Open digeler opened 4 years ago
network
Based on the error output, I think the service protect deletion from this situation while there is nested resource linked to it.
And, the docs says:
Private DNS zone cannot be deleted unless all virtual network links to it are removed.
Could you please check whether there are some resources linked to it and remove them first?
If you insist that the nested resource should be deleted automatically, I will mark this issue as Service Attention to let service guy help.
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @aznetsuppgithub.
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @aznetsuppgithub.
@digeler Also, you could provide feedback in the page https://docs.microsoft.com/en-us/azure/dns/private-dns-overview through that feedback button
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @dnssuppgithub.
Hi I experienced the same issue that I can't delete my prirvate dns zone which has no nested resources(no vnet link, only the automatically created SOA record) I am wondering is it a known bug? And is there any plan on fixing it? Wondering if we should file an azure support ticket to get some help deleting it?
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @dnssuppgithub.
Author: | digeler |
---|---|
Assignees: | haroldrandom |
Labels: | `Network - DNS`, `Service Attention`, `feature-request` |
Milestone: | Backlog |
I also ran into this problem today.
Had this exact problem today. I tried deleting the resource-group in which the DNS zone was located and that actually finished successfully. But I imagine not everyone can afford to delete the whole resource-group...
hi, same issue here. It seems that if you try to move the resource somewhere else you can see that there still a linked vnet (even though its not currently visible). The only solution i found so far is to wait.....and retry and wait.
Hey, Have same situation, created private dns zone, tried to link it to vnet(it failed, because vnet already have dns zone with auto-registration).
Now Iam trying to create empty zone, but it throws: "Can not delete resource before nested resources are deleted."
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @dnssuppgithub.
Author: | digeler |
---|---|
Assignees: | msyyc |
Labels: | `Network - DNS`, `Service Attention`, `feature-request` |
Milestone: | Backlog |
As a workaround you can move the private dns zone into a new ressource group and than just delete the new created ressource group
@BMeyn unfortunately this solution does not work for me, it's not possible to move the DNS zone, stuck in some faulty state now.
@BMeyn 's solution works. When deleting the resource group, it highlighted an additional resource type that i did not see in my original resource group and i think this is the "nested resource" it's complaining about. It's this type: Microsoft.Network/privateDnsZones/virtualNetworkLinks
This also happens in the Portal the error is:
Same issue for me. Since 6 month, is there any offical fix from Azure ?
network service team should look into this.
What worked for me is to delete first the Virtual network links before trying to delete the zone.
What worked for me is to delete first the Virtual network links before trying to delete the zone.
@montaro Thank you! That worked for me as well
I'm in the same situation.
I had the same issue this morning. The problem was that the vnet link was in a bad state. For some reason it was not showing up the in the portal. I had to add the vnet link to the private dns zone and delete it once again to be able to delete the private dns zone.
FIX! Go into resource group where you are trying to delete private DNS. Check off the "show hidden types". A vnet link for private dns will show up now. Delete that first, then delete private dns. Done.
Delete the attached "microsoft.network/privatednszones/virtualnetworklinks" (hidden) resources to delete the "Private DNS zone".
I have the following error:
'xxx' does not have authorization to perform action 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups/delete' over scope 'yyy'
However, the provider-operation Microsoft.Network/privateEndpoints/privateDnsZoneGroups/delete
does not exist.
Any ideas?
does
You need to be assigned contributor role in the IAM menu of the ressource you want to delete.
You need to be assigned contributor role in the IAM menu of the ressource you want to delete.
@fidelcasto I your answer is a replay to my post, I don't want to assign the contributor
role. Insead I'm working on a custom role
for a service-principal
in azure-devops pipeline
. However the failed provider-operation does not exist.
FIX! Go into resource group where you are trying to delete private DNS. Check off the "show hidden types". A vnet link for private dns will show up now. Delete that first, then delete private dns. Done.
Excellent fix!
For my Azure subscription the view has changed/updated: Indeed go to the resource group, click on "Manage View" click on "Show Hidden Types"
[dcnsakthi](https://github.com/dcnsakthi) commented [on Jan 24](https://github.com/Azure/azure-cli/issues/15010#issuecomment-1019893921)
Delete the attached "microsoft.network/privatednszones/virtualnetworklinks" (hidden) resources to delete the "Private DNS zone".
This resolved the issue for me.
You need to be assigned contributor role in the IAM menu of the ressource you want to delete.
@fidelcasto I your answer is a replay to my post, I don't want to assign the
contributor
role. Insead I'm working on acustom role
for aservice-principal
inazure-devops pipeline
. However the failed provider-operation does not exist.
@lordisp Did you manage to find a solution for this?
Same issue here!
When I delete a private dns zone, it already indicates I want to delete all vnet-links under this zone. Why not automatically delete all the links instead of asking users to manully delete them?
Hey, Have same situation, created private dns zone, tried to link it to vnet(it failed, because vnet already have dns zone with auto-registration).
Now Iam trying to create empty zone, but it throws: "Can not delete resource before nested resources are deleted."
Similar thing happened to me. The vnet link did not appear in the portal; and I was unable to delete the private dns zone.
It did work for me using az cli to delete the link:
az network private-dns link vnet delete -g <resource group> -n <linkname> -z <dnszonename>
Hey, Have same situation, created private dns zone, tried to link it to vnet(it failed, because vnet already have dns zone with auto-registration). Now Iam trying to create empty zone, but it throws: "Can not delete resource before nested resources are deleted."
