azure-powershell
azure-powershell copied to clipboard
Azure
New-AzDeployment not reporting properly the bicep deployment error
Description
I'm doing a bicep deployment with New-AzDeployment (with ParameterSet 'ByParameterFileWithNoTemplate'), and i get a weird error:
New-AzDeployment: 16:29:27 - Error: Code=MultipleErrorsOccurred; Message=Multiple error occurred: **NotFound,NotFound,NotFound,NotFound**. Please see details.
New-AzDeployment: The deployment validation failed
There are in fact 4 proper errors (KeyVaultParameterReferenceSecretRetrieveFailed) with clear message. But there is an exception during the processing of the errors and thus the errors are lost and debugging is required to understand what is the real problem in the deployment.
Issue script & Debug output
PS C:\Git> New-AzDeployment -Name hci_hannover_kickoff_vms -Location westeurope -TemplateParameterFile kickoff.hannover.bicepparam -Verbose
VERBOSE: Using Bicep v0.36.177
VERBOSE: Calling Bicep with arguments: build-params "C:\Git\kickoff.hannover.bicepparam" --stdout
DEBUG: 16:29:20 - [ConfigManager] Got nothing from [DisableInstanceDiscovery], Module = [], Cmdlet = []. Returning default value [False].
DEBUG: 16:29:20 - [ConfigManager] Got [False] from [EnableLoginByWam], Module = [], Cmdlet = [].
VERBOSE: Using Bicep v0.36.177
VERBOSE: Calling Bicep with arguments: build-params "C:\Git\kickoff.hannover.bicepparam" --stdout
VERBOSE:
New-AzDeployment: 16:29:27 - Error: Code=MultipleErrorsOccurred; Message=Multiple error occurred: NotFound,NotFound,NotFound,NotFound. Please see details.
New-AzDeployment: The deployment validation failed
PS C:\Git>
with debug we get the real errors:
PS C:\Git> New-AzDeployment -Name hci_hannover_kickoff_vms -Location westeurope -TemplateParameterFile kickoff.hannover.bicepparam -Debug -Confirm:$false
VERBOSE: Using Bicep v0.36.177
Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): A
VERBOSE: Calling Bicep with arguments: build-params "C:\Git\kickoff.hannover.bicepparam" --stdout
DEBUG: [Common.Authentication]: Authenticating using Account: '<silenced>', environment: 'AzureCloud', tenant: '<silenced>'
DEBUG: 16:28:30 - [ConfigManager] Got nothing from [DisableInstanceDiscovery], Module = [], Cmdlet = []. Returning default value [False].
DEBUG: 16:28:30 - [ConfigManager] Got [False] from [EnableLoginByWam], Module = [], Cmdlet = [].
DEBUG: 16:28:30 - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 16:28:30 - NewAzureSubscriptionDeploymentCmdlet begin processing with ParameterSet 'ByParameterFileWithNoTemplate'.
DEBUG: 16:28:30 - using account id '<silenced>'...
DEBUG: 16:28:30 - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
VERBOSE: Using Bicep v0.36.177
VERBOSE: Calling Bicep with arguments: build-params "C:\Git\kickoff.hannover.bicepparam" --stdout
DEBUG: [Common.Authentication]: Authenticating using Account: '<silenced>', environment: 'AzureCloud', tenant: '<silenced>'
DEBUG: 16:28:34 - [ConfigManager] Got nothing from [DisableInstanceDiscovery], Module = [], Cmdlet = []. Returning default value [False].
DEBUG: 16:28:34 - [ConfigManager] Got [False] from [EnableLoginByWam], Module = [], Cmdlet = [].
