search

Azure / avdaccelerator

AVD Accelerator deployment automation to simplify the setup of AVD (Azure Virtual Desktop) based on best practices
MIT License
305 stars 198 forks source link

Policy remediation error during portal deployment #587

Closed integyjc closed 4 months ago

integyjc commented 4 months ago

What happened? Provide a clear and concise description of the bug, including deployment details.

Several attempts at deploying via the Portal result in the same error every time:

{"customHtml":{"htmlTemplate":"

The request to create remediation 'policy-set-avd-diagnostics-3' is invalid. The policy assignment '/subscriptions/440c2afa-db86-4439-bf11-13a06d9xxxxx/resourceGroups/rg-avd-main-prod-uks-storage/providers/Microsoft.Authorization/policyAssignments/policy-set-deploy-avd-diagnostics-to-log-analytics' assigns a policy set definition. Remediations must specify a single policy definition reference ID within the policy set definition.
","viewModel":null}}

Please provide the correlation id associated with your error or bug.

2c18f7d9-c9a7-4938-934c-827701afbfa8

What was the expected outcome?

Successful deployment

Relevant log output

Raw error:

{
  "code": "DeploymentFailed",
  "target": "/subscriptions/440c2afa-db86-4439-bf11-13a06d9xxxxx/resourceGroups/rg-avd-main-prod-uks-storage/providers/Microsoft.Resources/deployments/Remm-Diag-policy-set-avd-diagnostics-3",
  "message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.",
  "details": [
    {
      "code": "InvalidCreateRemediationRequest",
      "message": "The request to create remediation 'policy-set-avd-diagnostics-3' is invalid. The policy assignment '/subscriptions/440c2afa-db86-4439-bf11-13a06d9xxxxx/resourceGroups/rg-avd-main-prod-uks-storage/providers/Microsoft.Authorization/policyAssignments/policy-set-deploy-avd-diagnostics-to-log-analytics' assigns a policy set definition. Remediations must specify a single policy definition reference ID within the policy set definition."
    }
  ]
}
danycontre commented 4 months ago

@integyjc thanks for the feedback.

@yshafner

integyjc commented 4 months ago

Thanks @danycontre - I think this one can be closed as environment related. Despite the error being a bit vague, it does seem that policies left from previous failed deployments were the cause. These policy definitions and assignments remained at the subscription level even if the resource groups the policies are assigned to are deleted following a failed deployment. Manually deleting the policy assignments and definitions from the subscription level and waiting an hour resulted in a clean deployment.

PotterOtukile54 commented 4 months ago

@integyjc I just came across the same problem and looking for a resolve

grab

integyjc commented 4 months ago

Hi @PotterOtukile54 that looks like a different error to the one i've reported on here