Creation of HSM Keyvault failed with ServiceUnavailable (powershell) or Capacity check failed (az cli)

Question

Since a couple of days I'm unable to create a HSM Keyvault.

I've got a powershell script which I've run successfully untill last monday. In this script I do an:
New-AzKeyVaultManagedHsm -Name $name -ResourceGroupName $resourceGroup -Location 'westeurope' -Administrator $oid -SoftDeleteRetentionInDays 7 -EnablePurgeProtection.

While this script with my default parameters did run successful on monday, on tuesday I received an error:

New-AzKeyVaultManagedHsm : Operation returned an invalid status code 'ServiceUnavailable'
At D:\git\Infrastructure.HsmKeyvault\src\create-hsmvault.ps1:45 char:5

• New-AzKeyVaultManagedHsm -Name $name -ResourceGroupName $resource ...
• ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
• CategoryInfo : CloseError: (:) [New-AzKeyVaultManagedHsm], ManagedHsmErrorException
• FullyQualifiedErrorId : Microsoft.Azure.Commands.KeyVault.Commands.NewAzureManagedHsm

A couple of weeks ago, I had the same script for Azure CLI, so I tried that one again: az keyvault create --hsm-name $name --resource-group $resourceGroup -l westeurope --administrators $oid --retention-days 7
In this case, I received another 500 response:

(503) Capacity check failed.

Searching around, I couldn't find any appropriate answer for one of those errors, so maybe will I find an answer overhere?

Answer 1

Hello @Rutger Kars ,

Thanks for reaching out.

Apologies for the inconvenience caused by this issue, our product team is aware of this issue and working to increase the capacity. Could you please retry Vault create operation also, if possible, try choosing different regions? In case, if you still experience issue, please let me know region that you are facing issue with so that I check internally to get more insight.

Meanwhile, we will be working on updating the error message to make this more obvious. We are also investigating how to better communicate which regions are capacity constrained. Thanks.

Hope this helps.

-----
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer 2

@Rutger Kars ,

Here is recent update for your reference. Hope this helps.

There are 2 reasons why a customer may receive the mentioned error messages:

1) The customer is deploying into a so-called “hot” region which is out of capacity due to being in high-demand. In this case, there is very little the MHSM team can do other than dock new hardware, which is expected later this summer (June-September 2022). Customers are advised to deploy into a different location if possible.

‘Hot’ regions include:
• US West
• US West 3
• US South
• US East
• Europe West

2) The customer is deploying into a region undergoing a temporary internal infrastructure update, which is resulting in short-term limited capacity. At this time, customers are advised to retry every few hours as on-call engineers work to mitigate capacity issues. By Monday 05/02/2022, we no longer expect to have capacity problems as a result of this update.

As I can see you are trying to create the MHSM in "Europe West region" which is one of the ‘hot’ regions and that’s why you are receive the error message. As you can see, there’s little we can do on this scenario, however, if you need for a specific number of units in a certain region (current or projected), I'd recommend you reach out to MS support and share that data with engineering team so we can plan accordingly and see if there are any preemptive measures we can take.