blob storage comma-separates and concatenates the two values and return HTTP response code 200 (OK)".
Well, Which is it?
Am I missing something?
Actually both of them are true.
The first one is for the REST API operation. If you are calling the REST API directly and setting 2 metadata items with the same name, the request will fail with bad request (400 status code error).
The second one is for when you are using .Net SDK. Here, if you are setting 2 metadata items with the same name, the SDK will combine both of them and send a single header request to the REST API.
I am trying to set "advanced filter" of BlobEventsTrigger programmatically.
They are reset at each deployment. I need only 3 and having 7 of them are causing the job to start twice. It is super annoying to delete them manually after each deployment.
I have tried to add a field "advancedFilters" or "blobType" to the trigger json file without success.
"typeProperties": {
"blobPathBeginsWith": "/bingofile/blobs/",
"blobPathEndsWith": "/_SUCCESS",
"ignoreEmptyBlobs": false,
"scope": "/subscriptions/bingofilesup/resourceGroups/bingofilesup/providers/Microsoft.Storage/storageAccounts/bingofilesup",
"events": [
"Microsoft.Storage.BlobCreated"
]
I've also tried az eventgrid system-topic event-subscription update but this library does not work when it comes to updating advanced filter. It asks an endpoint (which is normally a facultative argument) , and when provided the existing data factory endpoint, it fails reaching it.
I have checked the documentation about this endpoint and it is said to be the webhook endpoint .
Endpoint where EventGrid should deliver events matching this event
subscription. For webhook endpoint type, this should be the
corresponding webhook URL. For other endpoint types, this should be
the Azure resource identifier of the endpoint. It is expected that the
destination endpoint to be already created and available for use
before executing any Event Grid command.
But it does not work .
Deployment failed. Correlation ID:
95e4fab5-163e-48ab-8cb2-b23432516e53. Webhook validation handshake
failed for [webwook end point provided in the topic]. Http POST
request failed with response code Unknown. For troublehooting, visit
https://aka.ms/esvalidation.
Any observation or suggestion would be great, thanks in advance !
According to my test, the endpoint https://pmeastasia.svc.datafactory.azure.com:4443/triggerevent/BlobEventsTrigger/<> is juts a base URL. When the events are sent to data factory or update subscription, azure will generate an endpoint with the base URL to do auth. So if you want to update the subscription with other tools, I think you need to use fildder to catch the request to get the whole endpoint at first.
Audit Log:
I have chose to not to DELETE group according to scim specification https://www.rfc-editor.org/rfc/rfc7644#section-3.6
Clients request resource removal via DELETE. Service providers MAY
choose not to permanently delete the resource
But then Azure treats it as error, Below is what I see in Audit Log, Did I understood the specification correctly or am I missing something?
Failed to delete Group '' in customappsso; Error: The SCIM
endpoint is not fully compatible with the Azure Active Directory SCIM
client. Please refer to the Azure Active Directory SCIM provisioning
documentation and adapt the SCIM endpoint to be able to process
provisioning requests from Azure Active Directory. StatusCode:
BadRequest Message: Processing of the HTTP request resulted in an
exception. Please see the HTTP response returned by the 'Response'
property of this exception for details. Web Response:
{"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"detail":"DELETE
group not supported","status":null,"scimType":"mutability"}. This
operation was retried 0 times. It will be retried again after this
date: 2020-03-16T17:42:08.0940986Z UTC
The error shouldn't come up if you uncheck delete in the attribute mappings. You're right that the delete endpoint does not need to be implemented.
https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/customize-application-attributes#editing-user-attribute-mappings
I'm sending a Postman request to get the metrics from an event grid like this:
https://management.azure.com/subscriptions/{suscription id}/resourceGroups/{name of resource group}/providers/microsoft.insights/metricDefinitions/?api-version=2018-01-01
I'm also attaching the Bearer token.
However, I keep getting the following response:
{
"message": "An error has occurred.",
"exceptionMessage": "ApiVersion: 2018-01-01 does not support query at non Arm resource Id level",
"exceptionType": "Microsoft.Online.Metrics.MetricsMP.Utilities.RPRequestFormatException",
"stackTrace": " at Microsoft.Online.Metrics.MetricsMP.Controllers.MPController_MetricDefinitions_Base.<MetricDefinitionAtResourceGroup>d__4.MoveNext() in ...
....
}
What does that mean and how can I fix it? I've been looking on the Internet and there's not much information.
Your URL is wrong.As far as I know,if you want to retrieve metric definitions, the rest api is that
Method: GET
Request URI:
https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}/providers/microsoft.insights/metricDefinitions?api-version={apiVersion}
For more details, please refer to
https://learn.microsoft.com/en-us/rest/api/monitor/metricdefinitions/metricdefinitions_list
https://learn.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-rest-api-walkthrough.
To get the metric definitions use this rest API
https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resource
ProviderNamespace}/{resource
Type}/{resourceName}/providers/microsoft.insights/metricdefinitions?api-version=2018-01-01
To get the metrics with optional parameters use this rest API
https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/microsoft.insights/metrics?timespan={timeSpan}&interval={timeGranularity}&aggregation={AggregationType}&metricnames={metricName}&api-version=2018-01-01
You missed the resource type and name in the request url, the url should be like below:
https://management.azure.com/{resourceUri}/providers/microsoft.insights/metricDefinitions
Reference: https://learn.microsoft.com/en-us/rest/api/monitor/metricdefinitions/list
If you want to list metric definitions of an event grid, your url should be:
GET https://management.azure.com/subscriptions/{subscription id}/resourceGroups/{resource group name}/providers/Microsoft.EventGrid/topics/{event grid topic name}/providers/microsoft.insights/metricDefinitions?api-version=2018-01-01
Test result: