Azure SQL Database
An Azure relational database service.
5,794 questions
Vulnerability Assessment is enabled on this server or one of its underlying databases with an incompatible version.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 57.00000000000001%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPA%3C/text%3E%3C/svg%3E)
Poovarasan Annadurai
40
Reputation points
despite continuing to use the classic configuration, we are repeatedly encountering the same error. It seems that this issue persists even though we have not actually transitioned to the express configuration. Im trying to deploy using ARM template
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 60%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
Mahesh Kurva 975 Reputation points Microsoft Vendor2024-10-04T14:33:23.8166667+00:00 Hi @Poovarasan Annadurai,
It seems like you're experiencing an issue with deploying an ARM template due to a vulnerability assessment being enabled on your server or one of its underlying databases with an incompatible version. This is causing an error, despite using the classic configuration and not transitioning to the express configuration. Can you please provide more details about the error message you're seeing? Additionally, have you checked the version of the vulnerability assessment and the database to ensure they are compatible?
-
Poovarasan Annadurai 40 Reputation points
2024-10-07T07:00:55.25+00:00 ERROR: {"status":"Failed","error":{"code":"DeploymentFailed","target":"/subscriptions/xxxxxxx/resourceGroups/xxxx/providers/Microsoft.Resources/deployments/main","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"VulnerabilityAssessmentStoragelessIsEnabled","message":"Vulnerability Assessment is enabled on this server or one of its underlying databases with an incompatible version. Additional troubleshooting information can be found https://aka.ms/SQLVAStoragelessDocumentation."}]}}ARM snippet:
{ "type": "Microsoft.Sql/servers/vulnerabilityAssessments", "apiVersion": "2023-08-01-preview", "name": "[concat(parameters('serverName'), '/Default')]", "dependsOn": [ "[resourceId('Microsoft.Sql/servers', parameters('serverName'))]" ], "properties": { "storageContainerPath": "[concat('https://', parameters('storageAccountName'), '.blob.core.windows.net/vulnerability-assessment/')]", "recurringScans": { "isEnabled": false, "emailSubscriptionAdmins": true, "emails": [] } } } { "type": "Microsoft.Sql/servers/databases/vulnerabilityAssessments", "apiVersion": "2023-08-01-preview", "name": "[concat(parameters('serverName'), '/', parameters('databaseName'), '/Default')]", "dependsOn": [ "[resourceId('Microsoft.Sql/servers/databases', parameters('serverName'), parameters('databaseName'))]" ], "properties": { "recurringScans": { "isEnabled": false, "emailSubscriptionAdmins": true, "emails": [] } } }sorry for the confusion we are using express config . "despite continuing to use the express configuration, we are repeatedly encountering the same error. It seems that this issue persists even though we have not actually transitioned to the classic configuration. Im trying to deploy using ARM template"
Additionally, have you checked the version of the vulnerability assessment and the database to ensure they are compatible? can you give me steps to check the same .
-
Mahesh Kurva 975 Reputation points Microsoft Vendor
2024-10-07T13:53:32.94+00:00 Hi @Poovarasan Annadurai,
It seems like you're experiencing issues with deploying an ARM template due to a vulnerability assessment being enabled on your server or one of its underlying databases with an incompatible version.
Since you're using the express configuration, I recommend checking the version of the vulnerability assessment and the database to ensure they are compatible.
Here are the steps to check the version of the vulnerability assessment and the database:
Check the version of the vulnerability assessment:
- Sign in to the Azure portal.
- Navigate to the specific Azure SQL Database resource.
- Under the Security heading, select Defender for Cloud.
- In the Enablement Status, select Configure to open the Microsoft Defender for SQL settings pane for either the entire server or managed instance.
- Check the Vulnerability assessment section to see the version of the vulnerability assessment.
Check the version of the database:
- Sign in to the Azure portal.
- Navigate to the specific Azure SQL Database resource.
- Under the Overview section, check the Server version or Database version field to see the version of the database.
To enable vulnerability assessment in the express configuration, you can update your ARM template to remove the storageContainerPath property and set storageContainerPath to null.
By setting storageContainerPath to null, you're enabling the express configuration for vulnerability assessment, which doesn't require a storage account.
For more information, please refer the document: https://learn.microsoft.com/en-us/azure/defender-for-cloud/sql-azure-vulnerability-assessment-overview?view=azuresql.
