question

BobTrabucco-8843 avatar image
1 Vote"
BobTrabucco-8843 asked Grmacjon-MSFT edited

"Failed to update permissions on selected Key Vault" attempting to configure app service certificate

Purchased an app service certificate.

Attempting to configure. Step 1 - Key vault.

Select my key vault.

Get error "Failed to update permissions on selected Key Vault. Check below errors for more detail."

No errors displayed below.

Go to activity log. "An invalid value was provided for 'accessPolicies'.

I am a co-owner on the subscription and have all rights.

Thanks in advance

azure-key-vaultazure-webapps-ssl-certificates
· 10
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @BobTrabucco-8843,

Thanks for bringing this to our attention. We apologize for any inconvenience this issue may have caused.

Can you please share the ARM template you're using? It sounds like this is a known issue based on this Github thread.

-Grace

0 Votes 0 ·

Hi!

Thanks for the response.

I am not using any templates for this. I am doing this entirely through the Azure Portal UI.

Selected the new App Service Certificate.

Selected "Certificate Configuration"

Checked the box "Step 1: Store"

Selected my Key Vault.

Got the error.

Thanks

0 Votes 0 ·

Thanks for the clarification @BobTrabucco-8843. This seems like a bug. We will share this with the engineering team and get back to you. We appreciate your patience

-Grace

0 Votes 0 ·

Thanks Grace. Looking forward to it since the site currently can't be protected using a SSL.

Thanks!

0 Votes 0 ·

Hi Bob,

One more thing, can you tell us a little bit more about the type of Azure app service you have and please share a screenshot of what you're seeing in the Azure portal? We want to reproduce your exact setup and scenario on our end.

-Grace

0 Votes 0 ·

@Grmacjon-MSFT: I am experiencing the same error message on a new wildcard certificate and new vault.

0 Votes 0 ·

I am also experiencing the same error :(

0 Votes 0 ·
Show more comments
BobTrabucco-8843 avatar image
0 Votes"
BobTrabucco-8843 answered Frits-0215 commented

The App Service is a standard ASP.NET C# web app.

But the problem happens long before I am doing anything with the app service.

The problem happens in the newly purchased "App Service CERTIFICATE"

See attached images

98033-untitled1.png98010-untitled2.png98034-untitled3.png98035-untitled4.png



untitled1.png (64.1 KiB)
untitled2.png (36.0 KiB)
untitled3.png (15.9 KiB)
untitled4.png (47.4 KiB)
· 8
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@BobTrabucco-8843 / @Grmacjon-MSFT:
Any update on this issue? I have purchased a wildcard SSL that I am unable to use as I am experiencing the exact same issue.

Thank you.

-Keith

0 Votes 0 ·

I'll still waiting for @Grmacjon-MSFT to respond as well...


1 Vote 1 ·

Ok, thank you. I'm going to upgrade my support plan and submit a ticket and see if that gets any traction.

0 Votes 0 ·
Show more comments

I am having this problem as well. Any updates?

0 Votes 0 ·
Grmacjon-MSFT avatar image
2 Votes"
Grmacjon-MSFT answered Grmacjon-MSFT edited

Thank you so much for your patience everyone. The App Service team investigated this issue and it turns out it can be resolved by adding the account configuring the App Service into a Global Administrator role in AAD. A Global Administrator can manage all aspects of Azure AD and Microsoft services that use Azure AD identities. There can be more than one Global Administrator at your company. Global Administrators can reset the password for any user and all other administrators.

If you are not the owner of the subscription, the owner can add you as a Global Admin by following the steps in this documentation: Assign administrator and non-administrator roles to users with Azure Active Directory.

Can you try this solution and let us know if it works for you? If you run into any issues please let us know.
@TeemuNylander-0744 @Frits-0215 , @BobTrabucco-8843 , @KeithRowe-4435

Best,
Grace


· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Grmacjon-MSFT confirmed this does work and I am able to use the certificate in my app services. Thank you.

1 Vote 1 ·

Hi @krynn1, @BobTrabucco-8843 and @Frits-0215

just checking to see if you're still facing this issue. The above solution should resolve this issue. If you further questions please let us know.

Thanks,
Grace

0 Votes 0 ·

Iis there a fix to this issue? Facing the same problem, and I'm and owner on the account.
The only fix is still to let my customer set me as Global Administrator in Azure AD?

0 Votes 0 ·

@CasperAndersen-5741 yes, that is the only fix or workaround that I am familiar with.

0 Votes 0 ·

Hi @CasperAndersen-5741, yes that is the solution for this issue. If you are still facing this issue after being set as Global Administrator in Azure AD please let me know.

Thanks,
Grace

0 Votes 0 ·