After creating a vanilla service fabric cluster through the Azure portal, I am getting this error on the VM Scale Set. It has happened using a range of different cluster names, sizes and VM types.
Full error:
{
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "The resource operation completed with terminal provisioning state 'Failed'.",
"details": [
{
"code": "VMExtensionHandlerNonTransientError",
"message": "Handler 'Microsoft.Azure.ServiceFabric.ServiceFabricNode' has reported failure for VM Extension 'Test_ServiceFabricNode' with terminal error code '1009' and error message: 'Enable failed for plugin (name: Microsoft.Azure.ServiceFabric.ServiceFabricNode, version 1.0.0.33) with exception Command C:\\Packages\\Plugins\\Microsoft.Azure.ServiceFabric.ServiceFabricNode\\1.0.0.33 \\ServiceFabricExtensionHandler.exe of Microsoft.Azure.ServiceFabric.ServiceFabricNode has exited with Exit code: -532462766'"
}
]
}
}
This is before I am trying to publish my user-code to the cluster, so not really sure what can be causing this. Using default settings for most things. Initial capacity 3 (test cluster). Bronze Durability/Reliability
EDIT:
Seeing this issue when connecting to one of the VMs in remote desktop.
Application: ServiceFabricExtensionHandler.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: Microsoft.Azure.ServiceFabric.Extension.Core.AgentException
at Microsoft.Azure.ServiceFabric.Extension.Core.CertificateUtility.LoadClientCertificate(System.String, System.String)
at Microsoft.Azure.ServiceFabric.Extension.Core.CertificateUtility.LoadCertificateWrapper(Microsoft.Azure.ServiceFabric.Extension.Core.Models.CertificateSettings)
at Microsoft.Azure.ServiceFabric.Extension.Core.Models.HandlerSettings.AllowAccessToCerts()
at Microsoft.Azure.ServiceFabric.Extension.Core.VMExtensionHandler.ValidateDeployment(Microsoft.Azure.ServiceFabric.Extension.Core.Models.HandlerSettings)
at Microsoft.Azure.ServiceFabric.Extension.Core.VMExtensionHandler.InstallService()
at Microsoft.Azure.ServiceFabric.Extension.Core.VMExtensionHandler.InstallServiceWithRetry()
at Microsoft.Azure.ServiceFabric.Extension.Core.VMExtensionHandler.Enable()
at Microsoft.Azure.ServiceFabric.Extension.Handler.Program.Main(System.String[])
The issue is that Service Fabric can't find the certificate you have configured. There are a couple common reasons for this:
The wrong certificate thumbprint is provided. Assuming you are using KeyVault, make sure you aren't using the ID portion of the KeyVault URL as your cert thumbprint.
There is a hidden unicode character at the beginning of your cert thumbprint. This is common if you got your thumbprint from Windows cert viewer dialog as when you copy/paste from that dialog it inserts a hidden character at the beginning. Resolution is to first copy to notepad (or any other ASCII editor).
There are two ways you can troulbeshoot this if you RDP to one of the VMs:
Check the Azure guest agent logs at C:\WindowsAzure\Logs\WaAppAgent.logs. You will be looking for entries relating to installing the Microsoft.Azure.ServiceFabric.Extension, and then something like "Cannot find certificate with thumbprint "xxxx" ...". Make sure the thumbprint is what you expect, and that the thumbprint doesn't start with a question mark "?xxx" which indicates the hidden unicode character.
Open the Service Fabric Admin event logs (eventvwr -> Applications and Services Logs -> Microsoft-ServiceFabric). You should see error entries related to failing to load a certificate.
Related
I was trying to deploy flatcar image on Azure, but I am not able to deploy it. following are the steps I performed
I downloaded latest azure supported VHD from https://stable.release.flatcar-linux.net/amd64-usr/current/flatcar_production_azure_image.vhd.bz2.
