ventGrid to Service Bus subscription fails with internal server error in Switzerland North

Question

ventGrid to Service Bus subscription fails with internal server error in Switzerland North

Adrian Ruchti 20

I have Azure Developer Support and need help with EventGrid subscription creation failing with internal server errors.

Environment

Subscription: 041e3b12-1c32-468a-8386-53833397e791
Region: Switzerland North
Resource Group: rg-lentinis-cms
Support Plan: Azure Developer Support (paid)

Problem Description

Cannot create EventGrid subscription from Storage System Topic to Service Bus queue using managed identity. All prerequisites are met but deployment fails consistently.

Resources Involved


System Topic: system-blob-trigger-topic (Storage Account: stdvpc564z54wcy)

Service Bus: sb-dvpc564z54wcy

Queue: ingestion-jobs (session-enabled)

Managed Identity: eg-delivery-dvpc564z54wcy-id (Principal ID: d0c10195-c424-4852-b7ac-7ea5616dbcd7)

Error Details


`{`

`"code"``: "Internal error",`

`"message"``: "The operation failed due to an internal server error. The initial state of the impacted resources (if any) are restored."`

`}`

Tracking IDs for Microsoft Support:

9b58af91-2521-44a1-9ed6-8c8a8d333c9f:8/22/2025 8:03:57 AM (UTC)
1a58b6b8-890b-4c16-a85e-9fa29d36d41c:8/22/2025 8:07:24 AM (UTC)
153a4115-0190-401b-81fc-e77cd902abee:8/22/2025 8:10:18 AM (UTC)

Bicep Configuration Attempted


`resource`` eventSubscription 'Microsoft.EventGrid/systemTopics/eventSubscriptions@2024-06-01-preview' = {`

`name``: 'eg-to-sb-sub'`

`parent``: systemTopic`

`properties``: {`

`eventDeliverySchema``: 'CloudEventSchemaV1_0'`

`deliveryWithResourceIdentity``: {`

`identity``: {`

`type``: 'UserAssigned'`

`userAssignedIdentity``: '/subscriptions/.../userAssignedIdentities/eg-delivery-dvpc564z54wcy-id'`

` }`

`destination``: {`

`endpointType``: 'ServiceBusQueue'`

`properties``: {`

`resourceId``: '/subscriptions/.../namespaces/sb-dvpc564z54wcy/queues/ingestion-jobs'`

