Open
Description
Description
Az.Network 6.2.0 the Set-AzVirtualNetworkSubnetConfig doesn't seem to able to set a NAT Gateway to a subnet, it does not error but never sets. The same exact command (replacing NATGAteway with NSG) works as expected when applying an NSG to a subnet.
Issue script & Debug output
Returned data is too long, I have pasted a subset, I have the full output if needed.
PS D:\Scripts> $DebugPreference='Continue'
PS D:\Scripts> Set-AzVirtualNetworkSubnetConfig -VirtualNetwork $Vnet -Name $Name -AddressPrefix $Prefix -InputObject $NatGW | Set-AzVirtualNetwork
DEBUG: 10:45:24 AM - SetAzureVirtualNetworkSubnetConfigCommand begin processing with ParameterSet 'SetByResource'.
DEBUG: 10:45:24 AM - using account id ''...
DEBUG: 10:45:24 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 10:45:24 AM - SetAzureVirtualNetworkCommand begin processing with ParameterSet '__AllParameterSets'.
DEBUG: 10:45:24 AM - using account id '...
DEBUG: 10:45:24 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: [Common.Authentication]: Authenticating using Account: 'j', environment: 'AzureCloud', tenant: 'f'
DEBUG: 10:45:24 AM - [ConfigManager] Got nothing from [EnableLoginByWam], Module = [], Cmdlet = []. Returning default value [False].
DEBUG: 10:45:24 AM - [SilentAuthenticator] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'', Scopes:'https://management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:''
DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId:
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.11 Microsoft Windows 10.0.22621 [2023-10-19 14:45:24Z - bdaa1c9c-0a22-4a72-975d-65163fdcdf66] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.11 Microsoft Windows 10.0.22621 [2023-10-19 14:45:24Z - bdaa1c9c-0a22-4a72-975d-65163fdcdf66] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.11 Microsoft Windows 10.0.22621 [2023-10-19 14:45:24Z - bdaa1c9c-0a22-4a72-975d-65163fdcdf66] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.11 Microsoft Windows 10.0.22621 [2023-10-19 14:45:24Z - bdaa1c9c-0a22-4a72-975d-65163fdcdf66] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.11 Microsoft Windows 10.0.22621 [2023-10-19 14:45:24Z - bdaa1c9c-0a22-4a72-975d-65163fdcdf66] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.11 Microsoft Windows 10.0.22621 [2023-10-19 14:45:24Z - bdaa1c9c-0a22-4a72-975d-65163fdcdf66] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.11 Microsoft Windows 10.0.22621 [2023-10-19 14:45:24Z - bdaa1c9c-0a22-4a72-975d-65163fdcdf66] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.11 Microsoft Windows 10.0.22621 [2023-10-19 14:45:24Z - bdaa1c9c-0a22-4a72-975d-65163fdcdf66] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.11 Microsoft Windows 10.0.22621 [2023-10-19 14:45:24Z] Found 4 cache accounts and 0 broker accounts
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.11 Microsoft Windows 10.0.22621 [2023-10-19 14:45:24Z] Returning 4 accounts
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.11 Microsoft Windows 10.0.22621 [2023-10-19 14:45:24Z - 5060335b-4389-4e5d-9bba-b0ce946aa9e3] MSAL MSAL.NetCore with assembly version '4.49.1.0'. CorrelationId(5060335b-4389-4e5d-9bba-b0ce946aa9e3)
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.11 Microsoft Windows 10.0.22621 [2023-10-19 14:45:24Z - 5060335b-4389-4e5d-9bba-b0ce946aa9e3] === AcquireTokenSilent Parameters ===
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.11 Microsoft Windows 10.0.22621 [2023-10-19 14:45:24Z - 5060335b-4389-4e5d-9bba-b0ce946aa9e3] LoginHint provided: False
