Pages

Friday, April 30, 2021

Moving Azure App Service resources from one subscription to another subscription

As a follow up to my previous post:

Moving an Azure virtual machine and the Recovery Services Vault with its backups from one subscription to another
http://terenceluk.blogspot.com/2021/04/moving-azure-virtual-machine-and.html

I would like to continue to demonstrate and outline the process of moving App Service and Azure Functions from one subscription to another.

Microsoft Documentation

As always, I would like to provide the following links to the official Microsoft documentation and recommend that anyone undertaking this task ready through them.

Move resources to a new resource group or subscription
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/move-resource-group-and-subscription

Move operation support for resources
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/move-support-resources

Move guidance for App Service resources
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/move-limitations/app-service-move-limitations

Note that improvements for these cross subscription move operations are continued to be made so the behavior demonstrated below were performed in April 2021. An example of a change since 2020 is that Microsoft.Web/Certificates can now be moved.

Different behavior during Subscription to Subscription Move

I’ve found that the subscription to subscription move operation changes depending on when you run it.

image

One of them will run a validation check prior then stopping to allow you to initiate it. The second will run the validation and upon successfully completing it will automatically initiate the move. There does not appear to be any consistency in which is presented but the GUI will be different so it is best to assume that you will not get the option to initiate the move.

This is the GUI that would stop after validation and allow you to manually initiate the move:

image

This is the GUI that would automatically initiate the move upon a successful validation:

image

Subscription to Subscription Move Blockers (Validation errors)

You cannot move an App Service without the associated App Service Plan:

image

I understand that tools and scripts associated with moved resources will not work until I update them to use new resource IDs

image

Attempting to migrate the App Service without its corresponding App Service Plan will fail with:

{"code":"ResourceMoveProviderValidationFailed","message":"Resource move validation failed. Please see details. Diagnostic information: timestamp '20210426T203719Z', subscription id 'b0957dbf-1cad-4e5e-9360-341ccc197953', tracking id '53ba79fa-d2cf-4e59-b40c-7fa8067d58f2', request correlation id '88065feb-7ee2-45cc-935d-560b90ad7d73'.","details":[{"code":"ResourceMoveProviderValidationFailed","target":"Microsoft.Web/sites","message":"{\"Code\":\"BadRequest\",\"Message\":\"Please select all the Microsoft.Web resources from 'RG-VMs' resource group for cross-subscription migration. Also, please ensure destination resource group 'RG-VMs' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together: Test-App-Ser (Microsoft.Web/sites)\\r\\n ASP-RGVMs-806a (Microsoft.Web/serverFarms)\\r\\n. Please check this link for more information: https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Web/sites/Test-App-Ser/troubleshoot\",\"Target\":null,\"Details\":[{\"Message\":\"Please select all the Microsoft.Web resources from 'RG-VMs' resource group for cross-subscription migration. Also, please ensure destination resource group 'RG-VMs' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together: Test-App-Ser (Microsoft.Web/sites)\\r\\n ASP-RGVMs-806a (Microsoft.Web/serverFarms)\\r\\n. Please check this link for more information: https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Web/sites/Test-App-Ser/troubleshoot\"},{\"Code\":\"BadRequest\"},{\"ErrorEntity\":{\"ExtendedCode\":\"52036\",\"MessageTemplate\":\"Please select all the Microsoft.Web resources from '{0}' resource group for cross-subscription migration. Also, please ensure destination resource group '{1}' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together:{2}. Please check this link for more information: {3}\",\"Parameters\":[\"RG-VMs\",\"RG-VMs\",\" Test-App-Ser (Microsoft.Web/sites)\\r\\n ASP-RGVMs-806a (Microsoft.Web/serverFarms)\\r\\n\",\"https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Web/sites/Test-App-Ser/troubleshoot\",\"0\"],\"Code\":\"BadRequest\",\"Message\":\"Please select all the Microsoft.Web resources from 'RG-VMs' resource group for cross-subscription migration. Also, please ensure destination resource group 'RG-VMs' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together: Test-App-Ser (Microsoft.Web/sites)\\r\\n ASP-RGVMs-806a (Microsoft.Web/serverFarms)\\r\\n. Please check this link for more information: https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Web/sites/Test-App-Ser/troubleshoot\"}}],\"Innererror\":null}"}]}

image

To successfully migrate the App Service, select the corresponding App Service Plan:

Note that the interface below is the one that automatically moves the resource when the validation completes. You cannot stop once the validation starts so proceed with caution to avoid unintended moves.

image

----------------------------------------------------------------------------------------------------------------------------

You cannot move App Service resources if they have been moved from the original resource group they were originally created in. The example provided below displays an error message when the App Service and its resources was created in RG-VMs but later moved to RG-SQLDatabases. To correct this issue, simply move the resources back to the original resource group, then move it to the target subscription:

