Public IP Address linked to load balancer I didn't create

Tim Bryan 20 Reputation points
2023-12-07T02:50:34.77+00:00

I created an Application Gateway with associated resources, a virtual network, public IP address, NSGs, and WAF using Bicep Templates. Once done, I tried deleting the resource group I created, and it said it failed. All that's left in the RG is the public IP address, and virtual network. The public IP address is associated with a load balancer that seems to exist in a different tenant and subscription. This is the error I get: 

You do not have authorization to access this resource.

Resource ID: /subscriptions/db84baa0-4d8e-4f60-a896-a2e28675ceef/resourceGroups/armrg-1625adf0-8fb8-407a-807b-a3e164b9aa90/providers/Microsoft.Network/loadBalancers/appgwLoadBalancer

Status Code: 401

Status Message: The access token is from the wrong issuer 'https://sts.windows.net/aee1d42e-29d0-401f-b3a7-4dfa337692cc/'. It must match the tenant 'https://sts.windows.net/33e01921-4d64-4f8c-a055-5bdaffd5e33d/' associated with this subscription. Please use the authority (URL) 'https://login.windows.net/33e01921-4d64-4f8c-a055-5bdaffd5e33d' to get the token. Note, if the subscription is transferred to another tenant there is no impact to the services, but information about new tenant could take time to propagate (up to an hour). If you just transferred your subscription and see this error message, please try back later.

So I can't access the load balancer to dissociate the IP address.

The other thing is that the virtual network has some VM scale sets seemingly from the app gateway under connected devices. When I click on them, I get the following error: 

resource Id: /subscriptions/db84baa0-4d8e-4f60-a896-a2e28675ceef/resourceGroups/armrg-1625adf0-8fb8-407a-807b-a3e164b9aa90/providers/Microsoft.Compute/virtualMachineScaleSets/appgw/virtualMachines/0, API version: 2022-03-01, {"code":"InvalidAuthenticationTokenTenant","message":"The access token is from the wrong issuer 'https://sts.windows.net/aee1d42e-29d0-401f-b3a7-4dfa337692cc/'. It must match the tenant 'https://sts.windows.net/33e01921-4d64-4f8c-a055-5bdaffd5e33d/' associated with this subscription. Please use the authority (URL) 'https://login.windows.net/33e01921-4d64-4f8c-a055-5bdaffd5e33d' to get the token. Note, if the subscription is transferred to another tenant there is no impact to the services, but information about new tenant could take time to propagate (up to an hour). If you just transferred your subscription and see this error message, please try back later."}

So I cannot delete the VNet as it has connected devices I cannot access.

I did not create the load balancer, and I'm unsure how the scale sets work.

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,252 questions
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
999 questions
Azure Load Balancer
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
416 questions
0 comments
Accepted answer
  1. msrini-MSFT 9,266 Reputation points Microsoft Employee
    2023-12-07T04:08:22.71+00:00

    Hi, This load balancer and it's IP address is something that gets created in the backend when you create Application Gateway. Looks like the deletion is not clean and needs manual clean up. There is nothing that you can do to fix this. Please raise a ticket with support and they can help in cleaning up this resource from backend.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest