Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure Landing Zone Accelerator ARM template deployment failing: #886

Closed
akn9050 opened this issue Jan 11, 2022 · 3 comments
Closed

Azure Landing Zone Accelerator ARM template deployment failing: #886

akn9050 opened this issue Jan 11, 2022 · 3 comments
Assignees
@jtracey93
Labels
bug Something isn't working

Comments

@akn9050
Copy link

akn9050 commented Jan 11, 2022

Describe the bug
Following ARM template deployment is failing: https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2FeslzArm.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2Feslz-portal.json

  • Redeploying the template with same impute values is also not working:

Error Message:

{
    "status": "Failed",
    "error": {
        "code": "RoleAssignmentUpdateNotPermitted",
        "message": "Tenant ID, application ID, principal ID, and scope are not allowed to be updated."
    }
}

Steps to reproduce

  1. Deploy the template
    https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2FeslzArm.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FEnterprise-Scale%2Fmain%2FeslzArm%2Feslz-portal.json

Screenshots

image

image
@akn9050 akn9050 added the bug Something isn't working label Jan 11, 2022
@jtracey93 jtracey93 self-assigned this Jan 11, 2022
@jtracey93
Copy link
Collaborator

Hi @akn9050,

It looks like the environment you are deploying into may of had an ESLZ deployment into it before that was not cleaned up fully.

And now you are deploying with different input parameters than you did on a previous deployment.

Make sure you cleanup the previous deployment fully and then re-run ESLZ deployment and it should be fine.

For this example it is trying to create a role assignment on the connectivity subscription that already exists (from a previous deployment) and it is correctly stating it cannot update it as it already exists with different properties.

The role assignment name/guid is created from the top level management group prefix and the role defintion, which in this case is the network contributor. As shown here:

Enterprise-Scale/eslzArm/managementGroupTemplates/roleAssignments/roleAssignment.json

Line 26 in c8210c0

"name": "[guid(concat(parameters('topLevelManagementGroupPrefix'), parameters('roleDefinitionId')))]",

If you remove the role assignments on the connectivity subscription for network contributor from previous deployments, this should resolve it for you.

Let us know

Thanks

Jack

@jtracey93 jtracey93 added waiting for response Maintainers have replied and are awaiting a response from the bug/issue/feature creator Needs: Author Feedback and removed triage waiting for response Maintainers have replied and are awaiting a response from the bug/issue/feature creator labels Jan 11, 2022
@akn9050
Copy link
Author

akn9050 commented Jan 11, 2022

HI @jtracey93,

Thanks it resolved the issue, there were few identity not found role assignments, after removing those and redeploying the template, deployment got succeed.

Thanks for the quick help :)

@ghost ghost added Needs: Attention 👋 Needs attention from the maintainers and removed Needs: Author Feedback labels Jan 11, 2022
@jtracey93
Copy link
Collaborator

No worries at all, happy to help 👍👍👍

@jtracey93 jtracey93 removed the Needs: Attention 👋 Needs attention from the maintainers label Jan 11, 2022
@akn9050 akn9050 mentioned this issue Feb 6, 2022
Closed
@ghost ghost locked as resolved and limited conversation to collaborators Feb 11, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jtracey93 jtracey93

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@akn9050 @jtracey93