{"code":"ResourceMoveProviderValidationFailed","message":"Resource move validation failed. Please see details. Diagnostic information: timestamp '20210426T212111Z', subscription id 'b0957dbf-1cad-4e5e-9360-341ccc197953', tracking id 'b993a16b-4362-4997-b494-35df505256ab', request correlation id '28624067-966e-4527-a5a4-4461e48e4381'.","details":[{"code":"ResourceMoveProviderValidationFailed","target":"Microsoft.Web/serverFarms","message":"{\"Code\":\"BadRequest\",\"Message\":\"Please select all the Microsoft.Web resources from 'RG-SQLDatabases' resource group for cross-subscription migration. Also, please ensure destination resource group 'Rg-Dest' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together: Test-App-Ser (Microsoft.Web/sites). This resource is located in resource group 'RG-SQLDatabases', but hosted in the resource group 'RG-VMs'. This may be a result of prior move operations. Move it back to respective hosting resource group\\r\\n ASP-RGVMs-806a (Microsoft.Web/serverFarms). This resource is located in resource group 'RG-SQLDatabases', but hosted in the resource group 'RG-VMs'. This may be a result of prior move operations. Move it back to respective hosting resource group\\r\\n. Please check this link for more information: https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-SQLDatabases/providers/Microsoft.Web/sites/Test-App-Ser/troubleshoot\",\"Target\":null,\"Details\":[{\"Message\":\"Please select all the Microsoft.Web resources from 'RG-SQLDatabases' resource group for cross-subscription migration. Also, please ensure destination resource group 'Rg-Dest' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together: Test-App-Ser (Microsoft.Web/sites). This resource is located in resource group 'RG-SQLDatabases', but hosted in the resource group 'RG-VMs'. This may be a result of prior move operations. Move it back to respective hosting resource group\\r\\n ASP-RGVMs-806a (Microsoft.Web/serverFarms). This resource is located in resource group 'RG-SQLDatabases', but hosted in the resource group 'RG-VMs'. This may be a result of prior move operations. Move it back to respective hosting resource group\\r\\n. Please check this link for more information: https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-SQLDatabases/providers/Microsoft.Web/sites/Test-App-Ser/troubleshoot\"},{\"Code\":\"BadRequest\"},{\"ErrorEntity\":{\"ExtendedCode\":\"52036\",\"MessageTemplate\":\"Please select all the Microsoft.Web resources from '{0}' resource group for cross-subscription migration. Also, please ensure destination resource group '{1}' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together:{2}. Please check this link for more information: {3}\",\"Parameters\":[\"RG-SQLDatabases\",\"Rg-Dest\",\" Test-App-Ser (Microsoft.Web/sites). This resource is located in resource group 'RG-SQLDatabases', but hosted in the resource group 'RG-VMs'. This may be a result of prior move operations. Move it back to respective hosting resource group\\r\\n ASP-RGVMs-806a (Microsoft.Web/serverFarms). This resource is located in resource group 'RG-SQLDatabases', but hosted in the resource group 'RG-VMs'. This may be a result of prior move operations. Move it back to respective hosting resource group\\r\\n\",\"https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-SQLDatabases/providers/Microsoft.Web/sites/Test-App-Ser/troubleshoot\",\"0\"],\"Code\":\"BadRequest\",\"Message\":\"Please select all the Microsoft.Web resources from 'RG-SQLDatabases' resource group for cross-subscription migration. Also, please ensure destination resource group 'Rg-Dest' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together: Test-App-Ser (Microsoft.Web/sites). This resource is located in resource group 'RG-SQLDatabases', but hosted in the resource group 'RG-VMs'. This may be a result of prior move operations. Move it back to respective hosting resource group\\r\\n ASP-RGVMs-806a (Microsoft.Web/serverFarms). This resource is located in resource group 'RG-SQLDatabases', but hosted in the resource group 'RG-VMs'. This may be a result of prior move operations. Move it back to respective hosting resource group\\r\\n. Please check this link for more information: https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-SQLDatabases/providers/Microsoft.Web/sites/Test-App-Ser/troubleshoot\"}}],\"Innererror\":null}"}]}

image

One of the questions I’ve been asked in the past is if an App service can be moved to another RG and then have the original RG deleted? I’ve done a test and it appears this is not possible.

----------------------------------------------------------------------------------------------------------------------------

You cannot move App Service resources into another subscription’s resource group that already has a App Service (Microsoft.Web) resources as the following error message will be displayed:

{"code":"ResourceMoveProviderValidationFailed","message":"Resource move validation failed. Please see details. Diagnostic information: timestamp '20210426T213019Z', subscription id 'b0957dbf-1cad-4e5e-9360-341ccc197953', tracking id '1d510c1c-d21c-423b-8fc9-6066aae13dec', request correlation id 'b06e6675-4e1c-4de9-9796-fe99d874187e'.","details":[{"code":"ResourceMoveProviderValidationFailed","target":"Microsoft.Web/serverFarms","message":"{\"Code\":\"BadRequest\",\"Message\":\"Please select all the Microsoft.Web resources from 'RG-VMs' resource group for cross-subscription migration. Also, please ensure destination resource group 'RG-VMs' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together: Test-App-Ser (Microsoft.Web/sites)\\r\\n ASP-RGVMs-806a (Microsoft.Web/serverFarms)\\r\\n. Please check this link for more information: https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Web/sites/Test-App-Ser/troubleshoot\",\"Target\":null,\"Details\":[{\"Message\":\"Please select all the Microsoft.Web resources from 'RG-VMs' resource group for cross-subscription migration. Also, please ensure destination resource group 'RG-VMs' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together: Test-App-Ser (Microsoft.Web/sites)\\r\\n ASP-RGVMs-806a (Microsoft.Web/serverFarms)\\r\\n. Please check this link for more information: https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Web/sites/Test-App-Ser/troubleshoot\"},{\"Code\":\"BadRequest\"},{\"ErrorEntity\":{\"ExtendedCode\":\"52036\",\"MessageTemplate\":\"Please select all the Microsoft.Web resources from '{0}' resource group for cross-subscription migration. Also, please ensure destination resource group '{1}' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together:{2}. Please check this link for more information: {3}\",\"Parameters\":[\"RG-VMs\",\"RG-VMs\",\" Test-App-Ser (Microsoft.Web/sites)\\r\\n ASP-RGVMs-806a (Microsoft.Web/serverFarms)\\r\\n\",\"https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Web/sites/Test-App-Ser/troubleshoot\",\"0\"],\"Code\":\"BadRequest\",\"Message\":\"Please select all the Microsoft.Web resources from 'RG-VMs' resource group for cross-subscription migration. Also, please ensure destination resource group 'RG-VMs' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together: Test-App-Ser (Microsoft.Web/sites)\\r\\n ASP-RGVMs-806a (Microsoft.Web/serverFarms)\\r\\n. Please check this link for more information: https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Web/sites/Test-App-Ser/troubleshoot\"}}],\"Innererror\":null}"}]}

