Cannot manage App Gateway WAF_v2 via Powershell RRS feed

  • Question

  • I was able to create and configure an Azure App Gateway WAF v2 appliance via Powershell just a couple weeks ago, and successfully set it to use end-to-end SSL. Today, however, when trying to perform any actions against the app gateway via Azure Powershell, I get an error stating that I need to target a different API version. How can I do this?

    These are the commands I'm running and the error it displays, even though these commands were working fine a couple weeks ago:

    PS C:\Users\user> $cert = Add-AzureRmApplicationGatewaySSLCertificate -Name "wildcard_cert_2020" -CertificateFile "c:\users\user\downloads\star_cert.com_2020.pfx" -Password $passwd -ApplicationGateway $gw
    PS C:\Users\user> Set-AzureRmApplicationGateway -ApplicationGateway $gw
    Set-AzureRmApplicationGateway : Specified api-version '2017-11-01' does not support property 'WAF_v2' in context '/subscriptions/e1111111-111e-1111-11a1-1111111111111/resourceGroups/Platform-Staging/providers/Microsoft.Network/applicationGateways/stg-appgwwaf1'. Use at least api-version '2018-04-01' or remove property 'WAF_v2' from the request body.
    At line:1 char:1
    + Set-AzureRmApplicationGateway -ApplicationGateway $gw
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : CloseError: (:) [Set-AzureRmApplicationGateway], CloudException
        + FullyQualifiedErrorId : Microsoft.Azure.Commands.Network.SetAzureApplicationGatewayCommand

    • Edited by noamo48 Monday, May 20, 2019 4:23 PM
    Monday, May 20, 2019 4:22 PM

All replies

  • Hi,

    Did this work before on the same machine or could the PowerShell version be different? You can manually set API level with the below or update your local 

    -ApiVersion "2018-04-01" 

    But that doesnt answer why it stopped working unless it was removed from the old API for some reason?

    Or update the AzureRM version with:

    Install-Module -Force AzureRM -AllowClobber

    Let me know if that helps?



    Monday, May 20, 2019 9:26 PM
  • You can also try updating to the new Az Module
    Monday, May 20, 2019 9:44 PM
  • I cannot set the API version using that switch. I get an error if I try. I think that's only valid for a different command. Once I updated the AzureRM module using "Install-Module -Force AzureRM -AllowClobber", I re-ran the command and received the error:

    Set-AzureRmApplicationGateway : Long running operation failed with status 'Failed'. Additional Info:'An error

    Now, when I check my app gateway, it is showing a red "Failed" banner in the portal and in Powershell, it shows the ProvisioningState "Failed". 

    Monday, May 20, 2019 10:57 PM
  • Hi,

    If you delete the failed resource and then try the deployment again with your updated AzureRM PowerShell modules that may work.

    Give that a try and let me know how you get on.



    Tuesday, May 21, 2019 11:00 AM
  • The suggestion to delete a resource and redeploy should never be an acceptable solution. Luckily this was our staging WAF so it is less important, but had this happened to the production WAF, I can't quite just blow it away and redeploy....it's not that easy. 

    In any case I have opened a ticket with Azure Support and so far they have had no success determining the cause or resolution. Waiting for the Product team to get involved.

    Wednesday, May 22, 2019 9:45 PM
  • Hi,

    You are absolutely right - sorry for that.  I misread this and thought the original deployment had failed, not that it was a live WAF that was just showing as failed. Please accept my apologies for that.

    Did you get this resolved?



    Friday, May 24, 2019 6:41 PM
  • No harm done, so no worries. Unfortunately the app gw is still in a failed state. Support hasn't been able to figure it out yet. I'll update if/when they find a resolution. Thanks
    Friday, May 24, 2019 7:57 PM