Error deleting an App Service Plan, ghost function


You may not be able to remove an App Service Plan and you hit the following error

Succeeded: 0, Failed: 1, Canceled: 0.Error details {app service plan name}: Server farm ‘ app service plan name ‘ cannot be deleted because it has web app(s) setproperties assigned to it. (Code: Conflict) Server farm ‘ app service plan name ‘ cannot be deleted because it has web app(s) setproperties assigned to it. undefined (Code: Conflict) undefined

Looks like a bug related to the Web App or the Function not ‘correctly’ removed by ARM. You can verify this by looking to the Apps deployed to that App Service plan.

The solution is to force delete this ghost app , and this can easily done through powershell

  • Go to Sites and copy the Resource ID of the troublsome site
  • Open an Powershell window (you need az module) or use the Azure Shell in the Azure Portal
  • Use the Remove-azresource cmdlet to remove that ghost resource
Remove-AzResource -ResourceId "/subscriptions/qsqsqsqsqsqsqs/resourceGroups/qsqsqsqsqsq/providers/Microsoft.Web/sites/setproperties"

Now, the resource has been completely cleaned, you can delete your app service plan

Delete Azure Backup Restore Points collections error : InternalOperationError goal seeking tasks failed


During an operation to move Azure resources between Subscriptions (Or resource groups), we were obliged to delete the “Microsoft.Compute/restorePointCollections” in order to be able to move VMs protected by a Backup policy, as described here

Unfortunately, when deleting the
“Microsoft.Compute/restorePointCollections” resources, we were hit by the following error.

 {X} goal seeking tasks failed. 

It took us time to figure out that trying to delete the same resources multiple times ends by a successful operations. But because each operation took about 1 minute, it will be a waste of time of doing it by hand.

So today, i’m sharing with you a Powershell script that will allow you to make all the deletion operations, in parallel!!

Go here

ADFS : Error when joining a server to a FARM

Hi all,

During an ADFS farm extension that I’m making for my customer, I have followed all the documented TechNet documentation regards the network prerequisites (flow and ports).  But unfortunately, was not enough !

Existing and target architecture

The existing architecture is a 2 members ADFS 3.0 FARM, load balanced via a hardware load balancer. We also had 2 load balanced WAP (Web Application Proxy) severs for ‘proxying’ external connections.


The goal is to add 2 additional ADFS Federation servers and 2 WAP servers on the secondary datacenter. In our case, we are using Azure as the datacenter extension.


The two sites (On-premise and Azure) are connected via a VPN connection that will be soon upgraded to an Express route circuit for more performances and availability. Connection between the two sites is filtered via a on-premise firewall and Azure NSG. So understanding the firewall requirement for the ASDFS servers communication is mandatory in our case. This post does not discuss the ADFS extension itself bit an issue you may encounter during the server join step.

The Microsoft documentation shows that the only ports used for the communication between two ADFS servers are the following : Honestly, you will not fond the answer anywhere :/






ADFS server

ADFS server

tcp 443
Internet WAP server (or VIP) tcp 443,49443
WAP server ADFS server (or VIP) tcp 443,49443


Adding the server to the FARM

After authorizing this port, I added the ADFS role and begin adding the server to the existing FARM.

Obviously I received the following error:

Snap 2015-07-21 at 14.31.29

Unable to retrieve conflict information from the primary server

The specified dns name of the primary federation server could not be resolved. Verify that the DNS name is correct, and that the ADFS service is running on the primary federation server and try again.

I checked every thing : Ping tests, telnet tests, DNS tests… Still unable to add the server. Finally I decided to install wiresharjk to look what the server is trying to do during the configuration phase.

Look to the result:

Snap 2015-07-21 at 14.31.59

Yes, the server is trying to communicate with the ADFS primary server on port 80

I asked the network team to authorize traffic on this port, and it worked like a charm.

So to add the 80 port to the port requirements:





ADFS server

ADFS server

tcp 443, 80*
Internet WAP server (or VIP) tcp 443,49443
WAP server ADFS server (or VIP) tcp 443,49443

* Try first to  open the port from t’’he server you want to join’ to the ‘ADFS primary server’ (not both direction). I think this port is used just for a connectivity test or to initiate the connection than the traffic is switched to 443