Error AtlasError Documentation and ResolutionAzure documented errors
Browse documented Azure errors grouped by service, so platform-wide coverage can expand while still preserving exact service-level troubleshooting paths.
Tool
Active Directory
8456 / 8457Active Directory replication disabled because the source or destination DC is rejecting replication requestsreplication: Active Directory automatically disabled inbound or outbound replication on a domain controller due to one of three triggering conditions: a USN rollback was detected, the DSA Not Writable registry flag was set, or the NETLOGON service was paused due to a critical problem such as insufficient disk space. The DC is quarantined to prevent propagation of potentially corrupt or rolled-back directory data. Replication will not resume until the underlying trigger is investigated and resolved.
8418Active Directory replication failed because of a schema mismatch between the serversreplication: All domain controllers in a forest must hold a consistent view of the schema partition. When the schema definition on the source and destination DCs diverges — most commonly after a schema update has been applied to some but not yet all DCs, or during DC promotion when the new DC's schema is out of sync — replication of attribute changes that reference the newer schema definitions will fail with error 8418.
8452Active Directory replication failed because the naming context is being removed or is not replicated from the specified serverreplication: A domain controller tried to inbound-replicate a naming context (directory partition) from a source DC that either does not hold a replica of that partition or is in the process of removing it. This is most commonly a transient, self-correcting condition that occurs when replication topology changes — such as adding or removing a global catalog, demoting a DC, or changing intersite replication links — have not yet fully propagated across all domain controllers.
1818Active Directory replication failed because the remote procedure call was cancellednetworking: The destination domain controller initiated an inbound replication request to a source DC, but did not receive a complete response within the RPC replication timeout window (default 5 minutes). Active Directory cancelled the call and logged error 1818. The root cause is almost always that the source DC is taking too long to gather and send the replication data — typically because it is under heavy load, the replication payload is very large, or there is a network bottleneck between the two DCs.
8614Active Directory replication failed because the tombstone lifetime was exceededreplication: A destination domain controller has not successfully inbound-replicated a directory partition from one or more source domain controllers for longer than the forest's tombstone lifetime (typically 60 or 180 days). Active Directory deliberately quarantines the DC at this point to prevent lingering objects — deleted objects that still exist on the out-of-date DC — from being reintroduced into the directory if replication resumes.
1396Active Directory replication failed with logon failure: the target account name is incorrectauthentication: The destination domain controller cannot authenticate to the source DC using Kerberos because the service principal name (SPN) required for the replication operation cannot be resolved correctly by the KDC. The KDC either cannot find the SPN in the global catalog, the SPN exists on the wrong account, or the account holding the SPN has been deleted or become inconsistent. This is distinct from error -2146893022 (target principal name incorrect), which indicates the KDC found the SPN but the source DC could not decrypt the service ticket.
Tool
ARM
InvalidTemplateDeploymentAzure ARM deployment failed because the template deployment is invaliddeployment: Azure Resource Manager rejected the deployment because the template deployment itself is invalid, usually due to underlying template validation issues.
AuthorizationFailedAzure ARM deployment failed with AuthorizationFaileddeployment: Azure Resource Manager rejected the deployment because the caller does not have the required permissions to perform the requested action on the target scope.
BadRequestAzure ARM deployment failed with BadRequestdeployment: Azure Resource Manager rejected the deployment request because one or more supplied values do not match what the target resource expects.
ConflictAzure ARM deployment failed with Conflictdeployment: Azure Resource Manager rejected the operation because the requested change is not allowed in the current state of the resource.
InvalidParameterAzure ARM deployment failed with InvalidParameterdeployment: Azure Resource Manager rejected one of the supplied deployment parameters because the value is invalid, out of range, malformed, or incompatible with the target resource configuration.
InvalidResourceReferenceAzure ARM deployment failed with InvalidResourceReferencedeployment: Azure Resource Manager could not resolve a referenced resource, usually because the resource does not exist yet, is in the wrong scope, or is referenced incorrectly.
NotFoundAzure ARM deployment failed with NotFounddeployment: Azure Resource Manager couldn't find a resource required by the deployment, often because of a missing dependency, wrong name, or wrong scope.
ParentResourceNotFoundAzure ARM deployment failed with ParentResourceNotFounddeployment: Azure Resource Manager could not find the parent resource required for a nested resource deployment, usually because the name, scope, order, or dependency is wrong.