I uploaded this VHD to azure storage blob and converted it to an image as recommended by Azure guides
I tried creating VM out of this image. VM gets created successfully, but we can see one error while creating VM and VM creation is shown as failed (Even though it is actually successful). Following is the error which I can see:
{
"code": "DeploymentFailed",
"message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.",
"details": [
{
"code": "VMExtensionHandlerNonTransientError",
"message": "The handler for VM extension type 'Microsoft.Azure.Diagnostics.LinuxDiagnostic' has reported terminal failure for VM extension 'LinuxDiagnostic' with error message: '[ExtensionOperationError] Non-zero exit code: 1, /var/lib/waagent/Microsoft.Azure.Diagnostics.LinuxDiagnostic-3.0.141/diagnostic.py -install\n[stdout]\n\n\n[stderr]\n File \"/var/lib/waagent/Microsoft.Azure.Diagnostics.LinuxDiagnostic-3.0.141/diagnostic.py\", line 54\n print 'A local import (e.g., waagent) failed. Exception: {0}\\n' \\\n ^\nSyntaxError: invalid syntax\n'.\r\n \r\n'Install handler failed for the extension. More information on troubleshooting is available at https://aka.ms/VMExtensionLinuxDiagnosticsTroubleshoot'"
}
]
}
I tried going through link provided, but it didn't help much.
I also tried another option as following
Deployed flatcar VM through Azure marketplace
Captured generalized image out of this VM
Deployed VM using the image created in above step
Even with this approach I am getting same error.
for now, waagent (Azure Linux agent) does not support python 3.x, hence this syntax error exists. You need to have python 2.x on your OS to not have this issue.
I have a new vm, Operating system Windows (Windows Server 2016 Datacenter).
When I try to enable backup and select new Recovery Service Vault, I get deployment error:
Deployment to resource group test failed.
Additional details from the underlying API that might be helpful: At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.
Resource
vault242/Azure/iaasvmcontainer;iaasvmcontainerv2;test;web01/vm;iaasvmcontainerv2;test;web01
Type
Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems
Status
Conflict
Status message
{
"status": "Failed",
"error": {
"code": "BMSUserErrorContainerObjectNotFound",
"message": "Item not found"
}
}
Can't find any information for code BMSUserErrorContainerObjectNotFound and why a protected item not created automatically
My apologies for the delay in the response.
Were you able to resolve the issue?
If not, let's review it.
As I understood, you are enabling the Azure VM Back Up by following the next steps:
There could be multiple reasons why you are getting this failure.
Did you perform these steps manually using the Azure Portal? Template deployment? Scripting? I suspect most likely you are doing the template deployment or any kind of scripting and this one is the syntax issue.
Second thought, it was the transmitted issue due to the load of request on the Azure end. In this case, you need to retry the operation.
Additional question to ask, do you get the failure on one specific machine or all machines? Specific region?
Do you get the same failure when you use the existing vault?
If you still can provide information above, it's going to be helpful to narrow down the root cause.
I ran into this error as well today and I think it is is a Azure portal bug when enabling the Backup from the VM blade.
Instead, you can initiate a Backup from the "Recovery Services vaults" blade and add the VM to it.
while moving VM from one resource group to another this error encountered while there is no SQL VM associated with VM still getting this error
{
**"code": "ResourceMoveProviderValidationFailed",**
"message": "Resource move validation failed. Please see details. Diagnostic information: timestamp '20200908T142742Z', subscription id 'xxx-xxx-xxxx', tracking id 'xxxxxxx-414a-xxxxx-adb4-xxxxxx', request correlation id 'xxxxxxxxxxxx'.",
"details": [
{
"code": "MissingMoveResources",
"target": "Microsoft.SqlVirtualMachine/SqlVirtualMachines",
"message": **"Cannot move resource(s) because following resources /subscriptions/xxxxxxxxx/resourceGroups/myrgroup/providers/Microsoft.SqlVirtualMachine/sqlVirtualMachines/xxxxx0020 need to be included in move request to target resource group as well. Please include these and try again.**"
}
]
}
The error code 409 MissingMoveResources is documented in the Azure SQL VM REST API documentation as:
409 MissingMoveResources - Cannot move resources(s) because some
resources are missing in the request.
