Azure CVO HA deployment fails in non-region pair with error "This request is not authorized to perform this operation"

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 736

Visibility:: Public

Votes:: 2

Category:: cloud-volumes-ontap-cvo

Specialty:: ds_cvo

Last Updated:

Applies to

BlueXP
Cloud Volumes ONTAP (CVO)
Microsoft Azure

Issue

Error can be seen in the BlueXP timeline: This request is not authorized to perform this operation on Create Container task

Create Container (6)
Failed
{
"storageAccountName": "rootsaxxxx",
"containerName": "blobcontainer",
"requestContext": "Create Azure Ha Working Environment",
"useProxy": true,
"_failure": "This request is not authorized to perform this operation. ",
"_resourceGroup": "CVO-RG"
}


Update Storage Account Network Rules
Failed
{
"storageAccount": "rootsaxxxxx",
"defaultAction": "Deny",
"networkRules": [
{
"action": "Allow",
"id": "/subscriptions/79f9c07a-xxxxx-yyyy-a761-84c910955d4a/resourceGroups/CVO-RG/providers/Microsoft.Network/virtualNetworks/CVO-vNET/subnets/CVO-SUBNET"
},
{
"action": "Allow",
"id": "/subscriptions/3efcd6c9-zzzz-uuuu-a431-0971b4fd6c2c/resourceGroups/CM-RG/providers/Microsoft.Network/virtualNetworks/CM-VNET/subnets/CM-SUBNET"
}
],
"_failure": "Validation of network acls failure: ResourceBeingAcledHasWrongLocation:Microsoft.Storage resources in System.Linq.Enumerable+<ExceptIterator>d__73`1[System.String] cannot be ACL-ed to virtual network /subscriptions/79f9c07a-xxxxx-yyyy-a761-84c910955d4a/resourceGroups/CVO-RG/providers/Microsoft.Network/virtualNetworks/CVO-vNET in uksouth. Only resources in uksouth, ukwest can be ACL-ed to virtual networks in uksouth.. Code: NetworkAclsValidationFailure ",
"_resourceGroup": "RNB-P-NetAppCvo-NA20-RGRP2"
}