Error assigning a policy using Azure powershell and Azure Cli

Question

I'm trying to assign an initiative using Azure Cli or Azure powershell and I'm getting the following error

New-AzManagementGroupDeployment -ManagementGroupId $managemenGroupId -Location $location -TemplateFile ./deployment/Policies/Assignments/VDQ-Location.bicep -TemplateParameterFile ./deployment/Resources/VDQ-Location.bicepparam -Verbose -Debug -WhatIf

VERBOSE: Using Bicep v0.30.3

VERBOSE: Calling Bicep with arguments: build-params "/home/ahmed/VDQ Repos/vdq-sandbox/deployment/Resources/VDQ-Location.bicepparam" --stdout

VERBOSE: Using Bicep v0.30.3

VERBOSE: Calling Bicep with arguments: build "/home/ahmed/VDQ Repos/vdq-sandbox/deployment/Policies/Assignments/VDQ-Location.bicep" --stdout

DEBUG: 22:01:46 - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].

DEBUG: 22:01:46 - NewAzureManagementGroupDeploymentCmdlet begin processing with ParameterSet 'ByTemplateFileAndParameterFile'.

DEBUG: 22:01:46 - using account id 'ahmed.elghilani2@gmail.com'...

DEBUG: 22:01:46 - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].

VERBOSE: Using Bicep v0.30.3

VERBOSE: Calling Bicep with arguments: build-params "/home/ahmed/VDQ Repos/vdq-sandbox/deployment/Resources/VDQ-Location.bicepparam" --stdout

Getting the latest status of all resources...DEBUG: [Common.Authentication]: Authenticating using Account: 'ahmed.elghilani2@gmail.com', environment: 'AzureCloud', tenant: 'd3a7ce51-a240-4342-9748-4b13122431b6'

DEBUG: 22:01:49 - [ConfigManager] Got nothing from [DisableInstanceDiscovery], Module = [], Cmdlet = []. Returning default value [False].

DEBUG: 22:01:49 - [ConfigManager] Got nothing from [EnableLoginByWam], Module = [], Cmdlet = []. Returning default value [True].

DEBUG: 22:01:49 - [SilentAuthenticator] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'d3a7ce51-a240-4342-9748-4b13122431b6', Scopes:'https://management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'ahmed.elghilani2@gmail.com'

DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId:

DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Linux [2024-09-24 02:01:49Z - 709b9cf8-713b-4893-bb71-b60affec4c44] IsLegacyAdalCacheEnabled: yes

DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Linux [2024-09-24 02:01:49Z - 709b9cf8-713b-4893-bb71-b60affec4c44] [Region discovery] Not using a regional authority.

DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Linux [2024-09-24 02:01:49Z - 709b9cf8-713b-4893-bb71-b60affec4c44] IsLegacyAdalCacheEnabled: yes

DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Linux [2024-09-24 02:01:49Z] Found 1 cache accounts and 0 broker accounts

DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Linux [2024-09-24 02:01:49Z] Returning 1 accounts

DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Linux [2024-09-24 02:01:49Z - 509d809f-c763-4f70-bd0a-15fee77f0b4d] MSAL MSAL.CoreCLR with assembly version '4.61.3.0'. CorrelationId(509d809f-c763-4f70-bd0a-15fee77f0b4d)

DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Linux [2024-09-24 02:01:49Z - 509d809f-c763-4f70-bd0a-15fee77f0b4d] === AcquireTokenSilent Parameters ===

DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Linux [2024-09-24 02:01:49Z - 509d809f-c763-4f70-bd0a-15fee77f0b4d] LoginHint provided: False

DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Linux [2024-09-24 02:01:49Z - 509d809f-c763-4f70-bd0a-15fee77f0b4d] Account provided: True

DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Linux [2024-09-24 02:01:49Z - 509d809f-c763-4f70-bd0a-15fee77f0b4d] ForceRefresh: False

DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Linux [2024-09-24 02:01:49Z - 509d809f-c763-4f70-bd0a-15fee77f0b4d]

=== Request Data ===

Authority Provided? - True

Scopes - https://management.core.windows.net//.default

Extra Query Params Keys (space separated) -

ApiId - AcquireTokenSilent

IsConfidentialClient - False

SendX5C - False

LoginHint ? False

IsBrokerConfigured - False

HomeAccountId - False

CorrelationId - 509d809f-c763-4f70-bd0a-15fee77f0b4d

UserAssertion set: False

LongRunningOboCacheKey set: False

Region configured:

DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Linux [2024-09-24 02:01:49Z - 509d809f-c763-4f70-bd0a-15fee77f0b4d] === Token Acquisition (SilentRequest) started:

     Scopes: https://management.core.windows.net//.default

    Authority Host: login.microsoftonline.com

DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Linux [2024-09-24 02:01:49Z - 509d809f-c763-4f70-bd0a-15fee77f0b4d] [Region discovery] Not using a regional authority.

DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Linux [2024-09-24 02:01:49Z - 509d809f-c763-4f70-bd0a-15fee77f0b4d] Access token is not expired. Returning the found cache entry. [Current time (09/24/2024 02:01:49) - Expiration Time (09/24/2024 03:04:31 +00:00) - Extended Expiration Time (09/24/2024 03:04:31 +00:00)]

DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Linux [2024-09-24 02:01:49Z - 509d809f-c763-4f70-bd0a-15fee77f0b4d] Returning access token found in cache. RefreshOn exists ? False

DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Linux [2024-09-24 02:01:49Z - 509d809f-c763-4f70-bd0a-15fee77f0b4d] [Region discovery] Not using a regional authority.

DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Linux [2024-09-24 02:01:49Z - 509d809f-c763-4f70-bd0a-15fee77f0b4d]

    === Token Acquisition finished successfully:

DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.8 Linux [2024-09-24 02:01:49Z - 509d809f-c763-4f70-bd0a-15fee77f0b4d] AT expiration time: 09/24/2024 03:04:31 +00:00, scopes: https://management.core.windows.net//.default https://management.core.windows.net//user_impersonation. source: Cache

DEBUG: SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: ExpiresOn: 2024-09-24T03:04:31.0000000+00:00

DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: 'd3a7ce51-a240-4342-9748-4b13122431b6', UserId: 'ahmed.elghilani2@gmail.com'

DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:

POST

Absolute Uri:

https://management.azure.com/providers/Microsoft.Management/managementGroups/mg_ti/providers/Microsoft.Resources/deployments/843bc2bb-95ad-49b3-bdb5-9e2584be8afc/whatIf?api-version=2021-04-01

Headers:

Accept-Language : en-US

x-ms-client-request-id : 396d75d4-cf33-41e9-9b12-8cfd3006ac81

Code

DEBUG: ============================ HTTP RESPONSE ============================

Status Code:

OK

Headers:

Cache-Control : no-cache

Pragma : no-cache

x-ms-ratelimit-remaining-tenant-reads: 249

x-ms-request-id : 1fddc786-b3b5-4100-9e43-b6131430312a

x-ms-correlation-request-id : 1fddc786-b3b5-4100-9e43-b6131430312a

x-ms-routing-request-id : CANADAEAST:20240924T020204Z:1fddc786-b3b5-4100-9e43-b6131430312a

Strict-Transport-Security : max-age=31536000; includeSubDomains

X-Content-Type-Options : nosniff

X-Cache : CONFIG_NOCACHE

X-MSEdge-Ref : Ref A: E4F3F147DC2741E3B046B3FE1B241285 Ref B: YTO221090812033 Ref C: 2024-09-24T02:02:04Z

Date : Tue, 24 Sep 2024 02:02:04 GMT

Body:

{

"status": "Failed",

"error": {

"code": "InternalServerError",

"message": "Encountered internal server error while processing the deployment what-if request. Diagnostic information: timestamp '20240924T020152Z', scope '/providers/Microsoft.Management/managementGroups/mg_ti', tracking id '9aec1b30-e538-46ed-a5b9-c73550647256', request correlation id '22521429-789e-4499-9d7e-f26204f771a6'."

}

DEBUG: 22:02:05 - [ResourceManagerCmdletBase.ExecuteCmdlet] Caught unhandled exception: Microsoft.Rest.Azure.CloudException:

InternalServerError - Long running operation failed with status 'Failed'. Additional Info:'Encountered internal server error while processing the deployment what-if request. Diagnostic information: timestamp '20240924T020152Z', scope '/providers/Microsoft.Management/managementGroups/mg_ti', tracking id '9aec1b30-e538-46ed-a5b9-c73550647256', request correlation id '22521429-789e-4499-9d7e-f26204f771a6'.'

at Microsoft.Azure.Commands.ResourceManager.Cmdlets.SdkClient.NewResourceManagerSdkClient.ExecuteDeploymentWhatIf(PSDeploymentWhatIfCmdletParameters parameters)

at Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.CmdletBase.DeploymentWhatIfCmdlet.ExecuteWhatIf()

at Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.CmdletBase.DeploymentCreateCmdlet.OnProcessRecord()

at Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.ResourceManagerCmdletBase.ExecuteCmdlet()

DEBUG: 22:02:05 - [ConfigManager] Got nothing from [EnableErrorRecordsPersistence], Module = [], Cmdlet = []. Returning default value [False].

New-AzManagementGroupDeployment:

InternalServerError - Long running operation failed with status 'Failed'. Additional Info:'Encountered internal server error while processing the deployment what-if request. Diagnostic information: timestamp '20240924T020152Z', scope '/providers/Microsoft.Management/managementGroups/mg_ti', tracking id '9aec1b30-e538-46ed-a5b9-c73550647256', request correlation id '22521429-789e-4499-9d7e-f26204f771a6'.'

DEBUG: 22:02:05 - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].

DEBUG: 22:02:05 - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True].

DEBUG: 22:02:05 - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [True].

DEBUG: AzureQoSEvent: Module: Az.Resources:7.4.0; CommandName: New-AzManagementGroupDeployment; PSVersion: 7.4.5; IsSuccess: False; Duration: 00:00:19.1081496; SanitizeDuration: 00:00:00; Exception:

InternalServerError - Long running operation failed with status 'Failed'. Additional Info:'Encountered internal server error while processing the deployment what-if request. Diagnostic information: timestamp '20240924T020152Z', scope '/providers/Microsoft.Management/managementGroups/mg_ti', tracking id '9aec1b30-e538-46ed-a5b9-c73550647256', request correlation id '22521429-789e-4499-9d7e-f26204f771a6'.';

DEBUG: 22:02:05 - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True].

DEBUG: 22:02:06 - NewAzureManagementGroupDeploymentCmdlet end processing.

Share via

Error assigning a policy using Azure powershell and Azure Cli

Your answer