I'm trying to add the SendGrid SaaS resource from Azure Marketplace.
Following error occurs, when it's start deploying:
{
"status": "Failed",
"error": {
"code": "GatewayAuthenticationFailed",
"message": "Gateway authentication failed for 'https://rp.prod.marketplacesaas.azure.com/'. Diagnostic information: timestamp '20210826T155832Z', tracking id 'b1de8474-c6a9-46a7-bf5c-d926396f168e', request correlation id 'd4579a7f-aa6b-473d-9189-b9a101b97c10'."
}
}
It's the first SendGrid subscription in this azure subscription.
I'm trying to add this as an azure subscription owner.
No special policies were set.
I've tried do the same on newly created azure subscription, and everything was fine.
Does anyone know where to dig?
Error was resolved after a month, when subscription expired on SendGrid side, then it could be successfully provisioned from Azure again. So time heals in this case.
Related
I'm trying to use "invoke an http request" action in power automate to query a log analytics workspace. I have access to perform this from azure portal. I referred this Microsoft article to get the URI. But when I try to execute the flow, I get the below error:
Complete error message:
{
"error": {
"message": "The provided authentication is not valid for this resource",
"code": "InvalidTokenError",
"correlationId": "45e0ff0c-01f1-4ea5-a11d-ec6ce2d71b8b",
"innererror": {
"code": "InvalidAuthenticationTokenTenant",
"message": "The access token is from the wrong issuer 'https://sts.windows.net/687f51c3-0c5d-4905-84f8-97c683a5b9d1/'. It must match one of the tenants 'https://sts.windows.net/2f4a9838-26b7-47ee-be60-ccc1fdec5953/,https://sts.windows.net/a6eb2ff5-3009-4bfc-b769-24a2f82c1913/' associated with this subscription. Please use any authority (URL) from 'https://login.windows.net/2f4a9838-26b7-47ee-be60-ccc1fdec5953,https://login.windows.net/a6eb2ff5-3009-4bfc-b769-24a2f82c1913' to get the token. Note, if the subscription is transferred to another tenant there is no impact to the services, but information about new tenant could take time to propagate (up to an hour). If you just transferred your subscription and see this error message, please try back later."
}
}
}
The analytics workspace that I'm trying to query is not under my AAD tenant. It is under another tenant/directory, which I have access from portal. How can I get the access token so that I can execute this query?
I have already tried the action "Run query and list results" in power automate, which gave the same error.
Any suggestions?
Please check below points:
Please check if you have multiple subscription .So while
requesting access token , it is the tenant which is not part of the
subscription that you might have selected. In such a case try to
change the settings and make your subscription map to the directory
which you want to use.
In some cases browser tries or attempts to get an access token from
already logged in tenant .So If its under same subscription, try to
check after clearing the cache
You can also put required tenant ID in the enviroment settings of
your particular app, using DefaultAzureCredential()
Or Configure the authority defining the tenantId
https://login.microsoftonline.com/{tenant-id} for multiple tenants
Signing in once to access to all the Azure Log Analytics data from
all tenant may not be feasible.It may require reauthentication .
Check this way to get
the accesss token for that particular tenant Request an
authorization token - Azure Monitor | Microsoft Docs and use the
token to call the log analytics workspace
References:
Query - Execute - REST API (Azure Log Analytics) | Microsoft Docs
azure log analytics - Valid authentication was not provided - Stack
Overflow
I want to learn Azure directory services, so I created a free Microsoft Azure account to play around with Azure, and then I created a new App registration at portal.azure.com. So I have this registered application in Azure with a Client ID, Tenant ID, and even a Client Secret, because I want to learn API permissions with this app.
Now in the Microsoft Graph Explorer, I want to try using API methods like Get Application and List Applications.
However, if I log in and run the API to list my applications (GET https://graph.microsoft.com/beta/applications), the response has an empty array of applications.
Also if I try to GET the specific app that I registered in AD, I get a 404: Resource Not Found found error.
What am I doing wrong? How can I use the Graph Explorer with my test Azure account so my registered application can be retrieved and edited with Microsoft Graph APIs?
More Details Below
When I run GET https://graph.microsoft.com/beta/applications in Microsoft Graph Explorer, I expect a list of my applications, including the one app I registered in Azure. Instead, here is the response:
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#applications",
"value": []
}
When I run GET https://graph.microsoft.com/beta/applications/{client-id}, with my registered app's client-id, I expect all the details of my registered app, but instead, the response is error 404:
{
"error": {
"code": "ResourceNotFound",
"message": "Resource not found.",
"innerError": {
"request-id": "*****",<--I commented this out
"date": "2019-05-28T20:17:11"
}
}
}
If this were a permissions issue, I would expect unauthorized errors instead of "resource not found". I've tried adding Microsoft Graph permissions to my registered App (Directory.Read.All, Directory.ReadWrite.All), but this hasn't helped.
