How can I delete an Azure subnet after it has been associated to Microsoft.DBforPostgreSQL/flexibleServers? When I try to delete the subnet is says:
Failed to delete subnet 'db-subnet'.
Error: Subnet db-subnet is in use by application-vnet/db-subnet/db-subnet-service-association-link and cannot be deleted.
In order to delete the subnet, delete all the resources within the subnet.
See aka.ms/deletesubnet.`
When I try to delete the service association link it gives me not authorized error:
Azure Error: UnauthorizedClientApplication
Message: Unauthorized client application id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.
I tried from bash, powershell, REST API and nothing. It does not matter if the PostgreSQL flexible server is present or deleted it gives me the same error and not I am stuck with two subnets that cannot be deleted.
Apparently it's a known issue, and it takes an Azure support request to delete it.
(Or, possibly, you can recreate the server it was used for, disconnect it, and then delete it.)
https://learn.microsoft.com/en-us/answers/questions/140197/unable-to-delete-vnet-due-to-serviceassociationlin.html
https://learn.microsoft.com/en-us/answers/questions/169500/unable-to-delete-virtual-network-and-a-resource-gr.html
https://github.com/MicrosoftDocs/azure-docs/issues/48902
https://social.msdn.microsoft.com/Forums/en-US/f3fa0fb2-d930-484c-90a5-6860e360d87f/unable-to-delete-vnet-due-to-serviceassociationlinksappservicelink?forum=WAVirtualMachinesVirtualNetwork
Related
We have a release pipeline that is failing with following message:
resource ID for resource type 'Microsoft.Web/Sites' and resource name
'appservicename'. Error: Could not fetch access token for Managed
Service Principal. Please configure Managed Service Identity (MSI) for
virtual machine 'https://aka.ms/azure-msi-docs'. Status code: 400,
status message: Bad Request
We have 2 different service connections:
Azure Resource Manager using service principal authentication
Azure Resource Manager using managed identity authentication
The first one works like a charm. However, because the developer wanted to limit admin access on the Azure AD, he tried creating a managed identity authentication service connection which at first glance, since it allowed us to select the App Service, appeared to indicate it's working, until an actual deployment was triggered and it failed per the error message above.
After numerous searches online, I think this answer may be the clue to why this is failing with the managed identity authentication service connection yet succeeding with the service principal connection just fine.
I just want to confirm, is this truly the case? that a hosted agent doesn't support MSI based authentication, which is what we are using… or has that changed?
We are indeed using Microsoft agent pool.
It doesn't make sense for our app service to use a VM at this time. The use case just isn't applicable for the dashboards we have.
As it is written in the docs:
You are required to use a self-hosted agent on an Azure VM in order to use managed service identity
I assume that it was alway like that. Here we are talking abut MSI assigned to VM which serves as build agent. Not MSI which is identity of App Service. Why? Service Connection is an abstraction which makes easy authentication to your Azure Subscription. So it gives identity to VM and then when your perform some action against your Azure thanks to MSI Azure know that can perform that action. Another aption is authentication via Service Principal, but thi can be done from any VM (inlcuding MS Hosted) because it relies on Client Id and Client secret which is kept in service connections. And MSI have to be assigned to particular VM which cannot be done with MS Hosted agents.
I am having following same named instances as shown in image
Names are as follows:-
stage-tas-postgres-service
stage-tas-postgres-service
stage-tas-postgres-service
And I am tried to delete it from three dots option but since the stage environment is blocked for deletion activity.
I have referred the below link for deletionIBM Cloud Deletion DB
We have IAM identity and through which tried to delete the instance from Jenkins job
and the command I tried to delete after successful login into IAM user is as follows :-
stage("Deleting resource") {
ibmcloud "resource service-instance-delete stage-tas-postgres-service --recursive"
}
The problem is this job ends with success results, but did not delete the instance.
I am using only 3rd from all list and other two are unused show in image and in above list.
Is there any way to delete the DB from crn or deployment id
Thanks in advance.
The error says that you do not have the required permissions to delete the database. You can see and probably use that database instance, but not delete it.
