error in the Logic App when it triggers at the Create job to check if site exists action

[oggiejnr]

Hitting the following error in the Logic App when it triggers at the Create job to check if site exists action.

Error is as follows...

{ "statusCode": 403, "headers": { "Pragma": "no-cache", "x-ms-failure-cause": "gateway", "x-ms-request-id": "fdad6c49-38a4-4c02-8fd6-129a6f923883", "x-ms-correlation-request-id": "fdad6c49-38a4-4c02-8fd6-129a6f923883", "x-ms-routing-request-id": "AUSTRALIASOUTHEAST:20200507T223701Z:fdad6c49-38a4-4c02-8fd6-129a6f923883", "Strict-Transport-Security": "max-age=31536000; includeSubDomains", "X-Content-Type-Options": "nosniff", "Timing-Allow-Origin": "*", "x-ms-apihub-cached-response": "false", "Connection": "close", "Cache-Control": "no-cache", "Date": "Thu, 07 May 2020 22:37:01 GMT", "Content-Length": "581", "Content-Type": "application/json", "Expires": "-1" }, "body": { "error": { "code": "AuthorizationFailed", "message": "The client '7704ba6c-b602-4adf-ae7f-90ade0c68091' with object id '7704ba6c-b602-4adf-ae7f-90ade0c68091' does not have authorization to perform action 'Microsoft.Automation/automationAccounts/jobs/write' over scope '/subscriptions/2ebbbbd3-8a21-489d-910b-1cec4818f6d3/resourceGroups/M365TeamsDeployment/providers/Microsoft.Automation/automationAccounts/teamsautomate-auto/jobs/7beeabea-2347-4ed3-b461-2451c41ac364' or the scope is invalid. If access was recently granted, please refresh your credentials." } } }

[alexc-MSFT]

Hitting the following error in the Logic App when it triggers at the Create job to check if site exists action.

Error is as follows...

{ "statusCode": 403, "headers": { "Pragma": "no-cache", "x-ms-failure-cause": "gateway", "x-ms-request-id": "fdad6c49-38a4-4c02-8fd6-129a6f923883", "x-ms-correlation-request-id": "fdad6c49-38a4-4c02-8fd6-129a6f923883", "x-ms-routing-request-id": "AUSTRALIASOUTHEAST:20200507T223701Z:fdad6c49-38a4-4c02-8fd6-129a6f923883", "Strict-Transport-Security": "max-age=31536000; includeSubDomains", "X-Content-Type-Options": "nosniff", "Timing-Allow-Origin": "*", "x-ms-apihub-cached-response": "false", "Connection": "close", "Cache-Control": "no-cache", "Date": "Thu, 07 May 2020 22:37:01 GMT", "Content-Length": "581", "Content-Type": "application/json", "Expires": "-1" }, "body": { "error": { "code": "AuthorizationFailed", "message": "The client '7704ba6c-b602-4adf-ae7f-90ade0c68091' with object id '7704ba6c-b602-4adf-ae7f-90ade0c68091' does not have authorization to perform action 'Microsoft.Automation/automationAccounts/jobs/write' over scope '/subscriptions/2ebbbbd3-8a21-489d-910b-1cec4818f6d3/resourceGroups/M365TeamsDeployment/providers/Microsoft.Automation/automationAccounts/teamsautomate-auto/jobs/7beeabea-2347-4ed3-b461-2451c41ac364' or the scope is invalid. If access was recently granted, please refresh your credentials." } } }

Did you receive any errors when you ran the deployment script? This error indicates that the Azure AD app created by the deployment script does not have the correct permissions to the Azure Automation account. This should be automatically configured by the script.

[oggiejnr]

Hi Alex, Thanks for getting back to me. I feel that I am like going to need to go back to the start with this and try again, given its a bit hard to recall.

Was running this in a dev tenant with a trial subscription which is about to run out. Might take some convincing of Operations team to let me do this in a prod tenant.

So given that I am happy if you close this off. Appreciate your assistance.

[alexc-MSFT]

Hi Alex, Thanks for getting back to me. I feel that I am like going to need to go back to the start with this and try again, given its a bit hard to recall.

Was running this in a dev tenant with a trial subscription which is about to run out. Might take some convincing of Operations team to let me do this in a prod tenant.

So given that I am happy if you close this off. Appreciate your assistance.

Ok no problem. I'll close this issue for now and please re-raise if you experience any more issues.

Thanks