Troubleshooting
Overview
This guide helps you resolve common issues you might encounter while using Upwind with Azure. Below are various sections addressing specific problems, with step-by-step instructions to guide you through resolving them.
Common Issues
Insufficient Spot VM Quota
If you encounter issues with Spot VM deployment:
- Check your current quota:
az vm list-usage --location <region> --query "[?name.value=='lowPriorityCores']" --output table - Request quota increase through Azure Portal if needed:
- Go to Azure Portal → Subscriptions → Select your subscription
- Click Settings and Usage + quotas
- Find Spot vCPUs and request an increase
- Consider using a different region if quota increase is not immediately possible
Authentication Issues
If you encounter authentication problems:
- Verify Azure CLI authentication:
az login
az account list - Ensure you have Owner privileges in the Azure tenant
- Check if the service principal has all required permissions
Root Tenant Management Group Access Issues
If you receive errors about the root tenant management group not being found or accessible:
Verify Elevated Access Status
-
Check if elevated access is active:
- Ensure you have successfully elevated access (Global Administrator) or been assigned Owner role at root scope
- Wait 1-2 minutes after elevating access before proceeding
- Verify you can see the root management group in Azure Portal under Management Groups
-
Validate tenant permissions:
- Confirm you're signed in to the correct Azure AD tenant
- Verify your account has the required permissions (Global Administrator or Owner at root scope)
- If using a service principal, ensure it has been granted appropriate permissions at the tenant level
-
Test management group access:
az login --tenant <your-tenant-id>
az account show
az rest --method get --url "https://management.azure.com/providers/Microsoft.Management/managementGroups?api-version=2020-05-01"
Authorization Errors During Terraform Operations
If you encounter authorization errors during terraform apply or other Terraform operations:
Permission-Related Issues
-
Verify sufficient permissions:
- Confirm your account has Owner privileges at the tenant level
- Check that elevated access is still active (it may have expired)
- Ensure you're authenticated with the correct account:
az account show
-
Service principal troubleshooting:
- If using a service principal, verify it has the required permissions
- Check that the service principal secret hasn't expired
- Ensure the service principal is assigned to the correct scope
-
API access validation:
- Verify that the required Azure Resource Manager APIs are accessible
- Check for any conditional access policies that might be blocking the requests
- Ensure your IP address is not blocked by network policies
-
Re-authentication procedure:
az logout
az login
terraform plan # Verify permissions before applying
terraform apply
Client Secret Management
When a client secret expires or needs to be updated:
In Azure Console
-
Navigate to App Registration:
- Access the Azure application linked with Upwind
- Go to "Certificates & Secrets" in the application settings
-
Generate New Client Secret:
- Click on "New client secret"
- Set the expiration to at least 12 months
- Note down the new client secret
Alternatively, use Azure CLI:
az ad app credential reset --id [Application (client) ID]The
"password"field in the output is your new client secret.
In Upwind Management Console
-
Access Upwind Console:
- Visit Upwind Console - Settings -> Organizations and accounts.
- Select the relevant subscription ID from the "Account ID" column.
-
Update Client Secret:
- Click the edit button next to the relevant subscription
- Choose "Update Azure client secret"
- Enter the new client secret and click "Test account connectivity"
Support
If you encounter any issues not covered in this guide:
- Check the Azure Activity Log for any error messages
- Review RBAC assignments and permissions
- Contact Upwind support with:
- Detailed error messages
- Azure subscription ID
- Resource group name
- Relevant log entries