question

CezaryKlus-3549 avatar image
0 Votes"
CezaryKlus-3549 asked CezaryKlus-3549 commented

Azure Managed Application randomly fails to provision

Context: deploying Managed Application via service catalog with a dedicated Blob storage for Managed Application Definition. Managed application definition is deployed via Bicep. All is done with respect to the documentation and necessary permissions: https://docs.microsoft.com/en-us/azure/azure-resource-manager/managed-applications/publish-service-catalog-app?tabs=azure-powershell#bring-your-own-storage-for-the-managed-application-definition

Then the Managed Application is being deployed via Azure Powershell: New-AzManagedApplication
Providing all the necessary parameters.

  1. With such a setup the Managed Application deployment fails randomly (recently quite frequent) with the message in Azure Portal: "The application failed to provision. Contact application support for more information."

  2. Managed resource group is created however no deployment is scheduled for it.

  3. This behaviour is random. It used to work more stable.

  4. The described method of deployment is used in our DevOps automation pipeline to deploy Managed Application.

How can we investigate what causes this issue?

Bicep template below

param adminPrincipalId string
param aspServicePrincipalId string
param applicationName string
param applicationDisplayName string

@description('The base URI where artifacts required by this template are located.')
param packageFileUri string

var location = resourceGroup().location
var lockLevel = 'ReadOnly'
var accountName = '....'

resource storageAccount 'Microsoft.Storage/storageAccounts@2021-08-01' = {
  name: accountName
  location: location
  sku: {
    name: 'Standard_LRS'
  }
  kind: 'StorageV2'
}

@description('This is the built-in Storage Contributor role.')
resource storageContributorRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {
  scope: subscription()
  name: '17d1049b-9a84-46fb-8f53-869881c3d3ab'
}

@description('This is the built-in Storage Data Owner role.')
resource storageDataOwnerRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {
  scope: subscription()
  name: 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b'
}

resource storageContributorRoleAssignApi 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
  scope: storageAccount
  name: guid(storageContributorRoleDefinition.id, storageAccount.id, aspServicePrincipalId)
  properties: {
    roleDefinitionId: storageContributorRoleDefinition.id
    principalId: aspServicePrincipalId
  }
}

resource storageDataOwnerRoleAssignApi 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
  scope: storageAccount
  name: guid(storageDataOwnerRoleDefinition.id, storageAccount.id, aspServicePrincipalId)
  properties: {
    roleDefinitionId: storageDataOwnerRoleDefinition.id
    principalId: aspServicePrincipalId
  }
}

var ownerRoleDefinition = '8e3af657-a8ff-443c-a75c-2fe8c4bcb635'

var kvAdminRoleDefinition = '00482a5a-887f-4fb3-b363-3b7fe8e74483'

resource managedApplicationDefinitionName 'Microsoft.Solutions/applicationDefinitions@2020-08-21-preview' = {
  name: applicationName
  location: location
  properties: {
    lockLevel: lockLevel
    description: applicationDisplayName
    displayName: applicationDisplayName
    packageFileUri: packageFileUri
    storageAccountId: storageAccount.id
    authorizations: [
      {
        principalId: adminPrincipalId
        roleDefinitionId: ownerRoleDefinition
      }
      {
        principalId: adminPrincipalId
        roleDefinitionId: kvAdminRoleDefinition
      }
    ]
  }
}

output managedApplicationDefinitionId string = managedApplicationDefinitionName.id






azure-managed-applications
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Monalla-MSFT avatar image
0 Votes"
Monalla-MSFT answered

Hello @CezaryKlus-3549 - Welcome to Microsoft Q&A and thanks for reaching out.

Since we haven't heard back from you, we are hoping that the issue is resolved for you.

I have also tried to reproduce the issue but was unable to do it and I have also confirmed the same with our internal product team here and confirmed that there are no existing issues going on with Azure Managed Application deployments.

Hope this helps. and please feel free to reach out if you have any further questions.



If the above response was helpful, please feel free to "Accept as Answer" and "Upvote" the same so it can be beneficial to the community.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CezaryKlus-3549 avatar image
0 Votes"
CezaryKlus-3549 answered CezaryKlus-3549 commented

Hi @Monalla-MSFT

It is still failing randomly. Further investigation shows this error:
194345-image.png




This happens upon: New-AzManagedApplication


image.png (18.0 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@CezaryKlus-3549 - Thanks for sending us an email and I hope you were able to raise the support ticket. Please share with us the support ticket number once you raise it so we can track it further and update the status on this thread so it will be beneficial to the community. Thanks.

0 Votes 0 ·

Thanks. The tracking ID is 2MT6-PP8

0 Votes 0 ·