none
The client has permission to perform action 'Microsoft.Network/virtualNetworks/subnets/join/action' on scope xxx, however the linked subscription 'resourceGroups' was not found

    Question

  • Hello!

    I'm writing a script which creates a resource group, a storage account, a vnet and a subnet, deploys a linux vm then runs the script extension to do a few extra steps.

    If I execute the script with my user in the tenant, it runs without an error.  I have contributor and owner right on the subscription level, and they inherited to all resource.

    If I give it to another user, who also has contributor and owner rights at the subscription level (with inheritance also), they get an error.

    The error message is the following: 


    New-AzureRmNetworkInterface : The client has permission to perform action 'Microsoft.Network/virtualNetworks/subnets/join/action' on scope '/subscriptions/xxx/resourceGroups/test-rg-1/providers/Microsoft.Network/networkInterfaces/tesst_rexxx_vm001-Interface-1', however the lin
    ked subscription 'resourceGroups' was not found

    What is this error means? Anyone seen this and knows how to fix it? Thanks!

    The script:

    Add-Type -AssemblyName System.web
    $teljesscriptfuttatas=(get-date)
    Login-AzureRmAccount
    
    ##################################
    #Get the vm name
    Clear-Host
    [void][Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic')
    $title = 'VM name'
    $msg   = 'Type the VM name:'
    $text = [Microsoft.VisualBasic.Interaction]::InputBox($msg, $title)
    $VMName = $text 
    ##################################
    
    
    ##################################
    #Azure environment variables
    $environment = "tesst"
    $resGroup = $environment + "-rg-1"
    $location ="NorthEurope"
    $storAcc= $environment + "sa01"
    $vnet = $environment + "-vnet-1"
    $vnetAddress = "192.168.0.0/16"
    $subnetName = $environment + "-subnet-1"
    $VMSize = "Standard_A1"
    $OSDiskName = $VMName + "OSDisk"
    $InterfaceName = $vmname + "-Interface-1"
    $Publicipname = $vmname + "-PublicIP-1"
    $subid = (Get-AzureRmSubscription).subscriptionid
    $subnetid = "/subscriptions/" + $subid + "/resourceGroups/" + $resgroup + "/providers/Microsoft.Network/virtualNetworks/" + $vnet + "/subnets/" + $subnetName
    ##################################
    
    
    ##################################
    #Check if the environment is available. If not, create it.
    
    "Checking resource group..."
    $resGrpChk = Get-AzureRmResourceGroup -ResourceGroupName $resGroup -ev notPresent -ea 0 -WarningAction SilentlyContinue
    if (!$resGrpChk)
    {
        "Creating resource group..."
        New-AzureRMResourceGroup -Name $resGroup -Location $location -WarningAction SilentlyContinue
        "Resource group created."
    }
    else
    {
        "Resource group already exists."
    }
    
    "Checking storage acccount..."
    $storageAccChk = Get-AzureRMStorageAccount -ResourceGroupName $resgroup -AccountName $storAcc -ev notPresent -ea 0 -WarningAction SilentlyContinue
    if (!$storageAccChk)
    {
        "Creating storage account..."
        New-AzureRMStorageAccount -ResourceGroupName $resGroup -AccountName $storAcc -Location $location -Type Standard_LRS -WarningAction SilentlyContinue
        "Storage account created."
    }
    else
    {
        "Storage account already exists."
    }
    
    "Checking VNet..."
    $vnetChk = Get-AzureRmVirtualNetwork -Name $vnet -ResourceGroupName $resGroup -ev notPresent -ea 0 -WarningAction SilentlyContinue
    if (!$vnetChk)
    {
        "Creating VNet..."
        New-AzureRmVirtualNetwork -ResourceGroupName $resGroup -Name $vnet -AddressPrefix $vnetAddress -Location $location -WarningAction SilentlyContinue
        $virtnetwork = Get-AzureRmVirtualNetwork -ResourceGroupName $resGroup -Name $vnet -WarningAction SilentlyContinue
        Add-AzureRmVirtualNetworkSubnetConfig -Name $subnetname -VirtualNetwork $virtnetwork -AddressPrefix 192.168.1.0/24 -WarningAction SilentlyContinue
        Set-AzureRmVirtualNetwork -VirtualNetwork $virtnetwork -WarningAction SilentlyContinue
        "VNet created."
    }
    else
    {
        "VNet already exists."
    }
    ##################################
    
