Closed martinlafaille closed 2 weeks ago
craxal
commented
1 month ago The storage account you are trying to connect to may have certain network security settings that restrict traffic. Review your storage account's network settings or contact your admin for help.
If you are unable to resolve your issue, please provide additional information as outlined by our bug template.
PawelWMS
commented
3 weeks ago Update to original message:
Answering questions from the bug template:
Here's the Quick Access and other tabs I'm talking about:
@craxal, I believe I've hit the same/similar issue. I'm using my Entra ID account in the Azure Portal and in the Azure Storage Explorer. In the Azure Portal I can view the storage account and its blob containers without issue.
Here are the network settings for that storage account:
The only thing that looks suspicious is the "Microsoft network routing" option. Is it possible that the explorer can't deal with accounts configured this way? I'm running the explorer from a machine connected to corpnet, if that helps in any way.
Here's the error I'm seeing:
This request is not authorized to perform this operation.
This storage account's 'Firewalls & virtual networks' settings may be blocking access to storage services. Try adding your client IP address to the firewall exceptions, or by allowing access from 'all networks' instead of 'selected networks'. To learn more about Azure Storage firewalls and virtual networks, visit http://go.microsoft.com/fwlink/?LinkId=845443.
Error Details:
{
"name": "RestError",
"code": "AuthenticationFailed",
"statusCode": 403,
"request": {
"streamResponseStatusCodes": {},
"url": "https://azurelinuxtmpsrc.blob.core.windows.net/?comp=list&include=metadata",
"method": "GET",
"headers": {
"_headersMap": {
"x-ms-version": {
"name": "x-ms-version",
"value": "2017-04-17"
},
"accept": {
"name": "Accept",
"value": "application/xml"
},
"user-agent": {
"name": "User-Agent",
"value": "Microsoft Azure Storage Explorer/1.35.0 (win32) azsdk-js-storageblob/12.15.0 (NODE-VERSION v20.14.0; Windows_NT 10.0.19045)"
},
"x-ms-client-request-id": {
"name": "x-ms-client-request-id",
"value": "e2beaf5e-4603-4a40-b92d-1a0d8326b8fd"
},
"authorization": {
"name": "authorization",
"value": "Bearer JSON Web Token Redacted"
}
}
},
"withCredentials": false,
"timeout": 0,
"keepAlive": true,
"decompressResponse": false,
"requestId": "e2beaf5e-4603-4a40-b92d-1a0d8326b8fd"
},
"response": {
"request": {
"streamResponseStatusCodes": {},
"url": "https://azurelinuxtmpsrc.blob.core.windows.net/?comp=list&include=metadata",
"method": "GET",
"headers": {
"_headersMap": {
"x-ms-version": {
"name": "x-ms-version",
"value": "2017-04-17"
},
"accept": {
"name": "Accept",
"value": "application/xml"
},
"user-agent": {
"name": "User-Agent",
"value": "Microsoft Azure Storage Explorer/1.35.0 (win32) azsdk-js-storageblob/12.15.0 (NODE-VERSION v20.14.0; Windows_NT 10.0.19045)"
},
"x-ms-client-request-id": {
"name": "x-ms-client-request-id",
"value": "e2beaf5e-4603-4a40-b92d-1a0d8326b8fd"
},
"authorization": {
"name": "authorization",
"value": "Bearer JSON Web Token Redacted"
}
}
},
"withCredentials": false,
"timeout": 0,
"keepAlive": true,
"decompressResponse": false,
"requestId": "e2beaf5e-4603-4a40-b92d-1a0d8326b8fd"
},
"status": 403,
"headers": {
"_headersMap": {
"content-length": {
"name": "content-length",
"value": "438"
},
"content-type": {
"name": "content-type",
"value": "application/xml"
},
"date": {
"name": "date",
"value": "Thu, 10 Oct 2024 20:45:06 GMT"
},
"server": {
"name": "server",
"value": "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0"
},
"x-ms-request-id": {
"name": "x-ms-request-id",
"value": "b699ece3-501e-0099-6955-1b0e60000000"
}
}
},
"bodyAsText": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.\nRequestId:b699ece3-501e-0099-6955-1b0e60000000\nTime:2024-10-10T20:45:07.0989931Z</Message><AuthenticationErrorDetail>Authentication scheme Bearer is not supported in this version.</AuthenticationErrorDetail></Error>",
"parsedBody": {
"message": "Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.\nRequestId:b699ece3-501e-0099-6955-1b0e60000000\nTime:2024-10-10T20:45:07.0989931Z",
"code": "AuthenticationFailed",
"AuthenticationErrorDetail": "Authentication scheme Bearer is not supported in this version."
},
"parsedHeaders": {
"content-length": "438",
"content-type": "application/xml",
"date": "Thu, 10 Oct 2024 20:45:06 GMT",
"server": "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0",
"x-ms-request-id": "b699ece3-501e-0099-6955-1b0e60000000"
}
},
"details": {
"content-length": "438",
"content-type": "application/xml",
"date": "Thu, 10 Oct 2024 20:45:06 GMT",
"server": "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0",
"x-ms-request-id": "b699ece3-501e-0099-6955-1b0e60000000",
"message": "Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.\nRequestId:b699ece3-501e-0099-6955-1b0e60000000\nTime:2024-10-10T20:45:07.0989931Z",
"code": "AuthenticationFailed",
"AuthenticationErrorDetail": "Authentication scheme Bearer is not supported in this version."
