question

KienNDM-7462 avatar image
1 Vote"
KienNDM-7462 asked JiriMensik-5726 commented

Unable to delete VNet due to serviceAssociationLinks/AppServiceLink

Hi,

I have deployed an Azure system including virtual networks and app services. Then, when doing virtual network deletion, I had some problems. I got the message and the subnet uses the above vnet. Then I delete the subnet and get the message that there are app services using the above subnet. In fact, there are no app services at all. When using the command below:

az network vnet subnet list --resource-group [...] --vnet-name [...]

As a result, I discovered that 1 [Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks] cannot be deleted.

Remove-AzureRmVirtualNetwork : Subnet snet-bo is in use by /subscriptions/[..id...]/resource
Groups/Disabled/providers/Microsoft.Network/virtualNetworks/vnet-drug/subnets/snet-bo/serviceAssociationLinks/AppServic
eLink and cannot be deleted. In order to delete the subnet, delete all the resources within the subnet. See
aka.ms/deletesubnet.
StatusCode: 400
ReasonPhrase: Bad Request
OperationID : 'bbc8987b-ffd1-420e-80c7-5913ef43b069'
At line:1 char:1
+ Remove-AzureRmVirtualNetwork -Name vnet-drug -ResourceGroupName disab ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Remove-AzureRmVirtualNetwork], NetworkCloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Network.RemoveAzureVirtualNetworkCommand

Please support, thank you.




azure-stack-hub
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

suvasara-MSFT avatar image
3 Votes"
suvasara-MSFT answered JiriMensik-5726 commented

@kienNDM-7462, Apologies for the delay in response. This is a known issue, and the only way you will be able to get this deleted is to contact Azure Support. If you do not have a support plan, please Email me at azcommunity@microsoft.com with your subscription ID and a link to this post, and I will enable a one-time free support request for you to get the subnet deleted.

Workaround:

  1. Create App Service Plan with the same name as the deleted one

  2. Create App Service with the same name as the deleted one

  3. Link App Service with the VNET subnet

  4. Disconnect VNet from App Service -> Networking -> VNet integration -> Disconnect

  5. Delete subnet

Reason for this Error:
The new VNET integration feature (Regional Vnet Integration) must set locks on subnets in the Network Resource Provider, we set these locks by putting a structure called a Service Association Link onto the Subnet, which is a privileged operation that only Microsoft.Web and some other internal Azure services have access to, this ends up being odd cases where these locks don't get cleaned up. The result is that the customer will have a subnet that cannot be deleted or used because a Service Association Link still exists on the subnet.
Azure App Service and Azure Networking Product Group keep working on to fix the issue completely.


Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.



· 7
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Is there any progress on this fix? I did two separate ARM deployments that setup a VNet integration to app service and both hit this issue which makes me think your comment about it sometimes not getting cleaned up should be amended to say always not getting cleaned up. We spin up and down entire resource group deployments which will now include such vnet integrations with app service and having them not delete properly on an ongoing basis is going to cause significant clutter on our subscription.

4 Votes 4 ·

Updating to include that more than clutter this now fails our resource group deletions which is a deeply frustrating user experience for the developers, PMs, and QA who rely on these features as part of our development cycle. Please fix this ASAP

2 Votes 2 ·

What happens if you have forgotten the name of the original app service?

3 Votes 3 ·

If you have forgotten the name, you can use Get-AzDeletedWebApp (Az.Websites) | Microsoft Docs to retrieve the app name. For getting the details of the app service plan, you can go to Resource explorer from your portal. After going, you can go to the subnet details and you can get the details of previous app service plan in which previous integrated web app is hosted as shown below.

118013-image005.jpg


0 Votes 0 ·
image005.jpg (37.2 KiB)

@KienNDM-7462,

If you think your question has been answered, click "Mark as Answer" if just helped click "Vote as helpful". This can be beneficial to other community members reading this forum thread.


Best regards
Subhash

0 Votes 0 ·

Well, that worked for me and the persistent VNET is gone. Thanks!

0 Votes 0 ·

1) In my case support is claiming that they cannot delete any resource on my behalf.
2) For the workaround. My subnet was delegated to Flexible PostgreSQL server. After adding back the server and trying to remove the delegation to "Microsoft.DBforPostgreSQL/flexibleServers" on given subnet I get

Failed to save subnet 'mysubnet'. Error: 'Subnet mysubnet requires any of the following delegation(s) [Microsoft.DBforPostgreSQL/flexibleServers] to reference service association link /subscriptions/someID/resourceGroups/someName/providers/Microsoft.Network/virtualNetworks/someName/subnets/someName/serviceAssociationLinks/someId-service-association-link.'

What should be my next step?
Thank you
Jiri

0 Votes 0 ·