Error on Azure Cloud discovery (but only for some items in the subscription)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-20-2025 07:38 AM
I am working on an SN instance in which there is a discovery schedule set to discover "Cloud Resources". The associated Azure-type credential works to discovery 2000+ items in the Azure tenant, but we also see a bunch of errors in Discovery Home. All of the errors look like:
2025-02-19 18:01:23: Exception occurred while executing operation Cloud REST - add response to context. Custom operation Failed to run script due to the following error: JAVASCRIPT_CODE_FAILURE: com.snc.sw.exception.CommandFailureException:
Cloud authorization failed. Check access rights and proper permissions for requested resource.
URL: https://management.azure.com/subscriptions/<Azure subscription ID>/resourceGroups/<resource group name>/providers/Microsoft.Storage/storageAccounts/diag8022c4d4d483a6cb/listKeys?api-version=2019-04-01
Status: 403 Forbidden
ErrorCode: AuthorizationFailed
Response: The client 'fef5cb9d-153b-4733-be01-10b5a0421759' with object id 'fef5cb9d-153b-4733-be01-10b5a0421759' does not have authorization to perform action 'Microsoft.Storage/storageAccounts/listKeys/action' over scope '/subscriptions/<Azure subscription ID>/resourceGroups/<resource group name>/providers/Microsoft.Storage/storageAccounts/diag8022c4d4d483a6cb' or the scope is invalid. If access was rece
I verified that the app registration was created as described in Create Azure cloud credentials (the assigned role is "Reader"). I do not know where the client "fef5cb9d-153b-4733-be01-10b5a0421759" came from because that is not the app's client ID.
Thoughts?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2025 07:37 AM
Watching this thread, same issue but don't know if it is SN upgrade to Yokohama or our Azure (project in progress, lots of changes to integrate with new AWS instance).
Yokohama upgrade on Monday 5/12/25, updated Discovery and Service Mapping Patterns v1.27.0 (App id: sn_itom_pattern) yesterday 5/13/25, cleared all the errors and got a fresh new batch this morning.
Status: 403 Forbidden, ErrorCode: AuthorizationFailed
Response: The client 'd1xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' with object id 'd1xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' does not have authorization to perform action 'Microsoft.Storage/storageAccounts/listKeys/action' over scope '/subscriptions/a7xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/APPNAME01/providers/Microsoft.Storage/storageAccounts/APPNAMEapi' or the scope is invalid.
Looks like my 170 errors are all "Microsoft.Storage/storageAccounts/listKeys/action" (non)authorization to perform action issues.
