IT Consultant Everyday Notes

Just some problems/solutions storage

Category Archives: ARM

Azure: WEB Listener cannot be deleted on Azure Application Gateway

Recently I had a project where I needed to put an Azure App Service behind App Gateway.

The Customer also asked to create HTTP-HTTPS redirection for better and-user experience.

I created two listeners (for port 80 and 443) and two rules: one for traffic on port 443 to redirect to my backend pool and the second one for traffic on port 80 – to redirect to my 443 listener. Everything worked fine. We progressed with the project and at a certain time needed to remove the listeners.

From my previous experience I knew – you never delete rules first – delete the listener first. Since we did have a redirection I deleted port 80 listener first. Azure kindly deleted associated rule. At least it is disappeared Smile

Next I tried to delete 443 Listener and at that point got an error saying:

“Failed to save configuration changes to application gateway…. Error: Resource <Path to my 443 Listener> referenced by resource <Path to my HTTP-HTTPS redirection rule> was not found. Please make sure that the referenced resource exists and both resources are in the same region.”

Sounds weird taking in consideration I did not see the redirection rule in GUI.

So I brought Azure CLI (for some reasons MS provided commands for CLI, or maybe I just did not find those for PowerShell) and run

az network application-gateway redirect-config show -g <resource group name> –gateway-name <gateway name>

sure enough the rule was still there.

after that I run

az network application-gateway redirect-config delete –g <resource group name> –gateway-name <gateway name> –n <rule name>

and this time the rule was deleted completely.

After that the remaining listener was deleted without problems.

Azure: Clone VSTS Git repository to Visual Studio failed with error 400

I recently started to play with Azure Deployments via Visual Studio Team Services. The idea is having a source control for my ARM templates and keep my projects nice and tidy in one place.

I saw James Bannan presented on IT/DEV 2017 conference and liked this approach. Unfortunately, it is not clearly documented, or maybe I just cannot find a proper information since I am not a developer.

Anyway,  I integrated my Visual Studio 2017 with VSTS; that created a Git instance for me. From the VSTS portal I creted a new Project and tried to clone it to my VS2017. It miserably failed with Error 400.

Resolution: It turned out the clone process does not like spaces in project name :0 . fortunately there is a workaround I found here it describes a similar issue with cloning from tfs, but since the issue is actually on VS side it works for VSTS too. You basically need to cancel cloning in VS window and select “Clone Repository” from Project section. This will replace spaces in URL with %20 and in this case it finishes successfuly.

Azure: How to configure MFA when Classic Portal is not available

My company provides CSP Azure subscription for our Customers. To make life more exciting Microsoft remove Classic Portal support from CSP. So we can use new and shiny ARM-based portal only.

When time come to configure Azure AD fun begins. Azure AD node is available in the new portal as ‘preview’ and miss some features from the old portal. Recently I had fun with license assigning, today I needed to assign MFA to accounts. Fun, fun, fun….

Anyway, as in the first case helped. This portal is available for CSP and have some missing features of the classic portal. For example to add MFA to a user:


1. start

2. goto Users->Active Users

3. Click ‘More’


4. Click “Setup Azure Multi-factor auth’ That will open MFA portal for you

5. Configure MFA for a user or users in bulk

Azure: Use SAS token as a parameter

I recently bumped into an issue trying to pass a Shared Access Signature (SAS) token to my ARM template to be able to connect sub-templates securely. Even though SAS token looked perfectly fine in Powershell New-AzureRMDeployment cmdlet failed with the following error: Error: Code=InvalidTemplate; Message=Deployment template validation failed: ‘The provided value for the template parameter ‘_artifactsLocationSasToken’. I tried both securestring and string- no luck. A colleague of mine Jules Ouellette helped me with a solution – the token is generated as an object and must be converted to a string before passing as a Parameter: _artifactsLocationSastoken = $artifactslocationsastoken.toString()  After that conversion the token was successfully accepted as a parameter. 

Azure: Regional Data Center is not available for resource deployment

Recently Microsoft made Canadian Data Centres available and I tried to put some workload there.

I tried to create a Resource Group and figured out Canada Central is not an available region to place RG into.

After googling/troubleshooting I was found a Microsoft.Compute provider must be re-registered for my Azure subscription. So I made it from PowerShell:

Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Compute

After some time Canadian region appeared for Resource Group, Storage Account and VM resources. But, when I tried to add a VNet to the RG Canada Central was not available for that resource again.

After some troubleshooting with help of Microsoft it turned out Microsoft.Network should be re-registered too

Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Network

Lesson learnt: if anything else will not be available for my region I probably need to find a resource provider to restart.

Azure: Journey to ARM

Azure: Working with Templates in Azure Resource Manager