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.11 Microsoft Windows 10.0.22621 [2023-10-19 14:45:24Z - 5060335b-4389-4e5d-9bba-b0ce946aa9e3] Account provided: True
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.11 Microsoft Windows 10.0.22621 [2023-10-19 14:45:24Z - 5060335b-4389-4e5d-9bba-b0ce946aa9e3] ForceRefresh: False
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.11 Microsoft Windows 10.0.22621 [2023-10-19 14:45:24Z - 5060335b-4389-4e5d-9bba-b0ce946aa9e3]
=== Request Data ===
Authority Provided? - True
Scopes - https://management.core.windows.net//.default
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenSilent
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 5060335b-4389-4e5d-9bba-b0ce946aa9e3
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.11 Microsoft Windows 10.0.22621 [2023-10-19 14:45:24Z - 5060335b-4389-4e5d-9bba-b0ce946aa9e3] === Token Acquisition (SilentRequest) started:
Scopes: https://management.core.windows.net//.default
Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.11 Microsoft Windows 10.0.22621 [2023-10-19 14:45:24Z - 5060335b-4389-4e5d-9bba-b0ce946aa9e3] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.11 Microsoft Windows 10.0.22621 [2023-10-19 14:45:24Z - 5060335b-4389-4e5d-9bba-b0ce946aa9e3] Access token is not expired. Returning the found cache entry. [Current time (10/19/2023 14:45:24) - Expiration Time (10/19/2023 16:01:00 +00:00) - Extended Expiration Time (10/19/2023 16:01:00 +00:00)]
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.11 Microsoft Windows 10.0.22621 [2023-10-19 14:45:24Z - 5060335b-4389-4e5d-9bba-b0ce946aa9e3] Returning access token found in cache. RefreshOn exists ? False
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.11 Microsoft Windows 10.0.22621 [2023-10-19 14:45:24Z - 5060335b-4389-4e5d-9bba-b0ce946aa9e3] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.11 Microsoft Windows 10.0.22621 [2023-10-19 14:45:24Z - 5060335b-4389-4e5d-9bba-b0ce946aa9e3]
=== Token Acquisition finished successfully:
DEBUG: False MSAL 4.49.1.0 MSAL.NetCore .NET 7.0.11 Microsoft Windows 10.0.22621 [2023-10-19 14:45:24Z - 5060335b-4389-4e5d-9bba-b0ce946aa9e3] AT expiration time: 10/19/2023 4:01:00 PM +00:00, scopes: https://management.core.windows.net//user_impersonation https://management.core.windows.net//.default. source: Cache
DEBUG: SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: ExpiresOn: 2023-10-19T16:01:00.0000000+00:00
DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: 'f93a8abd-5bb6-4d51-87d1-d660b57030ee', UserId: 'jbeeden@dev.beeden.net'
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method:
GET
Absolute Uri:
https://management.azure.com/subscriptions/5f80d186-121e-4502-b608-b57079edf27d/resourceGroups/rg-ScriptTest-eus-001/providers/Microsoft.Network/virtualNetworks/vnet-ScriptTest-eus-001?api-version=2023-05-01
Headers:
Accept-Language : en-US
x-ms-client-request-id : 13f8a06b-15c7-4194-aab4-cac65d9494f9
Body:
DEBUG: ============================ HTTP RESPONSE ============================
Status Code:
OK
Headers:
Cache-Control : no-cache
Pragma : no-cache
ETag : W/"57220700-7c35-4e66-be18-40938487f4ac"
x-ms-request-id : 37038b34-4844-4250-aca0-946f1acaa400
x-ms-correlation-request-id : 532a124f-1666-4a0e-b2de-bd1048c7c3c0
x-ms-arm-service-request-id : 31161935-e7fb-4211-a967-5bf0c872987a
Strict-Transport-Security : max-age=31536000; includeSubDomains
Server : Microsoft-HTTPAPI/2.0,Microsoft-HTTPAPI/2.0
x-ms-ratelimit-remaining-subscription-reads: 11999