This is nothing to do with Azure free account. If you login in Graph Explorer using outlook account, it will identify this account as a personal account(with tenant outlook.com). That's why you can not find the applications you created in your tenant.
It is recommended to create a new user in your tenant to do the tests.
Here are the steps.
1.Click Azure Active Directory->Users->New User. The username should be something like username#{your tenant name}(XXX.onmicrosoft.com)
2.After the creation, add the roles for this user.
I am facing an issue with following Azure API.
GET https://management.azure.com/{resourceUri}/providers/microsoft.insights/metricDefinitions?api-version=2018-01-01
I am trying to access the above API using my Subscription ID in place of resourceUri. But it is throwing the below error:
{
"error": {
"code": "MissingSubscription",
"message": "The request did not have a provided subscription. All requests must have an associated subscription Id."
}
}
I have checked in Azure Portal, everything seems fine. The Subscription ID is correct one. The user account have owner permissions. Still getting the error. Not sure of the reason.
Can someone help me out with the most common and basic reasons of this error and steps to resolve this one. Already I have spent couple of hours debugging this one, but no luck.
I have reproduced your issue, the resourceUri should be the Resource ID instead of the Subscription ID.
Use Subscription ID :
Use Resource ID(in my sample, I use a web app resource id, you could find it in the portal-> your web app -> Properties):
I am creating a LUIS app using the LUIS programmatic API. After the app is successfully created and trained, I want to assign an API key to the app using this endpoint:
PUT /luis/api/v2.0/apps/{appId}/versions/{versionId}/assignedkey
Both my programmatic API key (obtained from luis.ai) and the normal API key (the one I am trying to assign, obtained from Azure Portal) are registered to the same email address.
However, when I am trying to send a request to the above endpoint, it fails with this error:
{
"error": {
"code": "BadArgument",
"message": "Cannot find the specified subscription"
}
}
I'm out of ideas for what I might be doing wrong, because exactly the same logic already worked before.
Is there some kind of way to "assign" an Azure subscription to my LUIS account?
Update:
I didn't find an answer to my question, but I found a workaround. Calling PUT /luis/api/v2.0/apps/{appId}/settings will set the application to "public", which means you can use any subscription key with it. See docs.
It seems that this endpoint is now deprecated because I get the following:
{
"error": {
"code": "DeprecatedException",
"message": "To assign a subscription key to an app, please go to the LUIS website at https://www.luis.ai and assign it from the app publish page."
}
}
In the luis page I see this:
The endpoint PUT /luis/api/v2.0/apps/{appId}/versions/{versionId}/assignedkey and /luis/api/v2.0/subscriptions are indeed deprecated. I contacted to LUIS support and they answered:
We are shifting the key management experience to happen only through the portal. Users no longer need to copy and paste keys, we offer a well-integrated experience that lists all the Azure keys inside our portal, key management details here.
I'm trying to set up the Bing Spell Check API on my Microsoft Azure account. The deployment, however, fails with the following error message:
OPERATION ID 492286237BA7FFEB
TRACKING ID 779d79cf-4b12-487f-ba97-c896bbdccb87
STATUS Conflict
PROVISIONING STATE Failed
TIMESTAMP 24/2/2017 09.55.58
DURATION 1 minute 22 seconds
TYPE Microsoft.CognitiveServices/accounts
RESOURCE ID /subscriptions/c68eec07-13e6-4f40-831c-c42f996fca89/resourceGroups/webis2/providers/Microsoft.CognitiveServices/accounts/webis
STATUSMESSAGE {
"error": {
"code": "RequestConflict",
"message": "Cannot replace resource with id 'webis'
because the resource entity tag has changed
while processing this request.
Please retry the request with the updated
resource."
}
}
RESOURCE webis
The STATUSMESSAGE suggests to simply retry the request, but this fails, too, with the same error message.
Otherwise, I'm not sure how to resolve the issue, since I obviously have no access to the provisioning process of the Bing Spell Check API.
Any help would be greatly appreciated.
We are investigating this. For now you should be able to work around the issue by deploying to an existing Resource Group instead of creating a new Resource Group during the API account creation.
Update: This issue has been resolved and new API account creation should work correctly.