Share via

Deploying SQL Server with High Availability fails due to access denied error

Stu 0 Reputation points
2024-07-12T08:57:52.1933333+00:00

I'm having trouble deploying SQL Server with High Availability from the Azure Marketplace. VMs and storage deploy successfully, but it fails on the Create new or update existing availability group listener step with the AccessDenied error seen below:

"statusMessage": "{\"status\":\"Failed\",\"error\":{\"code\":\"ResourceOperationFailure\",\"message\":\"The resource operation completed with terminal provisioning state 'Failed'.\",\"details\":[{\"code\":\"AccessDenied\",\"message\":\"Access denied for resource '/subscriptions/11111111-1111-1111-1111-111111111111/resourceGroups/rg-test/providers/Microsoft.Network/networkInterfaces/vmsqlcluster-2-ni'.\"}]}}",

I have owner access to the subscription and confirmed there are no deny RBAC entries or locks on the resource. Can anyone suggest how to solve this issue?

SQL Server on Azure Virtual Machines
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,014 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Luis Arias 7,121 Reputation points
    2024-07-13T10:10:49.6266667+00:00

    Hi Stu,

    It looks like you are facing problems with the deployments from marketplace, here are a few suggestions that might help:

    • Check the permissions: Even though you have owner access to the subscription, there might be some specific permissions required for the network interface that are not included in your role. You could try assigning yourself the Network Contributor role at the subscription or resource group level and see if that resolves the issue.
    • Check for conflicting resources: There might be another resource with the same name that is causing a conflict. Maybe from former deployments if you were trying on several times.
    • Check the service endpoints: If you’re trying to connect to your Azure SQL Database, make sure that the service you’re trying to connect from is allowed to access your Azure SQL Database.
    • Troubleshoot the deployment: You can check the event logs to see if anything is preventing the installation.

    If none of these suggestions work you can try deploying the cluster by yourself from a quick start template like: https://learn.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/availability-group-quickstart-template-configure?view=azuresql

    Additional references:

    If the information helped address your question, please Accept the answer.

    Luis

    0 comments
  2. Oury Ba-MSFT 19,501 Reputation points Microsoft Employee
    2024-07-17T19:30:06.62+00:00

    @Stu Thank you for reaching out.

    Seems like you are getting an access denied error message when trying to update an existing high availability group listener in SQL server.

    As an owner of the subscription, you should have the necessary permissions to modify an existing availability group listener.

    To create the first availability group listener of an availability group, we strongly recommend that you use SQL Server Management Studio, Transact-SQL, or SQL Server PowerShell. Avoid creating a listener directly in the WSFC cluster except when necessary, for example, to create an additional listener.

    https://learn.microsoft.com/en-us/sql/database-engine/availability-groups/windows/create-or-configure-an-availability-group-listener-sql-server?view=sql-server-ver16User's image

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.