x-ms-routing-request-id : CANADACENTRAL:20231019T144524Z:532a124f-1666-4a0e-b2de-bd1048c7c3c0
X-Content-Type-Options : nosniff
Date : Thu, 19 Oct 2023 14:45:24 GMT
Body:
{
"name": "vnet-ScriptTest-eus-001",
"id": "/subscriptions/5f80d186-121e-4502-b608-b57079edf27d/resourceGroups/rg-ScriptTest-eus-001/providers/Microsoft.Network/virtualNetworks/vnet-ScriptTest-eus-001",
"etag": "W/\"57220700-7c35-4e66-be18-40938487f4ac\"",
"type": "Microsoft.Network/virtualNetworks",
"location": "eastus",
"properties": {
"provisioningState": "Succeeded",
"resourceGuid": "a5dc312f-7a7b-4f16-a924-c167d73d1716",
"addressSpace": {
"addressPrefixes": [
"10.251.1.0/24"
]
},
"subnets": [
{
"name": "AzureFirewallSubnet",
"id": "/subscriptions/5f80d186-121e-4502-b608-b57079edf27d/resourceGroups/rg-ScriptTest-eus-001/providers/Microsoft.Network/virtualNetworks/vnet-ScriptTest-eus-001/subnets/AzureFirewallSubnet",
"etag": "W/\"57220700-7c35-4e66-be18-40938487f4ac\"",
"properties": {
"provisioningState": "Succeeded",
"addressPrefix": "10.251.1.0/26",
"serviceEndpoints": [],
"delegations": [],
"privateEndpointNetworkPolicies": "Disabled",
"privateLinkServiceNetworkPolicies": "Enabled"
},
"type": "Microsoft.Network/virtualNetworks/subnets"
},
{
"name": "GatewaySubnet",
"id": "/subscriptions/5f80d186-121e-4502-b608-b57079edf27d/resourceGroups/rg-ScriptTest-eus-001/providers/Microsoft.Network/virtualNetworks/vnet-ScriptTest-eus-001/subnets/GatewaySubnet",
"etag": "W/\"57220700-7c35-4e66-be18-40938487f4ac\"",
"properties": {
"provisioningState": "Succeeded",
"addressPrefix": "10.251.1.160/27",
"serviceEndpoints": [],
"delegations": [],
"privateEndpointNetworkPolicies": "Disabled",
"privateLinkServiceNetworkPolicies": "Enabled"
},
"type": "Microsoft.Network/virtualNetworks/subnets"
},
{
"name": "AzureBastionSubnet",
"id": "/subscriptions/5f80d186-121e-4502-b608-b57079edf27d/resourceGroups/rg-ScriptTest-eus-001/providers/Microsoft.Network/virtualNetworks/vnet-ScriptTest-eus-001/subnets/AzureBastionSubnet",
"etag": "W/\"57220700-7c35-4e66-be18-40938487f4ac\"",
"properties": {
"provisioningState": "Succeeded",
"addressPrefix": "10.251.1.192/26",
"serviceEndpoints": [],
"delegations": [],
"privateEndpointNetworkPolicies": "Disabled",
"privateLinkServiceNetworkPolicies": "Enabled"
},
"type": "Microsoft.Network/virtualNetworks/subnets"
},
{
"name": "snet-msad-eus-001",
"id": "/subscriptions/5f80d186-121e-4502-b608-b57079edf27d/resourceGroups/rg-ScriptTest-eus-001/providers/Microsoft.Network/virtualNetworks/vnet-ScriptTest-eus-001/subnets/snet-msad-eus-001",
"etag": "W/\"57220700-7c35-4e66-be18-40938487f4ac\"",
"properties": {
"provisioningState": "Succeeded",
"addressPrefix": "10.251.1.128/28",
"networkSecurityGroup": {
"id": "/subscriptions/5f80d186-121e-4502-b608-b57079edf27d/resourceGroups/rg-nsg-test-eus-001/providers/Microsoft.Network/networkSecurityGroups/nsg-adlockdown-eus-001"
},
"serviceEndpoints": [],
"delegations": [],
"privateEndpointNetworkPolicies": "Disabled",
"privateLinkServiceNetworkPolicies": "Enabled"
},
"type": "Microsoft.Network/virtualNetworks/subnets"
},
{
"name": "snet-prod-eus-001",
"id": "/subscriptions/5f80d186-121e-4502-b608-b57079edf27d/resourceGroups/rg-ScriptTest-eus-001/providers/Microsoft.Network/virtualNetworks/vnet-ScriptTest-eus-001/subnets/snet-prod-eus-001",
"etag": "W/\"57220700-7c35-4e66-be18-40938487f4ac\"",
"properties": {
"provisioningState": "Succeeded",
"addressPrefix": "10.251.1.64/26",
"ipConfigurations": [
{
"id": "/subscriptions/5f80d186-121e-4502-b608-b57079edf27d/resourceGroups/RG-VM-LINUX-001/providers/Microsoft.Network/networkInterfaces/NIC-LINUX-VM-001/ipConfigurations/IPCONFIG1"