image

Note that you cannot simply move the App Service resources out of the target subscription’s destination resource group and then proceed to repeat the move of the App Service resources from the source subscription because the App Service moved out of the resource group will still be hosted in that resource group. The only way around this if is to delete the App Service in the target subscription’s target resource group.

image

----------------------------------------------------------------------------------------------------------------------------

You cannot an Azure Function in a resource group that contains another App Service without moving it together. You need to move all Microsoft.Web resources in the resource of the Azure Function or App Service that is being moved.

image

{"code":"ResourceMoveProviderValidationFailed","target":"Microsoft.Web/serverFarms","message":"{\"Code\":\"BadRequest\",\"Message\":\"Please select all the Microsoft.Web resources from 'RG-VMs' resource group for cross-subscription migration. Also, please ensure destination resource group 'RG-VMs' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together: Test-Function-App001 (Microsoft.Web/sites)\\r\\n Test-App-Ser (Microsoft.Web/sites)\\r\\n ASP-RGVMs-ba9d (Microsoft.Web/serverFarms)\\r\\n ASP-RGVMs-bc50 (Microsoft.Web/serverFarms)\\r\\n. Please check this link for more information: https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Web/sites/Test-Function-App001/troubleshoot\",\"Target\":null,\"Details\":[{\"Message\":\"Please select all the Microsoft.Web resources from 'RG-VMs' resource group for cross-subscription migration. Also, please ensure destination resource group 'RG-VMs' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together: Test-Function-App001 (Microsoft.Web/sites)\\r\\n Test-App-Ser (Microsoft.Web/sites)\\r\\n ASP-RGVMs-ba9d (Microsoft.Web/serverFarms)\\r\\n ASP-RGVMs-bc50 (Microsoft.Web/serverFarms)\\r\\n. Please check this link for more information: https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Web/sites/Test-Function-App001/troubleshoot\"},{\"Code\":\"BadRequest\"},{\"ErrorEntity\":{\"ExtendedCode\":\"52036\",\"MessageTemplate\":\"Please select all the Microsoft.Web resources from '{0}' resource group for cross-subscription migration. Also, please ensure destination resource group '{1}' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together:{2}. Please check this link for more information: {3}\",\"Parameters\":[\"RG-VMs\",\"RG-VMs\",\" Test-Function-App001 (Microsoft.Web/sites)\\r\\n Test-App-Ser (Microsoft.Web/sites)\\r\\n ASP-RGVMs-ba9d (Microsoft.Web/serverFarms)\\r\\n ASP-RGVMs-bc50 (Microsoft.Web/serverFarms)\\r\\n\",\"https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Web/sites/Test-Function-App001/troubleshoot\",\"0\"],\"Code\":\"BadRequest\",\"Message\":\"Please select all the Microsoft.Web resources from 'RG-VMs' resource group for cross-subscription migration. Also, please ensure destination resource group 'RG-VMs' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together: Test-Function-App001 (Microsoft.Web/sites)\\r\\n Test-App-Ser (Microsoft.Web/sites)\\r\\n ASP-RGVMs-ba9d (Microsoft.Web/serverFarms)\\r\\n ASP-RGVMs-bc50 (Microsoft.Web/serverFarms)\\r\\n. Please check this link for more information: https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Web/sites/Test-Function-App001/troubleshoot\"}}],\"Innererror\":null}"}

image

Note how the resource group contains other App Service and Azure Function resources that need to be moved together.

image

Failing to select the Test-App-Ser App Service will continue to fail the validation:

image

Validation will be successful when the Test-App-Ser App Service is selected for move:

image

----------------------------------------------------------------------------------------------------------------------------

You cannot move an App Service that has an uploaded but unbinded SSL certificate to another subscription:

The following App Service currently does not have a certificate uploaded:

image

Here I have uploaded a certificate via the TLS/SSL settings:

image

Notice how attempting to move the App Service with the certificate uploaded but not binded will fail the validation checks:

image

{"code":"ResourceMoveProviderValidationFailed","target":"Microsoft.Web/serverFarms","message":"{\"Code\":\"BadRequest\",\"Message\":\"Please select all the Microsoft.Web resources from 'RG-VMs' resource group for cross-subscription migration. Also, please ensure destination resource group 'RG-VMs' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together: Test-Function-App001 (Microsoft.Web/sites)\\r\\n Test-App-Ser (Microsoft.Web/sites)\\r\\n ASP-RGVMs-ba9d (Microsoft.Web/serverFarms)\\r\\n ASP-RGVMs-bc50 (Microsoft.Web/serverFarms)\\r\\n 522312DA8771ED22F143DC297BF75F9C8EAF171E-RG-VMs-CanadaCentralwebspace (Microsoft.Web/certificates)\\r\\n. Please check this link for more information: https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/22d77ef8-89c3-40c2-8730-e786114770a0/resourceGroups/RG-VMs/providers/Microsoft.Web/sites/Test-Function-App001/troubleshoot\",\"Target\":null,\"Details\":[{\"Message\":\"Please select all the Microsoft.Web resources from 'RG-VMs' resource group for cross-subscription migration. Also, please ensure destination resource group 'RG-VMs' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together: Test-Function-App001 (Microsoft.Web/sites)\\r\\n Test-App-Ser (Microsoft.Web/sites)\\r\\n ASP-RGVMs-ba9d (Microsoft.Web/serverFarms)\\r\\n ASP-RGVMs-bc50 (Microsoft.Web/serverFarms)\\r\\n 522312DA8771ED22F143DC297BF75F9C8EAF171E-RG-VMs-CanadaCentralwebspace (Microsoft.Web/certificates)\\r\\n. Please check this link for more information: https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/22d77ef8-89c3-40c2-8730-e786114770a0/resourceGroups/RG-VMs/providers/Microsoft.Web/sites/Test-Function-App001/troubleshoot\"},{\"Code\":\"BadRequest\"},{\"ErrorEntity\":{\"ExtendedCode\":\"52036\",\"MessageTemplate\":\"Please select all the Microsoft.Web resources from '{0}' resource group for cross-subscription migration. Also, please ensure destination resource group '{1}' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together:{2}. Please check this link for more information: {3}\",\"Parameters\":[\"RG-VMs\",\"RG-VMs\",\" Test-Function-App001 (Microsoft.Web/sites)\\r\\n Test-App-Ser (Microsoft.Web/sites)\\r\\n ASP-RGVMs-ba9d (Microsoft.Web/serverFarms)\\r\\n ASP-RGVMs-bc50 (Microsoft.Web/serverFarms)\\r\\n 522312DA8771ED22F143DC297BF75F9C8EAF171E-RG-VMs-CanadaCentralwebspace (Microsoft.Web/certificates)\\r\\n\",\"https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/22d77ef8-89c3-40c2-8730-e786114770a0/resourceGroups/RG-VMs/providers/Microsoft.Web/sites/Test-Function-App001/troubleshoot\",\"0\"],\"Code\":\"BadRequest\",\"Message\":\"Please select all the Microsoft.Web resources from 'RG-VMs' resource group for cross-subscription migration. Also, please ensure destination resource group 'RG-VMs' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together: Test-Function-App001 (Microsoft.Web/sites)\\r\\n Test-App-Ser (Microsoft.Web/sites)\\r\\n ASP-RGVMs-ba9d (Microsoft.Web/serverFarms)\\r\\n ASP-RGVMs-bc50 (Microsoft.Web/serverFarms)\\r\\n 522312DA8771ED22F143DC297BF75F9C8EAF171E-RG-VMs-CanadaCentralwebspace (Microsoft.Web/certificates)\\r\\n. Please check this link for more information: https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/22d77ef8-89c3-40c2-8730-e786114770a0/resourceGroups/RG-VMs/providers/Microsoft.Web/sites/Test-Function-App001/troubleshoot\"}}],\"Innererror\":null}"}

image

In order to move the App Service, we will need to move the certificate as well but the certificate object is not displayed in the resource group because it is a hidden resource. Begin by obtaining the certificate name by opening the properties of it in the TLS/SSL settings:

image

Navigate to the resource group that contains the App Service, enable the Show hidden types option and locate the microsoft.web/certificates object with the name that matches what is displayed in the Certificate Details:

image

Note that you can click into the certificate object to view its properties to confirm the name and other properties:

image

With the certificate selected, you can now proceed to migrate the App Service resource to another subscription.

Note that I selected the Azure Function because you have to move all microsoft.web resources within the resource group.

image

The validation should successfully complete so the subscription move can start:

image

Note that you cannot move a certificate on its own even if it is not binded. The following is the error displayed if a certificate is moved on its own:

