Unable to grant admin consent for Azure VPN

Jeroen Koning 11 Reputation points
2022-12-22T13:35:33.327+00:00

https://learn.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant

I am following this tutorial but when I go to the link (https://learn.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant) it is not working. I get the below error. I just saw another thread with something similar from a long time ago but with two comments from yesterday. What is going on here? Colleague who is a global admin as well is getting the same error. Also I have tried to replace /common/ part with tenant ID. Still nothing.

AADSTS650054:+The+application+'api://41b23e61-6c1e-4545-b367-cd054e0ed4b4/api'+asked+for+permissions+to+access+a+resource+that+has+been+removed+or+is+no+longer+available.+Contact+the+app+vendor.
Trace+ID:+9d84907a-9531-4352-826a-dcf72f94bf00
Correlation+ID:+7b360593-4c8a-4a44-af8b-842ed42149ed
Timestamp:+2022-12-21+09:15:15Z

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,798 questions
{count} votes

1 answer

Sort by: Most helpful
  1. GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator
    2022-12-23T10:53:40.84+00:00

    Hello @Jeroen Koning ,

    I understand that you are trying to setup a P2S VPN using Azure Active Directory authentication following the steps described in our public doc tutorial but when trying to grant admin consent to the Azure VPN application using GlobalAdmin account, the public URL redirects to "https://portal.azure.com/?error=access_denied&error_description=AADSTS650054:+The+application+'api://41b23e61-6c1e-4545-b367-cd054e0ed4b4/api'+asked+for+permissions+to+access+a+resource+that+has+been+removed+or+is+no+longer+available.+Contact+the+app+vendor" and doesn't give the prompt to accept the requested permissions.

    I worked with the Azure VPN and Azure AD Product Group teams and found the below:

    Root Cause:
    Admin Consent was failing for new customers as Azure VPN was trying to get access to Azure AD Graph and this is deprecated.
    Refer : https://learn.microsoft.com/en-us/graph/migrate-azure-ad-graph-configure-permissions?tabs=http%2Cupdatepermissions-azureadgraph-powershell
    This impacted only new Tenants who want to onboard to VPN and not existing customers. Some code was updated in the backend which broke the admin consent flow. The app access has been changed to Microsoft Graph now and the newly added code was removed from the Azure VPN client app from the backend which has fixed the issue.

    Solution:
    Now if you follow the documentation/guide Configure Azure AD tenant and settings for P2S VPN connections: Azure AD authentication: OpenVPN - Azure VPN Gateway | Microsoft Learn, the public URL at Step 2 should work without any issues.

    I would request you to clear your browser cache and give it a re-try. If you face any issues, please update the thread accordingly.

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.