I'm provisioning App Service, App Service plan and storage account to existing Resource Group using ARM template. Doing this on a nightly basis. Everything has worked several months but suddenly started to see errors like this:
{
"Code": "BadRequest",
"Message": "The requested app service plan cannot be created in the current resource group because it is hosting Linux apps. Please choose a different resource group or create a new one.",
"Target": null,
"Details": [
{
"Message": "The requested app service plan cannot be created in the current resource group because it is hosting Linux apps. Please choose a different resource group or create a new one."
},
{
"Code": "BadRequest"
},
{
"ErrorEntity": {
"ExtendedCode": "59314",
"MessageTemplate": "The requested app service plan cannot be created in the current resource group because it is hosting Linux apps. Please choose a different resource group or create a new one.",
"Parameters": [],
"Code": "BadRequest",
"Message": "The requested app service plan cannot be created in the current resource group because it is hosting Linux apps. Please choose a different resource group or create a new one."
}
}
],
"Innererror": null
' Error code: 1201
}
There are no changes on ARM template.
I don't have permissions to create new Resource Groups with this subscription, just Resource Group owner to this existing one.
Historically, you can't mix Windows and Linux apps in the same resource group. However, all resource groups created on or after January 21, 2021 do support this scenario. For resource groups created before January 21, 2021, the ability to add mixed platform deployments will be rolled out across Azure regions (including National cloud regions) soon.
See: https://learn.microsoft.com/en-us/azure/app-service/containers/app-service-linux-intro#limitations
See also the feature request to support Linux and Windows App Service Plan within the same Resource Group:
https://feedback.azure.com/forums/169385-web-apps/suggestions/37287583-allow-a-linux-and-windows-app-service-plan-to-exis
The issue can be resolved by creating new Linux App Service plan to Resource group and then deleting it. After that Windows App Service plan provisioning works again.
SOLUTION THAT WORKED FOR ME:
It seems same OS's (Linux/Windows) App Service Plans (ASP) can not be used in the same Resource Group with same Region.
So what I did was,
Created a new Resource Group (Optional, if you have it already)
Deleted all the ASP in the Group (if you are using already created Resource Group)
Search for "App Service plans" and press Enter
Click Add
Specify the Resource Group > Select OS (Linux) > Select Region (East US) > Select SKU > Review + Create.
Again,
Search for "App Service plans" and press Enter
Click Add
Specify the Resource Group > Select OS (Windows) > Select Region (Central US) > Select SKU > Review + Create.
Doing the above steps, resolved my issue. Hope it helps others.
In my case, I deleted all existing app services and solutions and placeholder in that resource group, then it works
Related
I have turned on Application Insights on my app service. Everytime I try to run the app or login using the app it gives an error:
An error has occurred. Please call support or your account manager if this error persists
When i looked in the Application errors under Logging,I get the following:
System.ApplicationException: The trace listener AzureBlobTraceListener is disabled.
---> System.InvalidOperationException: The SAS URL for the cloud storage account is not
specified. Use the environment variable
'DIAGNOSTICS_AZUREBLOBCONTAINERSASURL' to define it.
Im assuming I need to add the following in the Configuration of the App Service:
{
"name": "DIAGNOSTICS_AZUREBLOBCONTAINERSASURL",
"value": <URL>,
"slotSetting": true
},
But what is the and where can i find it ? Or is there a different error causing the app to crash once application insights is enabled, has anyone experienced this ?
I can see you have configured DIAGNOSTICS_AZUREBLOBCONTAINERSASURL without providing the value.
Get the Blob service SAS URL value from the Storage Account.
In Azure Portal => Create a Storage Account.
Initially the option to generate SAS is disabled for me.
Navigate to your Storage Account => Shared access signature = > select Container and Object checkboxes.
An option to Generate SAS and connection string will be enabled.
Copy the Blob service SAS URL and provide the value in either local Configuration settings or in Azure App Service => Configuration => Application Settings.
In Azure App Service Settings
Save the settings and access the URL.
My question before is that once i generate Generate SAS and Conection string and copy to clip board.
Even if you generate the SAS again, the value will be same till here - https://yourSA.blob.core.windows.net/?sv=2021-06-08&ss=*****=co&sp=******&se=2022-12-05T14:.
Even we can add the SAS token in App settings automatically. Follow the below steps.
In Azure App Service => App Service logs = >set Application logging (Blob) to On and continue the steps to add the Storage Account. If you don't have create a new Storage Account.
"Unable to find mscorlib assembly reference:.
Make sure you are using the latest package references.
Update the framework version 4.7.2 to 4.8 in VS. Rebuild and Re-deploy the App.
I have a working Azure app that gives me the group names when I call
https://graph.microsoft.com/v1.0/me/transitiveMemberOf/microsoft.graph.group
However, I have tried to recreate the app several times, and checked all settings in App Registrations and Enterprise Applications to match the original app - but can never get the group names in the new apps (created in the last 24 hours, if that is relevant).
