Azure Cloud Services
An Azure platform as a service offer that is used to deploy web and cloud applications.
701 questions
SCCM - CMG Convert Failed from Classic Service to virtual machine scale set, Always Failing at ERROR: Exception occurred when getting certificate fesslcert identifier from key vault.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 99%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EES%3C/text%3E%3C/svg%3E)
EASAN Sathyabalan (CTA)
0
Reputation points
Hello All,
Good Day!
We had a classic CMG Service, tried to convert it after registering the resource provider with existing service name and certificate but failed hence deleted all, tried creating a new certificate and Cname but still it is failing at the specific stage as mentioned below after creating the Key Vault, Even I tried in the test env where it went very smoothly and if the fesslcert was not there in the test lab but it imported also but here in the prod it throws weird message showing always - ERROR: Exception occurred when getting certificate fesslcert identifier from key vault. even case with Microsoft is pending, anyone want to do a deep dive about this issue, please guide
Resource Manager - Key vault sameplekeyvaultcmg created. Resource properties: {~~ "sku": {~~ "family": "A",~~ "name": "standard"~~ },~~ "accessPolicies": [~~ {~~ " "permissions": {~~ "secrets": [~~ "Get",~~ "List",~~ "Set",~~ "Delete"~~ ],~~ "certificates": [~~ "Get",~~ "List",~~ "Update",~~ "Create",~~ "Import",~~ "Delete"~~ ]~~ }~~ }~~ ],~~ "enabledForDeployment": true,~~ "enabledForTemplateDeployment": true,~~ "vaultUri": "provisioningState": "Succeeded"~~}
ERROR: Exception occurred when getting certificate fesslcert identifier from key vault. System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The remote server returned an error: (403) Forbidden.~~ at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)~~ at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)~~ --- End of inner exception stack trace ---~~ at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~ at Microsoft.Rest.RetryAfterDelegatingHandler.<SendAsync>d__7.MoveNext()--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~ at Microsoft.Rest.RetryDelegatingHandler.<>c__DisplayClass15_0.<<SendAsync>b__0>d.MoveNext()--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~ at Microsoft.Rest.RetryDelegatingHandler.<SendAsync>d__15.MoveNext()--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~ at Microsoft.Azure.KeyVault.KeyVaultCredential.<ProcessHttpRequestAsync>d__13.MoveNext()--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~ at Microsoft.Azure.KeyVault.KeyVaultClient.<GetCertificateWithHttpMessagesAsync>d__90.MoveNext()--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~ at Microsoft.Azure.KeyVault.KeyVaultClientExtensions.<GetCertificateAsync>d__21.MoveNext()--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~ at Microsoft.ConfigurationManager.AzureManagement.ResourceManager.GetCertificateIdentifierFromKeyVaultEx(String vaultUrl, String certName, String& certThumbprint)
ERROR: Exception occured for service cmgprod : System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The remote server returned an error: (403) Forbidden.~~ at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)~~ at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)~~ --- End of inner exception stack trace ---~~ at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~ at Microsoft.Rest.RetryAfterDelegatingHandler.<SendAsync>d__7.MoveNext()--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~ at Microsoft.Rest.RetryDelegatingHandler.<>c__DisplayClass15_0.<<SendAsync>b__0>d.MoveNext()--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~ at Microsoft.Rest.RetryDelegatingHandler.<SendAsync>d__15.MoveNext()--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~ at Microsoft.Azure.KeyVault.KeyVaultCredential.<ProcessHttpRequestAsync>d__13.MoveNext()--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~ at Microsoft.Azure.KeyVault.KeyVaultClient.<GetCertificateWithHttpMessagesAsync>d__90.MoveNext()--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~ at Microsoft.Azure.KeyVault.KeyVaultClientExtensions.<GetCertificateAsync>d__21.MoveNext()--- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()~~ at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~ at Microsoft.ConfigurationManager.AzureManagement.ResourceManager.GetCertificateIdentifierFromKeyVaultEx(String vaultUrl, String certName, String& certThumbprint)~~ at Microsoft.ConfigurationManager.CloudServicesManager.TaskUtility.UploadServiceCertificateToKeyVault(AzureService azureService, String keyVaultName)~~ at Microsoft.ConfigurationManager.CloudServicesManager.CreateDeploymentTask.Start(Object taskState).
{count} votes
-
Rahul Jindal [MVP] 10,196 Reputation points MVP2024-07-07T21:00:22.8533333+00:00 Was the cname entry updated to support new syntax for CMG service name?
-
EASAN Sathyabalan (CTA) 0 Reputation points
2024-07-08T10:30:17.3533333+00:00 Hi Rahul Jindal,
yes, cname has been updated as per the CMG Service name, not sure why it is stuck at certificate import or reading certificate info key vault
-
EASAN Sathyabalan (CTA) 0 Reputation points
2024-07-08T12:55:44.29+00:00 tried this also SCCM Web API has read access to Key Vault - https://learn.microsoft.com/en-us/azure/api-management/api-management-troubleshoot-cannot-add-custom-domain?source=recommendations
-
vipullag-MSFT 26,316 Reputation points2024-07-11T03:45:36.8433333+00:00 Hello EASAN Sathyabalan (CTA)
This issue needs deeper investigation. Support team will be able to check and help on this. I would recommend you to open a azure support case.
Sign in to comment
Sign in to answer