DEBUG: 16:28:34 - [SilentAuthenticator] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'<silenced>', Scopes:'https://management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'<silenced>'
DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId:
SNIP
DEBUG: ============================ HTTP RESPONSE ============================
Status Code:
NotFound
Headers:
Cache-Control : no-cache
Pragma : no-cache
x-ms-failure-cause : gateway
x-ms-ratelimit-remaining-subscription-writes: 199
x-ms-ratelimit-remaining-subscription-global-writes: 2999
x-ms-request-id : 5bc0214f-008a-4085-bc8f-1bf55dfeef78
x-ms-correlation-request-id : 5bc0214f-008a-4085-bc8f-1bf55dfeef78
x-ms-routing-request-id : FRANCESOUTH:20250730T142837Z:5bc0214f-008a-4085-bc8f-1bf55dfeef78
Strict-Transport-Security : max-age=31536000; includeSubDomains
X-Content-Type-Options : nosniff
X-Cache : CONFIG_NOCACHE
X-MSEdge-Ref : Ref A: 96D9D9AC199947BDB640D28E1EB9323C Ref B: MRS211050313023 Ref C: 2025-07-30T14:28:34Z
Date : Wed, 30 Jul 2025 14:28:36 GMT
Body:
{
"error": {
"code": "MultipleErrorsOccurred",
"message": "Multiple error occurred: NotFound,NotFound,NotFound,NotFound. Please see details.",
"details": [
{
"code": "KeyVaultParameterReferenceSecretRetrieveFailed",
"message": "The secret of KeyVault parameter 'password' cannot be retrieved. Http status code: 'NotFound'. Error message: 'A secret with (name/id) A-pass was not found in this key vault. If you recently deleted this secret you may be able to recover it using the correct recovery command. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125182'. Please see https://aka.ms/arm-keyvault for usage details."
},
{
"code": "KeyVaultParameterReferenceSecretRetrieveFailed",
"message": "The secret of KeyVault parameter 'password' cannot be retrieved. Http status code: 'NotFound'. Error message: 'A secret with (name/id) B-pass was not found in this key vault. If you recently deleted this secret you may be able to recover it using the correct recovery command. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125182'. Please see https://aka.ms/arm-keyvault for usage details."
},
{
"code": "KeyVaultParameterReferenceSecretRetrieveFailed",
"message": "The secret of KeyVault parameter 'username' cannot be retrieved. Http status code: 'NotFound'. Error message: 'A secret with (name/id) C-user was not found in this key vault. If you recently deleted this secret you may be able to recover it using the correct recovery command. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125182'. Please see https://aka.ms/arm-keyvault for usage details."
},
{
"code": "KeyVaultParameterReferenceSecretRetrieveFailed",
"message": "The secret of KeyVault parameter 'password' cannot be retrieved. Http status code: 'NotFound'. Error message: 'A secret with (name/id) C-pass was not found in this key vault. If you recently deleted this secret you may be able to recover it using the correct recovery command. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125182'. Please see https://aka.ms/arm-keyvault for usage details."
}
]
}
}
DEBUG: 16:28:37 - [ConfigManager] Got nothing from [EnableErrorRecordsPersistence], Module = [], Cmdlet = []. Returning default value [False].
New-AzDeployment: 16:28:37 - Error: Code=MultipleErrorsOccurred; Message=Multiple error occurred: NotFound,NotFound,NotFound,NotFound. Please see details.
DEBUG: 16:28:37 - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 16:28:37 - [ResourceManagerCmdletBase.ExecuteCmdlet] Caught unhandled exception: System.InvalidOperationException: The deployment validation failed
at Microsoft.Azure.Commands.ResourceManager.Cmdlets.SdkClient.NewResourceManagerSdkClient.RunDeploymentValidation(PSDeploymentCmdletParameters parameters, Deployment deployment)
at Microsoft.Azure.Commands.ResourceManager.Cmdlets.SdkClient.NewResourceManagerSdkClient.ExecuteDeploymentInternal(PSDeploymentCmdletParameters parameters)
at Microsoft.Azure.Commands.ResourceManager.Cmdlets.SdkClient.NewResourceManagerSdkClient.ExecuteDeployment(PSDeploymentCmdletParameters parameters)
at Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.CmdletBase.DeploymentCreateCmdlet.ExecuteDeployment()
at Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.CmdletBase.DeploymentCreateCmdlet.OnProcessRecord()
at Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.ResourceManagerCmdletBase.ExecuteCmdlet()
DEBUG: 16:28:37 - [ConfigManager] Got nothing from [EnableErrorRecordsPersistence], Module = [], Cmdlet = []. Returning default value [False].