{"code":"ResourceMoveProviderValidationFailed","message":"Resource move validation failed. Please see details. Diagnostic information: timestamp '20210427T010342Z', subscription id 'b0957dbf-1cad-4e5e-9360-341ccc197953', tracking id 'a40dbd4b-28af-4f44-b150-e6b269c10592', request correlation id '2af61d8a-ab6a-476c-b024-e191d758009c'.","details":[{"code":"ResourceMoveProviderValidationFailed","target":"Microsoft.Web/certificates","message":"{\"Code\":\"BadRequest\",\"Message\":\"Please select all the Microsoft.Web resources from 'RG-VMs' resource group for cross-subscription migration. Also, please ensure destination resource group 'Rg-Dest' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together: Test-Function-App001 (Microsoft.Web/sites)\\r\\n Test-App-Ser (Microsoft.Web/sites)\\r\\n ASP-RGVMs-ba9d (Microsoft.Web/serverFarms)\\r\\n ASP-RGVMs-bc50 (Microsoft.Web/serverFarms)\\r\\n 522312DA8771ED22F143DC297BF75F9C8EAF171E-RG-VMs-CanadaCentralwebspace (Microsoft.Web/certificates)\\r\\n. Please check this link for more information: https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Web/sites/Test-Function-App001/troubleshoot\",\"Target\":null,\"Details\":[{\"Message\":\"Please select all the Microsoft.Web resources from 'RG-VMs' resource group for cross-subscription migration. Also, please ensure destination resource group 'Rg-Dest' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together: Test-Function-App001 (Microsoft.Web/sites)\\r\\n Test-App-Ser (Microsoft.Web/sites)\\r\\n ASP-RGVMs-ba9d (Microsoft.Web/serverFarms)\\r\\n ASP-RGVMs-bc50 (Microsoft.Web/serverFarms)\\r\\n 522312DA8771ED22F143DC297BF75F9C8EAF171E-RG-VMs-CanadaCentralwebspace (Microsoft.Web/certificates)\\r\\n. Please check this link for more information: https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Web/sites/Test-Function-App001/troubleshoot\"},{\"Code\":\"BadRequest\"},{\"ErrorEntity\":{\"ExtendedCode\":\"52036\",\"MessageTemplate\":\"Please select all the Microsoft.Web resources from '{0}' resource group for cross-subscription migration. Also, please ensure destination resource group '{1}' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together:{2}. Please check this link for more information: {3}\",\"Parameters\":[\"RG-VMs\",\"Rg-Dest\",\" Test-Function-App001 (Microsoft.Web/sites)\\r\\n Test-App-Ser (Microsoft.Web/sites)\\r\\n ASP-RGVMs-ba9d (Microsoft.Web/serverFarms)\\r\\n ASP-RGVMs-bc50 (Microsoft.Web/serverFarms)\\r\\n 522312DA8771ED22F143DC297BF75F9C8EAF171E-RG-VMs-CanadaCentralwebspace (Microsoft.Web/certificates)\\r\\n\",\"https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Web/sites/Test-Function-App001/troubleshoot\",\"0\"],\"Code\":\"BadRequest\",\"Message\":\"Please select all the Microsoft.Web resources from 'RG-VMs' resource group for cross-subscription migration. Also, please ensure destination resource group 'Rg-Dest' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together: Test-Function-App001 (Microsoft.Web/sites)\\r\\n Test-App-Ser (Microsoft.Web/sites)\\r\\n ASP-RGVMs-ba9d (Microsoft.Web/serverFarms)\\r\\n ASP-RGVMs-bc50 (Microsoft.Web/serverFarms)\\r\\n 522312DA8771ED22F143DC297BF75F9C8EAF171E-RG-VMs-CanadaCentralwebspace (Microsoft.Web/certificates)\\r\\n. Please check this link for more information: https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Web/sites/Test-Function-App001/troubleshoot\"}}],\"Innererror\":null}"}]}

image

Subscription to Subscription Move Possibilities

You can move App Service resources with other types of resources. The following demonstrates how the resources App Service, Function App, VM, VNet, Storage account, and RSV can all be moved in one operation:

image

--------------------------------------------------------------------------------------------------------------------------- 

You can move a App Service with a custom domain configured and a SSL certificate binded as long as all the resources are moved together:

image

image

image

----------------------------------------------------------------------------------------------------------------------------

Having a VNet configured for the App Service (VNet Integration) does not stop you from migrating the App Service to another subscription. This essentially means that You can move the App Service and App Plan without removing VNet integration even if the VNet is still in the source subscription. I’ve also noticed that it is possible to assign a VNet and subnet from another subscription (cross subscriptions) when configuring VNet integration for an App Service.

With the above said, I have not been able to test whether VNet integration would continue to work so if anyone reading this post has experience with this, please leave a comment.

image

Hope this helps anyone who may be looking for more information about what the migration of App Services and other related resources from one subscription to another would look like.

Posted by at 4 comments:
Labels: , , ,

Citrix Virtual Apps and Desktops Machine Catalog displaying "Power State" as "Unknown"

Problem

You have a Citrix Virtual Apps and Desktops environment hosted with Citrix Cloud Connectors connecting to Citrix cloud and noticed that the management portal displays virtual machines in a machine catalog with the Power State as Unknown:

image

This appears to only affect machines hosted by a specific vCenter because virtual desktops hosted on a different vCenter displays the Power State properly. Monitoring the VDIs also indicate that users are not able to connect to them.

Solution

A quick search on the internet will only return the following Citrix KB that refers to an on-premise deployment without Citrix Cloud connectors:

VM's Power State Does Not Update And Shows As "Unknown" After vCenter Server Reboots
https://support.citrix.com/article/CTX238157

Although not stated in the KB, the issue can be resolved by turning off and turning On the Maintenance mode for the vCenter connection as such:

image
Posted by at No comments:
Labels: , ,

Monday, April 26, 2021

Moving an Azure virtual machine and the Recovery Services Vault with its backups from one subscription to another

For those who have undertaken the task or project to move resources from one Azure subscription to another will know that the operation within the Azure Portal is a matter of a few clicks but the complexity can significantly increase depending on the type, the amount, and the dependencies of the resources that are being moved. While I feel that Microsoft will eventually make this potentially painful process something of the pass, it can be a daunting task today as I write this post. To help demystify a common operation that is made, I would like to demonstrate how to move an Azure virtual machine and the Recovery Services Vault with its backups from one subscription to another.

