Create Azure function app validation failed but no error
I am trying to create a function app, which uses an existing storage account. I am aware that there are limitations on which storage accounts can be used but I believe storage account is suitable and it is available for selection on the storage tab.
I am using an app service plan.
The storage account has been secured with a virtual network and private endpoints (I did not set up the storage account).
On the networking tab, I am disabling public access, enabling network injection, selecting a virtual network and I have configured inbound access.
However, when I try to create the function app, it tells me validation has failed but there is no error! There is nothing in the activity logs, which makes sense since it is not actually trying to create anything because it fails on validation.
How do I find out what the validation errors?
@David Holden Thanks for reaching out to Microsoft Q&A, apologize for any inconvenience caused on this.
You can look at the resource groups activity logs and check the validate deployment operation you will be able to see the failed operation and click on the further drop down and see the failure message.
as shown below screenshot (In our case create deployment got failed due to update website operation got failed.)
Feel free to reach back to me if you have any further questions on this.
I have made progress to a degree. If I configured the function app, with an existing vnet and configured outbound access (my logic was that the function communicating with the storage account was outward traffic).
However now, I cannot access the advanced tools-which I need to set up the power shell dependencies. I receive a 403 forbidden error.
Any idea how I fix this?
@David Holden Thanks for your response, apologize for the delay in my response over the weekend. Vnet integration is to limit the outbound traffic of the function app.
Could you please check if there were Access restrictions configured to kudu i.e., (Advanced tool site) under
Networkingsection of your function app.
And also check whether do you have these RBAC permissions to access kudu.
I am already a contributor to that site and according to the web link you provided, that should be enough. From what I can work out it's because I have restricted the outbound access (which I need to access the pre-existing storage account).
@David Holden have checked whether are there any access restrictions configured to your function app under networking?
I have denied public access. This is for two reasons, obviously we do not want the public to access the function app but also the storage account I want to use, has been secured with private endpoints, hence why I have allowed outbound access with a vnet.
Bearing this in mind, how do I permit access to the kudos console?
@David Holden Thanks for the explanation, at this moment you can create a virtual machine in the same function app vnet and rdp to that virtual machine and connect to function kudu from the virtual machine.
Sign in to comment