Skip to content

Azure agent troubleshooting

Public preview

This topic details some common issues and frequently asked questions encountered in installing and configuring an agent on Azure.


Failed to create role assignments

If you see the following error:

Tenant ID, application ID, principal ID, and scope are not allowed to be updated.

This is because the role assignment already exists for another identity. To resolve this issue:

  1. Log in to the Azure Portal.
  2. Use the search bar to search for "resource groups", and click the Resource groups result.
  3. On the Resource groups screen, select the resource group you are using for the agent.
  4. Click Access control (IAM).
  5. Locate the problematic role assignment, click its checkbox to select it, and click Remove at the top of the list.

Conflict when creating the key vault

If you see the following error:

A vault with the same name already exists in deleted state. You need to either recover or purge existing key vault. Follow this link https://go.microsoft.com/fwlink/?linkid=2149745 for more information on soft delete.

This is because a key vault with the same name existed before and has been deleted, or a key vault with the same name exists in another resource group.

You can specify a different name on the template deployment page, or, if it's a deleted vault, purge it.


The environment network configuration is invalid: The subnet and its addressPrefix could not be found

This may occur when deploying a Container App environment with the infrastructureSubnetId property set to an existing subnet reference with a /23 address size. The deployment will fail with the following error:

{
    "status": "Failed",
    "error": {
        "code": "ManagedEnvironmentInvalidNetworkConfiguration",
        "message": "The environment network configuration is invalid: The subnet and its addressPrefix could not be found."
    }
}

This occurs because Azure Container apps don't support virtual network subnets with addressPrefixes, only with addressPrefix.

To resolve this issue, you will need to create a new subnet or recreate the whole virtual network.


Using the agent with a static IP address

The default installation process assumes a dynamic IP address. If you require a static public IP address, you will need to add a NAT gateway to the subnet. This will allow any resources deployed to the subnet to present the public IP address of the NAT gateway.


Using the agent with a proxy server

Some additional configuration is required to use the agent through a proxy server. For details, read Using a proxy server with the agent.