az stack-hci-vm network nic create fails when hci cluster is in another subscription #9239
Description
Describe the bug
Unable to create an hci network interface with stack-hci-vm extension, when the nic object and the hci cluster are not in the same subscription.
--custom-location appears to handle a full id properly, not --subnet-id
Related command
$HCIClusterSubscriptionID = "XXX"
$HCIClusterResourceGroupName = "my-hci-cluster-rg"
$HCIClusterCustomLocation = "FR-BRAD1"
$SubscriptionID = "my-application-subscriptionId"
$ResourceGroupName = "my-application-rg"
$CustomLocationID = "/subscriptions/$HCIClusterSubscriptionID/resourceGroups/$HCIClusterResourceGroupName/providers/Microsoft.ExtendedLocation/customLocations/$HCIClusterCustomLocation"
$Location = "WestEurope"
$NicName = "my-nic"
$LnetName = "lnet1"
$SubnetID = "/subscriptions/$HCIClusterSubscriptionID/resourceGroups/$HCIClusterResourceGroupName/providers/Microsoft.AzureStackHCI/logicalNetworks/$LnetName"
az account set -s $SubscriptionID
az stack-hci-vm network nic create `
--resource-group $ResourceGroupName `
--custom-location $CustomLocationID `
--location $Location `
--name $NicName `
--subnet-id $SubnetID # also tried with $LnetName
i also tried using --ip-configurations but not working either
Errors
if i specify --subnet-id $SubnetID, i get:
(ResourceGroupNotFound) Resource group 'my-hci-cluster-rg' could not be found.
if i specify --subnet-id $LnetName, i get (somewhat expected):
(ResourceNotFound) The Resource 'Microsoft.AzureStackHCI/logicalNetworks/lnet1' under resource group 'my-application-rg' was not found.
Issue script & Debug output
if i specify --subnet-id $SubnetID --debug, i get:
...
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/<my-application-subscriptionId>/resourceGroups/my-hci-cluster-rg/providers/Microsoft.AzureStackHCI/logicalNetworks/lnet1?api-version=2025-06-01-preview'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': 'ca42d6eb-9ad7-11f0-b29f-3ce9f76eae0a'
cli.azure.cli.core.sdk.policies: 'CommandName': 'stack-hci-vm network nic create'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--resource-group --custom-location --location --name --subnet-id --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.77.0 (ZIP) azsdk-python-core/1.35.0 Python/3.13.7 (Windows-11-10.0.22631-SP0)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/<my-application-subscriptionId>/resourceGroups/my-hci-cluster-rg/providers/Microsoft.AzureStackHCI/logicalNetworks/lnet1?api-version=2025-06-01-preview HTTP/1.1" 404 118
cli.azure.cli.core.sdk.policies: Response status: 404
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '118'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'x-ms-failure-cause': 'gateway'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '8f0856b5-501c-46f5-bfcb-cd86c3615045'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '8f0856b5-501c-46f5-bfcb-cd86c3615045'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'WESTEUROPE:20250926T125326Z:8f0856b5-501c-46f5-bfcb-cd86c3615045'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: B76873D01C32485699445859DFBA5ACE Ref B: MRS211050313033 Ref C: 2025-09-26T12:53:26Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Fri, 26 Sep 2025 12:53:25 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"error":{"code":"ResourceGroupNotFound","message":"Resource group 'my-hci-cluster-rg' could not be found."}}
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/invocation.py", line 111, in _validation
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 915, in _validate_cmd_level
File "C:\Users\me\.azure\cliextensions\stack-hci-vm\azext_stack_hci_vm\generated\_validators.py", line 856, in vnic_create_validator
lnet = _fetch_logical_network(cmd.cli_ctx, res.get('resource_group', namespace.resource_group_name), res['name'])
File "C:\Users\me\.azure\cliextensions\stack-hci-vm\azext_stack_hci_vm\generated\_validators.py", line 903, in _fetch_logical_network
lnet = lnet_client.get(resource_group, name)
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/core/tracing/decorator.py", line 119, in wrapper_use_tracer
File "C:\Users\me\.azure\cliextensions\stack-hci-vm\azext_stack_hci_vm\vendored_sdks\stack_hci_vm\v2025_06_01_preview\operations\_logical_networks_operations.py", line 471, in get
map_error(status_code=response.status_code, response=response, error_map=error_map)
~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/core/exceptions.py", line 163, in map_error
azure.core.exceptions.ResourceNotFoundError: (ResourceGroupNotFound) Resource group 'my-hci-cluster-rg' could not be found.
