Troubleshooting CWPP Scan Errors
This article outlines the steps to troubleshoot errors encountered during the CWPP scan and appliance lifecycle.
Integration Errors
The following errors might arise for Azure subscription configured with CWPP:
BadCWPPConfiguration: Resources required to run CWPP capabilities have not been properly configured
Cause: This error occurs when the necessary resources required for CWPP capabilities are not present in the subscription. This error can also occur when the user does not have the necessary permissions when onboarding the CWPP capability.
Solution: To resolve this error, re-run the CWPP onboarding by following the guide Enabling CWPP for existing Azure Subscriptions.
ProviderNotAvailable: Provider needed to run CWPP scan have not been registered
Cause: The error occurs when the required provider is not registered in the subscription.
Solution: To resolve this error, ensure that the Microsoft.Compute provider is registered for your Azure subscription. This will ensure Plerion can launch appliance to scan your workloads. Follow the guide register resource provider (opens in a new tab) or you can execute command az provider register --namespace Microsoft.Compute --subscription <your-subscription-id>.
AccessDenied: Plerion does not have access to the subscription
Cause: This error occurs when the Plerion App doesn't have the necessary permissions to access the subscription.
Solution: To resolve this error,
- Make sure the Plerion App has the necessary permissions to access the subscription.
- Re-run the CWPP onboarding by following the guide Enabling CWPP for existing Azure Subscriptions
Appliance Errors
The following errors might occur during the appliance lifecycle:
OperationNotAllowed: Operation could not be completed as it results in exceeding approved standardDSv3Family Cores quota
User Action Required: Yes
Cause: This error occurs when there isn't sufficient quota available in the respective region of the subscription to create virtual machines of size standardDSv3Family.
Solution: To resolve this error, increase the quota for the standardDSv3Family virtual machines in the subscription for the respective region. Follow the guide Increase Quota for Regional Cores to increase the quota.
PublicIPCountLimitReached: The long-running operation has failed. Cannot create more than x public IP addresses for this subscription in this region.
User Action Required: Yes
Cause: This error occurs when there isn't sufficient quota available in the respective region of the subscription to create public IP addresses.
Solution: To resolve this error, increase the quota for the public IP addresses in the subscription for the respective region. Follow the guide Increase Quota for Regional Public IP Addresses to increase the quota.
ResourceNotFound: he Resource 'Microsoft.Compute/virtualMachines/plerion-cwpp-' under resource group 'plerion-cwpp-' was not found.
User Action Required: No
Cause: This error occurs when the appliance is deleted from the subscription.
Recommendation: It is recommended to not delete the appliance from the subscription. If the appliance is deleted, the respective scans will fail.
ApplianceTimeout: Appliance timed out
User Action Required: No
Cause: This error can occur if scanning a workload takes more than 3 hours. By default, the appliance is configured to timeout after 3 hours to prevent it from running indefinitely.
Recommendation: Contact Plerion Support if the error persists. Plerion support can increase the timeout limit for the appliance as per the requirement.
InternalError: Appliance failed with unknown error
User Action Required: No
Cause: This error occurs due to an internal error in the appliance.
Recommendation: Contact Plerion Support if the error persists. Normally, the appliance will recover from this error and continue scanning in the next scan.