So, going by the error details posted above, it does mean that the Virtual Machine you're looking at is linked to a SQL Virtual Machine. The easiest way would be to verify it from the Portal itself:
As seen in the screenshot above:
Presence of the SQL Server Configuration tab under the Settings blade, and
Publisher being MicrosoftSQLServer
confirm the same.
Therefore, you'd have to know the associated SQL Virtual Machine and include that as well in your request to complete the move operation successfully. You can get to the SQL VM by accessing the SQL Server configuration tab.
We have an several VMs connected to the Log Analytics workspace and the automation is linked to it. The Update Management is enabled on all VMs and it's working properly.
When trying to enable either the Change Tracking or Inventory in the Configuration Management, it's showing "Cannot enable" status. As far as I know both the Update Management and Configuration Management use the same Agent, so it shouldn't be a problem.
Did I miss something here? If you have any Idea of what is the reason, please share it with me.
Here is the error of the deployment:
OPERATION ID *****
TRACKING ID *****
STATUS BadRequest
STATUS MESSAGE {
"error": {
"code": "BadRequest",
"message": ""
}
}
PROVISIONING STATE Failed
TIMESTAMP 11.6.2019, 14:11:42
DURATION 1 second
TYPE Microsoft.OperationalInsights/workspaces/configurationScopes
RESOURCE ID *******/MicrosoftDefaultScopeConfig-ChangeTracking
RESOURCE som-workspace/MicrosoftDefaultScopeConfig-ChangeTrac
I have been using an Azure VM for several weeks: (Windows 10, Visual Studio Developer VM), But have been unable to login for several hours.
The machine is reported as running, RDP finds the machine and presents the login box, but Login fails: (Your credentials did not work)
The VM can be restarted, but the same error occurs.
Boot diagnostics shows the Windows 10 'beach cave' image
Attempts to reset the password give errors in the event log:
Failed to reset password At lease one resource deployment operation
failed. Please list deployment operations for details. see
https://aka.ms/arm-debug for usage details.
Then Deployment operations has this error:
Deployment failed Deployment to resource group 'MY_AZURE_GROUP'
failed. Additional details from the underlying API that may be
helpful. At least one deployment operation failed. Please list
deployment operations for details.
Then this error expands to:
Status: Conflict
Provisioning State: Failed
Type: Microsoft.Compute/virtualMachines/extensions
StatusMessage:
{
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "The resource operation completed with terminal provisioning state 'Failed'.",
"details": [
{
"code": "VMExtensionProvisioningError",
"message": "VM has reported a failure when processing extension 'enablevmaccess'. Error message: \"Cannot update Remote Desktop Connection settings for built-in Administrator account. Error: The system is not authoritative for the specified account and therefore cannot complete the operation. Please retry the operation using the provider associated with this account. If this is an online provider please use the provider's online site.\r\n\"."
}
]
}
}
So I then tried Redeploying the VM: Which gave this error
Failed to redeploy the virtual machine 'MY_AZURE_VM'. Error: VM has reported a failure when processing extension 'enablevmaccess'. Error message: "Cannot update Remote Desktop Connection settings for built-in Administrator account. Error: The system is not authoritative for the specified account and therefore cannot complete the operation. Please retry the operation using the provider associated with this account. If this is an online provider please use the provider's online site.
The message "The system is not authoritative for the specified account" hints at some permissions failure somewhere.
What does this mean - and how can I fix it?
Turns out the answer was not obvious and is still a little perplexing.
On first use Cortana had asked for a Microsoft account - so I had supplied details of one I rarely use (Lets call it rarely.used#domain.com) In the background Windows had changed my MY_AZURE_VM\MyLogin (my only login - and the admin user on that VM) to the Microsoft account rarely.used#domain.com!
So now I login with that Microsoft account - and all is well.
If I look in the Computer Management Users - MyLogin still exists - as the only user on the system - but If I try adding it to a Group, Check-Names converts it to rarely.used#domain.com