It seems you are not the account owner or someone with administrator privilege. Therefore, someone else needs to delete the service.
For the future, you could set up a serviceID with the required permissions. Then, use a script which uses the serviceID for login to IBM Cloud and deletion of that service.
I am just new to Azure Cloud and Devops, so forgive me if I may forget some critical info here.
So during creation of tasks for the release and selecting subscriptions, I get an error when trying to authorize the subscription (which I suspect is because of insufficient permissions associated to my account), so I go to advanced options to select the managed identity authentication.
After which no error shows now. So I set all remaining items and assign Deploy Azure App Service task. However during the running of the agent I get an error during Deploy Azure App Service step.
Error: Failed to get resource ID for resource type 'Microsoft.Web/Sites' and resource name 'sample-vue'. Error: Could not fetch access token for Managed Service Principal. Please configure Managed Service Identity (MSI) for virtual machine 'https://aka.ms/azure-msi-docs'. Status code: 400, status message: Bad Request
I have already set my azure app service to have a system assigned managed identity, but still this error occurs. I can't find any answer, online, with regards to the error above so hoping that someone could help explain to me the problem and how to possibly fix it. My hunch now is that I may have some insufficient permissions, but I don't know what it may be.
Please try the following items:
Remove and re-add the service connection in DevOps.
Check the rights of the account on Azure subscription. Please verify if the account has at least contributor access on Azure subscriptions. Check https://learn.microsoft.com/en-us/azure/billing/billing-add-change-azure-subscription-administrator
We currently have one DevOps repository, with a functional CI/CD pipeline. We have another website hosted on a different instance (and different region) on Azure. We are trying to use our existing repo to deploy to the other Azure instance, but it is giving is the following message:
Failed to query service connection API: 'https://management.azure.com/subscriptions/c50b0601-a951-446c-b637-afa8d6bb1a1d?api-version=2016-06-01'. Status Code: 'Forbidden', Response from server: '{"error":{"code":"AuthorizationFailed","message":"The client '2317de35-b2c2-4e32-a922-e0d076a429f5' with object id '2317de35-b2c2-4e32-a922-e0d076a429f5' does not have authorization to perform action 'Microsoft.Resources/subscriptions/read' over scope '/subscriptions/c50b0601-a951-446c-b637-afa8d6bb1a1d'."}}'
I have tried all of the recommended trouble-shooting, making sure that the user is in a Global Administrator role and what-not, but still not luck. The secondary Azure subscription that we are hoping to push our builds to is a trial account. I'm not sure if it being a trial account matters.
I came across the same error. It turns out that, as the error message states, the service principal didn't have Read permission over the subscription. So the solution was to go to Azure Portal, select the subscription, select IAM and assign the role Reader to my service principal. Full explanation on here:
https://clydedz.medium.com/connecting-azure-devops-with-azure-46a908e3048f
I have the same problem. There are one repository and two instances of the application on the Azure portal. For the first instance, the subscription Pay-As-You-Go is used, and there were no problems for it when creating the service connection and CI/CD settings. For the second instance, a free subscription is used and when trying to create a new service connection (Azure Resource Manager) I get the same error.
I tried to do it with the permissions of Owner and Contributor
UPD: I was helped by the re-creation of the application in the azure portal
https://learn.microsoft.com/en-ca/azure/active-directory/develop/howto-create-service-principal-portal
Another option would be to save without verification if the Service Principle will not require permissions at the Subscription level. Like for example providing access to a Keyvault.
Check if the service connection for the second instance is correctly added in project settings:
I'm trying to unbind & delete a Mongolabs service instance from my app in IBM Bluemix. Unfortunately, Bluemix displays the error:
BXNUI0035E The 'Mongolab-cv' service could not be deleted.
And leaves the service allocated and bound to my app.
How do I fix this?
Mike
The MongoLab service was deprecated last year. Service instances created before it were not deleted, but since the service broker is not available anymore you will not be able to delete or unbind this service.
Please raise a support ticket to get this service removed from your space.
To open a ticket check the link below:
ibm.biz/bluemixsupport
When opening a ticket provide your organization name, space and service name.