

Please list deployment operations for details.

Status Message: At least one resource deployment operation failed. So there seems to be some improvement over the old status quo where we had to allow all networks, but the note is at best misleading, if not wrong.įurthermore, when trying to deploy an Application Gateway without networking access to the KeyVault, it ends up in a failed state with a generic error message that something went wrong.
#Keyvault validator not working update#
Bug.Ģnd UPDATE Just to be clear: This completely BREAKS the Portal UI. Ultimately the portal should validate the network accessibility between appgw and the kyvault.

What you do then is up to you - copy the cert to a local keyvault, or add a vnet peering, or add the missing subnet. The quick fix is to go to the keyvault and temporarily open it to "all networks / internet" then re-save your listener.

The Azure Portal will show you key vaults that are not actually available at runtime, and saving the listener's settings will break your Appgw. My Appgw is currently broken as a result: I am going to create a temporary vnet peering to see if it resolves the issue so that I may remove the listener. I think in my case the vnets are not peered, so there is no route between the APIM instance and the keyvault at runtime, but the Azure Portal UI will still list the keyvault as available to use, and allow it to be linked to the listener. I"m getting the same issue: " The 'UserAssignedIdentities' property keys should only be empty json objects, null or the resource exisiting property", and my - keyvault in a different resource group and vnet. Make sure that Identity assigned to Application Gateway has access to the KeyVault associated with secret. Access denied for KeyVault Secret '' for Application Gateway '/subscriptions/XXX/resourceGroups/XXX/providers/Microsoft.Network/applicationGateways/XXX'. Make sure that Identity assigned to Application Gateway has access to the KeyVault associated with secret.ĭeployment failed. See details below:Ĭli. : Deployment failed. Msrest.exceptions : Problem occured while accessing and validating KeyVault Secrets associated with Application Gateway '/subscriptions/XXX/resourceGroups/XXX/providers/Microsoft.Network/applicationGateways/XXX'. Make sure that Identity assigned to Application Gateway has access to the KeyVault associated with secret." "message": "Access denied for KeyVault Secret '' for Application Gateway '/subscriptions/XXX/resourceGroups/XXX/providers/Microsoft.Network/applicationGateways/XXX'. "code": "ApplicationGatewayKeyVaultSecretAccessDenied", "message": "Problem occured while accessing and validating KeyVault Secrets associated with Application Gateway '/subscriptions/XXX/resourceGroups/XXX/providers/Microsoft.Network/applicationGateways/XXX'.