API Permissions:
Group.Read.All
GroupMember.Read.All
User.Read
App is created using these steps
App registrations, add, Single tenant
Quickstart, Mobile and desktop applications, Desktop, Make this change for me
Token configuration, Add groups claim, Security groups, set all to sAMAccountName
API Permissions, add Group.Read.All and GroupMember.Read.All
Permission granted using “Grant admin consent for Default Directory”
There must be another setting somewhere else that I am missing, which I thought to post here to uncover, thinking it might help someone else with the same problem.
FYI fragment of group result that I get:
"#odata.id": "https://graph.microsoft.com/v2/5ed71832-327b-4b98-b68a-6c54ff1717c0/directoryObjects/2f95e1d3-c7cf-4796-92a2-df844feb52d0/Microsoft.DirectoryServices.Group",
"id": "12345678-c7cf-4796-92a2-df844feb5eee",
"deletedDateTime": null,
"classification": null,
"createdDateTime": null,
"creationOptions": [],
"description": null,
"displayName": null, <<<<<<<<<< why is this null???
When an application queries a relationship that returns a directoryObject type collection, if it does not have permission to read a certain derived type, members of that type are returned but with limited information. This could potentially be a reason for you seeing a 'null' value.
Also for using the transitive memberOf endpoint, I suggest you use directory level permissions.
Refer Documentation here - https://learn.microsoft.com/en-us/graph/api/user-list-transitivememberof?view=graph-rest-1.0&tabs=http
Hope this helps. Thanks!
I am creating a new knowledge base connecting it to an already existing Azure Cognitive Service. But I am getting error: "No Endpoint keys found." when i click "Create KB".
See capture of the error:
My QnAMaker cognitive service has the endpoint
It seems that there is sometimes the problem that the endpoint keys can only be found, if the Resource Group holding all resources for the QnA Maker Service (like App Service, Application Insights, Search Service and the Application Service Plan) is hosted in the same region as the QnA Maker Service itself.
Since the QnA Maker service can only be hosted in West US (as far a I know and was able to find: https://westus.dev.cognitive.microsoft.com/docs/services?page=2), the current workaround for this case is to create a new QnA Maker service with the resource group being hosted in the West US region. Then the creation of a knowledge base should work as always.
PS: seems like this issues was already reported, but the problem still occurs for me from time to time (https://github.com/OfficeDev/microsoft-teams-faqplusplus-app/issues/71)
My resources and resource group were all in West US but I still got the same "No Endpoint keys found." error.
Eventually I figured out that the issue was related to my subscription levels. Make sure that they are all the same for all your created resources.
If you are using the deploy.ps1 script in the Virtual Assistant VS template, open the file at .\Deployment\Resources\template.json
That is a template for the resource creation. You can look through it to see exactly which resources will be created and what parameters are sent to Azure for each of the resources.
I am using a My Visual Studio subscription so it is registered as a free tier in Azure. What worked for me, is that I had to update all the "standard" subscriptions to free in the Parameters JSON array. I didn't update anything lower down for fear that it might interfere with the creation process too much.
An example is the appServicePlanSku parameter. It was set to
"appServicePlanSku": {
"type": "object",
"defaultValue": {
"tier": "Standard",
"name": "S1"
}
}
I updated it to
"appServicePlanSku": {
"type": "object",
"defaultValue": {
"tier": "Free",
"name": "F0"
}
}
I made multiple of these updates in the parameters array. After those changes, deleting the resource group for the 100th time and running the deployment script again, it worked.
When deploying a Microsoft.Web resource with the new MSI feature the principleId GUID for the created user is visible after deployment. Screenshot below shows the structure in the ARM-template.
What would be the best way to fetch this GUID later in the pipeline to be able to assign access rights in (for instance) Data Lake Store?
Is it possible to use any of the existing ARM template functions to do so?
I just struggled with this myself. The solution that worked for me was found deep in the comments here.
Essentially, you create a variable targeting the resource you are creating with the MSI support. Then you can use the variable to fetch the specific tenantId and principalId values. Not ideal, but it works. In my examples, I'm configuring Key Vault permissions for a Function App.
To create the variable, use the syntax below.
"variables": {
"identity_resource_id": "[concat(resourceId('Microsoft.Web/sites', variables('appName')), '/providers/Microsoft.ManagedIdentity/Identities/default')]"
}
To get the actual values for the tenantId and principalId, reference them with the following syntax:
{
"tenantId": "[reference(variables('identity_resource_id'), '2015-08-31-PREVIEW').tenantId]",
"objectId": "[reference(variables('identity_resource_id'), '2015-08-31-PREVIEW').principalId]"
}
Hope this helps anyone who comes along with the same problem!
