I have a PowerShell script that deploys an ARM template to Azure, but I have encountered an error that I can't quite seem to wrap my head around. When running in PowerShell, itself, I get the following error:
New-AzureRmResourceGroupDeployment : 7:46:01 AM - Error:
Code=CannotUpdatePlan; Message=Resource plan can not be changed.
The error description doesn't seem all that complicated, but I'm not sure why this is the case in the first place. I don't have any locks on the Resource Group, resources, or subscription so it should theoretically be able to work properly, right?
Upon testing in VSTS, I got the error mentioned above along with the following error message preceding it:
Selected subscription is in 'Disabled' state.
I'm not sure if that has to do with the other, but I know the subscription is active as I can deploy resources to it, manually. Also, it clearly says "Active" when viewing the subscription from the portal.
According to your description, I suggest you could check as the following steps.
1.Ensure your subscription is enabled. For test, you could create a web app. If your subscription is really disabled, please refer to this link re-active your subscription.
2.You had better check your subscription connection. Please ensure subscription is right. When you verify connection, it should show Verified.
Note: I use the agent Hosted VS2017 and use Azure PowerShell script to deploy template.
Related
I am using octopus deploy automation tool(V2020 1.14) for deploying my code.Email configuration through SMTP is already configured. Now while email is sent it should have the complete error log in case if deployment is failed at certain step. Could you please share me some thoughts how to do this ???
There's a couple of things you could do here but the first thing that comes to mind is this example here which logs the error and error detail for each step that failed in a deployment.
To extend this further you could add a link to the full deployment log in the email by using other Octopus system variables. To create a link to the deployment the email step is running I've created an example below.
#{Octopus.Web.ServerUri}/app#/#{Octopus.Space.Id}/projects/#{Octopus.Project.Id}/releases/#{Octopus.Release.Number}/deployments/#{Octopus.Deployment.Id}?activeTab=taskSummary
Hopefully, this answers your question but if you need further information let me know.
I have troubles creating a new agent pool in AzureDevOps.
What I wanted to do was to remove an old Self-Hosted host and deploy a new one. However, the Agent-Pool used by the old host and to be used by the new one was created by a co-worker. This let to the case that I was unable to remove the existing registered agents causing conflicts during deployment of the new host. To resolve this issue I was able to remove the agent pool.
Now, when I want to create a new pool with the same name, I get the error message
"No agent pool found with identifier 76".
Did anybody ever see this error message and or has an idea what I can do about it?
Expected:
A new agent pool with the same name as the old pool is created.
Actual:
I receive the error message "No agent pool found with identifier 76".
Agent creation Image
Error Message Image
So apparently if you delete the Agent-Pool via the Project-settings menu, they are still available under the Organization-Settings menu.
If this pool belonged to somebody else, you seem to loose even a reader role on this group there. In other words, it appears as the group is deleted even though it really isn't.
It's very unfortunate the error message does not actually tell you these exactly.
The solution for us was that the Organization-Admins made us as Administrators of the group again. Following I was able to clean it up under Organization-Settings and use it again.
As discuss some details with A.S. and test on my side, I have figure it now.
The root cause of this error is that your account is not a Administrator role. You can check this message from this doc.
If you are one of PCA, even though you are Reader of this agent pool or not any role, you can still add agent pool. And the other solution I found is that you need be added as the Administrator of this agent pool instead of be as one of PCA. You must meet one of the above two solutions, can add it without any error.
In addition, for error message displayed in pages and in F12 console.
As you can see from the pic I mentioned, this caused the error message which showed in pages. I know, the error message of console is easy to misunderstanding. It let you confusing why it response 404 not found.
This still relevant with Administrator role.
https://dev.azure.com/{org name}/3307xxxxxxx5676e/_apis/distributedtask/queues?authorizePipelines=true
This api which showed in console is used to search agent pool under Org setting.
