Any ideas why the following bicep that creates a windows VM is throwing this error. The NSG gets created but I cannot see the VN or the SN and the VM creation throws the error "Subnet 'sn-dwh-qa-02' is not valid in virtual network 'vn-eastus-qa-01'." I've removed some of the parameter definitions at the start.
param osVersion string = '2022-datacenter-azure-edition-core'
@description('Size of the virtual machine.')
param vmSize string = 'Standard_D2s_v3'
@description('Location for all resources.')
param location string = resourceGroup().location
@description('Name of the virtual machine.')
param vmName string
param os_storageAccountType string
param Disks array = []
param subnetName string = 'sn-dwh-qa-02' //TODO - Move to parameter call
param virtualNetworkName string = 'vn-eastus-qa-01' //TODO - Move to parameter call
@description('Provide virtual network resource group name to configure PrivateEndPoint')
param virtualNetworkResourceGroupName string
param storageBlobUri string = ''
@description('Tags to add to the resources')
param tags object = {}
@description('Commands to execute via VM extension')
param commandToExecute string = ''
@description('Private IP allocation method i.e. "Static" or "Dynamic"')
param privateIPAllocationMethod string = 'Dynamic'
@description('Private IP address of VM. This is required if privateIPAllocationMethod is "Dynamic"')
param privateIPAddresses array = []
param fileUris array = []
param networkSecurityGroupName string = 'vmdwhqa01-nsg' //TODO FIX
param addressPrefix string = '10.1.0.0/24' //TODO FIX
param subnetPrefix string = '255.255.255.0/24' //TODO - FIX '10.0.0.0/24'
var publicIpName = toLower('pip-${vmName}')
var nicName = toLower('nic-${vmName}')
resource pip 'Microsoft.Network/publicIPAddresses@2021-02-01' = if(!isPrivateIPOnly) {
name: publicIpName
location: location
sku: {
name: publicIpSku
}
properties: {
publicIPAllocationMethod: publicIPAllocationMethod
dnsSettings: {
domainNameLabel: dnsLabelPrefix
}
}
}
resource securityGroup 'Microsoft.Network/networkSecurityGroups@2021-02-01' = {
name: networkSecurityGroupName
location: location
properties: {
securityRules: [
{
name: 'default-allow-3389'
properties: {
priority: 1000
access: 'Allow'
direction: 'Inbound'
destinationPortRange: '3389'
protocol: 'Tcp'
sourcePortRange: '*'
sourceAddressPrefix: '*'
destinationAddressPrefix: '*'
}
}
]
}
}
resource vn 'Microsoft.Network/virtualNetworks@2021-02-01' = {
name: virtualNetworkName
location: location
properties: {
addressSpace: {
addressPrefixes: [
addressPrefix
]
}
subnets: [
{
name: subnetName
properties: {
addressPrefix: subnetPrefix
networkSecurityGroup: {
id: securityGroup.id
}
}
}
]
}
}
var noOfPrivateIPAddresses = (length(privateIPAddresses) == 0) ? 1 : length(privateIPAddresses)
resource nic 'Microsoft.Network/networkInterfaces@2021-02-01' = {
name: nicName
location: location
properties: {
ipConfigurations: [for i in range(0, noOfPrivateIPAddresses): {
name: 'ipconfig${(i + 1)}'
properties: {
privateIPAllocationMethod: privateIPAllocationMethod
privateIPAddress: (toLower(privateIPAllocationMethod) == 'static' ) ? privateIPAddresses[i] : null
primary: (i == 0 ) ? true : false
publicIPAddress: ((!isPrivateIPOnly) ? true : false) ? {
id: pip.id
} : null
subnet: {
name: subnetName
id: vn.id
//id: resourceId(virtualNetworkResourceGroupName, 'Microsoft.Network/virtualNetworks/subnets', virtualNetworkName, subnetName)
//id: resourceId('Microsoft.Network/virtualNetworks/subnets', virtualNetworkName, subnetName)
}
}
}]
}
}
I have tried messing with the subnet - I am not a network engineer I am an Azure developer that has had this dumped on them as nobody else knows anything about it. Could be a permission issue as when I go to the GUI after the script has run and create a VM in there the NSG exists but neither the VN or the SN are available in the drop-downs.
The above error comes when the provided subnet address prefix is out of range from the virtual network address prefix.
Thanks @Thomas for pointing in the right direction. If your vnet address prefix space is
10.1.0.0/ 24, it consists of Ip's available from10.1.0.0to10.1.0.255. This means that you can only have one subnet because the subnet can be the same size,10.1.0.0/24. However, it can lower10.1.0.0/25,10.1.0.0/26, and10.1.0.0/32.Make sure that your subnet address prefix is within the range of given virtual network address space.
And also, when you are trying to create subnets under virtual networks, use
Microsoft.Network/virtualNetworks/subnetsresource to avoid conflicts.Below is the modified code and was able to deploy it successfully as shown.
Deployment succeeded: