Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Deployment Failed: 'PrincipalNotFound' error when deploying Discovery Service #2013

Open
ryanpfalz opened this issue Jan 4, 2023 · 1 comment
Open

Deployment Failed: 'PrincipalNotFound' error when deploying Discovery Service #2013

ryanpfalz opened this issue Jan 4, 2023 · 1 comment
Assignees
@Mandur
Labels
bug Something isn't working

Comments

@ryanpfalz
Copy link

Expected Behavior

When the user opts to use the automatically configured Discovery Service in the wizard, the resource should successfully deploy.

Current Behavior

Deployment of the Discovery Service occasionally fails, throwing the following error details:

{ 
    "status": "Failed",
    "error": {
        "code": "DeploymentFailed",
        "message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.",
        "details": [
            {
                "code": "BadRequest",
                "message": "{\r\n  \"error\": {\r\n    \"code\": \"PrincipalNotFound\",\r\n    \"message\": \"Principal <principal> does not exist in the directory <guid>. Check that you have the correct principal ID. If you are creating this principal and then immediately assigning a role, this error might be related to a replication delay. In this case, set the role assignment principalType property to a value, such as ServicePrincipal, User, or Group.  See [https://aka.ms/docs-principaltype\"\r\n](https://aka.ms/docs-principaltype/%22/r/n)  }\r\n}"
            }
        ]
    }
}

Steps to Reproduce

  1. Visit the Quick Start guide and press the 'Deploy to Azure' button.
  2. In the 'Custom Deployment' page that opens, fill out all required fields, and choose 'true' in the 'Use Discovery Service' dropdown.
  3. Review + Create the deployment.

Additional Information

  • When I enabled the discovery service, I was able to reproduce this issue 3 out of the 5 times I tried to deploy. Fortunately, I was able to successfully get the discovery service to deploy on 2 of my attempts.
  • The error is described as being an intermittent issue in the docs, caused by the fact that it takes some time for a newly created service principal to be replicated globally; however, this issue occurs because a role is immediately attempted to be assigned to that service principal.
  • This potential issue is not described in the documentation for the Discovery Service.

Is it possible to introduce a dependency into the template to mitigate this issue?
@ryanpfalz ryanpfalz added the bug Something isn't working label Jan 4, 2023
@Mandur
Copy link
Contributor

Mandur commented Jan 6, 2023
edited
Loading

Hello @ryanpfalz,
Thank you very much for submitting this very detailed issue. I will replicate and see if the suggested fix indeed solves the issue! Based on previous experiences with Terraform, I fear a simple dependency might not be sufficient, but let's see..

@Mandur Mandur self-assigned this Jan 6, 2023
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@Mandur Mandur

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Mandur @ryanpfalz