Skip to content
This repository has been archived by the owner on Sep 17, 2024. It is now read-only.

Error when executing runbook "PBMM-Compliance-Verification" #5

Open
GrahamAshford opened this issue Apr 6, 2020 · 4 comments
Open
Assignees

Comments

@GrahamAshford
Copy link

Hello,

I'm having an issue when running the PBMM-Compliance-Verification runbook (the last step in the guide). Here is the error I am seeing (running in test pane):

Failed
Exception calling "Add" with "2" argument(s): "Item has already been added. Key in dictionary: '/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c' Key being added: '/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c'" (Exception calling "Add" with "2" argument(s): "Item has already been added. Key in dictionary: '/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c' Key being added: '/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c'" (Item has already been added. Key in dictionary: '/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c' Key being added: '/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c'))

Any ideas?

Thanks,
Graham

@davidheerema
Copy link

@ptd-tbs Can we get some focus on this?
We're available on MS teams to troubleshoot. The policy in question seems to be related to "Log Analytics Agents for Windows VM" but we don't have a lot of ability to debug more than this.

Additionally, it would be nice to be able to run these powershell manually to debug but I am new to these runbooks and I don't know how to use the automation account from powershell.

@GrahamAshford
Copy link
Author

Hi! Some more information - This error happens when there are duplicate blueprint and/or policy assignments in any of the subscriptions in a tenant. It get's hung up on line 378 of "PBMM-Compliance-Verification.ps1" when attempting to add duplicate assignment to $policyDefinitionIdToAssignmentMapping:

376 foreach ($assignment in $policyAssignments.value) {
377
378 $policyDefinitionIdToAssignmentMapping.add($assignment.properties.policyDefinitionId,$assignment.id)
379 $policyAssignmentExclusions[$assignment.id] = $assignment.properties.notScopes
390 }

I was able to workaround the issue by sorting through and removing duplicate blueprint/policy assignments (which we should be doing anyways!)

Graham

@GrahamAshford
Copy link
Author

Additional Comment for @davidheerema - I was able to debug within the automation account by adding the following to the start of the script:

$GLOBAL:DebugPreference="Continue"

... and then adding debug statements throughout the code:

Write-Debug "I am in this part of the code" 5>&1
Write-Debug $VariableInQuestion 5>&1

The debug statements will show up in the output stream when executed in a test pane. I'm sure there's a more elaborate way to debug, but this worked for me!

Cheers,
Graham

@tacummins1
Copy link
Contributor

The error was caused by their subscription already having a duplicate of one of the policies in the blueprint assigned.

The duplicate policy was removed and then the script worked.

The code will need to be enhanced to check for duplicate policies and throw an exception if one (or more) are found.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants