Azure attestation policy issue

Jimmy KING 21 Reputation points
2021-06-28T10:13:02.26+00:00

Hello,

I have some issues with the creation of an Azure Attestation in order to use it for Always Encrypted with secure enclave in Azure SQL Database

When I try to access to the page of policy settings I have this error : "Sorry but some network issue happens when we tried to get policy."

I followed the following documentation : https://learn.microsoft.com/en-us/azure/azure-sql/database/always-encrypted-enclaves-getting-started?view=sql-server-ver15&tabs=azure-portal

I'm also trying to configure the policy but i have this error :

{"type":"MsPortalFx.Errors.AjaxError","baseTypes":["MsPortalFx.Errors.AjaxError","MsPortalFx.Errors.Error"],"data":{"uri":"https://xxxx.weu.attest.azure.net/operations/policy/updatepolicy?api-version=2018-09-01-preview&tee=SgxEnclave","type":"POST","pathAndQuery":"","requestId":"0b2a1ada-6f66-4aab-93c7-f80bd333100c","failureCause":"","sessionId":"f5d0b2f5ca224f09877546b71219ef17","status":403,"statusText":"Forbidden","duration":701},"extension":"Microsoft_Azure_Attestation","errorLevel":1,"timestamp":194376,"name":"Error","stack":null,"innerErrors":[],"jqXHR":{"readyState":4,"responseText":"{\"error\":{\"code\":\"Forbidden\",\"message\":\"Access to /operations/policy/updatepolicy is denied\"}}","responseJSON":{"error":{"code":"Forbidden","message":"Access to /operations/policy/updatepolicy is denied"}},"status":403,"statusText":"Forbidden"},"textStatus":"error","errorThrown":"Forbidden"}

I have all the rights on Azure so I don't understand why the error of forbidden occure.

Any clue in order to use the attestation correctly?

Thank you in adavnce.

Azure SQL Database
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
793 questions
Accepted answer
  1. Saurabh Sharma 23,676 Reputation points Microsoft Employee
    2021-07-08T20:00:17.907+00:00

    Hi @Jimmy KING ,

    Products team was able to reproduce this issue and unfortunately this appears a known issue using certification selection process on Azure portal with the latest chromium based browsers (aka chrome, Edge, Opera etc.) which supports both certificate AUTH as well as non certificate.
    They will be working to provide a fix for the same but this is going to take some time and they already have that in their plans.

    However, they have suggested 2 possible workarounds:

    • User must cancel cert selection and in this case all should be fine. This question will be displayed only once (and not displayed again until all browser window will be closed).
    • User may user Firefox Browser that have more correct behavior in this specific case.

    Please let me know in case you hit any other issue. Sorry for your inconvenience.

    Thanks
    Saurabh

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest