Azure Storage Explorer : Unable to retrieve child resources - azure

Getting error ONLY while accessing Blob storage.
No issues in Queues, File Share or table.
Any idea ?
Unable to retrieve child resources.
Details:
["FetchError:request to https://fssaicessunsetsbxv1sa.blob.core.windows.net/?include=metadata&comp=list failed, reason: unable to get local issuer certificate"]

Error : Self-Signed Certificate in Certificate Chain ,Unable to retrieve child resources.
Issue for me: I am attached with office proxy server. But Azure Storage Explorer is not using that proxy.
Solution:
Azure Storage Explorer -> Edit -> Configure Proxy,
Source = No proxy "Changed to" Use System proxy(preview)
After making these changes; I am able access the resources.
Moreover, Verify the permissions do you have on the connection string?
To generate your connection string either through the Azure Portal or some apps. When you generate the connection string, you need to give "Allowed permissions". Beside Read/Write you also need the List permission so Storage Explorer can list the blobs. Here is a screenshot in Azure portal to check/uncheck the permissions:

Have set any RBAC policies?
If you are connected to Azure through a proxy, verify that your proxy settings are correct. If you were granted access to a resource from the owner of the subscription or account, verify that you have read or list permissions for that resource.
If possible can you try to un-install and reinstall the latest version and check for the status of the issue.
Azure Storage Explorer Troubleshooting: "unable to retrieve child resources” or “The request action could not be completed”.
If the issue still persist after trying above mentioned steps, I would like to work closer on this issue. Let me know the status

Warning: For the noobs !
if you got luck you can also fix it by closing and re-opening the visual studio.
Reason: Authorization is tightly coupled with azure
Motivation: To err is Human ! Even Soft. DEV working at Microsoft are Human.

Related

Azure Data Explorer oneclick Ingest from blob container (UI)

I'm trying to configure and use the Azure Data Explorer OneClick Ingest from blob container (continous ingest).
Whatever I try the URL is never accepted, I always end up with this error:
Invalid URL. Either the URL leads to a blob instead of a container, or the permissions are incorrect. If you just grant permission, please wait couple of minutes and try again.
The URL I'm using follow that pattern:
https://mystorageaccount.blob.core.windows.net/mycontainer?sp=rl&st=2022-04-26T22:01:42Z&se=2032-04-27T06:01:42Z&spr=https&sv=2020-08-04&sr=c&sig=Z4Mlh7s5%2Fm1890kdfzlkYLSIHHDdGJmTSyYXVYsHdn01o%3D
I'm probably missing something, either in the URL syntax ou SAS generation.
Has anyone successfully used it? Any idea what could be wrong?
Thanks
I finally found out what was the issue.
Probably due to the security in place on my Storage account I had to create in Azure Data Explorer Networking panel, a Managed private enpoint, pointing to my storage resource (and then approve that endpoint in the storage account Networking)
https://learn.microsoft.com/en-us/azure/data-explorer/security-network-managed-private-endpoint-create

Error 'Please check your account info and/or permissions and try again.. Client request id: 'undefined''

I am trying go get storage account blob list via azure logic apps. But I am facing this error.
I tried few things like changing logic app and the storage account into different regions as recommended here.
I test with set my storage account with allow access from selected networks instead of allow access from all networks, but the "List blobs" action shows "Forbidden" error, it doesn't show the error message Please check your account infor...... which you mentioned in your question.
But when I create the storage connection manually with incorrect infor(such as a wrong storage name), it shows same error message with yours.
Unlike your situation, the error message shows when I create the connection in my side but shows in you "List blobs" action. I'm not sure which way did you create the logic app and the storage connection in logic app, so please check if you provide the correct info when you create the logic app and the storage connection.
By digging deeper, I was able to get away from this error by pointing to the right connection.
Changed the connection
Point to right connection which you have access for or add a new one.
If new connection, then enter the proper Azure Storage account name you want to connect with.

Azure sql database export to storage blob failed

I tried to export Sql Database in azure to storage blob but the operation failed. I do this task daily last month and this issue is new. It shows as follows :
Error encountered during the service operation.Blob https://blob link/dbname-2019-1-16-14-24.bacpac is not writeable. The remote server returned an error: (403) Forbidden.The remote server returned an error: (403) Forbidden.
I had the same problem. I have contacted Azure support and this is their response.
We recently identified a regression in the import/export service that is generating incorrect SAS tokens to the storage accounts.
The engineering team has rolled out the fix, but it might take some time for the fix to get applied worldwide.
Please try the following link to access Azure portal and then perform the export operations:
https://portal.azure.com/?feature.canmodifystamps=true&microsoft_azure_storage=stage1
The portal shows an orange title bar if you open it via the above link, this is expected.
So, it should be already fixed by now.
If you're using sql scripts for back up following this link, then I suspect that the expired date of SHARED ACCESS SIGNATURE is reached.
Please re-generate SHARED ACCESS SIGNATURE, and then use the new key for backup.
Please let me know if any more issues.
Make sure a firewall rule does not exist. Please go to the Azure portal "Storage Accounts → "YourStorageAccountName" → Firewalls and Virtual Networks (left vertical panel). Put it to "Allow access" from "All networks". You can also configure the storage account with exceptions for trusted Microsoft services as explained here.

Can't log in service princible from VSTS, but works in TFS and Azure Portal state success

I'm sitting in a project where I will move from TFS to VSTS so we do have a working release definition.
But when I try deploying a service fabric cluster i get the following error:
2018-08-28T09:02:59.8922249Z ##[error]An error occurred attempting to acquire an Azure Active Directory token. Ensure that your service endpoint is configured properly with valid credentials. Error message: Exception calling "AcquireToken" with "3" argument(s): "AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access '< service principle Id >'.
Trace ID: < guid1 is here >
Correlation ID: < guid2 is here >
Then I go to the azure portal -> AAD -> Sign In -> look up my specific sign in (based on correlation Id) and there it state that Sign-in status is Success
Considering this works for our TFS instance i assume the service principle is correctly set up. But since the build/deploy agents is now on a VM in azure instead of on prem for TFS, is there anything i need to change?
Traffic should be OK, i can navigate to the https-adress to the cluster from the VM with agents.
I've tried google it, but to no success so hopefully someone can point me to the right direction where to look.
And in portal, 'MFA is required' is no, so multi factor should not be neccesary.
Just try using certificate based authentication instead of using AAD Authentication in the service endpoint configuration.
Reference the same issue here: https://github.com/Microsoft/vsts-tasks/issues/7714
If that still not work, just try to create a new endpoint, then try it again.

Azure site Recovery on premise to on premise (offline initial replication)

I have 2 sites. Each site has one SCVMM configured to do Azure Site Recovery
ASR is configured to replicate the VM form one site to another.
Here is the issue, my VM size is big and i want to do the initial replication offline instead of over the Network and it just not allowing me saying permission issues.
Can anyone help me to find, what could be going wrong here?
ERROR MESSAGE
Permissions couldn't be set for one or more hosts on the initial replication folder path.
Provider error code: 31218
Provider error message:
The VMM service couldn't provide permissions for cs\nimbl[enter image description here][1]ecs1$ on \\nimblecs1\f$. Error: Object reference not set to an instance of an object.. During cloud configuration, the VMM service provides permissions for Hyper-V service accounts on the import and export paths used for initial replication.
Provider error possible causes:
The VMM service doesn't have the required privileges to modify the permissions on the import and export paths.
Provider error recommended action:
Ensure that the VMM service account has the required privileges to perform this operation.
POSSIBLE CAUSES
Verify that the initial replication path exists and is accessible.

Resources