}
}The only thing that looks suspicious is the "Microsoft network routing" option. Is it possible that the explorer can't deal with accounts configured this way? I'm running the explorer from a machine connected to corpnet, if that helps in any way.
Definitely not the problem. That's what's configured by default, and we work and test storage accounts with this configuration all the time.
What if you sign out completely and sign back in? Does the problem persist? What if you sign out and uninstall completely then reinstall and sign in?
PawelWMS
commented
3 weeks ago It's good to know that "Microsoft network routing" is not the problem, since we definitely need that on.
Here are the results of the suggested steps:
For the second step I've also removed the C:\Users\<user>\AppData\Local\Programs\Microsoft Azure Storage Explorer folder after the uninstall to make sure there are no lingering configs. Having said that, the explorer still remembered my quick access settings, so I'm guessing uninstalling and removing the folder hasn't purged everything.
I am on version 1.35.0 of the explorer btw.
I'm happy to hop on a call and walk you through what I'm seeing in case that can help you debug.
craxal
commented
3 weeks ago Just to reiterate, can you edit your first comment so that it shows the information we ask for in our bug template?
Can you also tell me which tenant you are attempting to sign in to?
Try removing the %APPDATA%\StorageExplorer folder. If you're still having problems, feel free to reach out to us on Teams.
PawelWMS
commented
3 weeks ago I've updated the message but I think I also found a workaround. Deep in the "Activities" log there was a message saying that the explorer is using "Azure Stack APIs" and that this may cause some issues. I've switch to using the other option form "Edit" and it seems like now things work. Or at least I was able to view the blob storage I was struggling with.
This request is not authorized to perform this operation.
This storage account's 'Firewalls & virtual networks' settings may be blocking access to storage services. Try adding your client IP address to the firewall exceptions, or by allowing access from 'all networks' instead of 'selected networks'. To learn more about Azure Storage firewalls and virtual networks, visit http://go.microsoft.com/fwlink/?LinkId=845443.
Error Details: { "name": "RestError", "code": "AuthorizationFailure", "statusCode": 403, "request": { "streamResponseStatusCodes": {}, "url": "https://pttgcshare.blob.core.windows.net/?comp=list&include=metadata", "method": "GET", "headers": { "_headersMap": { "x-ms-version": { "name": "x-ms-version", "value": "2023-01-03" }, "accept": { "name": "Accept", "value": "application/xml" }, "user-agent": { "name": "User-Agent", "value": "Microsoft Azure Storage Explorer/1.35.0 (win32) azsdk-js-storageblob/12.15.0 (NODE-VERSION v20.14.0; Windows_NT 10.0.22631)" }, "x-ms-client-request-id": { "name": "x-ms-client-request-id", "value": "07b35077-4132-4b76-a3e3-a067bfb7a051" }, "authorization": { "name": "authorization", "value": "Bearer JSON Web Token Redacted" } } }, "withCredentials": false, "timeout": 0, "keepAlive": true, "decompressResponse": false, "requestId": "07b35077-4132-4b76-a3e3-a067bfb7a051" }, "response": { "request": { "streamResponseStatusCodes": {}, "url": "https://pttgcshare.blob.core.windows.net/?comp=list&include=metadata", "method": "GET", "headers": { "_headersMap": { "x-ms-version": { "name": "x-ms-version", "value": "2023-01-03" }, "accept": { "name": "Accept", "value": "application/xml" }, "user-agent": { "name": "User-Agent", "value": "Microsoft Azure Storage Explorer/1.35.0 (win32) azsdk-js-storageblob/12.15.0 (NODE-VERSION v20.14.0; Windows_NT 10.0.22631)" }, "x-ms-client-request-id": { "name": "x-ms-client-request-id", "value": "07b35077-4132-4b76-a3e3-a067bfb7a051" }, "authorization": { "name": "authorization", "value": "Bearer JSON Web Token Redacted" } } }, "withCredentials": false, "timeout": 0, "keepAlive": true, "decompressResponse": false, "requestId": "07b35077-4132-4b76-a3e3-a067bfb7a051" }, "status": 403, "headers": { "_headersMap": { "content-type": { "name": "content-type", "value": "application/xml" }, "server": { "name": "server", "value": "Microsoft-HTTPAPI/2.0" }, "x-ms-request-id": { "name": "x-ms-request-id", "value": "3c7c31c9-801e-003e-5ad7-0581bd000000" }, "x-ms-client-request-id": { "name": "x-ms-client-request-id", "value": "07b35077-4132-4b76-a3e3-a067bfb7a051" }, "x-ms-error-code": { "name": "x-ms-error-code", "value": "AuthorizationFailure" }, "date": { "name": "date", "value": "Fri, 13 Sep 2024 12:18:28 GMT" }, "content-length": { "name": "content-length", "value": "246" } } }, "bodyAsText": "<?xml version=\"1.0\" encoding=\"utf-8\"?>This request is not authorized to perform this operation.\nRequestId:3c7c31c9-801e-003e-5ad7-0581bd000000\nTime:2024-09-13T12:18:29.0835032Z
AuthorizationFailure