`deliveryAttributeMappings``: [`

` {`

`name``: 'SessionId'`

`type``: 'Dynamic'`

`properties``: {`

`sourceField``: 'id'`

` }`

` }`

` ]`

` }`

` }`

` }`

` }`

`}`

```` ``` ````

## What I've Verified

✅ Service Bus namespace exists and is accessible

✅ Queue has sessions enabled

✅ Managed Identity has "Azure Service Bus Data Sender" role

✅ Managed Identity has "Storage Blob Data Contributor" role

✅ System Topic is provisioned successfully

✅ RBAC assignments have propagated (waited 5+ minutes)

## Question

Is there a known issue with EventGrid to Service Bus integration using managed identity in Switzerland North region? The deployment works until the event subscription creation step, then fails with internal server error.

This is blocking our production deployment. Please advise on resolution or workaround.

---

*Note: I have Azure Developer Support plan but the portal directed me to Q&A for this issue type.*

Praveen Kumar Gudipudi 160 Reputation points Microsoft External Staff

2025-08-22T11:55:44.5766667+00:00
Adrian Ruchti,

It sounds like you're running into some trouble creating an Event Grid subscription that triggers a Service Bus queue, and you're seeing internal server errors during the process. Let's go through some steps to help you troubleshoot this issue.

Key Considerations:

Managed Identity Permissions: You mentioned that the managed identity has the necessary roles. Make sure that it is also assigned the "Azure Event Grid Data Sender" role if it's sending requests to Event Grid. This can often be a missing piece.

Subscription Validation: Even though your validation might be successful for the resources involved, it's worth checking if any additional configurations or networking settings might be affecting the Event Grid's ability to validate against the Service Bus. You should ensure that the Service Bus queue can handle requests from Event Grid.

Service Health and Limitations: Investigate whether there are any known service issues in the Switzerland North region by checking the Azure Status page or relevant Azure forums.

Check Bicep Configuration: Double-check your Bicep file syntax and the properties to make sure everything fits within the expected formats for the Event Grid subscription and Service Bus setup.

Rate Limits and Throttling: If there's a lot of activity happening within your Event Grid and Service Bus resources, ensure that you’re not hitting any limits imposed by Azure.

Steps to Troubleshoot:

Enable Diagnostic Logs: For the Event Grid topic, you can turn on diagnostic logs. This will help you see if there are any underlying errors being logged when the subscription attempt fails. Enable diagnostic logs.

Check Endpoint Reachability: You can also check if the Service Bus queue is reachable and if there are any firewall rules or IP restrictions that might be blocking requests from Event Grid.

Monitor with Azure Monitor: Use Azure Monitor to capture any logs or metrics around your Service Bus namespace and Event Grid topic for more diagnostics.

Follow-Up Questions:

Have you confirmed that any required endpoints are publicly accessible and not behind a firewall or VPN?

Are there any additional access policies or networking configurations that may affect the interaction between Event Grid and Service Bus?

Have you tried manually validating the Service Bus queue by sending messages to it to ensure it's working independently?

What is the exact deployment failure message besides the internal server error?
Adrian Ruchti 20 Reputation points

2025-08-22T12:56:11.82+00:00
@Praveen Kumar Gudipudi
thank you fro your help.

Summary of Findings after going through your Checklist.

Based on Microsoft's suggestions, I've verified:

✅ EventGrid Data Sender role - Added (though it might not be needed for Service Bus destination)

✅ Network accessibility - Service Bus has public network access enabled

✅ Queue status - Queue is active and session-enabled

✅ Diagnostic logs - Enabled for better troubleshooting

✅ No firewall/VPN - Public network access is enabled

✅ DisableLocalAuth is True - This means ONLY managed identity authentication works

The Real Issue

The key finding is: DisableLocalAuth: True on the Service Bus namespace. This means:

Connection strings are disabled

ONLY managed identity authentication is allowed

Error message:
ERROR: error executing step command 'provision': deployment failed: error deploying infrastructure: deploying to subscription:

Deployment Error Details:

Internal error: The operation failed due to an internal server error. The initial state of the impacted resources (if any) are restored. Please try again in few minutes. If error still persists, report 54151402-ce60-433c-8a30-cfd890893caa:8/22/2025 12:39:47 PM (UTC) to our forums for assistance or raise a support ticket .

TraceID: 2e154ef5fd12a7f7d96087eedaf1d19c

Collected Error Tracking IDs

6 tracking IDs for Microsoft Support:

9b58af91-2521-44a1-9ed6-8c8a8d333c9f

1a58b6b8-890b-4c16-a85e-9fa29d36d41c