While you are not administrator of org/agent pool, it could not find out the agent pool you want to operate, because you don't have permission to search it under Org setting. And then, it says "sorry, 404 not found", even though it exist under org setting. This is not a bug, just for logic.
So, agree with you, the error message it not too clear to understand the root cause.
In addition, if you just delete the agent pool under project setting, it still exist under org setting. Just need administrator role, you can add it back again without any error.
I have created a gMSA like this:
New-ADServiceAccount -name Cust00000 -DNSHostName Cust00000.domain.com -PrincipalsAllowedToRetrieveManagedPassword "IIS_IUSRS" -ManagedPasswordIntervalInDays 60
And life seems to be good. However, when I run
Test-ADServiceAccount Cust00000
This is what I get:
False
WARNING: Test failed for Managed Service Account Cust00000. If standalone Managed Service Account, the account is
linked to another computer object in the Active Directory. If group Managed Service Account, either this computer does
not have permission to use the group MSA or this computer does not support all the Kerberos encryption types required
for the gMSA. See the MSA operational log for more information.
I checked event viewer -> Application and Services Logs -> Microsoft -> Windows -> Apps -> Microsoft-Windows-TWinUI/Operational but this does not appear to be correct. Where (and possibly what) is the MSA operational log?
EDIT: For the overall issue, I had tried Install-ADServiceAccount but it wasn't working. I gave up on that and finally got it working (for a gMSA named Domain\sirdank$) with Set-ADServiceAccount sirdank -PrincipalsAllowedToRetrieveManagedPassword "$env:computername$" I've also had luck with passing "Domain Computers" instead of "$env:computername$".
Having a similar issue right now. I think the log you are looking for is in Event Viewer under Microsoft/Windows/Security-Netlogon/Operational log; you might see some 9001/9002 events (Task Category of MSA) which might give you some color on what is happening.
Got this from a recent TechNet blog post that describes troubleshooting gMSA account creation/testing issues. Take a look, it might be relevant to your overall issue: https://blogs.technet.microsoft.com/joelvickery/cannot-install-service-account-the-provided-context-did-not-match-the-target/
Alternate link (it appears the same post was cross-posted with a different title): https://blogs.technet.microsoft.com/runcmd/the-rc4-removal-files-part-1-whats-in-an-error-message/
I am working on setting up work folders for one of my customers. I have followed the steps given in this guide on TechNet. However, I am receiving a very generic error when attempting to run the PowerShell cmdlet Initialize-ADDeviceRegistration. All it is telling me is
A value in the request is invalid.
Here is a screenshot of the full error message:
CORP\WorkFolders$ is a computer account. You can't use that as a service account. Create and use a dedicated user account instead.
Following the guide and powershell script from this article,
https://www.windowsazure.com/en-us/develop/net/common-tasks/continuous-delivery/
I've run into an extremely odd error:
9/4/2012 9:02 PM - Creating New Deployment: In progress
New-AzureDeployment : There was no endpoint listening at https://management.core.windows.net/5921d8af-88a1-4f63-9673-5e1ae1df7e8a/services/storageservices/Build_2012-09-04_02-27.1/dist/LNEC_Admin.Azure.cspkg/keys that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
It's odd because we're on build "Build_2012-09-04_08-16.1", not the one mentioned in the URL above (which no longer even exists on the filesystem). This is under Jenkins CI which runs under the NETWORK SERVICE account. If I run it by hand with my own account the same error results, but with a lnecint in place of the build directory: https://management.core.windows.net/5921d8af-88a1-4f63-9673-5e1ae1df7e8a/services/storageservices/lnecint/keys
That keyword "lnecint" isn't mentioned anywhere in any config (I've searched every file on the entire machine and TFS server). It was the name of a storage account, but it's long ago been deleted.
VS 2012, Azure SDK 1.7.1
There's definitely an issue with your endpoint. Can you check what parameters you're passing to the "New-AzureDeployment" Cmdlet?