[Question/Feedback]: "The existing policy parameter(s) 'MonitorDisable' were not found in the policy being updated"

[IEP-Brewin]

Check for previous/existing GitHub issues

• [X] I have checked for previous/existing GitHub issues

Description

Hi,

I'm trying to deploy AMBA version 2024-09-02 (from version 2024-06-05), but getting the following error: "The existing policy parameter(s) 'MonitorDisable' were not found in the policy being updated. The parameter names can not be changed"

I've ended up deleting all of the AMBA policy assignments/remediations and also the deployments to the ALZ management group, but still getting the error.

[Brunoga-MS]

Hello @IEP-Brewin , thanks for your feedback. The issue you encountered seems to be something related to a different parameter file content. To resolve the issue make sure the parameter file structure you are using is aligned with the one coming with the release you would like to deploy. For any reference, the update procedure is documented at Update to new releases and when a pre or post action is required you can find it documented in the specific section. In this case, you can find this info in the Updating from release 2024-06-05 page.

Hope that helps.

Thanks, Bruno.

[IEP-Brewin]

Thanks. Should of taken a look at that before.

[IEP-Brewin]

@Brunoga-MS, i've successfully ran Start-AMBAPolicyInitiativesAndAssignmentsCleanup.ps1 and also used all of latest parameters from alzArm.param.json, but i'm still getting the MonitorDisable error.

[Brunoga-MS]

@IEP-Brewin can you pls share a copy of your param file. Share it privately pls together with error screenshots.

[IEP-Brewin]

How would i share privately? Thanks.

[Brunoga-MS]

Please give the steps in the below list a try:

1. Get the correct parameter file from the 2024-09-02 code version
2. Populate the parameter file with your info/settings
3. Clean existing installation using the cleanup procedure documented at Cleaning up a Deployment
4. Populate the necessary variables and deploy the release 2024-09-02 using this command: New-AzManagementGroupDeployment -Name "amba-GeneralDeployment" -ManagementGroupId $pseudoRootManagementGroup -Location $location -TemplateUri "https://raw.githubusercontent.com/Azure/azure-monitor-baseline-alerts/2024-09-02/patterns/alz/alzArm.json" -TemplateParameterFile ".\patterns\alz\alzArm.param.json" or any other available method of your choice between Azure CLI, Azure Pipelines, GitHub Actions, Azure Portal Accelerator

[IEP-Brewin]

I've performed the steps above but still getting the same error.

Cleaning up a Deployment didn't fully work, the script said that there are 3 role assignments to be deleted, but then gives:

Thanks.

[Brunoga-MS]

Can you please go through each of the management group under the pseudo root one

and manually remove the assignment

After everything is perfectly clean, try the deployment once again.

Thanks, Bruno.

[IEP-Brewin]

If i search for AMBA in IAM on each of the 3 management groups, there are no results - Therefore i can't manually delete the role assignments.

[IEP-Brewin]

I've managed to do a full cleanup (see attached image), but still getting the same error.

[Brunoga-MS]

Hi @IEP-Brewin , this sounds like impossible to believe. With a clean environment like you made it after the cleanup there's no policy to update.

Is there any direct contact of yours that you can share?, I would love to have quick Teams meeting to go through it together and see why it is not working.

thanks, Bruno.

[IEP-Brewin]

Please reach out to Jay Withers - @.**@.>.

Many thanks.

@.***

From: Bruno Gabrielli @.> Sent: 12 September 2024 13:07 To: Azure/azure-monitor-baseline-alerts @.> Cc: 0. Infrastructure Engineering Platform @.>; Mention @.> Subject: Re: [Azure/azure-monitor-baseline-alerts] [Question/Feedback]: "The existing policy parameter(s) 'MonitorDisable' were not found in the policy being updated" (Issue #328)

Hi @IEP-Brewinhttps://github.com/IEP-Brewin , this sounds like impossible to believe. With a clean environment like you made it after the cleanup there's no policy to update.

Is there any direct contact of yours that you can share?, I would love to have quick Teams meeting to go through it together and see why it is not working.

thanks, Bruno.

- Reply to this email directly, view it on GitHubhttps://github.com/Azure/azure-monitor-baseline-alerts/issues/328#issuecomment-2346106812, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BIHN6KYHY3TZM6PNN2XFL63ZWF7UVAVCNFSM6AAAAABN63UQJKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNBWGEYDMOBRGI. You are receiving this because you were mentioned.Message ID: @.**@.>>

[Brunoga-MS]

As expected the email address got obfuscated ...

[jaywithersbrewin]

This is my individual work account. I've temporarily added my email to my bio

[Brunoga-MS]

I can see that now.

Thanks, Bruno.

[Brunoga-MS]

Reaching out to you in Teams