Comments (9)
Hi apologies for the delay in response. You need to give the Image Builder Service Principal contributor permissions to the SIG resource group or Managed Image resource group you are distributing too. If you look at the Quick Starts, https://github.com/danielsollondon/azvmimagebuilder/tree/master/solutions/5_PowerShell_deployments#step-1-set-up-environment-and-variables
its this PowerShell that sets that up:
New-AzRoleAssignment -ObjectId ef511139-6170-438e-a6e1-763dc31bdf74 -Scope /subscriptions/$subscriptionID/resourceGroups/$imageResourceGroup -RoleDefinitionName Contributor
Please LMK if this resolves your issue.
from azvmimagebuilder.
Hi Daniel, Thanks for the information, I found in my environment I had to give it the ObjectID of the Azure Virtual Machine Image Builder application
which appears to be different depending on the tenant used.
While this solved the permissions issue I then got a timeout issue, specifically:
The resource operation completed with terminal provisioning state 'Failed'
Failed in building/customizing image: Failed while waiting for packerizer: Timeout waiting for microservice to complete: 'context deadline exceeded'
I do a number of significant customisation of the image in question, is this causing the backend authentication to timeout as its not refreshing the access token?
The initial request was sent at 2019-11-27T10:22:36.1266117Z, it was accepted at 2019-11-27T10:22:38.5261225Z and the error was produced at 2019-11-27T12:22:53.6304462Z.
from azvmimagebuilder.
The image builder only uses the token on when you submit the template initially to the service, not during the image build time. The error you are hitting is because the image customization exceeded it a customization timeout. What is your current timeout set to? Also, have you looked in the customization logs? https://github.com/danielsollondon/azvmimagebuilder/blob/master/troubleshootingaib.md#image-build-errors--troubleshooting
Let me know if you cannot see anything in the logs.
from azvmimagebuilder.
Thanks for the assistance, I definitely brain farted on out issue 🤦♂ Looking into the logs deeper I see an endless stream of:
[963a94eb-b4db-414f-8f8d-7c140c6bb01d] PACKER OUT azure-arm: IMAGE_STATE_SPECIALIZE_RESEAL_TO_OOBE
Looking in the sysprep logs I discovered the following errors:
2019-12-03 08:40:51, Error [0x0f0082] SYSPRP LaunchDll:Failure occurred while executing 'DscCore.dll,SysPrep_Cleanup', returned error code 0x2
2019-12-03 08:40:51, Error [0x0f0070] SYSPRP RunDlls:An error occurred while running registry sysprep DLLs, halting sysprep execution. dwRet = 0x2[gle=0x00000006]
2019-12-03 08:40:51, Error [0x0f00ae] SYSPRP WinMain:Hit failure while processing sysprep cleanup external providers; hr = 0x80070002[gle=0x00000006]
One of the things my customization do is install the latest stable PowerShell version from github, I wasn't able to identify if dsccore.dll is related to this or not though. Any thoughts would be greatly appreciated.
from azvmimagebuilder.
Np, you're hitting a SysPrep failure, to test your theory, can you remove your the updating PowerShell step, and any dependent steps. If that does not work, I did a search on the internet, and found this: MicrosoftDocs/azure-docs#43893, not sure if it is related?? If you know a SysPrep command that works for what you are doing, you can override the SysPrep command that we execute; https://github.com/danielsollondon/azvmimagebuilder/blob/master/troubleshootingaib.md#vms-created-from-aib-images-do-not-create-successfully
Please keep me updated here, I would like to get your issues resolved.
from azvmimagebuilder.
I've narrowed the issue down to the installation of Office365, SSMS, RSAT or VS2019. I'm just in the process of adding them in one at a time to see which causes the failure and I'll report back once I have a definitive answer
from azvmimagebuilder.
I think I've found the issue, on our main subscription we enforce an Azure Policy to distribute the MMA and Dependency agents to ensure that we are monitoring and tracking all VMs in the sub. Unfortunately this also picks up the Image Builder VM. I couldn't find an easy way to exclude Image Builder at a resource group level as I am rebuilding the resource regularly so the resource group keeps changing.
As a work around I've moved the Image Builder resources to a separate subscription and I'm using a Shared Image Gallery to share the images back into the original subscription. Is there any way to exclude the image builder VMs from normal, prebuilt Azure Policies?
from azvmimagebuilder.
Thanks for the update, I'm glad its working, I am checking with internal teams to see what options we have here.
from azvmimagebuilder.
We now have EU region support:
https://github.com/danielsollondon/azvmimagebuilder#march-2020-updates
Thanks!
from azvmimagebuilder.
Related Issues (20)
- AWARENESS: Potential Service interruption on 2nd and 4th April between 1pm and 5pm PDT
- Azure VM image Builder Task - Error happened while initializing image builder HOT 1
- Azure devops Azure image builder stuck before executing powershell scripts
- Pass KeyVault secret to inline script as Argument HOT 1
- DEVOPS Azure VM Image Builder Task - Install RSAT Tools HOT 1
- Use faster storage for Image builder VM HOT 1
- Unable to create the img def template HOT 1
- Failed pipeline build; image template stuck in "canceling" state HOT 10
- Path change for W10 optimisation script HOT 5
- Azure Image Builder Template Submission Failure HOT 1
- When trying to build the image error The term 'Start-AzImageBuilderTemplate' is not recognized HOT 2
- Multiple copies within same region? HOT 1
- Feature Request: Define image definition custom version numbers HOT 1
- DevOps Task - Not flagging destination image as LATEST to Azure Compute Gallery HOT 2
- Build failed: Deprovisioning file is not found HOT 3
- AWARENESS: New Image Builder repo!
- Get-AzImageBuilderTemplate returns Internal error occurred. This is a generic error. HOT 2
- 0_installConfFsLogix.ps1 - causes multisession AIB builds to fail HOT 2
- AIB - long installs fail with RPC endpoint: Communicator ended with: 16001 HOT 2
- Triggering a Build from Template then Responing to Updates Async HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from azvmimagebuilder.