[CoE Starter Kit - BUG] Most of the Power Automate Cloud Flows are failing with the same error - The specified user(Id = {0}) is disabled. Consider enabling this user. Additional Details: {1}.

[johnvittneyk]

Does this bug already exist in our backlog?

• [X] I have checked and confirm this is a new bug.

Describe the issue

We installed/Upgraded the latest version of the CoE and a few flows are failing with the same error - The specified user(Id = {0}) is disabled. Consider enabling this user. Additional Details: {1}.

Expected Behavior

We installed/Upgraded the latest version of the CoE and a few flows are failing with the same error - The specified user(Id = {0}) is disabled. Consider enabling this user. Additional Details: {1}.

What solution are you experiencing the issue with?

Core

What solution version are you using?

4.37

What app or flow are you having the issue with?

SYNC HELPER - Cloud Flows

What method are you using to get inventory and telemetry?

Cloud flows

Steps To Reproduce

These flows run by default, scheduled flows.

Anything else?

No response

[Jenefer-Monroe]

Can you please confirm that the user identity installing and running the flow has the Power Platform Admin Role assigned both directly and permanently? Microsoft Azure Users > Your User > Assigned Roles Ensure Power Platform Administrator is Direct and Permanent

[johnvittneyk]

Yes, we do have the role Power Platform Administrator and is Direct and Permanent for the two accounts that are being used on the CoE.

[Jenefer-Monroe]

Can you please show me where in the flow this is failing? Ideally with a screenshot

[Jenefer-Monroe]

This is saying that the user is disabled so there must be something wrong with the user in the target envt.

1. What type of user is this? (service principle, shared account, personal account)
2. In PPAC, go to the target envt that they are trying to fetch desktop flows here, this one
3. Go to users and find the user running the flow. What is their user status and are they System Admin?

[johnvittneyk]

Thank you for all the guidance. The user account is a service account (shared) created exclusively for the CoE alone. As you guided, we don't see this user in the users list.

Are we supposed to add the account that is owning the CoE to all Environments as System Administrator exclusively? Is the Power Platform Admin Role enough on the environment?

[Jenefer-Monroe]

If you are on 4.37 then this should be happening for you automatically. It added the work to escalate the logged in user as the system admin in each envt. Can you see if you unmanaged layers on the driver flow? That is where the escalation occurs. Admin | Sync Template v4 (Driver)

[johnvittneyk]

Jenefer, We upgraded the CoE on 9th Sept, 2024. But looks like this layer is added on 11th Sept, 2024. I don't any one of us made an edit to the flow.

Also, I figured out an error on few environments while running action called Grants requesting tenant admin user the system admin role. This issue is consistent from the installation of the CoE Error: BadRequest - Description": "User 1d08b850-a821-453a-8312-9c337ac169999 is not part of security group 762fa337-530d-4454-ace0-2bee5fe6d999",

[Jenefer-Monroe]

This typcially means that you either are using the Dynamics Admin role (not Power Platform Admin) or your Power Platform Admin role is not directly assigned.

[johnvittneyk]

As I already confirmed you, we are are Directly assigned to a Power Platform Admin Role