Share via

I am getting below error while removing DDOS Plan from a Vnet while trying from terraform , portal or powershell.

Givary-MSFT 35,216 Reputation points Microsoft Employee
2025-01-16T10:25:07.7333333+00:00

Failed to update the virtual network 'vnet-name’. Error: Property id '' at path 'properties.ddosProtectionPlan.id' is invalid. Expect fully qualified resource Id that start with '/subscriptions/{subscriptionId}' or '/providers/{resourceProviderNamespace}/'.

I have tried using the Portal and still get the same error

While trying with Powershell using  given commands through cloudshell

$vNetName = "vnet-name"   $resourceGroupName = "rg-name"   $vnet = Get-AzVirtualNetwork -Name $vNetName -ResourceGroupName $resourceGroupName   $vnet.DdosProtectionPlan = $null  > $vnet.EnableDdosProtection = $false   $vnet | Set-AzVirtualNetwork

 

I get the below error –

 

Set-AzVirtualNetwork: Property id '' at path 'properties.ddosProtectionPlan.id' is invalid. Expect fully qualified resource Id that start with '/subscriptions/{subscriptionId}' or '/providers/{resourceProviderNamespace}/'. StatusCode: 400 ReasonPhrase: Bad Request ErrorCode: LinkedInvalidPropertyId ErrorMessage: Property id '' at path 'properties.ddosProtectionPlan.id' is invalid. Expect fully qualified resource Id that start with '/subscriptions/{subscriptionId}' or '/providers/{resourceProviderNamespace}/'.

 

Kindly help to fix the issue.

Azure DDos Protection
Azure DDos Protection
An Azure service that provides defense against distributed denial-of-service (DDoS) attacks.
72 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,613 questions
0 comments
Accepted answer
  1. UJTyagi-MSFT 615 Reputation points Microsoft Employee
    2025-01-16T11:49:28.5+00:00

    Hi @Givary-MSFT ,

    Kindly check the following at your end to fix the issue -

    • Since you are looking to delete a DDOS plan from a virtual network kindly verify whether associated vnets are in successful provisioning state.
    • If they are in failed status do a Get Set operation using below PowerShell command 
     Get-AzVirtualNetwork -Name <vnet-name> -ResourceGroupName <rg-name>| Set-AzVirtualNetwork
    • Choose an alternate way to perform the same operation i.e using Powershell or terraform since you have already tried to remove association using PowerShell you can ignore this step.
    • See if there is a DDOS policy “Virtual networks should be protected by Azure DDoS Protection” in force on the virtual Network
    • You can check the policy enforced on either subscription or resource group level of the Virtual Network and then click the Policy tab
    • User's image
    • You can check it through below PowerShell command by replacing the Resource id with your resource id.
    Get-AzPolicyState -ResourceId "/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/{resource-provider}/{resource-name}"
    • Kindly delete the policy to remove the DDOS plan from the Virtual Network.
    • Check if the DDOS Plan or the associated Virtual Networks are locked. Remove the lock.
    • If the issue still does not resolve kindly revert back as this will need investigation by raising a support case.

    If the below answer addressed your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.Regards

    Ujjawal Tyagi

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.