Azure-virtual-network

Jeff Emery 106 Reputation points
2021-03-13T04:05:31.05+00:00

Cannot delete Subnet from Virtual Network because of a phantom AppServiceLink.

Having this same issue.

https://github.com/MicrosoftDocs/azure-docs/issues/48902

What can be done to help?

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,593 questions
{count} vote

Accepted answer
  1. Jeff Emery 106 Reputation points
    2021-03-13T06:21:02.23+00:00

    TLDR; Don't ever delete an App Service (Azure Function) without first disconnecting it from its Virtual Network/Subnet.

    Ok, I finally got it through a bunch of investigative work. Using Resource Explorer https://resources.azure.com I was able to find the Virtual Network with the Subnet that could not be removed. That subnet had a serviceAssociationLinks value that pointed me to a serverfarms entry which was an App Service Plan on another Resource Group. I went through every resource in that ASP that had Network configuration until I found one that would connect to the Subnet. Attempts to recreate an App Service Plan and/or connect another App Service to that subnet would fail because this one still had a link to it even though it wasn't connected. The App Service that I found was able to connect to the Subnet, but when looking at it, there was an error depicted as "Loading..." Clicking the "Loading..." link told me that the Subnet and its Virtual Network could not be found on a different Resource Group. I moved the Virtual Network with the Subnet back to that Resource Group and the "Loading..." error went away, and it now correctly depicted the Virtual Network and Subnet the App Service was connected to. Next I disconnected the App Service. And then I was able to go back to the Virtual Network and finally delete the offending Subnet.

    About 6 hours wasted on this mistake.

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. GitaraniSharma-MSFT 49,691 Reputation points Microsoft Employee
    2021-03-15T14:35:52.99+00:00

    Hello @Jeff Emery ,

    Apologies for the inconvenience caused to you due to this issue.

    This is a known issue and the only way you will be able to get the subnet/Vnet deleted is to contact Azure Support or go through the steps you did.

    Reason for this Error:
    The new VNET integration feature (Regional Vnet Integration) set locks on subnets in the Network Resource Provider, we set these locks by putting a structure called a Service Association Link onto the Subnet, which is a privileged operation that only Microsoft.Web and some other internal Azure services have access to. Sometimes this create odd cases where these locks don't get cleaned up. The result is that the customer will have a subnet that cannot be deleted or used because a Service Association Link still exists on the subnet.
    Azure App Service and Azure Networking Product Group keep working on to fix the issue completely.

    You can upvote the feature in this feedback forum:
    https://feedback.azure.com/forums/169385-web-apps/suggestions/40696330-unable-to-use-subnet-when-vnet-integrated-app-is-d

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please click "Accept answer" on the above answer you provided, as this will help others in the community as well.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.