Error on Azure Cloud discovery (but only for some items in the subscription)

Mike Hashemi · ‎02-20-2025

I am working on an SN instance in which there is a discovery schedule set to discover "Cloud Resources". The associated Azure-type credential works to discovery 2000+ items in the Azure tenant, but we also see a bunch of errors in Discovery Home. All of the errors look like:

2025-02-19 18:01:23: Exception occurred while executing operation Cloud REST - add response to context. Custom operation Failed to run script due to the following error: JAVASCRIPT_CODE_FAILURE: com.snc.sw.exception.CommandFailureException: 
Cloud authorization failed. Check access rights and proper permissions for requested resource.
URL: https://management.azure.com/subscriptions/<Azure subscription ID>/resourceGroups/<resource group name>/providers/Microsoft.Storage/storageAccounts/diag8022c4d4d483a6cb/listKeys?api-version=2019-04-01
Status: 403 Forbidden
ErrorCode: AuthorizationFailed
Response: The client 'fef5cb9d-153b-4733-be01-10b5a0421759' with object id 'fef5cb9d-153b-4733-be01-10b5a0421759' does not have authorization to perform action 'Microsoft.Storage/storageAccounts/listKeys/action' over scope '/subscriptions/<Azure subscription ID>/resourceGroups/<resource group name>/providers/Microsoft.Storage/storageAccounts/diag8022c4d4d483a6cb' or the scope is invalid. If access was rece

I verified that the app registration was created as described in Create Azure cloud credentials (the assigned role is "Reader"). I do not know where the client "fef5cb9d-153b-4733-be01-10b5a0421759" came from because that is not the app's client ID.

Thoughts?

Community Alums · ‎02-24-2025

Hi Mike, we are facing the same issue and unfortunately we have no resolution yet. What we noticed is that the behaviour started with our upgrade to Xanadu. Is that the same with your situation?

This is the location of the error occuring. If you don't need the information from the storage accounts, it's not a severe error, but we have 2400+ every day... so it's annoying.

Kind regards,
Gerard

Community Alums · ‎02-24-2025

I saw a KB item on Now Support: KB1000248
It states:

Resolution

To resolve the issue, Work with Azure admin and give required permissions for the user to access those URL in question
😞

Community Alums · ‎02-25-2025

Latest post on it😁
I saw the pattern was updated but remained at a previous version in our instance. I reverted it back to the most recent version from the store app [Discovery and Service Mapping Patterns] and now the errors are gone.
In fact this was the same as inactivate the pattern [Azure - Storage Container(LP)]. For us this solution was fine.

Mike Hashemi · ‎02-25-2025

What version of Discovery and Service Mapping Patterns do you have installed now? Or are you saying that you reverted only the pattern? Can you attach the pattern version you are using to this thread?