Skip to content

Unable to update VMSS of CSP subscription - "is not authorized to access linked subscription" #72

Open
Open
Unable to update VMSS of CSP subscription - "is not authorized to access linked subscription"#72
@SenorRagequit

Description

@SenorRagequit
SenorRagequit
opened on Jun 27, 2021

I'm currently trying to update my VMSS boot diagnostics with powershell, but it fails every time.

Code:

Set-AzContext -Subscription "Name of CSP Subscription"
$GETstorageaccount001 = Get-AzStorageAccount -Name "Name of storage account"  -ResourceGroupName "Name of resource group"
$storageaccount001uri = $GETstorageaccount001.Id

$GETvmss = get-azvmss -ResourceGroupName "Name of resource group"

Foreach ($scaleset in $GETvmss)
{
    Update-AzVmss -ResourceGroupName "Name of resource group" -VirtualMachineScaleSet $scaleset -VMScaleSetName $scaleset.Name -BootDiagnosticsEnabled $true -BootDiagnosticsStorageUri $storageaccount001uri
}

The error:

Update-AzVmss : The client has permission to perform action 'Microsoft.Compute/galleries/images/versions/read' on scope 
'/subscriptions/XXXXX-XXXXXXX-XXXXXXX/resourceGroups/YYYYYY-YYYYYY-YYYYYY/providers/Microsoft.Compute/virtualMachineScaleSets/ZZZZZ-ZZZZZZ-ZZZZZ', however the 
current tenant 'XYZXYZXYZ-XZXYZXYZ' is not authorized to access linked subscription '109a5e88-712a-48ae-9078-9ca8b3c81345'.
ErrorCode: LinkedAuthorizationFailed
ErrorMessage: The client has permission to perform action 'Microsoft.Compute/galleries/images/versions/read' on scope 
'/subscriptions/XXXXX-XXXXXXX-XXXXXXX/resourceGroups/YYYYYY-YYYYYY-YYYYYY/providers/Microsoft.Compute/virtualMachineScaleSets/ZZZZZ-ZZZZZZ-ZZZZ', however the 
current tenant 'XYZXYZXYZ-XZXYZXYZ' is not authorized to access linked subscription '109a5e88-712a-48ae-9078-9ca8b3c81345'.
ErrorTarget: 
StatusCode: 403
ReasonPhrase: Forbidden
OperationID : efb6f89d-a844-4d14-b184-30cde962dfdf

I don't even know where the linked subscription of 109a5e88-712a-48ae-9078-9ca8b3c81345 is coming from, that ain't mine.
This person: Azure/AKS#2040 had the same error, even same linked subscription. But it got closed.

For the permissions: I am owner of the CSP subscription.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions