Set-AzureRmApplicationGateway - cannot update certificates for gateway with Minimum scale units 0

[klinki]

Description

I'm trying to automate Let's encrypt certificate renewal. I'm using following script: https://github.com/intelequia/letsencrypt-aw/blob/master/letsencryptaw_v2.ps1

to renew the certificate. Problem is when I call Set-AzureRmApplicationGateway - it fails with error message:

Set-AzureRmApplicationGateway : 'MinCapacity' is less than minimum value of '2'.

At line:122 char:1

+ Set-AzureRmApplicationGateway -ApplicationGateway $appgw

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : CloseError: (:) [Set-AzureRmApplicationGateway], ValidationException

    + FullyQualifiedErrorId : Microsoft.Azure.Commands.Network.SetAzureApplicationGatewayCommand

I don't change the MinCapacity anywhere, I don't touch it.

If I modify the gateway in Azure portal and set it to minimum scale to 2, as required, then it works and command succeeds.

Steps to reproduce

$appgw = Get-AzureRmApplicationGateway -ResourceGroupName $AGResourceGroupName -Name $AGName
Set-AzureRmApplicationGatewaySSLCertificate -Name $AGOldCertName -ApplicationGateway $appgw -CertificateFile $certPfxPath -Password $password
Set-AzureRmApplicationGateway -ApplicationGateway $appgw

Module versions

It is Azure automation script. I couldn't run Get-Module because of

The runbook job failed due to a job stream being larger than 1MB, the limit that is supported by an Azure Automation sandbox.

error so I copied data from portal shared modules:

ACME-PS 1.2.3
AuditPolicyDsc 1.1.0.0
Azure 5.3.0
Azure.Storage  4.6.1
AzureRM.Automation 6.1.1
AzureRM.Compute 5.9.1
AzureRM.Network 6.11.1
AzureRM.Profile 5.8.3
AzureRM.Resources 6.7.3
AzureRM.Sql 4.12.1
AzureRM.Storage 5.2.0
ComputerManagementDsc 5.0.0.0
GPRegistryPolicyParser 0.2
Microsoft.PowerShell.Core  0.0
Microsoft.PowerShell.Diagnostics
Microsoft.PowerShell.Management
Microsoft.PowerShell.Security
Microsoft.PowerShell.Utility
Microsoft.WSMan.Management
Orchestrator.AssetManagement.Cmdlets  1.0
PSDscResources 2.9.0.0
SecurityPolicyDsc 2.1.0.0
StateConfigCompositeResources 1.0
xDSCDomainjoin 1.1
xPowerShellExecutionPolicy 1.1.0.0
xRemoteDesktopAdmin 1.1.0.0

[ghost]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @surajmb, @aznetsuppgithub.

[dingmeng-xue]

I include network team to look into it.

[surajmb]

@klinki , I don't get this error while running the commands. Do you have autoscale configured in your Application Gateway?

And can you try updating your Azure PowerShell module and try using "Az" commands?

[eolver]

I have same issue, but Cannot change AGW min Scale Units to 2 as it has WAF Policy associated

Error: WebApplicationFirewallConfiguration cannot be changed when there is a WAF Policy

I also cannot figure out how to remove the Policy to allow me to change this.

[brondavies]

I have a similar issue with the same script

Set-AzureRmApplicationGateway Firewall policy /subscriptions/{subscription-id}/resourceGroups/myRe
sourceGroup/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/WAFv2 cannot be removed from
Application Gateway, changing from one firewall policy to another is permitted

[brondavies]

FYI. I fixed this by uninstalling the AzureRm package Uninstall-AzureRm and installing Az. packages Install-Module -Name Az -AllowClobber then using the Enable-AzureRmAlias -Scope Process command instead of importing AzureRm. in my powershell script

[eolver]

Im trying to configure a Backend Pool on an Application Gateway using PowerShell im getting the same issue Set-AzApplicationGateway : 'MinCapacity' is less than minimum value of '2'. even if I try to change the SKU via the azure portal its saying that the policy is associated and wont let me change it.

[ghost]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @surajmb, @appgwsuppgithub.