153a4115-0190-401b-81fc-e77cd902abee

dbefb652-6cfe-44e5-8762-9dc01360ca1b

76d7ec36-2363-4873-b666-847f0a873f5a

54151402-ce60-433c-8a30-cfd890893caa (latest)

Since all checks pass but the deployment still fails with internal errors, this I guess it is definitely a platform issue.
Adrian Ruchti 20 Reputation points

2025-08-22T13:11:31.18+00:00
Summary of Diagnostic Investigation

We've enabled diagnostic logging and checked multiple sources:

Diagnostic Settings: ✅ Enabled for DeliveryFailures category

Activity Logs: Show subscription creation is "Accepted" but never progresses to "Succeeded"

Diagnostic Logs: No failure logs appearing (suggesting the failure happens before delivery attempt)

Azure Advisor: No specific recommendations

Root Cause Analysis

The pattern suggests the failure occurs during the provisioning phase, not during message delivery. This is why:

No DeliveryFailures logs appear

Activity log shows "Accepted" but never "Succeeded"

Internal server errors with tracking IDs

Conclusion

This is a platform issue with EventGrid's managed identity integration to Service Bus in Switzerland North. The

diagnostic logs confirm the failure happens at the infrastructure level, not at the application level.

1 answer

Your answer

Adrian Ruchti 20 Reputation points

2025-08-22T12:56:11.82+00:00

@Praveen Kumar Gudipudi
thank you fro your help.

Summary of Findings after going through your Checklist.

Based on Microsoft's suggestions, I've verified:

✅ EventGrid Data Sender role - Added (though it might not be needed for Service Bus destination)

✅ Network accessibility - Service Bus has public network access enabled

✅ Queue status - Queue is active and session-enabled

✅ Diagnostic logs - Enabled for better troubleshooting

✅ No firewall/VPN - Public network access is enabled

✅ DisableLocalAuth is True - This means ONLY managed identity authentication works

The Real Issue

The key finding is: DisableLocalAuth: True on the Service Bus namespace. This means:

Connection strings are disabled

ONLY managed identity authentication is allowed

Error message:
ERROR: error executing step command 'provision': deployment failed: error deploying infrastructure: deploying to subscription:

Deployment Error Details:

Internal error: The operation failed due to an internal server error. The initial state of the impacted resources (if any) are restored. Please try again in few minutes. If error still persists, report 54151402-ce60-433c-8a30-cfd890893caa:8/22/2025 12:39:47 PM (UTC) to our forums for assistance or raise a support ticket .

TraceID: 2e154ef5fd12a7f7d96087eedaf1d19c

Collected Error Tracking IDs

6 tracking IDs for Microsoft Support:

9b58af91-2521-44a1-9ed6-8c8a8d333c9f

1a58b6b8-890b-4c16-a85e-9fa29d36d41c

153a4115-0190-401b-81fc-e77cd902abee

dbefb652-6cfe-44e5-8762-9dc01360ca1b

76d7ec36-2363-4873-b666-847f0a873f5a

54151402-ce60-433c-8a30-cfd890893caa (latest)

Since all checks pass but the deployment still fails with internal errors, this I guess it is definitely a platform issue.
Adrian Ruchti 20 Reputation points

2025-08-22T13:11:31.18+00:00

Summary of Diagnostic Investigation

We've enabled diagnostic logging and checked multiple sources:

Diagnostic Settings: ✅ Enabled for DeliveryFailures category

Activity Logs: Show subscription creation is "Accepted" but never progresses to "Succeeded"

Diagnostic Logs: No failure logs appearing (suggesting the failure happens before delivery attempt)

Azure Advisor: No specific recommendations

Root Cause Analysis

The pattern suggests the failure occurs during the provisioning phase, not during message delivery. This is why:

No DeliveryFailures logs appear

Activity log shows "Accepted" but never "Succeeded"

Internal server errors with tracking IDs

Conclusion

This is a platform issue with EventGrid's managed identity integration to Service Bus in Switzerland North. The

diagnostic logs confirm the failure happens at the infrastructure level, not at the application level.

Answer 1

@Praveen Kumar Gudipudi
Problem solved

Fix was to add UAMI to System Topic

param`` systemTopicName string

param`` location string

param`` tags object = {}

param`` storageAccountId string

param`` userAssignedIdentityId string

resource`` systemTopic 'Microsoft.EventGrid/systemTopics@2025-02-15' = {

name``: systemTopicName

location``: location

identity``: {

type``: 'UserAssigned'

userAssignedIdentities``: {

'``${userAssignedIdentityId}': {}

}

properties``: {

source``: storageAccountId

topicType``: 'microsoft.storage.storageaccounts'

}

tags``: tags

}

output`` systemTopicName string = systemTopic.name

output`` systemTopicId string = systemTopic.id

You can close the ticket. Thank you for your help.
Kind regards
Adrian

Share via

ventGrid to Service Bus subscription fails with internal server error in Switzerland North

Environment

Problem Description

Resources Involved

Error Details

Bicep Configuration Attempted

1 answer

Your answer