Reputation: 70008
I have followed this guide to Enable virtual network integration in my Azure Function.
At first it looks good and my Virtual network with a Virtual network gateway configured with Point to Site VPN shows up as expected:
However on add it fails with the following message:
If I then look at Activity log it does say Succeeded.
Looking at VNet Integration for the Azure Function it has been set up and I get GATEWAY STATUS Online
but CERTIFICATE STATUS Certificates not in sync
.
Looking at the Networking tab it also says VNet integration Off
.
Now looking at the subscription that has the virtual network I did receive the following error the first time I tried to set up the VLAN:
Operation name Creates or updates a VirtualNetworkGateway
Error code UpdateOnResourceNotAllowedWithApiVersion
Message Resource /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/my-resource-group/providers/Microsoft.Network/virtualNetworkGateways/my-virtual-network-gateway cannot be updated using API version 2016-09-01 since it uses the property VpnClientConfiguration AAD authentication parameters which has been set using a higher API version 2019-04-01. Please use api version greater than or equal to 2019-04-01 to update the resource.
Does this mean that Azure GUI uses API version 2016-09-01
? Can I set the GUI to use API version 2019-04-01
or how can I manually add the configuration needed to make this work?
I have tried to use Sync Network from App Service Plan Network GUI but it fails as well.
There I get the following errors:
Operation name Creates or updates a VirtualNetworkGateway
Error code UpdateOnResourceNotAllowedWithApiVersion
Message Resource /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/my-resource-group/providers/Microsoft.Network/virtualNetworkGateways/my-virtual-network-gateway cannot be updated using API version 2016-09-01 since it uses the property VpnClientConfiguration AAD authentication parameters which has been set using a higher API version 2019-04-01. Please use api version greater than or equal to 2019-04-01 to update the resource.
And:
Operation name Generate VpnClient package for virtualNetworkGateway
Error code VpnClientCMakGenerationNotSupportedForVpnClientProtocol
Message Legacy Cmak generation is not supported for gateway id /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/my-resource-group/providers/Microsoft.Network/virtualNetworkGateways/my-virtual-network-gateway when vpn client protocol OpenVPN is configured. Please use vpn profile package option instead.
Upvotes: 0
Views: 1059
Reputation: 70008
Update:
I could create a new Function App from another subscription but located in the same region as the Virtual network that I wanted to use. This meant that the Virtual network gateway not had to be used. I had to create a new Subnet for it. I used the same App Service Plan as a current Web App used, Standard S1 (100 total ACU, 1.75 GB memory, 1 vCPU)
.
Original:
Created a new Function App located in the same subscription and region as the Virtual network that I wanted to use.
From here I could use Add VNet Integration
and select which subnet I wanted to use. When doing this everything worked.
Upvotes: 0