Loading source
Pulling the file list, source metadata, and syntax-aware rendering for this listing.
Source from repo
Deploy, evaluate, and manage AI agents end-to-end on Microsoft Azure AI Foundry
Files
Skill
Size
Entrypoint
Format
Open file
Syntax-highlighted preview of this file as included in the skill package.
resource/private-network/references/deploy.md
1# Deploy & Track2Applies to all private network deployments.4## Deploy6```bash8az deployment group create \9--resource-group <rg> \10--template-file main.bicep \11--parameters main.bicepparam \12--name <deployment-name>13```14> ⚠️ Capability host provisioning is **asynchronous** (10–20 min). The CLI produces no output during this phase.16## Monitor Progress18Use exponential backoff — do NOT poll every 30 seconds.20| Poll | Wait |22|------|------|23| 1st | 1 min after deploy starts |24| 2nd | 3 min after 1st |25| 3rd | 5 min after 2nd |26| 4th+ | Every 5 min |27```bash29# Overall state30az deployment group show \31--resource-group <rg> --name <deployment-name> \32--query "{state:properties.provisioningState,error:properties.error}" -o json33# Per-resource progress35az deployment operation group list \36--resource-group <rg> --name <deployment-name> \37--query "[].{resource:properties.targetResource.resourceType,state:properties.provisioningState}" -o table38```39Or block with timeout:41```bash43az deployment group wait \44--resource-group <rg> --name <deployment-name> \45--created --timeout 180046```47## Error Recovery49When a deployment fails, follow this workflow:51### Step 1 — Identify the error53```bash55az deployment operation group list \56--resource-group <rg> \57--name <deployment-name> \58--query "[?properties.provisioningState=='Failed'].{resource:properties.targetResource.resourceType,error:properties.statusMessage}" \59-o json60```61### Step 2 — Resolve63Use `microsoft_docs_search` with the error code or message to find current remediation. The legionservicelink retry rule is documented in the main workflow's Error Handling section.65| Error | Likely cause | Fix |67|-------|-------------|-----|68| `legionservicelink` / subnet in use | Orphaned service link from prior attempt | Use a new `vnetName` — do not reuse the prior VNet |69| `AuthorizationFailed` on `validate/action` | Missing Contributor role | Assign Contributor + User Access Administrator to deploying identity |70| `SubnetDelegationAlreadyExists` | Agent subnet already delegated to another resource | Use a new VNet or open a support ticket to remove the delegation |71| `disableLocalAuth` policy violation | Template defaults to `false` | Set `disableLocalAuth: true` in Bicep params |72| `defaultOutboundAccess` policy violation | Subnets missing the property | Add `defaultOutboundAccess: false` to subnet properties |73### Step 3 — Present fix to user and get approval75Before re-deploying, show the user:77- What failed and why78- What file/parameter will be changed79- The new `vnetName` to use (must be different from the failed run)80### Step 4 — Re-deploy with a new deployment name82```bash84# Update main.bicepparam: change vnetName to a new unique name85az deployment group create \86--resource-group <rg> \87--template-file main.bicep \88--parameters main.bicepparam \89--name <deployment-name>-retry90```91