yonzhan
commented
4 years ago network
Open digeler opened 4 years ago
yonzhan
commented
4 years ago network
haroldrandom
commented
4 years ago Based on the error output, I think the service protect deletion from this situation while there is nested resource linked to it.
And, the docs says:
Private DNS zone cannot be deleted unless all virtual network links to it are removed.
Could you please check whether there are some resources linked to it and remove them first?
If you insist that the nested resource should be deleted automatically, I will mark this issue as Service Attention to let service guy help.
ghost
commented
4 years ago Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @aznetsuppgithub.
ghost
commented
4 years ago Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @aznetsuppgithub.
haroldrandom
commented
4 years ago @digeler Also, you could provide feedback in the page https://docs.microsoft.com/en-us/azure/dns/private-dns-overview through that feedback button
ghost
commented
4 years ago Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @dnssuppgithub.
nezuko-cc
commented
3 years ago Hi I experienced the same issue that I can't delete my prirvate dns zone which has no nested resources(no vnet link, only the automatically created SOA record) I am wondering is it a known bug? And is there any plan on fixing it? Wondering if we should file an azure support ticket to get some help deleting it?
ghost
commented
3 years ago Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @dnssuppgithub.
| Author: | digeler |
|---|---|
| Assignees: | haroldrandom |
| Labels: | `Network - DNS`, `Service Attention`, `feature-request` |
| Milestone: | Backlog |
gro1m
commented
3 years ago I also ran into this problem today.
0papen0
commented
3 years ago Had this exact problem today. I tried deleting the resource-group in which the DNS zone was located and that actually finished successfully. But I imagine not everyone can afford to delete the whole resource-group...
jessicalavoie
commented
3 years ago hi, same issue here. It seems that if you try to move the resource somewhere else you can see that there still a linked vnet (even though its not currently visible). The only solution i found so far is to wait.....and retry and wait.
helltone
commented
3 years ago Hey, Have same situation, created private dns zone, tried to link it to vnet(it failed, because vnet already have dns zone with auto-registration).
Now Iam trying to create empty zone, but it throws: "Can not delete resource before nested resources are deleted."
ghost
commented
3 years ago Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @dnssuppgithub.
| Author: | digeler |
|---|---|
| Assignees: | msyyc |
| Labels: | `Network - DNS`, `Service Attention`, `feature-request` |
| Milestone: | Backlog |
BMeyn
commented
3 years ago As a workaround you can move the private dns zone into a new ressource group and than just delete the new created ressource group
RichardNixon52
commented
3 years ago @BMeyn unfortunately this solution does not work for me, it's not possible to move the DNS zone, stuck in some faulty state now.
lordhits
commented
3 years ago @BMeyn 's solution works. When deleting the resource group, it highlighted an additional resource type that i did not see in my original resource group and i think this is the "nested resource" it's complaining about. It's this type: Microsoft.Network/privateDnsZones/virtualNetworkLinks
frehnejc
commented
3 years ago This also happens in the Portal the error is:
93420
commented
3 years ago Same issue for me. Since 6 month, is there any offical fix from Azure ?
yonzhan
commented
3 years ago network service team should look into this.
montaro
commented
3 years ago What worked for me is to delete first the Virtual network links before trying to delete the zone.
antonmatsiuk
commented
2 years ago What worked for me is to delete first the Virtual network links before trying to delete the zone.
@montaro Thank you! That worked for me as well
seanyao1
commented
2 years ago I'm in the same situation.
fidelcasto
commented
2 years ago I had the same issue this morning. The problem was that the vnet link was in a bad state. For some reason it was not showing up the in the portal. I had to add the vnet link to the private dns zone and delete it once again to be able to delete the private dns zone.
ozesati
commented
2 years ago FIX! Go into resource group where you are trying to delete private DNS. Check off the "show hidden types". A vnet link for private dns will show up now. Delete that first, then delete private dns. Done.
dcnsakthi
commented
2 years ago Delete the attached "microsoft.network/privatednszones/virtualnetworklinks" (hidden) resources to delete the "Private DNS zone".
lordisp
commented
2 years ago I have the following error:
'xxx' does not have authorization to perform action 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups/delete' over scope 'yyy'However, the provider-operation Microsoft.Network/privateEndpoints/privateDnsZoneGroups/delete does not exist.
