Open
Description
Description
This error is encountered while attempting to disassociate a network security group from virtual network subnet on Azure Stack Hub. The installed Azure Powershell modules versions are required for interoperability with the Azure Stack Hub.
When running Get-AzVirtualNetwork with the NetworkSecurityGroup argument set to null, or the NetworkSecurityGroupId argument set to an empty string (single-quote or double-quote), the Network Security Group associated with the Virtual Network Subnet is not removed.
No error is generated.
As a work around, assign $null to the NetworkSecurityGroup attribute of the in-memory representation of the subnet, and apply the updated Virtual Network config:
$subnet = $vnet.Subnets | where {$_.name -eq $subnetName}
$subnet.NetworkSecurityGroup = $null
$vnet | Set-AzVirtualNetwork
Issue script & Debug output
$vnet = Get-AzVirtualNetwork -ResourceGroupName $resourceGroupName -Name $vnetName
$subnet = $vnet.Subnets | Where-Object {$_.name -eq $subnetName}
$DebugPreference='Continue'
Set-AzVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name $subnet.Name -AddressPrefix $subnet.AddressPrefix -NetworkSecurityGroup $null
DEBUG: 2:56:54 PM - SetAzureVirtualNetworkSubnetConfigCommand begin processing with ParameterSet 'SetByResource'.
DEBUG: 2:56:54 PM - using account id '****@****'...
Name : vnet-******
ResourceGroupName : rg-****
Location : ****
Id : /subscriptions/****/resourceGroups/rg-****/providers/Microsoft.Network/virtualNetworks/vnet-****
Etag : W/"****"
ResourceGuid : ****
ProvisioningState : Succeeded
Tags :
AddressSpace : {
"AddressPrefixes": [
"*.*.*.*/23"
]
}
DhcpOptions : {
"DnsServers": []
}
Subnets : [
{
"Name": "subnet-****",
"Etag": "W/\"****\"",
"Id": "/subscriptions/****/resourceGroups/rg-****/providers/Microsoft.Network/virtualNetworks/vnet-****/subnets/subnet-****",
"AddressPrefix": [
"***.***.***.***/26"
],
"IpConfigurations": [],
"ServiceAssociationLinks": [],
"ResourceNavigationLinks": [],
"InterfaceEndpoints": [],
"ProvisioningState": "Succeeded"
},
{
"Name": "test",
"Etag": "W/\"****\"",
"Id": "/subscriptions/****/resourceGroups/rg-****/providers/Microsoft.Network/virtualNetworks/vnet-****/subnets/****",
"AddressPrefix": [
"*.*.*.*/26"
],
"IpConfigurations": [],
"ServiceAssociationLinks": [],
"ResourceNavigationLinks": [],
"NetworkSecurityGroup": {
"Id": "/subscriptions/****/resourceGroups/rg-****/providers/Microsoft.Network/networkSecurityGroups/nsg-****"
},
"InterfaceEndpoints": [],
"ProvisioningState": "Succeeded"
}
]
VirtualNetworkPeerings : []
EnableDdosProtection : false
DdosProtectionPlan : null
DEBUG: AzureQoSEvent: CommandName - Set-AzVirtualNetworkSubnetConfig; IsSuccess - True; Duration - 00:00:00.0025377
DEBUG: Finish sending metric.
DEBUG: 2:56:55 PM - SetAzureVirtualNetworkSubnetConfigCommand end processing.
-----------------------------------------------
$vnet = Get-AzVirtualNetwork -ResourceGroupName $resourceGroupName -Name $vnetName
$subnet = $vnet.Subnets | Where-Object {$_.name -eq $subnetName}
$DebugPreference='Continue'
Set-AzVirtualNetworkSubnetConfig -VirtualNetwork $vnet -Name $subnet.Name -AddressPrefix $subnet.AddressPrefix -NetworkSecurityGroupId ''
DEBUG: 3:51:54 PM - SetAzureVirtualNetworkSubnetConfigCommand begin processing with ParameterSet 'SetByResourceId'.
