VPN Connections write fails for create_virtual_wan_connection on first attempt

[yujiterada]

5 is not fixed. The call to create_virtual_wan_connection is successful, but the tasks fails in Azure causing the VPN tunnel to fail between MX and Azure on first attempt. Second attempt will create the tunnels successfully.

Expected Behavior

Create VPN gateway and connect it to a Hub in vWAN without any errors.

Steps to Reproduce

1. Have all perquisites built
2. Tag a networks with "vWAN-1"
3. Run the automation script in Azure
4. Write VpnGateways fails
5. Run the automation script in Azure
6. Write VpnGateways succeeds

Detailed Description

Logs show the following error.

"statusMessage": {
    "status": "Failed",
    "error": {
        "code": "ResourceOperationFailure",
        "message": "The resource operation completed with terminal provisioning state 'Failed'.",
        "details": [{
            "code": "InvalidParameter",
            "message": "The nrp resource uri '/subscriptions/97f34de4-264e-4e71-a6a0-XXXXXXXXXXXX/resourceGroups/Meraki-VWAN-RG/providers/Microsoft.Network/vpnSites/Office-Sydney/vpnSiteLinks/Office-Sydney-wan1' is invalid or the resource does not exist.",
            "details":[]
        }]
    }
}

However, that resource seems to exist.

{
  "value": [
    {
      "name": "Office-Sydney-wan1",
      "id": "/subscriptions/97f34de4-264e-4e71-a6a0-XXXXXXXXXXXX/resourceGroups/Meraki-VWAN-RG/providers/Microsoft.Network/vpnSites/Office-Sydney/vpnSiteLinks/Office-Sydney-wan1",
      "etag": "W/\"a97f9034-bf79-4a2f-a39c-9b00ef46972b\"",
      "properties": {
        "provisioningState": "Succeeded",
        "ipAddress": "121.209.XXX.XXX",
        "linkProperties": {
          "linkProviderName": "TELSTRAINTERNET45-AU",
          "linkSpeedInMbps": 250
        }
      },
      "type": "Microsoft.Network/vpnSites/vpnSiteLinks"
    }
  ]
}

Possible Solution

Wait until the VPN link connection's provision state has "Succeeded". I expect create_virtual_wan_connection() is called when the state is "Updating".

'vpnLinkConnections': [{
    'etag': 'W/"92924e2d-4b85-48cf-9ff3-7859da689944"',
    'id': '/subscriptions/97f34de4-264e-4e71-a6a0-XXXXXXXXXXXX/resourceGroups/Meraki-VWAN-RG/providers/Microsoft.Network/vpnGateways/e4afad07ac5d40e1ba118c4f3e4cb2d1-westus-gw/vpnConnections/Office-Sydney-connection/vpnLinkConnections/Office-Sydney-wan1',
    'name': 'Office-Sydney-wan1',
    'properties': {
        'connectionBandwidth': 250,
        'dpdTimeoutSeconds': 0,
        'egressBytesTransferred': 0,
        'enableBgp': False,
        'enableRateLimiting': False,
        'ingressBytesTransferred': 0,
        'ipsecPolicies': [{
            'dhGroup': 'DHGroup14',
           'ikeEncryption': 'AES256',
           'ikeIntegrity': 'SHA256',
           'ipsecEncryption': 'AES256',
           'ipsecIntegrity': 'SHA256',
           'pfsGroup': 'None',
           'saDataSizeKilobytes': 102400000,
           'saLifeTimeSeconds': 3600
        }],
        'packetCaptureDiagnosticState': 'None',
        'provisioningState': 'Updating',
        'routingWeight': 0,
        'sharedKey': 'XXXXXXXXXXXX',
        'useLocalAzureIpAddress': False,
        'usePolicyBasedTrafficSelectors': False,
        'vpnConnectionProtocolType': 'IKEv2',
        'vpnSiteLink': {
           'id': '/subscriptions/97f34de4-264e-4e71-a6a0-XXXXXXXXXXXX/resourceGroups/Meraki-VWAN-RG/providers/Microsoft.Network/vpnSites/Office-Sydney/vpnSiteLinks/Office-Sydney-wan1'
        }
    },
    'type': 'Microsoft.Network/vpnGateways/vpnConnections/vpnLinkConnections'
}]

[yujiterada]

[yujiterada]

[MitchellGulledge]

Yuji, can you confirm if this issue still occurs on v1 of the meraki API?

[MitchellGulledge]

Yuji, I am going to close this out for lack of response as I am unable to reproduce the issue.