question

WBWiltshire-1067 avatar image
0 Votes"
WBWiltshire-1067 asked Superapp-9715 commented

Azure Logic App: Azure VM Connector - InvalidAuthenticationTokenTenant

I'm try to use the Azure VM Connector to start and stop a Virtual Machine. When I edit the Logic App it uses my User Id to authenticate (successfully). However, my User Id is in a different Tenant than the VM. The Start Virtual Machine connector allows you to specify the SubscriptionId, ResourceGroup, and VM Name, but not the TenantId. I get an Authorization (401) error (InvalidAuthenticationTokenTenant) when I try to run the Logic App. How can I specify the correct TenantId to get it working?


"error": {
"code": "InvalidAuthenticationTokenTenant",
"message": "The access token is from the wrong issuer 'https://sts.windows.net/98d387ce-60f7-4670-aa6e-f5db42ff314e/'. It must match the tenant 'https://sts.windows.net/f070db1e-fa45-46ab-bbda-58ce54fa748b/' associated with this subscription. Please use the authority (URL) 'https://login.windows.net/f070db1e-fa45-46ab-bbda-58ce54fa748b' to get the token. Note, if the subscription is transferred to another tenant there is no impact to the services, but information about new tenant could take time to propagate (up to an hour). If you just transferred your subscription and see this error message, please try back later."
}

azure-logic-apps
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

WBWiltshire-1067 avatar image
0 Votes"
WBWiltshire-1067 answered Superapp-9715 commented

I solved the problem by doing 3 things:

  1. Enable Managed Identities for the Logic App

  2. Add a new role assignment in the VMs Access Control (IAM) section for the Logic App

  3. Updated the Start virtual machine task in the Logic App to connect using the managed identity

The following link regarding Azure Functions to Start/Stop VMS provided the basic steps that I applied to the Azure Logic App(s) in my case.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks a lot. this was very helpful.
However, I was not able to do it with managed identity, I did it with the user.
When trying to connect with MI, I wasn't able to create that connection. It said "cannot convert null into an object"

0 Votes 0 ·