    
    ##################################
    #Check if the VM exists. If not, create it
    
    "Checking VM..."
    $vmChk = Get-AzureRmVM -Name $VMName -ResourceGroupName $resGroup -ev notPresent -ea 0 -WarningAction SilentlyContinue
    
    if (!$vmChk)
    {
        "Creating VM..."
        $startVMCreation = (Get-Date)
        
        "Public interface with PIP..."
        $PIp = New-AzureRmPublicIpAddress -Name $publicipname -ResourceGroupName $resGroup -Location $Location -AllocationMethod Static -WarningAction SilentlyContinue
        "Public interface and PIP created."
        
        "Private interface creating..."
        $Interface = New-AzureRmNetworkInterface -Name $InterfaceName -ResourceGroupName $resgroup -Location $Location -SubnetId $subnetid -PublicIpAddressId $PIp.Id -WarningAction SilentlyContinue
        "Private interface created."
    
        
        $secpasswd = [System.Web.Security.Membership]::GeneratePassword(12,2)
        $titkositottjelszo = $secpasswd | ConvertTo-SecureString -asPlainText -Force
        $Credential = New-Object System.Management.Automation.PSCredential (“testuser”, $titkositottjelszo)
        $VirtualMachine = New-AzureRmVMConfig -VMName $VMName -VMSize $VMSize -WarningAction SilentlyContinue
        $VirtualMachine = Set-AzureRmVMOperatingSystem -VM $VirtualMachine -ComputerName $VMName -Linux -Credential $Credential -WarningAction SilentlyContinue
        $VirtualMachine = Set-AzureRmVMSourceImage -VM $VirtualMachine -PublisherName "OpenLogic" -Offer "CentOS" -Skus "7.0" -Version "latest" -WarningAction SilentlyContinue
        $VirtualMachine = Add-AzureRmVMNetworkInterface -VM $VirtualMachine -Id $Interface.Id -WarningAction SilentlyContinue
        $vhd="https://"+$storAcc+".blob.core.windows.net/vhds/"+$vmname+".vhd"
        $VirtualMachine = Set-AzureRmVMOSDisk -VM $VirtualMachine -Name $OSDiskName -VhdUri $vhd -CreateOption FromImage -WarningAction SilentlyContinue
        New-AzureRmVM -ResourceGroupName $resgroup -Location $Location -VM $VirtualMachine -WarningAction SilentlyContinue
        $ip=$pip | select-object ipaddress
        "VM created in " + $([timespan]::fromseconds(((Get-Date)-$StartVMCreation).Totalseconds).ToString(“mm\:ss”))
        ""
        "Public ip: " + $ip
        "SSH user: testuser"
        "pwd: " + $secpasswd
        
    # Custom script post-install
        ""
        "Running custom script..."
        $startCustomScript = (get-date)
        $ScriptBlobAccount = $storacc
        $ScriptBlobKey = "xxx"
        $ScriptBlobURL = "https://" + $storacc + ".blob.core.windows.net/scripts/"
     
        $ScriptName = "autorun.sh"
        $ExtensionName = 'ConfigureLinuxMachine'
        $ExtensionType = 'CustomScriptForLinux'  
        $Publisher = 'Microsoft.OSTCExtensions'  
        $Version = '1.5'
        $timestamp = (Get-Date).Ticks
        $RGName = $resGroup
        $VMLocation = $location
     
        $ScriptLocation = $ScriptBlobURL + $ScriptName
     
        $PrivateConfiguration = @{"storageAccountName" = "$ScriptBlobAccount";"storageAccountKey" = "$ScriptBlobKey";"commandToExecute" = "sh $ScriptName"} 
        $PublicConfiguration = @{"fileUris" = [Object[]]"$ScriptLocation";"timestamp" = "$timestamp"}
        Try
            {
                Set-AzureRmVMExtension -ResourceGroupName $RGName -VMName $VMName -Location $VMLocation -Name $ExtensionName -Publisher $Publisher -ExtensionType $ExtensionType -TypeHandlerVersion $Version -Settings $PublicConfiguration -ProtectedSettings $PrivateConfiguration -WarningAction SilentlyContinue
            }
        Catch
            {
                Throw $_
                exit 1
            }
        Finally
            {
               ((Get-AzureRmVM -Name $VMName -ResourceGroupName $resGroup -Status -warningaction SilentlyContinue).Extensions | Where-Object {$_.Name -eq $ExtensionName}).Substatuses
            } 
        
