[BUG] STAT Quick Deploy

[darkkon212]

I have tried to deploy STAT via the quick deploy button on GitHub on 2 separate tenants and both give me a BadGateway Status under the App Service Plan. Which causes the deployment to hang. I have deployed this originally on our primary tenant several months ago without issue. So, I'm not sure if this is because of recent updates or I'm deploying it improperly now.

To confirm, my account is the owner for both subscriptions.

"status": "Failed", "error": { "code": "Forbidden", "message": "The subscription 'xxxxxx' is not allowed to create or update the serverfarm.", "details": [ { "message": "The subscription 'xxxxx' is not allowed to create or update the serverfarm." }, { "code": "Forbidden" },

Let me know if you need any more details

[briandelmsft]

Hi @darkkon212 thanks for letting us know. I have not seen this error before but I have a few things for you to check and a bit more information I need to look into this further.

First what I'd like to know the datacenter region you are attempting to deploy to, and if you tenant is associated with an government, sovereign cloud or is it a standard commercial tenant.

I have seen some issues recently in Central US, but the error is different and only seems to apply to some subscription types, but if you are trying Central US, please try another region to see if the same error comes up.

Finally, I'd like you to check the state of the necessary resource providers (Microsoft.Web, Microsoft.Storage and Microsoft.Logic). To do this in the Azure Portal go to Subscriptions -> -> Settings\Resource Providers Check to state of each resource provider, if any are listed as 'NotRegistered', select the resource provider and click 'Register'

[briandelmsft]

one other thing to confirm, the quick deploy button you are click on, it is linked to the URL https://aka.ms/mstatdeploy correct? I just want to make sure there isn't an old link out there somewhere

[darkkon212]

Thank you for the quick response!

Region is: EastUS Non GOV - standard commercial

Subscription type is the standard pay as you go.

Microsoft.Logic wasn't registered, so I registered it and attempt a cancel and deploy again but still came up with the same error.

The link is the same as the above that you mentioned.

[briandelmsft]

@darkkon212 What RBAC role(s) do you have on the RG you are deploying to? If you're not an Owner or Contributor you need a few different roles to successfully deploy.

Another thing to look at is are there any Azure policies that would prevent you from deploying an App Service Plan?

Can you try to create a blank function app in the same resource group, search for Function App in the portal, click create, select consumption and then chose the following settings

for the app name you'll have to use a different one, just pick anything a random

for the other pages: Storage - leave default Networking - leave default Monitoring - Enable application insights - No Deployment - leave default Tags - leave default (unless required in your sub)

If that works, then I'd try the STAT deployment again, maybe it fixed some resource provider or something. If it fails, it's another issues deploying function apps in your environment, maybe it will give a more detailed error though.

[noodlemctwoodle]

Forbidden is usually permissions based, I have seen this a few times when deploying resources to Azure from GitHub / ADO

You should also check you have the correct Resource Providers enabled on the subscription as these will also fail the deployment with Forbidden.

• Microsoft.Logic
• Microsoft.Web
• Microsoft.Storage

There is also a known issue that's very similar here. One suggestion was to test in another region, however this will not be possible if you are using Azure Policy to lock resources to a specific Azure region.

[darkkon212]

Good Morning!

Sorry for the delayed response here. It appears to have resolved itself, I'm not sure if it was a time thing with the subscription deployment/provisioning. But within 24 hours of initial Sentinel deployment, it allowed me to deploy STAT and the app service plan deployment was successful.