BugZero | Cisco BugID CSCwi27589 - Cloud on ramp for multicloud deploy fails with err...

OPERATIONAL DEFECT DATABASE

...

BugZero | Cisco BugID CSCwi27589 - Cloud on ramp for multicloud deploy fails with err...

Cisco - Defect ID: CSCwi27589

Cloud on ramp for multicloud deploy fails with error : Azure Error: RequestDisallowedByPolicy

Cisco - Defect ID: CSCwi27589

Cloud on ramp for multicloud deploy fails with error : Azure Error: RequestDisallowedByPolicy

Last updated on August 18th, 2025

BugZero Risk Score
6.1 Medium

Overall: 6.1

Severity: 6.4

Lifecycle: 9.1

Popularity: 4.6

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Description

Symptom

Pushing a Cloud on Ramp for Azure for vmanage .If you have a policy to refuse any service principle with a version less than TLS1.2 ,when the automation kicks off ,it creates a storage account which negotiates only on TLS version 1.0 .This breaks the automation with the following error: Azure Error: RequestDisallowedByPolicy Message: Resource 'f8g8l4qay5dpp39yj3hktqk4' was disallowed by policy. Policy identifiers: '[{"policyAssignment":{"name":"Enforce minimum default TLS version on Storage Accounts to 1_2.","id":"/providers/Microsoft.Management/managementGroups/petdigital/providers/Microsoft.Authorization/policyAssignments/Deny-STA-Tls-version12"},"policyDefinition":{"name":"Enforce minimum default TLS version on Storage Accounts to 1_2.","id":"/providers/Microsoft.Management/managementGroups/petdigital/providers/Microsoft.Authorization/policyDefinitions/Deny-STA-Tls-version12"}}]'.

Conditions

vmanage running 20.7.1 Attempting to deploy a router using cloud on ramp for multicloud.

Workaround

Modify the policy to allow any TLS.

Further Problem Description

Azure too is going to stop support for lower versions Enable TLS 1.2 support as Microsoft Entra TLS 1.0/1.1 is deprecated - Active Directory | Microsoft Learn; It might cause problems in future if TLS is restriced to 1.2 only (and not above)

Change history

2025-03-11 Added: 20.12.1, 20.14.1, 20.6.1, 20.7.1, 20.9.1

Relevant Products

Click on a version to see all relevant bugs

Affected versions:20.12.1, 20.14.1, 20.6.1, 20.7.1, 20.9.1

Fixed versions: 20.12.3, 20.12.4, 20.14.1, 20.15.1, 20.15.2, 20.16.1, 20.18.1, 20.6.7, 20.9.5

Relevant Products

Click on a version to see all relevant bugs

Affected versions:20.12.1, 20.14.1, 20.6.1, 20.7.1, 20.9.1

Fixed versions: 20.12.3, 20.12.4, 20.14.1, 20.15.1, 20.15.2, 20.16.1, 20.18.1, 20.6.7, 20.9.5

Top Cisco Defects

9.7Defect ID: CSCwq31287
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability
9.7Defect ID: CSCwc66646
Unexpected Reload due to Segmentation Fault in the CCSIP_SPI_CONTROL process
9.7Defect ID: CSCuz46500
Fib_mgr process crash due to "not enough memory"
9.7Defect ID: CSCwa47133
ISE Evaluation log4j CVE-2021-44228
9.7Defect ID: CSCwa47745
Evaluation of vmanage for Log4j RCE (Log4Shell) Vulnerability vulnerability

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCwi27589

Cloud on ramp for multicloud deploy fails with error : Azure Error: RequestDisallowedByPolicy

Cisco - Defect ID: CSCwi27589

Cloud on ramp for multicloud deploy fails with error : Azure Error: RequestDisallowedByPolicy

Last updated on August 18th, 2025

BugZero Risk Score6.1 Medium

Bug Details

Symptom

Conditions

Workaround

Further Problem Description

Top Cisco Defects

Ready to prevent the next vendor outage?

Links

BugZero Risk Score
6.1 Medium