No puedo eliminar un resource group donde hay un Az firewall y una policy

Franco Iván Paco 0 Reputation points
2023-03-27T22:20:29.5666667+00:00

El error es el siguiente:

Deletion of resource group 'hub-rg' failed as resources with identifiers 'Microsoft.Network/firewallPolicies/AzureFirewallPolicy,Microsoft.Network/publicIPAddresses/AzureFirewall-pip,Microsoft.Network/virtualNetworks/hub-vnet,Microsoft.Network/azureFirewalls/AzureFirewall' could not be deleted. The provisioning state of the resource group will be rolled back. The tracking Id is 'b405d3f9-750d-4732-a081-4f8b4e211bf6'. Please check audit logs for more details.

La cuestion es que la suscripcion es MPN y se encuentra deshabilitada por haber alcanzado su máximo.

El estado del Firewall es failed. adjunto captura.

User's image

User's image

User's image

error:

Delete resource group hub-rg failed

Failed to delete resource group hub-rg: Deletion of resource group 'hub-rg' failed as resources with identifiers 'Microsoft.Network/firewallPolicies/AzureFirewallPolicy,Microsoft.Network/publicIPAddresses/AzureFirewall-pip,Microsoft.Network/virtualNetworks/hub-vnet,Microsoft.Network/azureFirewalls/AzureFirewall' could not be deleted. The provisioning state of the resource group will be rolled back. The tracking Id is '6a3c51e1-XXXXXXXXXXXXXXXXX'. Please check audit logs for more details. (Code: ResourceGroupDeletionBlocked) Firewall Policy '/subscriptions/XXXXXXXXXXXXXXXXXXX/resourceGroups/hub-rg/providers/Microsoft.Network/firewallPolicies/AzureFirewallPolicy' can not be deleted since there are Azure Firewalls using this policy. (Code: FirewallPolicyHasAzureFirewallReferences, Target: /subscriptions/XXXXXXXXXXXXXXXXXXXX/resourceGroups/hub-rg/providers/Microsoft.Network/firewallPolicies/AzureFirewallPolicy) Public IP address /subscriptions/XXXXXXXXXXXXXXXXXXXXX/resourceGroups/hub-rg/providers/Microsoft.Network/publicIPAddresses/AzureFirewall-pip can not be deleted since it is still allocated to resource /subscriptions/6XXXXXXXXXXXXXXXXX/resourceGroups/hub-rg/providers/Microsoft.Network/azureFirewalls/AzureFirewall/azureFirewallIpConfigurations/fw-ipconfig. In order to delete the public IP, disassociate/detach the Public IP address from the resource. To learn how to do this, see aka.ms/deletepublicip. (Code: PublicIPAddressCannotBeDeleted, Target: /subscriptions/XXXXXXXXXXXXXXXXXX/resourceGroups/hub-rg/providers/Microsoft.Network/publicIPAddresses/AzureFirewall-pip) Subnet AzureFirewallSubnet is in use by /subscriptions/XXXXXXXXXXXXXXXXXXX/resourceGroups/hub-rg/providers/Microsoft.Network/azureFirewalls/AzureFirewall/azureFirewallIpConfigurations/fw-ipconfig and cannot be deleted. In order to delete the subnet, delete all the resources within the subnet. See aka.ms/deletesubnet. (Code: InUseSubnetCannotBeDeleted, Target: /subscriptions/XXXXXXXXXXXXXXXXXXXXXXX/resourceGroups/hub-rg/providers/Microsoft.Network/virtualNetworks/hub-vnet) The request to delete the resource 'Microsoft.Network/azureFirewalls/AzureFirewall' failed. subscription id 'XXXXXXXXXXXXXXXX', activity id 'XXXXXXXXXXX', request correlation id '6a3c51e1-08df-414a-9a4c-04c94ca8e0f8'. (Code: ResourceDeletionFailed, Target: /subscriptions/XXXXXXXXXXXXXXXXx/resourceGroups/hub-rg/providers/Microsoft.Network/azureFirewalls/AzureFirewall)

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
567 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. ChaitanyaNaykodi-MSFT 22,776 Reputation points Microsoft Employee
    2023-03-28T01:07:58.17+00:00

    @Franco Iván Paco

    Welcome to the Microsoft Q&A forum.

    I understand it correctly you are trying to delete an Azure Firewall, Azure firewall policy deployed in the MPN subscription that is disabled because it has reached its maximum spend limit. The Azure Firewall is in Failed state and you are unable to delete the firewall policy as it is linked to Azure Firewall.

    As the subscription is disabled, I am not sure if you are still able to access the resources or able to run any PowerShell Commands to modify the resources. If you are not able to access the resources, you will have to file a support ticket with us to resolve the issue. You can file a Billing and subscription management support ticket as it is free to all customers. Please let me know if you need any help here.

    If you are able to access the resources or able to run any PowerShell Commands to modify the resources. You can follow the steps mentioned below to delete the resources.

    • Firewall is in failed state: As documented here if the resource is in the failed state, further operations on the resource or on other resources that depend on it might fail. You need to revert the state back to succeeded before running other operations. The easiest way to achieve this task is to use Azure PowerShell. Issue a resource-specific Get command that fetches all the current configuration for the resource. Next, run a Set command, or equivalent, to commit to Azure a write operation that contains all the resource properties as currently configured. You can run this command for Azure Firewall to bring it back to succeeded state. Get-AzVirtualNetworkGatewayConnection -Name "your_resource_name" -ResourceGroupName "your_resource_group_name" | Set-AzVirtualNetworkGatewayConnection
    • Unable to delete the firewall policy as it is linked to Azure Firewall: If you are able to bring the firewall back in succeeded stage. In order to delete the firewall policy you need to diss-associate from the firewall first. You can do this by following the steps mentioned in this thread.

    After deleting the Firewall and Firewall policy you should be able to delete the Public IP and the virtual Network.

    Hope this helps! Please let me know if you have any questions.

    ​​Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments