Hello @Craig Dyson Thank you for posting your question on the Microsoft Q&A platform. Happy to assist you with your concern.
Based on the information provided, I see that you are trying to register ASR replication appliance and it is failing with error "Unable to fetch certificate details from Key Vault
"
The ASR replication
appliance uses the key vault to manage connection strings for the service bus, and access keys for the storage accounts used in replication. Authorization of access to key vault is either done by vault access policies or Azure RBAC. For more information on authorization policies of key vault, refer this document.
From the error you have been prompted with, you need to assign yourself with necessary permission on Key Vault using vault access policy. On how to add vault access policy, refer this document.
- Ensure that the currently signed-in user account on the appliance has the required permissions on the key vault mentioned in the error message. The user account needs permissions as mentioned at this website.
- Go to the key vault and ensure that your user account has an access policy with all the Key, Secret, and Certificate permissions assigned under Key Vault Access Policy. Learn more.
- If you enabled the appliance for private endpoint connectivity, ensure that the appliance is either hosted in the same virtual network where the key vault was created or it's connected to the Azure virtual network where the key vault was created over a private link. Make sure that the key vault private link is resolvable from the appliance.
Are you using the modernized appliance? If yes, grant required permissions to the vault.
You will also need to grant the managed identity permissions to the cache storage accounts. You can create the storage account in advance and use the same for enabling replication.
Ensure that the following role permissions are present depending on the type of storage account:
- Resource Manager based storage accounts (Standard Type):
- Resource Manager based storage accounts (Premium Type):
If you have the required permissions and connectivity, retry the registration on the appliance after some time.
Hope this helps. Feel free to write back to us if you have any issues or have any questions.
If the response helped, do "Accept Answer" and up-vote it