Share via

CMG Provisioning Error

JJ STOKES 0 Reputation points
2025-02-13T17:00:16.0066667+00:00

I'm working on a lab "Win11_24H2_Lab Guide_12.4" and cannot get past provisioning the CMG. I have researched this for a couple of days and every article seems to point back to blob permissions. There is nothing mentioned of any blob or storage accounts configurations in this lab so it seems like it is not related to storage. Any help would be greatly appreciated.

Caught exception This request is not authorized to perform this operation using this permission.~RequestId:0c3d7aae-f01e-006e-6e69-7dfc92000000~Time:2025-02-12T16:16:54.0494615ZStatus: 403 (This request is not authorized to perform this operation using this permission.)ErrorCode: AuthorizationPermissionMismatch~~~~Content:<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthorizationPermissionMismatch</Code><Message>This request is not authorized to perform this operation using this permission.~RequestId:0c3d7aae-f01e-006e-6e69-7dfc92000000~Time:2025-02-12T16:16:54.0494615Z</Message></Error>~~~~Headers:x-ms-request-id: 0c3d7aae-f01e-006e-6e69-7dfc92000000x-ms-client-request-id: 352bf8ca-b00d-4883-a647-bc3e4ef0957bx-ms-version: 2021-12-02x-ms-error-code: AuthorizationPermissionMismatchContent-Length: 279Content-Type: application/xmlDate: Wed, 12 Feb 2025 16:16:53 GMTServer: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0, sleeping for 5 minutes. Retries left = 10

This is the log entry prior to the error: Deleting blob 7dc01856b0cc2b73c868cc54c57efae669607d22.pubkey in container publickeystore using storage account xxxx

Microsoft Configuration Manager
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AllenLiu-MSFT 47,971 Reputation points Microsoft Vendor
    2025-02-14T02:18:26.73+00:00

    Hi, @JJ STOKES

    Thank you for posting in Microsoft Q&A forum.

    It seems that you are encountering an authorization error while provisioning the Cloud Management Gateway (CMG). The error message indicates that the request is not authorized to perform the operation due to a permission mismatch. This typically suggests that the identity being used does not have the necessary permissions to access the specified blob or storage account.

    Here are some steps you can take to troubleshoot this issue:

    1. Check Storage Account Permissions: Ensure that the identity (user or service principal) you are using has the appropriate permissions on the storage account. You may need to assign roles such as "Storage Blob Data Contributor" or "Storage Blob Data Owner" to allow access to the blobs.
    2. Verify Blob Container Access: Make sure that the blob container (in this case, publickeystore) allows access for the identity you are using. Check the access policies and ensure that they are correctly configured.
    3. Review Azure Role Assignments: Navigate to the Azure portal and review the role assignments for the storage account. Ensure that the necessary roles are assigned to the correct identities.
    4. Retry Provisioning: After making any changes to permissions or roles, retry the provisioning process to see if the issue persists.

    If these steps do not resolve the issue, you may want to consult the Azure documentation or support for further assistance.

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Add comment".

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.