Error deleting an App Service Plan, ghost function

Hi,

You may not be able to remove an App Service Plan and you hit the following error

Succeeded: 0, Failed: 1, Canceled: 0.Error details {app service plan name}: Server farm ‘ app service plan name ‘ cannot be deleted because it has web app(s) setproperties assigned to it. (Code: Conflict) Server farm ‘ app service plan name ‘ cannot be deleted because it has web app(s) setproperties assigned to it. undefined (Code: Conflict) undefined

Looks like a bug related to the Web App or the Function not ‘correctly’ removed by ARM. You can verify this by looking to the Apps deployed to that App Service plan.

The solution is to force delete this ghost app , and this can easily done through powershell

• Go to https://resources.azure.com/
• Paste the app service plan name on the ‘search’ bar

• Go to Sites and copy the Resource ID of the troublsome site

• Open an Powershell window (you need az module) or use the Azure Shell in the Azure Portal
• Use the Remove-azresource cmdlet to remove that ghost resource

Remove-AzResource -ResourceId "/subscriptions/qsqsqsqsqsqsqs/resourceGroups/qsqsqsqsqsq/providers/Microsoft.Web/sites/setproperties"

Now, the resource has been completely cleaned, you can delete your app service plan

Delete Azure Backup Restore Points collections error : InternalOperationError goal seeking tasks failed

Hi,

During an operation to move Azure resources between Subscriptions (Or resource groups), we were obliged to delete the “Microsoft.Compute/restorePointCollections” in order to be able to move VMs protected by a Backup policy, as described here

Unfortunately, when deleting the
“Microsoft.Compute/restorePointCollections” resources, we were hit by the following error.

 {X} goal seeking tasks failed. 

It took us time to figure out that trying to delete the same resources multiple times ends by a successful operations. But because each operation took about 1 minute, it will be a waste of time of doing it by hand.

So today, i’m sharing with you a Powershell script that will allow you to make all the deletion operations, in parallel!!

Go here

ADFS : Error when joining a server to a FARM

Hi all,

During an ADFS farm extension that I’m making for my customer, I have followed all the documented TechNet documentation regards the network prerequisites (flow and ports).  But unfortunately, was not enough !

Existing and target architecture

The existing architecture is a 2 members ADFS 3.0 FARM, load balanced via a hardware load balancer. We also had 2 load balanced WAP (Web Application Proxy) severs for ‘proxying’ external connections.

The goal is to add 2 additional ADFS Federation servers and 2 WAP servers on the secondary datacenter. In our case, we are using Azure as the datacenter extension.

The two sites (On-premise and Azure) are connected via a VPN connection that will be soon upgraded to an Express route circuit for more performances and availability. Connection between the two sites is filtered via a on-premise firewall and Azure NSG. So understanding the firewall requirement for the ASDFS servers communication is mandatory in our case. This post does not discuss the ADFS extension itself bit an issue you may encounter during the server join step.

The Microsoft documentation shows that the only ports used for the communication between two ADFS servers are the following : Honestly, you will not fond the answer anywhere

https://social.technet.microsoft.com/Forums/windowsserver/en-US/0d876e9d-97e1-4aea-9bdf-1ebaf6fb6fca/adfs-federation-server-replication-ports?forum=winserverDS

 

Source	Target	Protocol	Port
ADFS server	ADFS server	tcp	443
Internet	WAP server (or VIP)	tcp	443,49443
WAP server	ADFS server (or VIP)	tcp	443,49443

 

Adding the server to the FARM

After authorizing this port, I added the ADFS role and begin adding the server to the existing FARM.

Obviously I received the following error:

Unable to retrieve conflict information from the primary server

The specified dns name of the primary federation server could not be resolved. Verify that the DNS name is correct, and that the ADFS service is running on the primary federation server and try again.

I checked every thing : Ping tests, telnet tests, DNS tests… Still unable to add the server. Finally I decided to install wiresharjk to look what the server is trying to do during the configuration phase.

Look to the result:

Yes, the server is trying to communicate with the ADFS primary server on port 80

I asked the network team to authorize traffic on this port, and it worked like a charm.

So to add the 80 port to the port requirements:

Source	Target	Protocol	Port
ADFS server	ADFS server	tcp	443, 80*
Internet	WAP server (or VIP)	tcp	443,49443
WAP server	ADFS server (or VIP)	tcp	443,49443

* Try first to  open the port from t’’he server you want to join’ to the ‘ADFS primary server’ (not both direction). I think this port is used just for a connectivity test or to initiate the connection than the traffic is switched to 443