Azure Policy blocking Storage Account ARM migration
I just had to migrate a Storage Account from ASM to ARM, and ran into some issues while doing this. This time the error was a bit difficult to figure out, because the Validate step completed successfully, but the Prepare step failed with “internal server error”.
[code]<br><br> $storageAccountName = ‘storagename’<br><br> $validation = Move-AzureStorageAccount -Validate -StorageAccountName $storageAccountName<br><br> $validation.ValidationMessages<br><br> ResourceType : Storage<br><br> ResourceName : storagename<br><br> Category : Information<br><br> Message : Storage Account storagename is eligible for migration.<br><br> VirtualMachineName :<br><br> Move-AzureStorageAccount -Prepare -StorageAccountName $storageAccountName<br><br> Move-AzureStorageAccount : InternalError : The server encountered an internal error. Please retry the request.<br><br> At line:1 char:1<br><br> + Move-AzureStorageAccount -Prepare -StorageAccountName $storageAccount …<br><br> + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br><br> + CategoryInfo : CloseError: (:) [Move-AzureStorageAccount], ComputeCloudException<br><br> + FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.ServiceManagement.StorageServices.MoveStorageAccountCommand<br><br> [/code]
After some mails back and forth with Azure Support they engaged with engineering who could tell that one of our Azure Policies blocked the migration. Specifically, we had assigned a policy that blocks creation of new storage accounts, if they they allow HTTP access to blobs. The policy is built-in and named “Ensure https traffic only for storage account”.
After disabling the policy, I was able to migrate the Storage Account, enable HTTPS only traffic, and assign the policy again.