ResourceNotFoundAzure ARM deployment failed with ResourceNotFounddeployment: Azure Resource Manager couldn't resolve a referenced resource during deployment, typically because the resource doesn't exist or the reference details are incomplete.
ResourceGroupNotFoundAzure ARM deployment target resource group was not founddeployment: Azure Resource Manager couldn't find the target resource group, usually because the name is wrong, the subscription context is wrong, or the group does not exist yet.
InvalidDeploymentLocationAzure ARM deployment used an invalid deployment locationdeployment: Azure Resource Manager rejected the deployment because the deployment name was reused from a different region or the specified deployment location is inconsistent.
RequestDisallowedByPolicyAzure ARM deployment was blocked by policydeployment: Azure Policy blocked the deployment because one or more requested resources or properties violate the subscription or management group policy rules.
InvalidRequestContentAzure ARM request content is invalid or missing required valuesdeployment: Azure Resource Manager rejected the deployment payload because it contains unsupported values, missing required properties, or malformed content for the target resource type.
InvalidTemplateAzure ARM template is invaliddeployment: Azure Resource Manager rejected the template because it contains a syntax, structural, parameter, or dependency problem that prevents validation.
SubscriptionNotFoundAzure deployment could not access the specified subscriptiondeployment: Azure Resource Manager could not access the specified subscription because the ID is wrong, permissions are missing, or the request is targeting the wrong scope.
DeploymentFailedAzure deployment failed with a generic DeploymentFailed errordeployment: Azure Resource Manager returned a generic deployment failure wrapper, which means the real cause is inside the nested error details rather than the top-level code itself.
DeploymentActiveAndUneditableAzure deployment is already active and cannot be editeddeployment: Azure Resource Manager rejected the request because another deployment with the same name is still active and cannot be modified concurrently.
MissingSubscriptionRegistrationAzure subscription is missing resource provider registrationdeployment: Azure Resource Manager failed because the subscription is missing registration for the resource provider needed by the deployment.
SubscriptionNotRegisteredAzure subscription is not registered for the resource providerdeployment: Azure Resource Manager failed because the subscription is not registered to use the required resource provider namespace for the deployment.
Tool
General
Tool
Key Vault
AccessDeniedAzure Key Vault AccessDeniedpolicy: Azure Key Vault returned AccessDenied because the caller does not currently have sufficient permission to perform the requested operation. This most commonly happens when access policy or role assignments do not include the required secret, key, or certificate permissions.
ConflictErrorAzure Key Vault ConflictErrorprovisioning: Azure Key Vault returned ConflictError because multiple operations were requested against the same vault object at the same time. This typically appears when code or automation performs overlapping create, update, delete, or versioning actions without sequencing.
ForbiddenByFirewallAzure Key Vault ForbiddenByFirewallnetwork: Azure Key Vault returned ForbiddenByFirewall because the request came from a network location that the vault is not configured to allow. The vault firewall or private-access configuration is blocking the caller.
ResourceNotFoundAzure Key Vault ResourceNotFoundprovisioning: Azure Key Vault returned ResourceNotFound because the requested vault resource or referenced dependency could not be found. This often happens when the wrong name, subscription, tenant, or resource path is being used.
VaultAlreadyExistsAzure Key Vault VaultAlreadyExistsprovisioning: Azure Key Vault returned VaultAlreadyExists because the requested vault name is not available. Key Vault names are globally unique, and a recently deleted vault may also still exist in soft-deleted state.
Tool
Static Web Apps
Failed to load resource: A TLS error caused the secure connection to failAzure Static Web Apps asset fails to load because the secure connection failsdeployment: A deployed Azure Static Web Apps page referenced an asset over HTTPS, but the browser could not establish a valid secure connection for that asset URL.
Oryx could not find a 'build' or 'build:azure' script in the package configurationAzure Static Web Apps Oryx build could not find a build scriptdeployment: Azure Static Web Apps tried to build a Node app with Oryx, but the app location pointed at a package that does not expose a build or build:azure script.
Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directiveAzure Static Web Apps page fails because CSP blocks an inline scriptdeployment: A deployed Azure Static Web Apps site rendered HTML but failed during client-side startup because the Content Security Policy blocked an inline script required by the app runtime.
'api_location' value should be an empty string ("") for Next.js applications which are not statically exportedAzure Static Web Apps requires api_location to be empty for hybrid Next.jsdeployment: Azure Static Web Apps detected a non-static Next.js app and rejected the workflow configuration because api_location was set instead of being left empty.
Tool