DEBUG: 3:51:54 PM - using account id '****@****'...
Name : vnet-****
ResourceGroupName : rg-****
Location : ****
Id : /subscriptions/****/resourceGroups/rg-****/providers/Microsoft.Network/virtualNetworks/vnet-****
Etag : W/"****"
ResourceGuid : ****
ProvisioningState : Succeeded
Tags :
AddressSpace : {
"AddressPrefixes": [
"****.****.****.****/23"
]
}
DhcpOptions : {
"DnsServers": []
}
Subnets : [
{
"Name": "subnet-****",
"Etag": "W/\"****\"",
"Id": "/subscriptions/****/resourceGroups/rg-****/providers/Microsoft.Network/virtualNetworks/vnet-****/subnets/subnet-****",
"AddressPrefix": [
"****.****.****.****/26"
],
"IpConfigurations": [],
"ServiceAssociationLinks": [],
"ResourceNavigationLinks": [],
"InterfaceEndpoints": [],
"ProvisioningState": "Succeeded"
},
{
"Delegations": [],
"Name": "****",
"Etag": "W/\"****\"",
"Id": "/subscriptions/****/resourceGroups/rg-****/providers/Microsoft.Network/virtualNetworks/vnet-****/subnets/****",
"AddressPrefix": [
"****.****.****.****/26"
],
"IpConfigurations": [],
"ServiceAssociationLinks": [],
"ResourceNavigationLinks": [],
"NetworkSecurityGroup": {
"Id": "/subscriptions/****/resourceGroups/rg-****/providers/Microsoft.Network/networkSecurityGroups/nsg-****"
},
"ServiceEndpoints": [],
"ServiceEndpointPolicies": [],
"InterfaceEndpoints": [],
"ProvisioningState": "Succeeded"
}
]
VirtualNetworkPeerings : []
EnableDdosProtection : false
DdosProtectionPlan : null
DEBUG: AzureQoSEvent: CommandName - Set-AzVirtualNetworkSubnetConfig; IsSuccess - True; Duration - 00:00:00.0102366
DEBUG: Finish sending metric.
DEBUG: 3:51:55 PM - SetAzureVirtualNetworkSubnetConfigCommand end processing.Environment data
$PSVersionTable
-------------------
Name Value
---- -----
PSVersion 7.2.1
PSEdition Core
GitCommitId 7.2.1
OS Linux 3.10.0-1160.59.1.el7.x86_64 #1 SMP Wed Feb 23 16:47:03 UTC 2022
Platform Unix
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0Module versions
ModuleType Version PreRelease Name PSEdition ExportedCommands
---------- ------- ---------- ---- --------- ----------------
Script 2.0.1 Az Core,Desk
Script 2.2.8 Az.Accounts Core,Desk {Disable-AzDataCollection, Disable-AzContextAutosave, E…
Script 0.11.0 Az.Billing Core,Desk Get-UsageAggregates
Script 1.0.1 Az.BootStrapper Core,Desk {Update-AzProfile, Uninstall-AzProfile, Install-AzProfi…
Script 3.3.0 Az.Compute Core,Desk {Remove-AzAvailabilitySet, Get-AzAvailabilitySet, New-A…
Script 1.1.0 Az.DataBoxEdge Core,Desk {Get-AzDataBoxEdgeJob, Get-AzDataBoxEdgeDevice, Invoke-…
Script 0.11.0 Az.Dns Core,Desk {Get-AzDnsRecordSet, New-AzDnsRecordConfig, Remove-AzDn…
Script 1.4.3 Az.EventHub Core,Desk {New-AzEventHubNamespace, Get-AzEventHubNamespace, Set-…
Script 0.11.0 Az.IotHub Core,Desk {Add-AzIotHubKey, Get-AzIotHubEventHubConsumerGroup, Ge…