},
{
"id": "/subscriptions/5f80d186-121e-4502-b608-b57079edf27d/resourceGroups/RG-VM-LINUX-002/providers/Microsoft.Network/networkInterfaces/NIC-LINUX-VM-002/ipConfigurations/IPCONFIG1"
}
],
"serviceEndpoints": [],
"delegations": [],
"privateEndpointNetworkPolicies": "Disabled",
"privateLinkServiceNetworkPolicies": "Enabled"
},
"type": "Microsoft.Network/virtualNetworks/subnets"
}
],
"virtualNetworkPeerings": [
{
"name": "Peer-East-West",
"id": "/subscriptions/5f80d186-121e-4502-b608-b57079edf27d/resourceGroups/rg-ScriptTest-eus-001/providers/Microsoft.Network/virtualNetworks/vnet-ScriptTest-eus-001/virtualNetworkPeerings/Peer-East-West",
"etag": "W/\"57220700-7c35-4e66-be18-40938487f4ac\"",
"properties": {
"provisioningState": "Succeeded",
"resourceGuid": "ecef0abb-dfb3-0602-02a6-6ae01ba94c4f",
"peeringState": "Connected",
"peeringSyncLevel": "FullyInSync",
"remoteVirtualNetwork": {
"id": "/subscriptions/5f80d186-121e-4502-b608-b57079edf27d/resourceGroups/rg-ScriptTest-wus-001/providers/Microsoft.Network/virtualNetworks/vnet-ScriptTest-wus-001"
},
"allowVirtualNetworkAccess": true,
"allowForwardedTraffic": false,
"allowGatewayTransit": false,
"useRemoteGateways": false,
"doNotVerifyRemoteGateways": false,
"peerCompleteVnets": true,
"remoteAddressSpace": {
"addressPrefixes": [
"10.251.2.0/24"
]
},
"remoteVirtualNetworkAddressSpace": {
"addressPrefixes": [
"10.251.2.0/24"
]
},
"routeServiceVips": {}
},
"type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings"
}
],
"enableDdosProtection": false
}
}
DEBUG: AzureQoSEvent: Module: Az.Network:6.2.0; CommandName: Set-AzVirtualNetworkSubnetConfig; PSVersion: 7.3.8; IsSuccess: True; Duration: 00:00:02.0257844
DEBUG: 10:45:26 AM - SetAzureVirtualNetworkSubnetConfigCommand end processing.
DEBUG: 10:45:26 AM - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 10:45:26 AM - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [False].
DEBUG: AzureQoSEvent: Module: Az.Network:6.2.0; CommandName: Set-AzVirtualNetwork; PSVersion: 7.3.8; IsSuccess: True; Duration: 00:00:02.0761042
DEBUG: 10:45:26 AM - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 10:45:26 AM - SetAzureVirtualNetworkCommand end processing.
ResourceGroupName Name Location ProvisioningState EnableDdosProtection
----------------- ---- -------- ----------------- --------------------
rg-ScriptTest-eus-001 vnet-ScriptTest-eus-001 eastus Succeeded FalseEnvironment data
Name Value
---- -----
PSVersion 7.3.8
PSEdition Core
GitCommitId 7.3.8
OS Microsoft Windows 10.0.22621
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0Module versions
ModuleType Version PreRelease Name ExportedCommands
---------- ------- ---------- ---- ----------------
Script 2.13.1 Az.Accounts {Add-AzEnvironment, Clear-AzConfig, Clear-AzConte…
Script 6.2.0 Az.Network {Add-AzApplicationGatewayAuthenticationCertificat…Error output
PS D:\Scripts> Resolve-AzError
DEBUG: 10:47:44 AM - ResolveError begin processing with ParameterSet 'AnyErrorParameterSet'.
DEBUG: 10:47:44 AM - using account id '[email protected]'...
DEBUG: 10:47:44 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 10:47:44 AM - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 10:47:44 AM - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [False].
DEBUG: AzureQoSEvent: Module: Az.Accounts:2.13.1; CommandName: Resolve-AzError; PSVersion: 7.3.8; IsSuccess: True; Duration: 00:00:00.0013459
DEBUG: 10:47:44 AM - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 10:47:44 AM - ResolveError end processing