SaurabhSharma-MSFT
commented
1 year ago @ms-zhenhua We are looking into it and get back to you for any additional information.
Open ms-zhenhua opened 1 year ago
SaurabhSharma-MSFT
commented
1 year ago @ms-zhenhua We are looking into it and get back to you for any additional information.
Architekt909
commented
1 year ago I'm also having this problem when deploying a bicep file. Initially, I created a subscription alias and it worked just fine. I then tried to check if subscriptions are idempotent and ran the deployment of the bicep file again with the exact same parameters a few minutes after it had completed, and everything worked: nothing changed with respect to the subscription (so I guess it's idempotent). I then went and worked on some other code for a while, then tried to deploy the bicep file again: Now I'm getting that same 429 error that just simply says:
{ "status": "Failed", "error": { "code": "TooManyRequests", "message": "Subscription is not created. Please try again later." } }
I can deploy any of my other bicep files it should be noted. I can even move that initially created subscription to other management groups if I want. The weird thing is, when I deploy the bicep file via PowerShell, it just hangs for what looks like 30m and doesn't give any meaningful error result. I had to look in the portal under deployments for the management group the subscription was deployed to for details, which let me abort the deployment early.
I also get the above if I try and deploy a new subscription via my bicep file with different parameters. I now seem to be stuck with being unable to make any via deployment. It should be noted I only have 2 active MCA subscriptions and 2 disabled MCA ones using the Microsoft Azure Plan.
In case it's of any use, this is all that's in my create subscription bicep file (minus the parameter declarations):
targetScope = 'managementGroup'
//....param declarations
resource subscriptionAlias 'Microsoft.Subscription/aliases@2021-10-01' = {
name: replace(subscriptionDisplayName, ' ', '_')
scope: tenant()
properties: {
workload: workloadType
displayName: subscriptionDisplayName
billingScope: fullBillingScope
additionalProperties: {
subscriptionOwnerId: ownerId
subscriptionTenantId: tenantId
tags: {
// key is the "Name" value after the : is "Value" in the portal when you view the tags
Environment: environment
Maintainers: maintainers
Project: projectName
Subscription: subscriptionDisplayName
ProjectHash: uniqueString(projectName)
Location: deploymentLocation
}
}
}
}And this is how I'm deploying the script with my admin account:
New-AzManagementGroupDeployment `
-Name TestSubDeployment `
>> -Location eastus `
>> -TemplateFile modules/createSubscription.bicep `
>> -subscriptionDisplayName "Test Subscription" `
>> -billingAccountId <redacted> `
>> -billingProfileId <redacted> `
>> -billingInvoiceSectionId <redacted> `
>> -ownerId <redacted> `
>> -environment Dev `
>> -maintainers "<redacted>" `
>> -projectName "Test Project" `
>> -ManagementGroupId NewSubscriptions-mgI then waited 2 hours or so and tried to manually make a subscription in the portal and was denied: I got the message " subscription is not created You can deploy resources onto your recently created subscriptions. Learn more about creating subscriptions"
When viewing that link, it says for MCA customers you can have a max of 5 subscriptions in an MCA purchased directly through Azure.com: I have 4 as mentioned: 2 active, 2 disabled (can't delete them yet, need to wait 3 days). So if this really is a "you have made too many subscriptions" problem, should I still be able to create 1 more if the limit is 5? Furthermore, shouldn't the New-AzManagementGroupDeployment command not wait like half an hour and instead be able to see that 429 error (which I can almost immediately in the portal) and abort earlier and inform me of the same message that I see in the portal? Instead, if I let it run 30m or whatever, I get this incorrect error message:
New-AzManagementGroupDeployment: 10:44:48 AM - The deployment 'TestSubDeployment' failed with error(s). Showing 1 out of 1 error(s).
Status Message: At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details. (Code: DeploymentFailed)
- {
"error": {
"code": "Forbidden",
"message": "User does not have access to the requested resource or one of its dependencies.\nIf you believe you should have access, please ensure your token
has not expired."
},
"code": "Forbidden",
"message": "User does not have access to the requested resource or one of its dependencies.\nIf you believe you should have access, please ensure your token has not expired."
} (Code:Forbidden)
CorrelationId: 423aad50-7c92-427e-b4a7-4082c0fbd7fa
salimkapadia
commented
1 year ago Any updates on this?
Architekt909
commented
1 year ago bump, this is a pretty serious issue, one that causes substantial roadblocks with development. If it's a bug, it should be fixed. If it's working as intended, it seems there could be better documentation on this topic as well as better error information, especially deploying the actual bicep file: instead of waiting 30m or so, like I originally mentioned, the portal seems to be able to detect a problem nearly instantly so the deployment program should be able to. And ideally the error output would be more meaningful to help diagnose.
triple-it
commented
11 months ago Yes... this is very unclear. https://learn.microsoft.com/en-us/azure/cost-management-billing/manage/create-subscriptions-deploy-resources states:
When deploying ACF templates, we need at least 4 clean subs to work with in the first place?
AzySir
commented
10 months ago Yes... this is very unclear. https://learn.microsoft.com/en-us/azure/cost-management-billing/manage/create-subscriptions-deploy-resources states:
- 5 subs max?
- one sub per 24 hour? (That's not true I could create 2, with a maximum of 4 active subs)
- The subs should have some consumption?
- ....
When deploying ACF templates, we need at least 4 clean subs to work with in the first place?
Thanks for sharing that - seriously backwards by Azure... what on earth
Hi, our customer got the following error when creating an alias subscription with the PUT API, could someone kindly help have a check?