Azure / azure-powershell

Microsoft Azure PowerShell
Other
4.26k stars 3.86k forks source link

Set-AzureRmApplicationGateway - cannot update certificates for gateway with Minimum scale units 0 #12160

Open klinki opened 4 years ago

klinki commented 4 years ago

Description

I'm trying to automate Let's encrypt certificate renewal. I'm using following script: https://github.com/intelequia/letsencrypt-aw/blob/master/letsencryptaw_v2.ps1

to renew the certificate. Problem is when I call Set-AzureRmApplicationGateway - it fails with error message:

Set-AzureRmApplicationGateway : 'MinCapacity' is less than minimum value of '2'.

At line:122 char:1

+ Set-AzureRmApplicationGateway -ApplicationGateway $appgw

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : CloseError: (:) [Set-AzureRmApplicationGateway], ValidationException

    + FullyQualifiedErrorId : Microsoft.Azure.Commands.Network.SetAzureApplicationGatewayCommand

I don't change the MinCapacity anywhere, I don't touch it.

If I modify the gateway in Azure portal and set it to minimum scale to 2, as required, then it works and command succeeds.

Steps to reproduce

$appgw = Get-AzureRmApplicationGateway -ResourceGroupName $AGResourceGroupName -Name $AGName
Set-AzureRmApplicationGatewaySSLCertificate -Name $AGOldCertName -ApplicationGateway $appgw -CertificateFile $certPfxPath -Password $password
Set-AzureRmApplicationGateway -ApplicationGateway $appgw

Module versions

It is Azure automation script. I couldn't run Get-Module because of

The runbook job failed due to a job stream being larger than 1MB, the limit that is supported by an Azure Automation sandbox.

error so I copied data from portal shared modules:

ACME-PS 1.2.3
AuditPolicyDsc 1.1.0.0
Azure 5.3.0
Azure.Storage  4.6.1
AzureRM.Automation 6.1.1
AzureRM.Compute 5.9.1
AzureRM.Network 6.11.1
AzureRM.Profile 5.8.3
AzureRM.Resources 6.7.3
AzureRM.Sql 4.12.1
AzureRM.Storage 5.2.0
ComputerManagementDsc 5.0.0.0
GPRegistryPolicyParser 0.2
Microsoft.PowerShell.Core  0.0
Microsoft.PowerShell.Diagnostics
Microsoft.PowerShell.Management
Microsoft.PowerShell.Security
Microsoft.PowerShell.Utility
Microsoft.WSMan.Management
Orchestrator.AssetManagement.Cmdlets  1.0
PSDscResources 2.9.0.0
SecurityPolicyDsc 2.1.0.0
StateConfigCompositeResources 1.0
xDSCDomainjoin 1.1
xPowerShellExecutionPolicy 1.1.0.0
xRemoteDesktopAdmin 1.1.0.0
ghost commented 4 years ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @surajmb, @aznetsuppgithub.

dingmeng-xue commented 4 years ago

I include network team to look into it.

surajmb commented 4 years ago

@klinki , I don't get this error while running the commands. Do you have autoscale configured in your Application Gateway?

And can you try updating your Azure PowerShell module and try using "Az" commands?

eolver commented 4 years ago

I have same issue, but Cannot change AGW min Scale Units to 2 as it has WAF Policy associated

Error: WebApplicationFirewallConfiguration cannot be changed when there is a WAF Policy

I also cannot figure out how to remove the Policy to allow me to change this.

brondavies commented 4 years ago

I have a similar issue with the same script

Set-AzureRmApplicationGateway Firewall policy /subscriptions/{subscription-id}/resourceGroups/myRe
sourceGroup/providers/Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies/WAFv2 cannot be removed from
Application Gateway, changing from one firewall policy to another is permitted
brondavies commented 4 years ago

FYI. I fixed this by uninstalling the AzureRm package Uninstall-AzureRm and installing Az. packages Install-Module -Name Az -AllowClobber then using the Enable-AzureRmAlias -Scope Process command instead of importing AzureRm. in my powershell script

eolver commented 4 years ago

Im trying to configure a Backend Pool on an Application Gateway using PowerShell im getting the same issue Set-AzApplicationGateway : 'MinCapacity' is less than minimum value of '2'. even if I try to change the SKU via the azure portal its saying that the policy is associated and wont let me change it.

ghost commented 4 years ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @surajmb, @appgwsuppgithub.