New-AzDeployment: The deployment validation failed
DEBUG: 16:28:37 - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 16:28:37 - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 16:28:37 - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: AzureQoSEvent: Module: Az.Resources:7.7.0; CommandName: New-AzDeployment; PSVersion: 7.5.0; IsSuccess: False; Duration: 00:00:06.6019963; SanitizeDuration: 00:00:00; Exception: The deployment validation failed;
DEBUG: 16:28:37 - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 16:28:37 - NewAzureSubscriptionDeploymentCmdlet end processing.
PS C:\Git>
Environment data
Name Value
---- -----
PSVersion 7.5.0
PSEdition Core
GitCommitId 7.5.0
OS Microsoft Windows 10.0.22631
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
Module versions
PS C:\Git> (Get-Module (Get-Command New-AzDeployment).Source)
ModuleType Version PreRelease Name ExportedCommands
---------- ------- ---------- ---- ----------------
Script 7.7.0 Az.Resources {Export-AzResourceGroup, Export-AzTemplateSpec, Get-AzDenyAssignment, Get-AzDeployment…}
PS C:\Git>
Error output
PS C:\Git> (Resolve-AzError)[3]
HistoryId: 53
Message : The deployment validation failed
StackTrace : at Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.ResourceManagerCmdletBase.HandleException(ExceptionDispatchInfo
capturedException)
at Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.ResourceManagerCmdletBase.ExecuteCmdlet()
at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.<>c__3`1.<ExecuteSynchronouslyOrAsJob>b__3_0(T c)
at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet, Action`1 executor)
at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet)
at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
Exception : System.InvalidOperationException
InvocationInfo : {New-AzDeployment}
Line : New-AzDeployment -Name hci_hannover_kickoff_vms -Location westeurope -TemplateParameterFile kickoff.hannover.bicepparam -Verbose
Position : At line:1 char:1
+ New-AzDeployment -Name hci_hannover_kickoff_vms -Location westeurope …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId : 53
PS C:\Git> (Resolve-AzError)[3].Exception
TargetSite : Void HandleException(System.Runtime.ExceptionServices.ExceptionDispatchInfo)
Message : The deployment validation failed
Data : {}
InnerException :
HelpLink :
Source : Microsoft.Azure.PowerShell.Cmdlets.ResourceManager
HResult : -2146233079
StackTrace : at Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.ResourceManagerCmdletBase.HandleException(ExceptionDispatchInfo
capturedException)
at Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.ResourceManagerCmdletBase.ExecuteCmdlet()
at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.<>c__3`1.<ExecuteSynchronouslyOrAsJob>b__3_0(T c)
at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet, Action`1 executor)
at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet)
at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
PS C:\Git>
Here are some similar issues that might help you. Please check if they can solve your problem.
- #5324
Possible solution (Extracted from existing issue, might be incorrect; please verify carefully)
Solution 1:
Enable the Key Vault for template deployment by navigating to Access Policies -> Click to show advanced access policies and enabling the required setting.
Reference:
- https://github.com/azure/azure-powershell/issues/5324#issuecomment-389523463
Solution 2:
Run the cmdlet with the -Verbose flag to get better information about the failure.
Reference:
- https://github.com/azure/azure-powershell/issues/5324#issuecomment-359964853
Solution 3:
Set $DebugPreference="Continue" to get more detailed error output without relying on the default error messages.
Reference:
- https://github.com/azure/azure-powershell/issues/5324#issuecomment-392937799
Powered by issue-sentinel
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @Azure/deployments-owners.
![microsoft-github-policy-service[bot] avatar](https://avatars.githubusercontent.com/in/95686?v=4 "Published by a pub.dev verified publisher"){kind=small}