Reference link:
I hope this information helps. Please do let us know if you have any further queries.
-
Poovarasan Annadurai 40 Reputation points
2024-10-07T17:32:04.11+00:00 checking the version compatibility? version-related information is not available on the portal. updating the
storageContainerPathto null:Below is ARM snippet generated from Azure portal
{
"type": "Microsoft.Sql/servers/vulnerabilityAssessments",
"apiVersion": "2023-08-01-preview",
"name": "[concat(parameters('xxxxxx'), '/Default')]",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('xxxxx'))]"
],
"properties": {
"recurringScans": {
"isEnabled": false,
"emailSubscriptionAdmins": true
},
"storageContainerPath": "[parameters('vulnerabilityAssessments_Default_storageContainerPath')]"
}
StorageContainerPathis not null in the above ARM template. Before the ARM deployment failed, we used bothstorageContainerPathandstorageAccessKeyinside the properties block. Is there any possibility that Microsoft migrated the classic configuration to the express configuration on Azure's end? -
Mahesh Kurva 975 Reputation points Microsoft Vendor
2024-10-08T19:23:44.8833333+00:00 Hi @Poovarasan Annadurai,
checking the version compatibility? version-related information is not available on the portal.
you can use the following Azure CLI commands:
Check the version of the vulnerability assessment:
az sql db va show --resource-group <ResourceGroupName> --server <ServerName> --database-name <DatabaseName>Check the version of the database:
az sql db show --resource-group <ResourceGroupName> --server <ServerName> --name <DatabaseName> --query 'version'Based on the ARM template snippet you provided, it appears to be an Express configuration.
That you enable vulnerability assessment using the express configuration, so you aren't dependent on a storage account.
For more information, please refer the document: https://learn.microsoft.com/en-us/azure/defender-for-cloud/sql-azure-vulnerability-assessment-enable#express-configuration.
Is there any possibility that Microsoft migrated the classic configuration to the express configuration on Azure's end?
For more information, please refer the document: https://learn.microsoft.com/en-us/azure/defender-for-cloud/powershell-sample-vulnerability-assessment-azure-sql.
“Vulnerability Assessment is enabled on this server or one of its underlying databases with an incompatible version”
Possible causes:
- Switching to express configuration failed due to a server policy error. Solution: Try again to enable the express configuration. If the issue persists, try to disable the Microsoft Defender for SQL in the Azure SQL resource, select Save, enable Microsoft Defender for SQL again, and select Save.
For more information, please refer the document: Errors.
I hope this information helps. Please do let us know if you have any further queries.
-
Mahesh Kurva 975 Reputation points Microsoft Vendor
2024-10-09T18:33:25.7233333+00:00 Hi @Poovarasan Annadurai,
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
-
Poovarasan Annadurai 40 Reputation points
2024-10-10T13:41:25.8333333+00:00 Hi @Kuruva Mahesh , Sorry for the delay. Both the command you provided did not provide any information about the version, and I guess from a customer point of view, we won't manage the version compatibility for Azure SQL and Microsoft Defender. I tried removing
"storageContainerPath": null, I'm facing a same error.executed command with and without --query version info is not displayed
"code":"VulnerabilityAssessmentStoragelessIsEnabled","message":"Vulnerability Assessment is enabled on this server or one of its underlying databases with an incompatible version. Additional troubleshooting information can be found https://aka.ms/SQLVAStoragelessDocumentation." -
Mahesh Kurva 975 Reputation points Microsoft Vendor
2024-10-10T16:18:59.9933333+00:00 Hi @Poovarasan Annadurai,
“Vulnerability Assessment is enabled on this server or one of its underlying databases with an incompatible version”
Have you tried this?
Possible causes:
- Switching to express configuration failed due to a server policy error.
Solution: Try again to enable the express configuration. If the issue persists, try to disable the Microsoft Defender for SQL in the Azure SQL resource, select Save, enable Microsoft Defender for SQL again, and select Save.
For more information, please refer the document: Errors.
I hope this information helps. Please do let us know if you have any further queries.
-
Mahesh Kurva 975 Reputation points Microsoft Vendor
2024-10-14T16:25:12.7866667+00:00 Hi @Poovarasan Annadurai,
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Sign in to comment
Sign in to answer