How to fix failed VMSS deployment with error "unknown network allocation error"

1
votes

I am trying to deploy a 3-tier architecture to Azure using the Azure PowerShell CLI and a customized ARM template with parameters. I am not having any issues with the powershell script or the template's validity.

Within the template, among other things are two Virtual Machine Scale Sets, one for the front-end and one for the back-end. Front-end is windows and back-end is red hat. The front-end is behind an application gateway while the back-end is behind a load balancer. What's weird is that the front-end VMSS is deploying no problem and all is well. The back-end VMSS fails every time I try to deploy it, with a vague "Unknown network allocation error" message that I have no idea how to debug (since it provides no specifics unlike all of my other error messages so far).

I based the ARM template on an exported template from a working model of this architecture in another resource group and modified the parameters and have spent a while cleaning up issues and errors with Azure's exported template. I have tried deleting and starting from scratch but it doesn't seem to fix this problem. I thought it was possible I reached the limit of free-subscription processors so I tried making the front-end VMSS dependent on the back-end VMSS so the back-end VMSS would be created first, but the same issue still happened.

Here is the back-end VMSS part of the template:

{
      "type": "Microsoft.Compute/virtualMachineScaleSets",
      "apiVersion": "2018-10-01",
      "name": "[parameters('virtualMachineScaleSets_JakeAppBESS_name')]",
      "location": "westus2",
      "dependsOn": [
        "[parameters('loadBalancers_JakeAppBESSlb_name')]"
      ],
      "sku": {
        "name": "Standard_B1ls",
        "tier": "Standard",
        "capacity": 1
      },
      "properties": {
        "singlePlacementGroup": true,
        "upgradePolicy": {
          "mode": "Manual"
        },
        "virtualMachineProfile": {
          "osProfile": {
            "computerNamePrefix": "jakeappbe",
            "adminUsername": "Jake",
            "adminPassword": "[parameters('JakeApp_Password')]",
            "linuxConfiguration": {
              "disablePasswordAuthentication": false,
              "provisionVMAgent": true
            },
            "secrets": []
          },
          "storageProfile": {
            "osDisk": {
              "createOption": "FromImage",
              "caching": "ReadWrite",
              "managedDisk": {
                "storageAccountType": "Premium_LRS"
              }
            },
            "imageReference": {
              "publisher": "RedHat",
              "offer": "RHEL",
              "sku": "7.4",
              "version": "latest"
            }
          },
          "networkProfile": {
            "networkInterfaceConfigurations": [
              {
                "name": "[concat(parameters('virtualMachineScaleSets_JakeAppBESS_name'), 'Nic')]",
                "properties": {
                  "primary": true,
                  "enableAcceleratedNetworking": false,
                  "dnsSettings": {
                    "dnsServers": []
                  },
                  "enableIPForwarding": false,
                  "ipConfigurations": [
                    {
                      "name": "[concat(parameters('virtualMachineScaleSets_JakeAppBESS_name'), 'IpConfig')]",
                      "properties": {
                        "subnet": {
                          "id": "[concat('/subscriptions/', parameters('subscription_id'), '/resourceGroups/', parameters('resource_Group'), '/providers/Microsoft.Network/virtualNetworks/', parameters('virtualNetworks_JakeAppVnet_name'), '/subnets/BEsubnet')]"
                        },
                        "privateIPAddressVersion": "IPv4",
                        "loadBalancerBackendAddressPools": [
                          {
                            "id": "[concat('/subscriptions/', parameters('subscription_id'), '/resourceGroups/', parameters('resource_Group'), '/providers/Microsoft.Network/loadBalancers/', parameters('loadBalancers_JakeAppBESSlb_name'), '/backendAddressPools/bepool')]"
                          }
                        ],
                        "loadBalancerInboundNatPools": [
                          {
                            "id": "[concat('/subscriptions/', parameters('subscription_id'), '/resourceGroups/', parameters('resource_Group'), '/providers/Microsoft.Network/loadBalancers/', parameters('loadBalancers_JakeAppBESSlb_name'), '/inboundNatPools/natpool')]"
                          }
                        ]
                      }
                    }
                  ]
                }
              }
            ]
          },
          "priority": "Regular"
        },
        "overprovision": true
      }
    },


For reference, here's the front-end VMSS's part of the template so you can compare and see that there aren't many differences:

`    {
      "type": "Microsoft.Compute/virtualMachineScaleSets",
      "apiVersion": "2018-10-01",
      "name": "[parameters('virtualMachineScaleSets_JakeAppFESS_name')]",
      "location": "westus2",
      "dependsOn": [
        "[parameters('applicationGateways_JakeAppFE_AG_name')]",
      ],
      "sku": {
        "name": "Standard_B1ls",
        "tier": "Standard",
        "capacity": 1
      },
      "properties": {
        "singlePlacementGroup": true,
        "upgradePolicy": {
          "mode": "Manual"
        },
        "virtualMachineProfile": {
          "osProfile": {
            "computerNamePrefix": "jakeappfe",
            "adminUsername": "Jake",
            "adminPassword": "[parameters('JakeApp_Password')]",
            "windowsConfiguration": {
              "provisionVMAgent": true,
              "enableAutomaticUpdates": true
            },
            "secrets": []
          },
          "storageProfile": {
            "osDisk": {
              "createOption": "FromImage",
              "caching": "ReadWrite",
              "managedDisk": {
                "storageAccountType": "Premium_LRS"
              }
            },
            "imageReference": {
              "publisher": "MicrosoftWindowsServer",
              "offer": "WindowsServer",
              "sku": "2016-Datacenter",
              "version": "latest"
            }
          },
          "networkProfile": {
            "networkInterfaceConfigurations": [
              {
                "name": "[concat(parameters('virtualMachineScaleSets_JakeAppFESS_name'), 'Nic')]",
                "properties": {
                  "primary": true,
                  "enableAcceleratedNetworking": false,
                  "dnsSettings": {
                    "dnsServers": []
                  },
                  "enableIPForwarding": false,
                  "ipConfigurations": [
                    {
                      "name": "[concat(parameters('virtualMachineScaleSets_JakeAppFESS_name'), 'IpConfig')]",
                      "properties": {
                        "subnet": {
                          "id": "[concat('/subscriptions/', parameters('subscription_id'), '/resourceGroups/', parameters('resource_Group'), '/providers/Microsoft.Network/virtualNetworks/', parameters('virtualNetworks_JakeAppVnet_name'), '/subnets/FEsubnet')]"
                        },
                        "privateIPAddressVersion": "IPv4",
                        "applicationGatewayBackendAddressPools": [
                          {
                            "id": "[concat('/subscriptions/', parameters('subscription_id'), '/resourceGroups/', parameters('resource_Group'), '/providers/Microsoft.Network/applicationGateways/', parameters('applicationGateways_JakeAppFE_AG_name'), '/backendAddressPools/appGatewayBackendPool')]"
                          }
                        ]
                      }
                    }
                  ]
                }
              }
            ]
          },
          "priority": "Regular"
        },
        "overprovision": true
      }
    },

I expected them to both behave similarly. Granted, back-end is RH linux while front-end is windows, and the front-end is behind an application gateway while the back-end is behind a load balancer, but this setup is working perfectly fine in my other resource group that was deployed through the portal instead of through ARM. But every time I try to deploy this I get this error:

New-AzureRmResourceGroupDeployment : 1:30:56 AM - Resource Microsoft.Compute/virtualMachineScaleSets 'ProdBESS' failed with message '{
  "status": "Failed",
  "error": {
    "code": "ResourceDeploymentFailure",
    "message": "The resource operation completed with terminal provisioning state 'Failed'.",
    "details": [
      {
        "code": "NetworkingInternalOperationError",
        "message": "Unknown network allocation error."
      }
    ]
  }
}'
1
jsonazurepowershellazure-resource-manager
does your subnet has enough ip addresses? do you have a dedicated subnet for application gateway?4c74356b41
I have 3 subnets in the Vnet. One for the front-end VMSS (250 available addresses), one for the back-end VMSS (250 available addresses), and one just for the application gateway (11 available addresses)orbtl
looks okaish, try deploying to a different region? to a different resource group?4c74356b41
I've been deleting the entire resource group and remaking the whole thing with the same issue. I just tried a completely different resource group in a different region (centralus, was using westus2 before). Still getting the same errororbtl

1 Answers

1
votes

Okay I finally figured out what the issue was, so if anyone searching finds this thread in the future having the same error:

Apparently the part of the template dealing with the load balancer for the VMSS (which was exported from azure portal) had two conflicting inbound nat pools (overlapping port ranges). Once I deleted the part of the template creating the conflicting extra nat pool my VMSS deployed properly without issue.

No idea at all why the azure portal exported me a template with an extra nat pool that had never existed (there was only 1 on the original LB I exported the template from).