Any ideas?
fidelcasto
commented
2 years ago does
You need to be assigned contributor role in the IAM menu of the ressource you want to delete.
lordisp
commented
2 years ago You need to be assigned contributor role in the IAM menu of the ressource you want to delete.
@fidelcasto I your answer is a replay to my post, I don't want to assign the contributor role. Insead I'm working on a custom role for a service-principal in azure-devops pipeline. However the failed provider-operation does not exist.
MartinJoeWilco
commented
2 years ago FIX! Go into resource group where you are trying to delete private DNS. Check off the "show hidden types". A vnet link for private dns will show up now. Delete that first, then delete private dns. Done.
Excellent fix!
For my Azure subscription the view has changed/updated: Indeed go to the resource group, click on "Manage View" click on "Show Hidden Types"
edgreenberg-mri
commented
2 years ago [dcnsakthi](https://github.com/dcnsakthi) commented [on Jan 24](https://github.com/Azure/azure-cli/issues/15010#issuecomment-1019893921)
Delete the attached "microsoft.network/privatednszones/virtualnetworklinks" (hidden) resources to delete the "Private DNS zone".This resolved the issue for me.
palbock
commented
1 year ago You need to be assigned contributor role in the IAM menu of the ressource you want to delete.
@fidelcasto I your answer is a replay to my post, I don't want to assign the
contributorrole. Insead I'm working on acustom rolefor aservice-principalinazure-devops pipeline. However the failed provider-operation does not exist.
@lordisp Did you manage to find a solution for this?
JiaxingSong
commented
1 year ago Same issue here!
When I delete a private dns zone, it already indicates I want to delete all vnet-links under this zone. Why not automatically delete all the links instead of asking users to manully delete them?
jonfowler1231
commented
5 months ago Hey, Have same situation, created private dns zone, tried to link it to vnet(it failed, because vnet already have dns zone with auto-registration).
Now Iam trying to create empty zone, but it throws: "Can not delete resource before nested resources are deleted."
Similar thing happened to me. The vnet link did not appear in the portal; and I was unable to delete the private dns zone.
It did work for me using az cli to delete the link:
az network private-dns link vnet delete -g <resource group> -n <linkname> -z <dnszonename>
rmolcr
commented
3 months ago Hey, Have same situation, created private dns zone, tried to link it to vnet(it failed, because vnet already have dns zone with auto-registration). Now Iam trying to create empty zone, but it throws: "Can not delete resource before nested resources are deleted."
Similar thing happened to me. The vnet link did not appear in the portal; and I was unable to delete the private dns zone.
It did work for me using az cli to delete the link:
az network private-dns link vnet delete -g <resource group> -n <linkname> -z <dnszonename>
Same issue here. Worked for me! Thanks @jonfowler1231
AxelTob
commented
3 months ago My link did not show up on show hidden and I had no links to the private-dns visible on the resource.
What did solve it was:
az network private-dns zone delete --resource-group .. -n-name ...
the error showed which nested resources and virtualNetworkLinks it had issues with.
Then on those I called.
az network private-dns link vnet delete -g (resource-g) .. -n (the link error complained on) -z (private-dns name)
This solved it. None of it was possible on portal
bsonnek
commented
3 months ago My link did not show up on
show hiddenand I had no links to the private-dns visible on the resource. What did solve it was:az network private-dns zone delete --resource-group .. -n-name ...the error showed which nested resources and virtualNetworkLinks it had issues with.Then on those I called.
az network private-dns link vnet delete -g (resource-g) .. -n (the link error complained on) -z (private-dns name)This solved it. None of it was possible on portal
This worked for me - Thank you Axel
pedroafsouza
commented
3 months ago Another solution that I found was to create a resource name with the same name pointing for anything and then delete it afterwards. That recovered the state.
githubtomb
commented
3 months ago
az network private-dns link vnet delete -g <resource group> -n <linkname> -z <dnszonename>
This worked for me. If you can't find your link name, use the notification window value when you initially fail to delete your dnszonename.
man0s
commented
2 months ago Thank you guys for the solution, worked for me. When do we expect an official solution though? It's been 4 years...
