We're trying to deploy ArcGIS Enterprise 10.7.1 through the azure cloudbuilder with a rather secure (sub)net which is in control of our CSP. The deployment currently fails on:
"message": "The resource operation completed with terminal provisioning state 'Failed'.",
"message": "VM has reported a failure when processing extension 'DSCConfiguration0'. Error message: \"DSC Configuration 'ServerConfiguration' completed with error(s). Following are the first few: PowerShell DSC resource ArcGIS_License failed to execute Set-TargetResource functionality with error message: [ERROR] - Attempt 10 - Licensing for Product [Server] failed. Software Authorization Utility returned Error authorizing with the following file C:\\Packages\\Plugins\\Microsoft.Powershell.DSC\\220.127.116.11\\ArcGISGISServerAdvanced_ArcGISServer_USER.prvc The SendConfigurationApply function did not succeed.\"."
It seems (no RDP, so quite limited in deep diagnostics...) that ArcGIS is unable to license ArcGIS Server. Now our CSP works with a DNS-based whitelist on what kind of resources the individual machines can reach over the internet (funny due to this deployment getting a public IP itself...). I validated that the file is correct, it's from a fresh dev subscription and works in a deployment without the CSP subnet...
I already told our CSP to whitelist *.esri.com; however, still no luck. My question:
What resources does the server licensing use which we need to whitelist? This is not documented (internal server resources tend to be documented only, or a non-cloud builder supported 'offline' authentication), and our new CSP is also not really forthcoming in deep traces on what happens...