Code: ResourceGroupNotFound
Message: Resource group 'my-hci-cluster-rg' could not be found.
...
if i specify --subnet-id $LnetName --debug, i get:
...
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/<my-application-subscriptionId>/resourceGroups/my-application-rg/providers/Microsoft.AzureStackHCI/logicalNetworks/lnet1?api-version=2025-06-01-preview'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '7054f18d-9ad8-11f0-aa7f-3ce9f76eae0a'
cli.azure.cli.core.sdk.policies: 'CommandName': 'stack-hci-vm network nic create'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--resource-group --custom-location --location --name --subnet-id --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.77.0 (ZIP) azsdk-python-core/1.35.0 Python/3.13.7 (Windows-11-10.0.22631-SP0)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/<my-application-subscriptionId>/resourceGroups/my-application-rg/providers/Microsoft.AzureStackHCI/logicalNetworks/lnet1?api-version=2025-06-01-preview HTTP/1.1" 404 269
cli.azure.cli.core.sdk.policies: Response status: 404
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '269'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'x-ms-failure-cause': 'gateway'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': 'a342417a-5849-40e9-95ab-8b625f9eb3ad'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': 'a342417a-5849-40e9-95ab-8b625f9eb3ad'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'WESTEUROPE:20250926T125805Z:a342417a-5849-40e9-95ab-8b625f9eb3ad'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 012E268865304B448E038D1861B47893 Ref B: MRS211050315025 Ref C: 2025-09-26T12:58:05Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Fri, 26 Sep 2025 12:58:05 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"error":{"code":"ResourceNotFound","message":"The Resource 'Microsoft.AzureStackHCI/logicalNetworks/lnet1' under resource group 'my-application-rg' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix"}}
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/invocation.py", line 111, in _validation
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 915, in _validate_cmd_level
File "C:\Users\me\.azure\cliextensions\stack-hci-vm\azext_stack_hci_vm\generated\_validators.py", line 856, in vnic_create_validator
lnet = _fetch_logical_network(cmd.cli_ctx, res.get('resource_group', namespace.resource_group_name), res['name'])
File "C:\Users\me\.azure\cliextensions\stack-hci-vm\azext_stack_hci_vm\generated\_validators.py", line 903, in _fetch_logical_network
lnet = lnet_client.get(resource_group, name)
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/core/tracing/decorator.py", line 119, in wrapper_use_tracer
File "C:\Users\me\.azure\cliextensions\stack-hci-vm\azext_stack_hci_vm\vendored_sdks\stack_hci_vm\v2025_06_01_preview\operations\_logical_networks_operations.py", line 471, in get
map_error(status_code=response.status_code, response=response, error_map=error_map)
~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/core/exceptions.py", line 163, in map_error
azure.core.exceptions.ResourceNotFoundError: (ResourceNotFound) The Resource 'Microsoft.AzureStackHCI/logicalNetworks/lnet1' under resource group 'my-application-rg' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix
Code: ResourceNotFound
Message: The Resource 'Microsoft.AzureStackHCI/logicalNetworks/lnet1' under resource group 'my-application-rg' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix
...
Expected behavior
--subnet-idshould accept an lnet full id (or lnet name)- The nic creation in my application subscription should work, despite my cluster being in another subscription
- the query being made to fetch the lnet should not use current context subscription if i specify a full id for
--subnet-id
Environment Summary
azure-cli 2.77.0
core 2.77.0
telemetry 1.1.0
Extensions:
alertsmanagement 1.0.0b1
azure-devops 1.0.1
bastion 1.4.1
connectedmachine 2.0.0b1
monitor-control-service 1.2.0
resource-graph 2.1.1
stack-hci-vm 1.10.4
Dependencies:
msal 1.34.0b1
azure-mgmt-resource 23.3.0
Python location 'C:\Tools\azure-cli-2.77.0-x64\python.exe'
Config directory 'C:\Users\me.azure'
Extensions directory 'C:\Users\me.azure\cliextensions'
Python (Windows) 3.13.7 (tags/v3.13.7:bcee1c3, Aug 14 2025, 14:15:11) [MSC v.1944 64 bit (AMD64)]
Legal docs and information: aka.ms/AzureCliLegal
Additional context
No response