-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error in initial setup #417
Comments
Hi @DevanshuSyk , Can you please share exact parameters passed on for Install-AzSKTenantSecuritySolutionConsolidated? That will help us investigate further |
Connect to AzureAD and AzAccountNote: Tenant Id must be specified when connecting to Azure AD and AzAccount$TenantId = "" -----------------------------------------------------------------#Step 2: Run installation command.-----------------------------------------------------------------#$DeploymentResult = Install-AzSKTenantSecuritySolutionConsolidated note:tennat and subid has been removed from the post |
Hi @DevanshuSyk , seems "`" at end of each of the parameters is missing. Could you please add these and try again as below? $DeploymentResult = Install-AzSKTenantSecuritySolutionConsolidated -ScanningIdentityHostSubId "" `
-ScanningIdentityHostRGName 'AZTS' `
-ScanningIdentityName 'AZTS' `
-SubscriptionId ' ' `
-ScanHostRGName 'AZTS' `
-Location 'eastus2' `
-SubscriptionsToScan @("") `
-SREEmailIds @('') `
-GrantGraphPermissionToScanIdentity:$true `
-GrantGraphPermissionToInternalIdentity:$true `
-SetupAzModules `
-AzureEnvironmentName AzureCloud `
-EnableAutoUpdates `
-EnableAzTSUI `
-Verbose |
Hello i am not sure what you mean by parameter missing ? |
Hi @DevanshuSyk , please check updated previous comment |
Ah tyvm .Let me try again |
Same error Status Message: The Resource 'Microsoft.Web/sites/AzSK-AzTS-WebApi-31af7' under resource group 'AZTS' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix (Code:ResourceNotFound) Status Message: The Resource 'Microsoft.Web/sites/AzSK-AzTS-AutoUpdater-31af7' under resource group 'AZTS' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix (Code:ResourceNotFound) CorrelationId: 1b70944a-68a4-4a4e-831f-8ebf1a43312a]. |
Hi @DevanshuSyk , Thanks for sharing details, here it's showing only 3 errors out of 9. Can you please check apart from 'this resource not found' error is there any other error. This information is needed to understand why required resource are not getting created. |
hanxk for reply .Here you go . { |
This 'RoleAssignmentUpdateNotPermitted' error could occur, if try to run installation command multiple time in same RG, because conflicts occurs due to previous role assignments. If this is the case, please try following,
|
Closing this issue as there has been no activity for couple of days. Please feel free to reopen if you have any further questions or comments. |
Hello ,
while using "Method-B" i am getting the following error message
VERBOSE: 12:26:58 PM - Resource Microsoft.Web/sites/Extensions 'AzSK-AzTS-MetadataAggregator-31af7/MSDeploy' provisioning status is succeeded
Template deployment returned following errors: [12:26:58 PM - The deployment 'AzTSenvironmentsetup-20242529T122537' failed with error(s). Showing 3 out of 9 error(s).
Status Message: The Resource 'Microsoft.Web/sites/AzSK-AzTS-UI-31af7/slots/Staging-31af7' under resource group 'AZTS' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix (Code:ResourceNotFound)
Status Message: The Resource 'Microsoft.Web/sites/AzSK-AzTS-UI-31af7/slots/Staging-31af7' under resource group 'AZTS' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix (Code:ResourceNotFound)
Status Message: The Resource 'Microsoft.Web/sites/AzSK-AzTS-UI-31af7' under resource group 'AZTS' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix (Code:ResourceNotFound)
CorrelationId: 68d7a0f8-cbff-4591-b773-9ee1d49034c6].
Log file content
================================================================================
Method Name: Install-AzSKTenantSecuritySolutionConsolidated
Input Parameters:
Key Value
ScanningIdentityHostSubId 00000000000
ScanningIdentityHostRGName AZTS
ScanningIdentityName AZTS
SubscriptionId 00000000000
ScanHostRGName AZTS
Location eastus2
TargetSubscriptionIds {00000000000
SendAlertNotificationToEmailIds {00000000000}
================================================================================
Starting Azure Tenant Security Solution installation. This may take 5 mins...
This command will perform following major steps. It will:
[0] Validate and install required Az modules (Optional)
[1] Setup central scanning managed identity
[2] Create Azure AD application for secure authentication (Optional)
[3] Setup infra resources and schedule daily security control scan on target subscriptions
================================================================================
Step 1.A: Set up scanning identity.
Setting up Azure Tenant Security scanner identity...
Resource id and principal Id generated for user identity:/resourcegroups/AZTS/providers/Microsoft.ManagedIdentity/userAssignedIdentities/AZTS
Step 1.B: Grant Graph permissions to scanning identity.
Skipped: Graph permissions not granted to scanner identity.
** Next steps **
Use Grant-AzSKGraphPermissionToUserAssignedIdentity command to grant graph permission to this scanner identity. This permission will be required to read data in your organization's directory such as Privileged Identity Management (PIM), users, groups and apps details.
================================================================================
Step 2: Setup AD application for AzTS UI and API.
Skipped: This step has been skipped as AzTS UI is not enabled for the setup.
================================================================================
Step 3.A: Install AzTS setup.
Started setting up Azure Tenant Security Solution...
Error occurred during deployment of AzTS components in subscription.
Command executed
$DeploymentResult = Install-AzSKTenantSecuritySolutionConsolidated
-ScanningIdentityHostSubId ""
-ScanningIdentityHostRGName 'AZTS'
-ScanningIdentityName 'AZTS'
-SubscriptionId ''
-ScanHostRGName 'AZTS'
-Location 'eastus2'
-SubscriptionsToScan @("3")
-SREEmailIds @(
#Email Ids of Site Reliability Engineers or Users who should receive monitoring alerts -GrantGraphPermissionToScanIdentity:$true
-GrantGraphPermissionToInternalIdentity:$true
-SetupAzModules
-AzureEnvironmentName AzureCloud
-EnableAutoUpdates
-EnableAzTSUI `
-Verbose
The text was updated successfully, but these errors were encountered: