Azure Managed Application randomly fails to provision

Cezary Klus 1 Reputation point
2022-03-11T11:02:36.14+00:00

Context: deploying Managed Application via service catalog with a dedicated Blob storage for Managed Application Definition. Managed application definition is deployed via Bicep. All is done with respect to the documentation and necessary permissions: https://learn.microsoft.com/en-us/azure/azure-resource-manager/managed-applications/publish-service-catalog-app?tabs=azure-powershell#bring-your-own-storage-for-the-managed-application-definition

Then the Managed Application is being deployed via Azure Powershell: New-AzManagedApplication
Providing all the necessary parameters.

  1. With such a setup the Managed Application deployment fails randomly (recently quite frequent) with the message in Azure Portal: "The application failed to provision. Contact application support for more information."
  2. Managed resource group is created however no deployment is scheduled for it.
  3. This behaviour is random. It used to work more stable.
  4. The described method of deployment is used in our DevOps automation pipeline to deploy Managed Application.

How can we investigate what causes this issue?

Bicep template below 

   param adminPrincipalId string  
   param aspServicePrincipalId string  
   param applicationName string  
   param applicationDisplayName string  
     
   @description('The base URI where artifacts required by this template are located.')  
   param packageFileUri string  
     
   var location = resourceGroup().location  
   var lockLevel = 'ReadOnly'  
   var accountName = '....'  
     
   resource storageAccount 'Microsoft.Storage/storageAccounts@2021-08-01' = {  
     name: accountName  
     location: location  
     sku: {  
       name: 'Standard_LRS'  
     }  
     kind: 'StorageV2'  
   }  
     
   @description('This is the built-in Storage Contributor role.')  
   resource storageContributorRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {  
     scope: subscription()  
     name: '17d1049b-9a84-46fb-8f53-869881c3d3ab'  
   }  
     
   @description('This is the built-in Storage Data Owner role.')  
   resource storageDataOwnerRoleDefinition 'Microsoft.Authorization/roleDefinitions@2018-01-01-preview' existing = {  
     scope: subscription()  
     name: 'b7e6dc6d-f1e8-4753-8033-0f276bb0955b'  
   }  
     
   resource storageContributorRoleAssignApi 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {  
     scope: storageAccount  
     name: guid(storageContributorRoleDefinition.id, storageAccount.id, aspServicePrincipalId)  
     properties: {  
       roleDefinitionId: storageContributorRoleDefinition.id  
       principalId: aspServicePrincipalId  
     }  
   }  
     
   resource storageDataOwnerRoleAssignApi 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {  
     scope: storageAccount  
     name: guid(storageDataOwnerRoleDefinition.id, storageAccount.id, aspServicePrincipalId)  
     properties: {  
       roleDefinitionId: storageDataOwnerRoleDefinition.id  
       principalId: aspServicePrincipalId  
     }  
   }  
     
   var ownerRoleDefinition = '8e3af657-a8ff-443c-a75c-2fe8c4bcb635'  
     
   var kvAdminRoleDefinition = '00482a5a-887f-4fb3-b363-3b7fe8e74483'  
     
   resource managedApplicationDefinitionName 'Microsoft.Solutions/applicationDefinitions@2020-08-21-preview' = {  
     name: applicationName  
     location: location  
     properties: {  
       lockLevel: lockLevel  
       description: applicationDisplayName  
       displayName: applicationDisplayName  
       packageFileUri: packageFileUri  
       storageAccountId: storageAccount.id  
       authorizations: [  
         {  
           principalId: adminPrincipalId  
           roleDefinitionId: ownerRoleDefinition  
         }  
         {  
           principalId: adminPrincipalId  
           roleDefinitionId: kvAdminRoleDefinition  
         }  
       ]  
     }  
   }  
     
   output managedApplicationDefinitionId string = managedApplicationDefinitionName.id
Azure Managed Applications
Azure Managed Applications
An Azure service that enables managed service providers, independent software vendors, and enterprise IT teams to deliver turnkey solutions through the Azure Marketplace or service catalog.
112 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Monalla-MSFT 11,551 Reputation points
    2022-04-11T15:55:26.15+00:00

    Hello @Cezary Klus - Welcome to Microsoft Q&A and thanks for reaching out.

    Since we haven't heard back from you, we are hoping that the issue is resolved for you.

    I have also tried to reproduce the issue but was unable to do it and I have also confirmed the same with our internal product team here and confirmed that there are no existing issues going on with Azure Managed Application deployments.

    Hope this helps. and please feel free to reach out if you have any further questions.

    ------------------------------------------------------------------

    If the above response was helpful, please feel free to "Accept as Answer" and "Upvote" the same so it can be beneficial to the community.

    0 comments
  2. Cezary Klus 1 Reputation point
    2022-04-19T15:45:17.687+00:00

    Hi @Monalla-MSFT

    It is still failing randomly. Further investigation shows this error:
    194345-image.png

    This happens upon: New-AzManagedApplication