Closed rlevchenko closed 4 years ago
I tried it on my subscription and it works fine. Looks like some permission issue.
The create cluster creates a key value with all access enabled for the current user. Then creates the certificate on this key value. In your case, the key vault rejected the certificate creation request because the user didn't have access to create the certificate. Using portal, can you please check the "Access Policies" for certificate?
Please ignore my previous comment. I am able to reproduce the issue with another account. Will update this thread once I have more information.
Any updates?
@rlevchenko, It is a bug/regression in recent build with non-work or non-school account. The access policy configuration of key vault didn't grand access to the current user, hence this error. I am working on a fix and it should be available in 16.5 Preview 2, expected to release in January. As a workaround, please use azure portal to create the cluster.
@ravipal I added a note to this doc
We had some users encounter this issue. Let us know once a fix is deployed and I will also update the tutorial
The fix is in 16.5 Preview.
Expected Behavior
Visual Studio creates a cluster without any issues
Current Behavior
I'm constantly receiving the following error during the cluster creation using the latest Visual Studio 2019. On the other side, I can successfully create the cluster in the Azure manually, and then publish my app to the cluster. So, issue is probably related to scripts responsible for Service Fabric management in Visual Studio
Creating Service Fabric cluster 'rlsfc01'... Creating resource group. Configuring key vault. Waiting for key vault DNS record resolution... 'Creating certificate 'rlsfc0120xxxxxx'.' failed. Detail: Forbidden : {"error":{"code":"Forbidden","message":"Access denied. Caller was not found on any access policy.\r\nCaller: appid=872cd9fa-d31f-45e0-9eab-6e460a02d1f1;oid=3d515bc2-35a9-4451-b0f3-8596147af15c;numgroups=1;iss=https://sts.windows.net/d373cb19-d4db-4f95-aedf-363199c531aa/\r\nVault: rlsfc0120xxxxxx;location=westeurope","innererror":{"code":"AccessDenied"}}}. System.Net.Http.HttpRequestException: Access denied. Caller was not found on any access policy. Caller: appid=872cd9fa-d31f-45e0-9eab-6e460a02d1f1;oid=3d515bc2-35a9-4451-b0f3-8596147af15c;numgroups=1;iss=https://sts.windows.net/d373cb19-d4db-4f95-aedf-363199c531aa/ Vault: rlsfc01201xxxxxxx;location=westeurope at Microsoft.VisualStudio.Azure.Fabric.Shared.ServiceManagement.ServiceManagementClient.<UpdateAsync>d__13.MoveNext() --- End of stack trace from previous location where exception was thrown ---
Steps to Reproduce
Context (Environment)
Visual Studio :
Version 16.3.7 NET Framework 4.8.03752 Azure Service Fabric Tools for Visual Studio 16.0 Microsoft Azure Tools 2.9
Azure Role (RBAC):
Azure Subscription Owner
Operating System :
Windows 10 1903 (up-to-date)