Error: Policies attempted to append some fields which already exist in the request with different values


azure

In our current environment, this is starting to show up more and more.
We have a number of policies in Azure, among them are ‘resources-tag-enforcement’, the one that adds a number of required Tags on resources on our production Resource Groups. Because we have them and they are required on all resources on the groups, things fail.
It is changes that start to fail, unrelated to the Tag policy really…
Example 1: We tried to change pricing tier on an App Service plan – Fail
Example 2: We deleted a rule in Azure Firewall – Fail
Example 3: We resized a VM – Fail

All due to one thing, the Resource Manager seems to think in the backend, that these changes are really not just changes, but we are adding new resources to the resource groups, triggering the policy, and that fails to append the Tags since the Tags are already there…
Same scenario with a ‘Allowed location’ policy, if a resource was once created outside of the allowed scope, changes are not allowed since the RM seems to think that you are really adding new resources, not just making adjustments.

The error you will see from the Tag policy is this:

Failed to resize virtual machine ‘XXX-NNNN’ to size ‘Standard DXXX’. Error: Policies attempted to append some fields which already exist in the request with different values. Fields: ‘tags[nnn1],tags[nnn2]’. Policy identifiers:'[{“policyAssignment”:{“name”:”Assignment – resources-tag-enforcement”,”id”:”/subscriptions/nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn/providers/Microsoft.Authorization/policyAssignments/Assignment – resources-tag-enforcement”},”policyDefinition”:{“name”:”resources-tag-enforcement”,”id”:”/subscriptions/nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn/providers/Microsoft.Authorization/policyDefinitions/resources-tag-enforcement”}}]’. Please contact the subscription administrator to update the policies.
 
Resolution:
Temporarily Disable the assignment of the policy. Look up the Resource Group, go to policys, assignments, then the correct policy and open it.
A bit down, you have to switch to disable it.
WindowsUpdate2
Set it to Disabled and Review+Save, then Save.
Done.
Remember to enable it again after you are done.
 
 
Good luck!
 
References


___________________________________________________________________________________________________

Enjoy!

Regards

 Thomas Odell Balkeståhl on LinkedIn

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s