Azure AD B2C deployment fails with "The response for resource had empty or invalid content."

Question

Azure AD B2C deployment fails with "The response for resource had empty or invalid content."

Matthias Neugebauer 21

What could be the root cause of the following error message, when I try to deploy a fresh Azure B2C instance?

I receive the following error trying to deploy a fresh Azure B2C instance using BICEP.

{  
  "code": "DeploymentFailed",  
  "message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.",  
  "details": [  
    {  
      "code": "ResourceDeploymentFailure",  
      "message": "The response for resource had empty or invalid content."  
    }  
  ]  
}

Creating a new instance in the Portal works fine. I receive the same error when I export the ARM template and try to deploy this via Azure CLI.

My BICEP file is

main.bicep

targetScope = 'resourceGroup'  
  
param location string  
  
module b2ctenant 'b2ctenant.bicep' = {  
  name: 'b2ctenant-module'  
  scope: resourceGroup()  
  params: {  
    location: location  
  }  
}

b2ctenant.bicep

param location string  
  
resource b2ctenant 'Microsoft.AzureActiveDirectory/b2cDirectories@2021-04-01' = {  
  location: location  
  name: 'mattneugcontose01'  
  sku: {  
    name: 'Standard'  
    tier: 'A0'  
  }  
  tags: {}  
  properties: {  
    createTenantProperties: {  
      countryCode: 'US'  
      displayName: 'Contoso'  
    }  
  }  
}

powershell deployment script:

$ResourceGroup = "rg-xxxxxxxx-xx-bicep-01"  
  
az account set --subscription "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"  
az group create --name $ResourceGroup --location eastus  
az deployment group create --resource-group $ResourceGroup --template-file main.bicep --parameters location=global

Your help is appreciated.
Matthias

James Hamil 27,221 Reputation points Microsoft Employee Moderator

2022-06-20T20:37:40.337+00:00

Hi @Matthias Neugebauer , thanks for the question. Are you following any documentation for this? Or did you make the files yourself? It would help me trace the issue if I had a link.

Thank you,
James
Matthias Neugebauer 1 Reputation point

2022-06-21T11:00:43.147+00:00

James, I created the files myself and this is all what's needed to replay the issue.
Matthias

Accepted answer

3 additional answers

Your answer

James Hamil 27,221 Reputation points Microsoft Employee Moderator

2022-06-20T20:37:40.337+00:00

Hi @Matthias Neugebauer , thanks for the question. Are you following any documentation for this? Or did you make the files yourself? It would help me trace the issue if I had a link.

Thank you,
James
Matthias Neugebauer 1 Reputation point

2022-06-21T11:00:43.147+00:00

James, I created the files myself and this is all what's needed to replay the issue.
Matthias

Answer 1

Hi @Matthias Neugebauer , I think your problem is detailed here.

"It is not possible to create from any IAC tools . As Microsoft.AzureActiveDirectory/b2cDirectories@2019-01-01-preview Rest API hasn't been added to the IAC modules.

As an alternative you can use Az CLI along with Rest API's with the below script :

az login  
  
SUBS=`az account show --query "id" -o tsv` \  
RG=b2cdemotest \  
DOMAIN=b2cdemo1ansuman \  
LOCATION=westeurope  
  
az group create --name $RG --location $LOCATION  
  
  
# deploy  
  
az rest --method put --url https://management.azure.com/subscriptions/$SUBS/resourceGroups/$RG/providers/Microsoft.AzureActiveDirectory/b2cDirectories/$DOMAIN.onmicrosoft.com?api-version=2019-01-01-preview --body @b2c.json --verbose  
  
  
# get  
  
az account tenant list  
  
az rest --method get --url https://management.azure.com/subscriptions/$SUBS/resourceGroups/$RG/providers/Microsoft.AzureActiveDirectory/b2cDirectories/$DOMAIN.onmicrosoft.com?api-version=2019-01-01-preview | jq  
  
  
# delete  
  
az rest --method delete --url https://management.azure.com/subscriptions/$SUBS/resourceGroups/$RG/providers/Microsoft.AzureActiveDirectory/b2cDirectories/$DOMAIN.onmicrosoft.com?api-version=2019-01-01-preview --verbose  
  
> verify if B2C tenant was removed then remove the Resource Group  
  
az group delete --name $RG

Please let me know if you're still having trouble or if you have any questions.

If this answer helped you please mark it as "Verified" so other users can reference it.

Thank you,
James

Matthias Neugebauer 21 Reputation points

2022-06-23T11:08:56.333+00:00

James, thanks for the comments.
I got the REST approach working. But I needed to send an additional REST request to complete the deployment. The URL for this additional request is sent as 'location' header in the response (status code 202). I you do not do this, the deployment is accepted but never completed/started. If I am not mistaken, this is missing in your example script or let me know how you completed the deployment.

I also had a session with Microsoft Support getting the BICEP deployment to work. The issue here was the naming of the domain. Mine contained '-'. After removing them, deployment succeeded fine.

Cheers
Matthias
Matthias Neugebauer 21 Reputation points

2022-06-23T11:23:10.017+00:00

Let me add the BICEP and CLI details

param location string resource symbolicname 'Microsoft.AzureActiveDirectory/b2cDirectories@2021-04-01' = { name: 'mattneuglucastest.onmicrosoft.com' location: location tags: { tagName1: 'tagValue1' tagName2: 'tagValue2' } sku: { name: 'Standard' tier: 'A0' } properties: { createTenantProperties: { countryCode: 'DE' displayName: 'mattneuglucastest' } } }

the CLI was

az deployment group create --resource-group rg-mattneug-b2-bicep-03 --template-file lucas.bicep --parameters location='Europe'

Answer 2

BigRollTide 5

This behavior is still the case with Microsoft.AzureActiveDirectory/b2cDirectories@2021-04-01. It creates the B2C if not existing, but throws "message": "The response for resource had empty or invalid content." if it already exists.

The error message is better with Microsoft.AzureActiveDirectory/b2cDirectories@2023-05-17-preview, but still does not work if it already exists. This should not happen at all. The error with that (latest allowed by VSCode) API is An entry with sub id: (guid) and resource group Id: (resource group name) and resource: (b2cname) already exists in the system. Please try to create the resource after deleting the existing one, or in a different resource group. (Code:BadRequest).

Matthias Neugebauer 21 Reputation points

2024-11-08T09:10:10.18+00:00

Thanks a lot @BigRollTide

Answer 3

krishh309 1

Hi @Matthias Neugebauer
Can you please share the files you used with rest api approach, specially the addidtional REST request you did.
Thanks

Matthias Neugebauer 21 Reputation points

2023-01-03T16:49:04.683+00:00

Krishh309, unfortunately, I do not have the code anymore. But it is basically the example from James + the additional request using the URL from the location header in the response.
Hopes this helps.
Matthias

Answer 4

Robert de Veen 0

Did you try to find an answer on this error by using the debug logging as described here:

https://learn.microsoft.com/en-us/azure/azure-resource-manager/troubleshooting/enable-debug-logging?tabs=azure-powershell

Share via

Azure AD B2C deployment fails with "The response for resource had empty or invalid content."

3 additional answers

Your answer