Script 0.11.0 Az.KeyVault Core,Desk {Add-AzKeyVaultCertificate, Set-AzKeyVaultCertificateAt…
Script 1.6.0 Az.Monitor Core,Desk {Get-AzMetricDefinition, Get-AzMetric, Remove-AzLogProf…
Script 1.2.2 Az.Network Core,Desk {Add-AzApplicationGatewayAuthenticationCertificate, Get…
Script 0.12.0 Az.Resources Core,Desk {Get-AzProviderOperation, Remove-AzRoleAssignment, Get-…
Script 2.6.2 Az.Storage Core,Desk {Get-AzStorageAccount, Get-AzStorageAccountKey, New-AzS…
Script 0.11.0 Az.Websites Core,Desk {Get-AzAppServicePlan, Set-AzAppServicePlan, New-AzAppS…
Script 1.0.2 Azs.Azurebridge.Admin Core,Desk {Get-AzsAzureBridgeActivation, Get-AzsAzureBridgeDownlo…
Script 1.0.2 Azs.Backup.Admin Core,Desk {Get-AzsBackup, Get-AzsBackupConfiguration, Invoke-AzsP…
Script 1.0.2 Azs.Commerce.Admin Core,Desk Get-AzsSubscriberUsage
Script 1.1.0 Azs.Compute.Admin Core,Desk {Add-AzsPlatformImage, Add-AzsVMExtension, Disable-AzsC…
Script 0.2.0 Azs.ContainerRegistry.Admin Core,Desk {Get-AzsContainerRegistry, Get-AzsContainerRegistryCapa…
Script 0.1.0 Azs.ContainerService.Admin Core,Desk {Get-AzsContainerService, Get-AzsContainerServiceQuota}
Script 1.0.1 Azs.Deployment.Admin Core,Desk {IsRetryableError, Get-AzsActionPlanAttempt, Invoke-Azs…
Script 1.0.2 Azs.Fabric.Admin Core,Desk {Add-AzsScaleUnitNode, Disable-AzsScaleUnitNode, Enable…
Script 1.0.2 Azs.Gallery.Admin Core,Desk {Add-AzsGalleryItem, Get-AzsGalleryItem, Remove-AzsGall…
Script 1.0.2 Azs.Infrastructureinsights.Admin Core,Desk {Close-AzsAlert, Get-AzsAlert, Get-AzsRegionHealth, Get…
Script 1.0.2 Azs.Keyvault.Admin Core,Desk Get-AzsKeyvaultQuota
Script 1.0.2 Azs.Network.Admin Core,Desk {Get-AzsLoadBalancer, Get-AzsNetworkAdminOverview, Get-…
Script 1.0.2 Azs.Storage.Admin Core,Desk {Get-AzsStorageAccount, Get-AzsStorageAcquisition, Get-…
Script 1.0.2 Azs.Subscriptions Core,Desk {Get-AzsDelegatedProviderOffer, Get-AzsOffer, Get-AzsSu…
Script 1.0.2 Azs.Subscriptions.Admin Core,Desk {Add-AzsPlanToOffer, Get-AzsAcquiredPlan, Get-AzsAdminM…
Manifest 0.1.161 Azs.Syndication.Admin Desk {Select-AzsMarketplaceItem, Export-AzsMarketplaceItem, …
Script 1.0.2 Azs.Update.Admin Core,Desk {Get-AzsUpdate, Get-AzsUpdateLocation, Get-AzsUpdateRun…
Manifest 2.2.0 AzureStack Core,DeskError output
Resolve-AzError WARNING: Upcoming breaking changes in the cmdlet 'Resolve-AzError' :
The `Resolve-Error` alias will be removed in a future release. Please change any scripts that use this alias to use `Resolve-AzError` instead.
Note : Go to https://aka.ms/azps-changewarnings for steps to suppress this breaking change warning, and other information on breaking changes in Azure PowerShell.
The Azure PowerShell team is listening, please let us know how we are doing: https://aka.ms/azpssurvey?Q_CHL=ERROR.