Azure无法删除只读资源 [英] Azure Cannot delete a read-only Resource

问题描述

Meraki开发了一个vMX100对象，可在天蓝色内用作meraki设备.

Meraki have developed a vMX100 object to be used as a meraki device within azure.

在部署对象之后，创建了一个VM，但是在创建Nic时没有网络安全组.

After deploying the object, a VM was created, but the Nic was created without a Network Security Group.

如果我尝试在资源组上添加或创建一个新的Nic，我将无法执行，因为该资源组是只读的.

If I try to add or create a new Nic on the Resource Group, I cannot because the Resource Group is READ-ONLY.

我问meraki，天蓝色的支持告诉我meraki必须更改READ-ONLY，他们告诉我这是一个天蓝色的问题.所以现在我被困在两者之间，没有答案.

I was told by azure support that meraki have to change the READ-ONLY, I asked meraki, and they tell me that it is an azure problem. So now I am stuck between the two without an answer.

我要完全删除虚拟网络和所有相关对象.

I want to compeletly remove the virtual nerwork and all related objects.

在下面找到我要删除的锁.
Get-AzureRmResourceLock -ResourceGroupName"HyvaAZureMXiecrdps2m7hlq"

below finds the lock that I want to delete.
Get-AzureRmResourceLock -ResourceGroupName "HyvaAZureMXiecrdps2m7hlq"

以下结果.

Result below.

名称            :e66f5b3b08274953a0be4cd24e589cc6
ResourceId       :/subscriptions/f89af0cb-a5e3-4982-906e-f935914fe922/resourceGroups/HyvaAZureMXiecrdps2m7hlq/providers/Microsoft.Authorization/locks/e66f5b3b08274953a0be4cd24e589cc6
资源名称    :e66f5b3b08274953a0be4cd24e589cc6
资源类型    :Microsoft.Authorization/锁
ResourceGroupName:HyvaAZureMXiecrdps2m7hlq
SubscriptionId   :f89af0cb-a5e3-4982-906e-f935914fe922
属性      :@ {level = ReadOnly}
LockId           :/subscriptions/f89af0cb-a5e3-4982-906e-f935914fe922/resourceGroups/HyvaAZureMXiecrdps2m7hlq/providers/Microsoft.Authorization/locks/e66f5b3b08274953a0be4cd24e589cc6

Name              : e66f5b3b08274953a0be4cd24e589cc6
ResourceId        : /subscriptions/f89af0cb-a5e3-4982-906e-f935914fe922/resourceGroups/HyvaAZureMXiecrdps2m7hlq/providers/Microsoft.Authorization/locks/e66f5b3b08274953a0be4cd24e589cc6
ResourceName      : e66f5b3b08274953a0be4cd24e589cc6
ResourceType      : Microsoft.Authorization/locks
ResourceGroupName : HyvaAZureMXiecrdps2m7hlq
SubscriptionId    : f89af0cb-a5e3-4982-906e-f935914fe922
Properties        : @{level=ReadOnly}
LockId            : /subscriptions/f89af0cb-a5e3-4982-906e-f935914fe922/resourceGroups/HyvaAZureMXiecrdps2m7hlq/providers/Microsoft.Authorization/locks/e66f5b3b08274953a0be4cd24e589cc6

如果我运行以下命令.
Get-AzureRmResourceLock -ResourceGroupName"HyvaAZureMXiecrdps2m7hlq"； | Remove-AzureRmResourceLock -Force

If I run the following command.
Get-AzureRmResourceLock -ResourceGroupName "HyvaAZureMXiecrdps2m7hlq" | Remove-AzureRmResourceLock -Force

结果如下.

result below.

Remove-AzureRmResourceLock:UnauthorizedApplicationId:管理锁"e66f5b3b08274953a0be4cd24e589cc6"由系统应用程序"ba4bc2bd-843f-4d61-9d33-199178eae34e"拥有.有关详细信息，请参见https://aka.ms/arm-lock.
在第1行:char:73
+ ... upName" HyvaAZureMXiecrdps2m7hlq" | Remove-AzureRmResourceLock -Force
+                                          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          :CloseError:(:) [Remove-AzureRmResourceLock]，ErrorResponseMessageException
    + FullyQualifiedErrorId:UnauthorizedApplicationId，Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.RemoveAzureResourceLockCmdlet

Remove-AzureRmResourceLock : UnauthorizedApplicationId : The management lock 'e66f5b3b08274953a0be4cd24e589cc6' is owned by system application(s) 'ba4bc2bd-843f-4d61-9d33-199178eae34e'. Please see https://aka.ms/arm-lock for detail.
At line:1 char:73
+ ... upName "HyvaAZureMXiecrdps2m7hlq" | Remove-AzureRmResourceLock -Force
+                                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [Remove-AzureRmResourceLock], ErrorResponseMessageException
    + FullyQualifiedErrorId : UnauthorizedApplicationId,Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.RemoveAzureResourceLockCmdlet

如何找到父资源?

由系统应用程序'ba4bc2bd-843f-4d61-9d33-199178eae34e'拥有

How can I find the parent resource?

owned by system application(s) 'ba4bc2bd-843f-4d61-9d33-199178eae34e'

谢谢

劳伦斯

推荐答案

首先，如果要将网络安全组添加到NIC，则不需要创建新资源.您只需添加NSG.

First, if you want to add a Network Security group to the NIC you do not need to create a new resource. You can simply add the NSG. 

如果将资源设置为只读，则是由于对资源的权限.订阅的服务管理员应该能够取消该访问权限，或者向您提供对该资源的写访问权限.

If a resource is set to read only it is due to the permissions on the resource. The service admin of the subscription should be able to either lift that access or provide you with write access to the resource. 

如果您转到门户网站并选择订阅，然后单击访问控制(AIM)"，则您应该能够看到您的服务管理员是谁，并与他们联系以释放锁定或为您删除资源. 

If you go to the portal and select the subscription and click "Access Control (AIM)" you should be able to see who your service admin is and reach out to them to life the lock or delete the resource for you. 

这篇关于Azure无法删除只读资源的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！