Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot deploy virtual network gateway #1947

Closed
5 tasks done
craddm opened this issue Jun 19, 2024 · 3 comments
Closed
5 tasks done

Cannot deploy virtual network gateway #1947

craddm opened this issue Jun 19, 2024 · 3 comments
Labels
bug Problem when deploying a Data Safe Haven.
Milestone
Release 4.2.2

Comments

@craddm
Copy link
Contributor

craddm commented Jun 19, 2024

✅ Checklist

  • I have searched open and closed issues for duplicates.
  • This is a problem observed when deploying a Data Safe Haven.
  • I can reproduce this with the latest version.
  • I have read through the documentation.
  • This isn't an open-ended question (open a discussion if it is).

💻 System information

  • Operating System: MacOS
  • Data Safe Haven version: 1938-ssl-certificate-error @ cf3c5ae

📦 Packages

List of packages 
2024-06-19 09:27:12 [SUCCESS]: [✔] Powershell version: 7.4.1
2024-06-19 09:27:12 [SUCCESS]: [✔] Powershell-Yaml module version: 0.4.2
2024-06-19 09:27:12 [SUCCESS]: [✔] Az.MonitoringSolutions module version: 0.1.0
2024-06-19 09:27:12 [SUCCESS]: [✔] Microsoft.Graph.Authentication module version: 1.21.0
2024-06-19 09:27:12 [SUCCESS]: [✔] Microsoft.Graph.Applications module version: 1.21.0
2024-06-19 09:27:12 [SUCCESS]: [✔] Poshstache module version: 0.1.10
2024-06-19 09:27:12 [SUCCESS]: [✔] Posh-ACME module version: 4.23.0
2024-06-19 09:27:12 [SUCCESS]: [✔] Az.Automation module version: 1.9.0
2024-06-19 09:27:12 [SUCCESS]: [✔] Az.Dns module version: 1.1.2
2024-06-19 09:27:12 [SUCCESS]: [✔] Az.KeyVault module version: 4.9.1
2024-06-19 09:27:12 [SUCCESS]: [✔] Az.RecoveryServices module version: 5.4.1
2024-06-19 09:27:12 [SUCCESS]: [✔] Az.Network module version: 5.3.0
2024-06-19 09:27:12 [SUCCESS]: [✔] Microsoft.Graph.Users module version: 1.21.0
2024-06-19 09:27:12 [SUCCESS]: [✔] Az.Compute module version: 5.3.0
2024-06-19 09:27:12 [SUCCESS]: [✔] Az.OperationalInsights module version: 3.1.0
2024-06-19 09:27:12 [SUCCESS]: [✔] Az.Monitor module version: 4.2.0
2024-06-19 09:27:12 [SUCCESS]: [✔] Microsoft.Graph.Identity.DirectoryManagement module version: 1.21.0
2024-06-19 09:27:12 [SUCCESS]: [✔] Az.PrivateDns module version: 1.0.3
2024-06-19 09:27:12 [SUCCESS]: [✔] Az.Resources module version: 6.5.1
2024-06-19 09:27:12 [SUCCESS]: [✔] Az.Storage module version: 4.7.0
2024-06-19 09:27:12 [SUCCESS]: [✔] Az.DataProtection module version: 0.4.0
2024-06-19 09:27:12 [SUCCESS]: [✔] Az.Accounts module version: 3.0.0

🚫 Describe the problem

Deploying the virtual network gateway used for accessing the DC fails, as the basic public IP address SKU is no longer supported. Standard has to be used instead.

🌳 Log messages

Relevant log messages 
New-AzVirtualNetworkGateway: Basic IP configuration for VPN Virtual Network Gateways is not supported. Follow the link for more details
: https://go.microsoft.com/fwlink/p/?linkid=2241350                                                         
/subscriptions/3f1a8e26-eae2-4539-952a-0a6184ec248a/resourceGroups/RG_SHM_BLUE_NETWORKING/providers/Microsof
t.Network/virtualNetworkGateways/VNET_SHM_BLUE_GW StatusCode: 400 ReasonPhrase: Bad Request ErrorCode:      
PublicIpWithBasicSkuNotAllowedOnVPNGateways ErrorMessage: Basic IP configuration for VPN Virtual Network    
Gateways is not supported. Follow the link for more details :                                               
https://go.microsoft.com/fwlink/p/?linkid=2241350                                                           
/subscriptions/3f1a8e26-eae2-4539-952a-0a6184ec248a/resourceGroups/RG_SHM_BLUE_NETWORKING/providers/Microsof
t.Network/virtualNetworkGateways/VNET_SHM_BLUE_GW OperationID : e73dfa9c-0a6f-4e2d-b9e0-5df0d59d74fc        
2024-06-19 09:41:11 [FAILURE]: [x] Failed to create virtual network gateway 'VNET_SHM_BLUE_GW'!             
Exception: Failed to create virtual network gateway 'VNET_SHM_BLUE_GW'!

♻️ To reproduce

Deploy a new SHM
@craddm craddm added the bug Problem when deploying a Data Safe Haven. label Jun 19, 2024
@craddm
Copy link
Contributor Author

craddm commented Jun 19, 2024

Update: changing to Standard SKU also requires IP address allocation to change from Dynamic to Static. But even that is not sufficient:

New-AzVirtualNetworkGateway: Standard Public IPs associated with VPN gateways with non-AZ VPN skus cannot have zones configured.
StatusCode: 400 ReasonPhrase: Bad Request ErrorCode:
RegionalVmssVpnGatewayPublicIpsMustNotHaveZonesConfigured ErrorMessage: Standard Public IPs associated with
VPN gateways with non-AZ VPN skus cannot have zones configured. OperationID :
8c03aec2-b0ae-4c56-91e9-77d6aa629b1e
2024-06-19 11:44:43 [FAILURE]: [x] Failed to create virtual network gateway 'VNET_SHM_BLUE_GW'!
Exception: Failed to create virtual network gateway 'VNET_SHM_BLUE_GW'!

@craddm craddm mentioned this issue Jun 19, 2024
Merged
3 tasks
@craddm
Copy link
Contributor Author

craddm commented Jun 19, 2024

Removing code that specifies availability zones for standard SKU public IPs allows this process to continue

@jemrobinson
Copy link
Member

@craddm: can you open a PR targeting release-v4.2.2 with your fixes that closes this issue?

@jemrobinson jemrobinson added this to the Release 4.2.2 milestone Jun 24, 2024
@craddm craddm mentioned this issue Jun 26, 2024
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Problem when deploying a Data Safe Haven.
Projects
None yet
Milestone
Release 4.2.2
Development

No branches or pull requests
2 participants
@jemrobinson @craddm