Microsoft Documentation

To begin, I would like to provide the following three links that should be reviewed to understand the operations this post will be demonstrating:

Move resources to a new resource group or subscription
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/move-resource-group-and-subscription

Move a Recovery Services vault across Azure Subscriptions and Resource Groups
https://docs.microsoft.com/en-us/azure/backup/backup-azure-move-recovery-services-vault?toc=/azure/azure-resource-manager/toc.json

Move operation support for resources
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/move-support-resources

Move guidance for virtual machines
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/move-limitations/virtual-machines-move-limitations

Test Environment

The following are the two Pay-as-you-go subscriptions I’ll be using:

image

The following is the Test-VM I will be moving from Azure Source Sub to Azure Destination Sub (note that tags are configured for this VM):

image

The following are the components all placed into the resource group RG-VMs and their respective Resource IDs, which will change after the subscription move:

Virtual Machine:
/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Compute/virtualMachines/Test-VM

VM NIC:
/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Network/networkInterfaces/Test-VM-nic-9190f27cc6cc40a3bede740db168b0d3

VM Public IP with Basic SKU (basic SKU IP addresses can be moved but standard cannot):
/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Network/publicIPAddresses/Test-VM-pip-90462821bc164f12a624afccf204b93c

VNet:
/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Network/virtualNetworks/Test-VNet

VM Disk:
/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Compute/disks/testvm-osdisk-20210424-103611

image

The following is the Recovery Services Vault that is configured to backup the Test-VM:

image

The following is the backup status for the Test-VM (note that there are backups configured and a few restore points):

image

Different behavior during Subscription to Subscription Move

I’ve found that the subscription to subscription move operation changes depending on when you run it.

clip_image001

One of them will run a validation check prior then stopping to allow you to initiate it. The second will run the validation and upon successfully completing it will automatically initiate the move. There does not appear to be any consistency in which is presented but the GUI will be different so it is best to assume that you will not get the option to initiate the move.

Subscription to Subscription Move Blockers (Validation errors)

The subscription to subscription move operation will run a validation check prior to allow you to initiate it and the following are the type of errors that would be presented.

You cannot move a VM with backups enabled:

image

{"code":"DiskHasRestorePoints","target":"Microsoft.Compute/disks","message":"The move resources request contains resources like /subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Compute/disks/testvm-osdisk-20210424-103611 that are being backed up as part of a Azure Backup job. Browse the link https://aka.ms/vmbackupmove for information.","details":[{"code":"DiskHasRestorePoints","target":"/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Compute/disks/testvm-osdisk-20210424-103611","message":"The move resources request contains resources like /subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Compute/disks/testvm-osdisk-20210424-103611 that are being backed up as part of a Azure Backup job. Browse the link https://aka.ms/vmbackupmove for information."}]}

image

You cannot move a VM without deleting its restore collection points even if the backup is disabled:

The same message is displayed as having backups configured but the component that isn’t passing the validation is DiskHasRestorePoints:

{"code":"DiskHasRestorePoints","target":"Microsoft.Compute/disks","message":"The move resources request contains resources like /subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Compute/disks/testvm-osdisk-20210424-103611 that are being backed up as part of a Azure Backup job. Browse the link https://aka.ms/vmbackupmove for information.","details":[{"code":"DiskHasRestorePoints","target":"/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Compute/disks/testvm-osdisk-20210424-103611","message":"The move resources request contains resources like /subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Compute/disks/testvm-osdisk-20210424-103611 that are being backed up as part of a Azure Backup job. Browse the link https://aka.ms/vmbackupmove for information."}]}

image

You cannot move a VM attached to a VNET that has another VM attached to it that is not being moved:

In this example, the Test-VM to be migrated is attached to the Test-VNet VNet. This VNet also has another VM named Test-VM2 attached to it, which isn’t being moved.

{"code":"MissingMoveDependentResources","target":"Microsoft.Network/virtualNetworks","message":"The move resources request does not contain all the dependent resources. Please check details for missing resource Ids.","details":[{"code":"0","message":"/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Compute/virtualMachines/Test-VM2"},{"code":"0","message":"/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Network/publicIPAddresses/Test-VM2-ip"}]

image

You cannot move a VM without the VNet it is attached to:

image

{"code":"MissingMoveDependentResources","target":"Microsoft.Network/networkInterfaces","message":"The move resources request does not contain all the dependent resources. Please check details for missing resource Ids.","details":[{"code":"0","message":"/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Network/virtualNetworks/Test-VNet"}]}

image

You cannot move a VM with a public IP address without moving the VNet it is attached to:

image

{"code":"MissingMoveDependentResources","target":"Microsoft.Network/publicIPAddresses","message":"The move resources request does not contain all the dependent resources. Please check details for missing resource Ids.","details":[{"code":"0","message":"/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Network/virtualNetworks/Test-VNet"}]}

image  

You cannot move a VM without the attached public IP address that is assigned to it (you can move a Basic SKU IP address but not Standard):

image

{"code":"MissingMoveDependentResources","target":"Microsoft.Network/networkInterfaces","message":"The move resources request does not contain all the dependent resources. Please check details for missing resource Ids.","details":[{"code":"0","message":"/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Network/publicIPAddresses/Test-VM-pip-90462821bc164f12a624afccf204b93c"},{"code":"0","message":"/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Network/virtualNetworks/Test-VNet"}]}