PaulMoney
commented
2 months ago Another solution that I found was to create a resource name with the same name pointing for anything and then delete it afterwards. That recovered the state. Only this solution worked for me 👍
simonfelding
commented
2 weeks ago My link did not show up on
show hiddenand I had no links to the private-dns visible on the resource. What did solve it was:az network private-dns zone delete --resource-group .. -n-name ...the error showed which nested resources and virtualNetworkLinks it had issues with.Then on those I called.
az network private-dns link vnet delete -g (resource-g) .. -n (the link error complained on) -z (private-dns name)This solved it. None of it was possible on portal
Thank you!
For info, the name in the second command is derived from something like: Some existing nested resource IDs include: Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net/virtualNetworkLinks/swkarca4yzjqi, where swkarca4yzjqi is the name to be used for -n.
rpetersson
commented
1 week ago Issue from 2020 this needs to be resolved. Spent way to much time troubleshooting this ridiculous issue.
rpetersson
commented
1 week ago @digeler are you assigned to this case?
Describe the bug Cannot delete private dns zone even if there are no nested links
To Reproduce create global zone and try to delete
Expected behavior zone should be deleted , if there is no nested resources in it.
Environment summary PS C:\Users\digeler> az network private-dns zone show -n documents.azure.com -g polydgeuse1 { "etag": "a69969af-60b0-4490-8059-1906c48b48c9", "id": "/subscriptions/a9f4e502-9188-4e9c-857f-532dd66f5d0c/resourceGroups/polydgeuse1/providers/Microsoft.Network/privateDnsZones/documents.azure.com", "location": "global", "maxNumberOfRecordSets": 25000, "maxNumberOfVirtualNetworkLinks": 1000, "maxNumberOfVirtualNetworkLinksWithRegistration": 100, "name": "documents.azure.com", "numberOfRecordSets": 1, "numberOfVirtualNetworkLinks": 0, "numberOfVirtualNetworkLinksWithRegistration": 0, "provisioningState": "Succeeded", "resourceGroup": "polydgeuse1", "tags": null, "type": "Microsoft.Network/privateDnsZones" }
rllib3.connectionpool : https://management.azure.com:443 "DELETE /subscriptions/a9f4e502-9188-4e9c-857f-532dd66f5d0c/resourceGroups/polydgeuse1/providers/Microsoft.Network/privateDnsZones/documents.azure.com?api-version=2018-09-01 HTTP/1.1" 409 114 msrest.http_logger : Response status: 409 msrest.http_logger : Response headers: msrest.http_logger : 'Cache-Control': 'no-cache' msrest.http_logger : 'Pragma': 'no-cache' msrest.http_logger : 'Content-Length': '114' msrest.http_logger : 'Content-Type': 'application/json; charset=utf-8' msrest.http_logger : 'Expires': '-1' msrest.http_logger : 'x-ms-failure-cause': 'gateway' msrest.http_logger : 'x-ms-request-id': '92920106-a73e-461a-8dd0-e320966bcdc5' msrest.http_logger : 'x-ms-correlation-request-id': '92920106-a73e-461a-8dd0-e320966bcdc5' msrest.http_logger : 'x-ms-routing-request-id': 'GERMANYWESTCENTRAL:20200901T100854Z:92920106-a73e-461a-8dd0-e320966bcdc5' msrest.http_logger : 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains' msrest.http_logger : 'X-Content-Type-Options': 'nosniff' msrest.http_logger : 'Date': 'Tue, 01 Sep 2020 10:08:54 GMT' msrest.http_logger : Response content: msrest.http_logger : {"error":{"code":"CannotDeleteResource","message":"Can not delete resource before nested resources are deleted."}} msrest.exceptions : Can not delete resource before nested resources are deleted. cli.azure.cli.core.util : Can not delete resource before nested resources are deleted. Can not delete resource before nested resources are deleted.