Cannot create a VPN Gateway via CLI - Cannot find Resource Group

Question

Hi

I'm trying to add a (Basic SKU) VPN gateway to my Azure subscription in order to create a S2S VPN to on-premises.

I'm using a Powershell that requires a few parameters to be entered upon running the script eg. Resource Group, Virtual Network, Gateway name, Address prefix.

I'm running the script via the CLI from my "Connectivity" subscription and I have created a new RG and VNet to facilitate the VPN components earlier.

The command used is similar to the below:

PS /home/user> ./New-azBasicVPNGateway.ps1 -rgName "<RGNAME>" -vnetName "<VNETNAME>" -gwName "<GWNAME>" -addressPrefix "10.0.200.0/24"

When running the script command I get an error straight away with the following output:

Checking for the required modules

Verifying the session is logged into Azure

Failed to get virtual network or location: Resource group '<RGNAME>' could not be found.

StatusCode: 404

ReasonPhrase: Not Found

ErrorCode: ResourceGroupNotFound

ErrorMessage: Resource group '<RGNAME>' could not be found.

OperationID : <Operation ID Number>

The resource group and Vnet exist in the subscription and I'm unable to understand where the problem lies, can anyone please point me in the right direction to resolve this as I'm banging my head against the wall at present?

I have an Enterprise-Scale Landing Zone configured with the usual guardrails and policies etc and I'm Tenant owner and owner of all subscriptions.

Please all advice would be welcomed!

Thanks

M

Answer 1

Hi Mark

We understand that you are facing issue with the VPN gateway creating using CLI. The error indicates that the PowerShell script cannot find the specified resource group () in your Azure subscription, resulting in a ResourceGroupNotFound error with a 404-status code.

Here are a few things you can check to troubleshoot the issue:

1. Verify Resource Group Name: Double-check the name of your resource group (<RGNAME>) that you provided in the script. Ensure that it exactly matches the name of the resource group you created in Azure, including case sensitivity.
2. Check Subscription Context: Since you're using multiple subscriptions (like your "Connectivity" subscription), make sure you're working in the correct subscription context. Use the following command to check your current subscription and switch if necessary:

      Get-AzContext
   

   If it's incorrect, change the subscription using:

      Set-AzContext -SubscriptionId "<YourSubscriptionID>"
   

3. List Resource Groups: You can list all available resource groups in your current subscription to confirm your resource group exists:

      Get-AzResourceGroup
   

4. Ensure Proper Login: Make sure you are logged in to Azure PowerShell correctly. You can use:

      Connect-AzAccount
   

   to re-authenticate.
5. Correct PowerShell Version: Ensure you are using the latest version of Azure PowerShell. You can check your version with:

      Get-Module -ListAvailable Az
   

   and update it if necessary.
6. Check for the Gateway Subnet: Verify that your virtual network has a subnet named GatewaySubnet, as this is a requirement for creating a VPN gateway. You can create it if it doesn’t exist.

As you are using policy, review any Azure Policy assignments that might restrict resource group access or VPN gateway creation.

Since you're using an Enterprise-Scale Landing Zone, there might be Azure Policies or Role-Based Access Control (RBAC) restrictions in place.

• Check if there are deny policies on resource creation or specific locations.
• Ensure your user account has Contributor or higher role on the RG.

If the issue persists, consider raising a support ticket with Azure, providing the OperationID from the error message to resolve your issue using backend support.

---

I hope this helps! If these answers your query, do click the "Upvote" and click "Accept the answer" of which might be beneficial to other community members reading this thread.