image

You cannot move a VM with a dependent VNet that has a VNet Peering configured with another VNet regardless of whether the peered VNet is being moved as well:

image

{"code":"CannotMoveResource","target":"Microsoft.Network/virtualNetworks","message":"Cannot move one or more resources in the request. Please check details for information about each resource.","details":[{"code":"CannotMoveVnetDueToPeering","message":"Cannot move virtual network /subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Network/virtualNetworks/Test-VNet because it's peered with other virtual networks: /subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-NewVNet/providers/Microsoft.Network/virtualNetworks/Test-VNet2."}]}

image

You cannot move a VNet with App Service attached to it (Regional VNet Integration):

{"code":"CannotMoveResource","target":"Microsoft.Network/virtualNetworks","message":"Cannot move one or more resources in the request. Please check details for information about each resource.","details":[{"code":"CannotMoveResourceDueToReference","message":"Cannot move resource /subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Network/virtualNetworks/Test-VNet since it references resource /subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Web/serverfarms/ASP-RGVMs-9e72, which does not support move or updating references after the move."}]}

image

The validation process will not throw and error if you attempt to move a recovery services vault with backups enabled. However, you will need to move the virtual machines along with it and use the same target VM resource group name (as it was in old subscription) to continue backups.

It is important to note that regardless of whether the virtual machine is configured to be backed up by the Recovery Services Vault again, you will be able to restore the backups carried over from the time when the RSV was in the old subscription.

Moving virtual machine from one subscription to another

Step #1 – Identify Dependencies for all components

Before starting any configuration, it is important to spend time to identify every component of the virtual machine that are dependent on a resource in which other components that are not being moved are dependent on. An example of this is if you have to virtual machines:

  • Test-VM1
  • Test-VM2

… and both of these VMs have NICs connected to the same VNet. As mentioned earlier, you cannot move a virtual machine without the VNet it is connected to and attempting to move a VNet means you would also need to move other machines in that same VNet. When you need to move all VMs attached to the same VNet, you will also need to consolidate those VM resources into the same resource group. Finally, then there are other component such as App Services, which can use Regional VNet Integration, which attaches to a VNet for egress traffic that would be routed directly to the VNet instead of the internet but is not supported to be moved when attached to a VNet. Leverage information and diagrams provided by the Azure portal for planning (e.g. VNet > Monitoring > Diagram to identify resources connected to the VNet). Only proceed to the next step after all the dependent components have been identified.

Step #2 – Disable backup for virtual machine

Navigate to the backup configuration for the virtual machine and click on Stop backup to stop the backup:

image

There are two options for how the backup data is handled. Retain Backup Data will retain the backups until the retention period is reached, in which the backup will expire. Delete Backup Data will remove the backups immediately:

image

Successfully stopping the backup will disable the Stop backup button and enable the Resume backup button will be available as well as state the Last backup status as Warning(Backup disabled):

image

Step #3 – Delete restore point collections

With the backup disabled for the virtual machine, proceed to delete the delete the restore points from the vault by locating the resource group Azure creates when a Recovery Services Vault is created. The naming convention is:

AzureBackupRG_<RSV-region>_1

image

You won’t see the restore point collections until you select Show hidden types:

imageimage

Proceed to select the restore point collection and delete them (this will not delete the existing backups OR prevent the restore of them):

image

Step #4 – Delete any VNet peerings

As the VM’s NIC will be associated with a VNET, any peerings configured between the VNet will need to be deleted. Note that you will need to do this even if the VNet was peered with another VNet that is being moved at the same time.

Step #5 – Consolidate the virtual machine and all of its dependent resources into one resource group

Ensure that all the components of the virtual machine as well as dependent components are placed into one resource group so they can be selected to together and be moved.

Step #6 – Move virtual machine and machine and all of its dependent resources to the destination subscription

Proceed to initiate the move of the resources to the destination subscription (you can move the RSV together with the resources as well), which will not cause an outage as the resource will continue to be reachable. This particular VM also has a Basic SKU public IP address which allows for subscription transfers so attempting to constantly PING the IP address during the move will show that no replies are missed:

image

You will need to select the checkbox indicating the following to proceed with the move:

I understand that tools and scripts associated with moved resources will not work until I update them to use new resource IDs

image

Step #7 – Move Recovery Services Vault to destination subscription

If the Recovery Services Vault of the virtual machine was not moved with the VM, proceed to move it into the destination subscription:

image

image

Step #8 – Enable backups for virtual machine

If you place the virtual machine into a resource group in the target subscription that has the same as the resource group in the source subscription then you can simply click on the Resume backup button to re-enable backups with the same backup item object. If the migrated VM is in a resource group that is a different name then a new backup item will be configured.

image

Note that if you’ve placed the VM in the target subscription that has the same as the resource group in the source subscription then attempting to add a VM to be backed up will display:

There are on virtual machines that can be backed up in this vault.

image

With the resources migrated to the new subscription, remember to update any applications and services that reference the resource ID as the URL will have been changed. The following lists the original and the updated resource IDs of the moved VM:

Virtual Machine:

/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Compute/virtualMachines/Test-VM

/subscriptions/22d77ef8-89c3-40c2-8730-e786114770a0/resourceGroups/RG-VMs/providers/Microsoft.Compute/virtualMachines/Test-VM