Similar thing happened to me. The vnet link did not appear in the portal; and I was unable to delete the private dns zone.
It did work for me using az cli to delete the link:
az network private-dns link vnet delete -g <resource group> -n <linkname> -z <dnszonename>
Same issue here. Worked for me! Thanks @jonfowler1231
My link did not show up on show hidden
and I had no links to the private-dns visible on the resource.
What did solve it was:
az network private-dns zone delete --resource-group .. -n-name ...
the error showed which nested resources and virtualNetworkLinks it had issues with.
Then on those I called.
az network private-dns link vnet delete -g (resource-g) .. -n (the link error complained on) -z (private-dns name)
This solved it. None of it was possible on portal
My link did not show up on
show hidden
and I had no links to the private-dns visible on the resource. What did solve it was:az network private-dns zone delete --resource-group .. -n-name ...
the error showed which nested resources and virtualNetworkLinks it had issues with.Then on those I called.
az network private-dns link vnet delete -g (resource-g) .. -n (the link error complained on) -z (private-dns name)
This solved it. None of it was possible on portal
This worked for me - Thank you Axel
Another solution that I found was to create a resource name with the same name pointing for anything and then delete it afterwards. That recovered the state.
az network private-dns link vnet delete -g <resource group> -n <linkname> -z <dnszonename>
This worked for me. If you can't find your link name, use the notification window value when you initially fail to delete your dnszonename.
Thank you guys for the solution, worked for me. When do we expect an official solution though? It's been 4 years...
Another solution that I found was to create a resource name with the same name pointing for anything and then delete it afterwards. That recovered the state. Only this solution worked for me 👍
My link did not show up on
show hidden
and I had no links to the private-dns visible on the resource. What did solve it was:az network private-dns zone delete --resource-group .. -n-name ...
the error showed which nested resources and virtualNetworkLinks it had issues with.Then on those I called.
az network private-dns link vnet delete -g (resource-g) .. -n (the link error complained on) -z (private-dns name)
This solved it. None of it was possible on portal
Thank you!
For info, the name in the second command is derived from something like: Some existing nested resource IDs include: Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net/virtualNetworkLinks/swkarca4yzjqi
, where swkarca4yzjqi
is the name to be used for -n
.
Issue from 2020 this needs to be resolved. Spent way to much time troubleshooting this ridiculous issue.
@digeler are you assigned to this case?
Describe the bug Cannot delete private dns zone even if there are no nested links
To Reproduce create global zone and try to delete
Expected behavior zone should be deleted , if there is no nested resources in it.
Environment summary PS C:\Users\digeler> az network private-dns zone show -n documents.azure.com -g polydgeuse1 { "etag": "a69969af-60b0-4490-8059-1906c48b48c9", "id": "/subscriptions/a9f4e502-9188-4e9c-857f-532dd66f5d0c/resourceGroups/polydgeuse1/providers/Microsoft.Network/privateDnsZones/documents.azure.com", "location": "global", "maxNumberOfRecordSets": 25000, "maxNumberOfVirtualNetworkLinks": 1000, "maxNumberOfVirtualNetworkLinksWithRegistration": 100, "name": "documents.azure.com", "numberOfRecordSets": 1, "numberOfVirtualNetworkLinks": 0, "numberOfVirtualNetworkLinksWithRegistration": 0, "provisioningState": "Succeeded", "resourceGroup": "polydgeuse1", "tags": null, "type": "Microsoft.Network/privateDnsZones" }
rllib3.connectionpool : https://management.azure.com:443 "DELETE /subscriptions/a9f4e502-9188-4e9c-857f-532dd66f5d0c/resourceGroups/polydgeuse1/providers/Microsoft.Network/privateDnsZones/documents.azure.com?api-version=2018-09-01 HTTP/1.1" 409 114 msrest.http_logger : Response status: 409 msrest.http_logger : Response headers: msrest.http_logger : 'Cache-Control': 'no-cache' msrest.http_logger : 'Pragma': 'no-cache' msrest.http_logger : 'Content-Length': '114' msrest.http_logger : 'Content-Type': 'application/json; charset=utf-8' msrest.http_logger : 'Expires': '-1' msrest.http_logger : 'x-ms-failure-cause': 'gateway' msrest.http_logger : 'x-ms-request-id': '92920106-a73e-461a-8dd0-e320966bcdc5' msrest.http_logger : 'x-ms-correlation-request-id': '92920106-a73e-461a-8dd0-e320966bcdc5' msrest.http_logger : 'x-ms-routing-request-id': 'GERMANYWESTCENTRAL:20200901T100854Z:92920106-a73e-461a-8dd0-e320966bcdc5' msrest.http_logger : 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains' msrest.http_logger : 'X-Content-Type-Options': 'nosniff' msrest.http_logger : 'Date': 'Tue, 01 Sep 2020 10:08:54 GMT' msrest.http_logger : Response content: msrest.http_logger : {"error":{"code":"CannotDeleteResource","message":"Can not delete resource before nested resources are deleted."}} msrest.exceptions : Can not delete resource before nested resources are deleted. cli.azure.cli.core.util : Can not delete resource before nested resources are deleted. Can not delete resource before nested resources are deleted.