        "Custom Script running ended in " + $([timespan]::fromseconds(((Get-Date)-$StartCustomScript).Totalseconds).ToString(“mm\:ss”))
    
    }
    else
        {
        "VM already exists."
        }
    ""
    "Full script running time: " + $([timespan]::fromseconds(((Get-Date)-$teljesscriptfuttatas).Totalseconds).ToString(“mm\:ss”))
    ##################################


    NG

    Tuesday, May 23, 2017 8:29 AM

Answers

  • The solution is:

    Intead of trying to generate the subnetid myself as a string at the start of the script: 

    $subnetid = "/subscriptions/" + $subid + "/resourceGroups/" + $resgroup + "/providers/Microsoft.Network/virtualNetworks/" + $vnet + "/subnets/" + $subnetName

    I use this:

    $veenet=Get-AzureRmVirtualNetwork -name $vnet -ResourceGroupName $resgroup
    $subnetid=$veenet.subnets[0].id

    I think this way the subnetid is an object not a string.
    If I use this way, the script runs without error.

    Strange, I know.


    NG


    • Proposed as answer by Nayana A S Wednesday, June 21, 2017 2:09 PM
    • Edited by NagyGabor Wednesday, June 21, 2017 2:09 PM
    • Marked as answer by Nayana A S Wednesday, June 21, 2017 2:12 PM
    Wednesday, June 21, 2017 2:04 PM

All replies

  • As you state, “I give it to another user, who also has contributor and owner rights”, something may be wrong with permissions. 

    I would suggest you run the following commands for comparison

    Get-AzureRmRoleAssignment -SignInName <User email who works> -ExpandPrincipalGroups
    
    Get-AzureRmRoleAssignment -SignInName <User email who does not work> -ExpandPrincipalGroups

    ------------------------------------------------------------------------------------------------------------------

    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.



    • Edited by Nayana A S Friday, May 26, 2017 2:18 AM
    Friday, May 26, 2017 2:18 AM
  • Hello!

    Sorry for the late reply. We did some further testing here are the results:

    Another user with the same permissions as me ran the script on my cumputer - it worked.
    I ran the script on another user's computer with newer powershell than mine - it worked.

    Might me something with the operating system+powershell install caused the error.

    So now we trying to install a clean Windows 10 with the newest powershell, and the collegaue in quetion will run the script. 

    So work in progress.


    NG

    Friday, June 2, 2017 9:41 AM
  • Do let us know the progress.
    -----------------------------------------------------------------------------------------------------------------
    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    Friday, June 2, 2017 11:00 AM
  • The solution is:

    Intead of trying to generate the subnetid myself as a string at the start of the script: 

    $subnetid = "/subscriptions/" + $subid + "/resourceGroups/" + $resgroup + "/providers/Microsoft.Network/virtualNetworks/" + $vnet + "/subnets/" + $subnetName

    I use this:

    $veenet=Get-AzureRmVirtualNetwork -name $vnet -ResourceGroupName $resgroup
    $subnetid=$veenet.subnets[0].id

    I think this way the subnetid is an object not a string.
    If I use this way, the script runs without error.

    Strange, I know.


    NG


    • Proposed as answer by Nayana A S Wednesday, June 21, 2017 2:09 PM
    • Edited by NagyGabor Wednesday, June 21, 2017 2:09 PM
    • Marked as answer by Nayana A S Wednesday, June 21, 2017 2:12 PM
    Wednesday, June 21, 2017 2:04 PM
  • Glad to know that your issue has been resolved.
    -----------------------------------------------------------------------------------------------------------------
    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    Wednesday, June 21, 2017 2:09 PM
  • "the linked subscription 'resourceGroups' was not found"

    My bet is that $subid was blank, so it thought "resourceGroups" was your subscription ID.

    That looks like the only place in the script where you are using $subid, so by replacing how you found the subnetid, you avoided the problem of not having $subid set correctly.


    • Edited by DavidLHa Thursday, December 6, 2018 11:11 PM
    Thursday, December 6, 2018 11:10 PM