Here are a few sample templates: https://github.com/rashidqureshi/MSI-Samples that show a) how to grant RBAC access to ARM resources b) how to create access policy for keyvault using the OID of the MSI
There is new way to get identity information. You can directly get them from resource that support Managed Identity for Azure resources (Managed Service Identity in the past).
{
"tenantId": "[reference(resourceId('Microsoft.Web/sites', variables('serviceAppName')),'2019-08-01', 'full').identity.tenantId]",
"objectId": "[reference(resourceId('Microsoft.Web/sites', variables('serviceAppName')),'2019-08-01', 'full').identity.principalId]",
}
You can also get principal Id for resource in other resource group or/and subscription. ResourceId supports optional parameters:
"tenantId": "[reference(resourceId(variables('resourceGroup'), 'Microsoft.Web/sites', variables('serviceAppName')),'2019-08-01', 'full').identity.tenantId]",
or
"tenantId": "[reference(resourceId(variables('subscription'), variables('resourceGroup'), 'Microsoft.Web/sites', variables('serviceAppName')),'2019-08-01', 'full').identity.tenantId]",
Alright, so I have a Microsoft Imagine account from school through which I've gotten both Azure and Microsoft Visual Studio 2017 in order to learn ASP.NET (worked with Django earlier).
So I've gone throught a whole bunch of tutorials from codeschool to virtual academy to docs.microsoft and finally got the first version of my webapp done and ready to be published to Azure.
So I look through the steps on how to publish, here's some info on that:
Subscription: Microsoft Imagine
Resource Group: <name> (northeurope)
App Service Plan:
Resource Group: <name>
Pricing Tier: Free
Location: North Europe
Status: Ready
Subscription Name: Microsoft Imagine
Click on "Explore additional azure services" (as per many tutorial instructions) and add a database, I've fortunately already created the database in Azure so I only have to connect it. Here's some info on the database (though creating it directly here generates the same error):
Resource Group: <name>
Status: Online
Location: North Europe
Subscription Name: Microsoft Imagine
Server Name: <servername>.database.windows.net
Pricing Tier: Free (5 DTUs)
Some info on the server that the server:
Resource Group: <name>
Status: Available
Location: North Europe
Status: Available
So everything looks really good and I'm ready to publish and I hit the Create-button.
Deploying: (step 0 out of 5) ...
Deploying: (step 4 out of 5) ...
ERROR
Details:
Template deployment failed. Deployment operation statuses:
Succeeded: /subscriptions/ ... /servers/mintentadbserver ()
Failed: /subscriptions/ ... /databases/Mintenta_db ()
40619: The edition 'Free' does not support the database data max size '1073741824'.
Succeeded: /subscriptions/ ... /firewallrules/AllowAllAzureIPs ()
Succeeded: /subscriptions/ ... /sites/MinTenta ()
Succeeded: /subscriptions/ ... /config/connectionstrings ()
The few duplicate questions I've found on this have close to no answers and just a few suggestions to upgrade (link1, link2).
So I suppose my question is, like many others:
1) How do you change the size of the database?
2) If that's not possible and you cannot have a database with your free account. Why would not just say that instead of using size-restrictions?
I know this question is a little bit old, but I've just ran across the same error and I also couldn't find an answer. However, I managed to work around this issue.
I was following this tutorial (https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-dotnet-sqldatabase) from Microsoft, and since you mentioned the same steps and the same message error I got, I'm assuming you were doing the same thing or at least something similar.
When publishing directly from Visual Studio 2017 to Azure, VS tries to create the following resources:
App service plan
App service
SQL server
SQL database
From your error message (and mine as well), although the SQL database creation had an error, the other resources were published successfully. So, if you access Azure portal, you'll see those resources there.
Then, if you open the SQL server and click "New database", you'll be able to add a database manually - and more importantly, you'll be able to select the free option with max size of 32MB.
(In this example, the button is disabled because I've already added one database - I believe this is another limitation from the students' subscription).
Note that if you add the database manually, you'll also need to configure your connection strings. But that is quite easy:
Open your new database on Azure portal
Go to Settings > Connection Strings
Copy the connection string from there
Now open your App service and go to Settings > Application Settings
On Connection Strings, add a new one or edit the existing one, pasting the content that you just copied from the DB (don't forget to input your username and password)
You can have a DB using a trial (there are no restrictions to trial account as far as I'm aware of, well, except money). I'm not sure how to workaround this issue, as the template is pre-built by VS.
The more I look at this error, the more I don't get it. There is no "Free" tier of the Azure SQL DB. And the cheapest (basic) supports up to 2GB database, so this doesn't really restrict you.
Try setting appservice plan to shared? if that doesn't help try deleting everything and just let VS create all the resources for you, it should work in that case.