Share via

How to resolve "LinkedAccessCheckFailed" permission error when deploying Application Gateway in Azure?

Zhang, Yu-Jia 5 Reputation points
2025-02-16T09:31:49.63+00:00

错误

Description: I'm encountering a "LinkedAccessCheckFailed" error when deploying an Application Gateway in Azure. The error message states that the client with object ID 'dd5b35d1-4233-4ca5-90bf-0baf6750a616' does not have the required permissions to perform the action 'Microsoft.Network/virtualNetworks/subnets/join/action' on the subnet applicationgatewaysubnet. The subscription ID is 020797c6-5780-4777-88f0-42028a04370f, and the resource group is CRM-RG-0216.

What I’ve tried: I’ve checked the access control settings and ensured that the client has the necessary permissions, but the error persists. I’m not sure what additional permissions are required.

Please help: Can anyone advise on how to fix this permission issue or what role should be assigned to resolve this deployment error?

Error text

{"code":"DeploymentFailed","target":"/subscriptions/020797c6-5780-4777-88f0-42028a04370f/resourceGroups/CRM-RG-0216/providers/Microsoft.Resources/deployments/Microsoft.ApplicationGateway-20250216160810","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"LinkedAccessCheckFailed","message":"The client with object id 'dd5b35d1-4233-4ca5-90bf-0baf6750a616' does not have authorization to perform action 'Microsoft.Network/virtualNetworks/subnets/join/action' over scope '/subscriptions/020797c6-5780-4777-88f0-42028a04370f/resourceGroups/CRM-RG-0216/providers/Microsoft.Network/virtualNetworks/crm-jp-vnet/subnets/applicationgatewaysubnet' or the scope is invalid. For details on the required permissions, please visit 'https://aka.ms/appgwroles'. If access was recently granted, please refresh your credentials."}]}

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,130 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ganesh Patapati 3,605 Reputation points Microsoft Vendor
    2025-02-17T12:36:18.72+00:00

    Hi @Zhang, Yu-Jia

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    The "LinkedAccessCheckFailed" error you're encountering while deploying an Azure Application Gateway means that lacks the necessary permissions to join the specified subnet.

    The Built-In roles that have this permission are as follows,

    • Owner
    • Contributor
    • Network Contributor

    Refer:

    If you would like to create custom roles, this document may come in handy https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal

    I hope this has been helpful!

    If above is unclear and/or you are unsure about something add a comment below.

    Your feedback is important so please take a moment to accept answers. If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.