VM NIC:

/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Network/networkInterfaces/Test-VM-nic-9190f27cc6cc40a3bede740db168b0d3

/subscriptions/22d77ef8-89c3-40c2-8730-e786114770a0/resourceGroups/RG-VMs/providers/Microsoft.Network/networkInterfaces/Test-VM-nic-9190f27cc6cc40a3bede740db168b0d3

VM Public IP with Basic SKU (basic SKU IP addresses can be moved but standard cannot):

/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Network/publicIPAddresses/Test-VM-pip-90462821bc164f12a624afccf204b93c

/subscriptions/22d77ef8-89c3-40c2-8730-e786114770a0/resourceGroups/RG-VMs/providers/Microsoft.Network/publicIPAddresses/Test-VM-pip-90462821bc164f12a624afccf204b93c

VNet:

/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Network/virtualNetworks/Test-VNet

/subscriptions/22d77ef8-89c3-40c2-8730-e786114770a0/resourceGroups/RG-VMs/providers/Microsoft.Network/virtualNetworks/Test-VNet

VM Disk:

/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Compute/disks/testvm-osdisk-20210424-103611

/subscriptions/22d77ef8-89c3-40c2-8730-e786114770a0/resourceGroups/RG-VMs/providers/Microsoft.Compute/disks/testvm-osdisk-20210424-103611

Resource tags will be retained across subscriptions moves:

Source Subscription:

image

Destination Subscription:

image

Other Resource Moves

The following are a few other resources not related to virtual machines that I would like to add to this post.

Managed Identities

As per the documentation:

Move operation support for resources - Microsoft.ManagedIdentity

https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/move-support-resources#microsoftmanagedidentity

Cross subscription moves of Managed Identities are not supported. Attempting to move a managed identity will fail with the following message:

{"code":"ResourceMoveProviderValidationFailed","message":"Resource move validation failed. Please see details. Diagnostic information: timestamp '20210426T221659Z', subscription id 'b0957dbf-1cad-4e5e-9360-341ccc197953', tracking id 'c5bcd133-aea2-4481-8b4d-b59a94844056', request correlation id '1e7ed70c-1ba5-458e-a59f-f4fe15179740'.","details":[{"code":"BadRequest","target":"Microsoft.ManagedIdentity/userAssignedIdentities","message":"The identity type is invalid for the requested operation."}]}

image

----------------------------------------------------------------------------------------------------------------------------

Alert Rules

As per the documentation, Alert rules (microsoft.insights/metricalerts) cannot be move across subscriptions:

{"code":"ResourceMoveValidationFailed","message":"The resource batch move request has '2' validation errors. Diagnostic information: timestamp '20210430T153645Z', tracking Id is '471b94fd-ee3a-4198-84bf-8960aa1ef13e'."},{"code":"ResourceMoveNotSupported","target":"/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/microsoft.insights/metricalerts/Alert CPU Consumed","message":"Resource move is not supported for resource types 'microsoft.insights/metricalerts'."}]}

image

One of the ways to migrate the alert rules over is to redeploy alerts to target subscription from source subscription using the Deploy option:

image

image

----------------------------------------------------------------------------------------------------------------------------

Private Endpoints

Cross subscription migration for Private Endpoints are not supported and the following validation error would be presented if an attempt to move it is made:

{"code":"ResourceMoveProviderValidationFailed","message":"Resource move validation failed. Please see details. Diagnostic information: timestamp '20210426T225744Z', subscription id 'b0957dbf-1cad-4e5e-9360-341ccc197953', tracking id '63d9dac6-70bb-41ce-ac36-b354700f810a', request correlation id '9f8792df-9c8d-4a95-b63a-c7def04b1b84'.","details":[{"code":"CannotMoveResource","target":"Microsoft.Network/privateEndpoints","message":"Cannot move one or more resources in the request. Please check details for information about each resource.","details":[{"code":"MoveNotSupported","message":"Move for resource type privateEndpoints is not supported. Move request contains resource /subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Network/privateEndpoints/PrivateEndpoint of that type."}]}]}

image

The same will be presented for any VNets with a Private Endpoint attached to it:

{"code":"ResourceMoveProviderValidationFailed","message":"Resource move validation failed. Please see details. Diagnostic information: timestamp '20210426T230301Z', subscription id 'b0957dbf-1cad-4e5e-9360-341ccc197953', tracking id 'e507a53e-7793-4c3c-8dda-68829f8988ed', request correlation id '9d032a97-e55d-41e7-9688-bc6085437836'.","details":[{"code":"MissingMoveDependentResources","target":"Microsoft.Network/virtualNetworks","message":"The move resources request does not contain all the dependent resources. Please check details for missing resource Ids.","details":[{"code":"0","message":"/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Network/networkInterfaces/PrivateEndpoint.nic.c35a3d15-6f0e-4f7a-bf2a-caa7297a2152"},{"code":"0","message":"/subscriptions/b0957dbf-1cad-4e5e-9360-341ccc197953/resourceGroups/RG-VMs/providers/Microsoft.Network/privateEndpoints/PrivateEndpoint"}]}]}

image

Hope this helps anyone who may be looking for more information about what the migration of VMs from one subscription to another would look like.

Posted by at 1 comment:
Labels: , , ,
Subscribe to: Posts (Atom)