There was an error provisioning the resource group 'NetworkWatcherRG'.

Ritesh Narula 51 Reputation points
2020-10-09T18:43:05.717+00:00

I have recently deployed a new Win Machine as instructed in the below URL, but I am getting error as attached. Kindly help. Thanks.

https://learn.microsoft.com/en-gb/learn/modules/define-core-azure-services-products/4-walkthrough-create-virtual-machine

regards,
Ritesh Narula
31305-rdp-error.jpg

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,763 questions
0 comments No comments
{count} vote

Accepted answer
  1. whoward-msft 2,766 Reputation points
    2020-10-12T17:34:59.993+00:00

    Hi @Ritesh Narula ,

    Because you are creating a VM using the Concierge Subscription your access to many things is restricted and limited to only the tasks in the lab. Creating a NetworkWatcherRG is not one of the tasks in the lab so you don't have access to deploy a Network Watcher Extension to the Virtual Machine, or place it into a Resource Group. By clicking 'Test Connection' in a Virtual Machine, your attempting to deploy a Network Watcher Extension. You can carry on with the lab and complete the lab by connecting to the VM per the labs instructions. Don't worry about the error your getting as its only caused by the labs subscription prohibiting the deployment of anything not outlined in the lab instructions.

    -----
    If my answer above helped you solve your issue please mark it as accepted to help others with similar questions.


1 additional answer

Sort by: Most helpful
  1. ChristopherW-MSFT 1,681 Reputation points
    2020-10-09T21:45:20.547+00:00

    Hi @Ritesh Narula

    If this Azure Subscription was recently created, then your RBAC may still be propagating permissions. When you run 'Test Connection' in a Virtual Machine, a Network Watcher Extension needs to be deployed to the Virtual Machine, and Network Watcher will also be deployed into a Resource Group.

    The Account submitting this request will need to have the appropriate RBAC Permissions to deploy a new Resource Group, or Read the existing Group. 'NetworkWatcherRG'

    Does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourceGroups/read'

    If this Resource Group exists, you can search for it in the Portal and if you have permission to, add yourself in the 'Access control (IAM)' tab.

    31288-image.png

    The Network Watcher resource may also need RBAC permissions: https://learn.microsoft.com/en-us/azure/network-watcher/required-rbac-permissions


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.