How to fix Azure PostgreSQL deployment error: "... Graph API client application ... is not found ... required permissions"?

christian-365 35 Reputation points
2023-02-01T23:54:26.1733333+00:00

After using the Azure portal to set up a PostgreSQL flexible server it failed during deployment, first showing status "Accepted" and then within a minute of working on deploying switching to status "Conflict" and returning this failure message:

{'code':'DeploymentFailed','message':'At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.','details':[{'code':'AadAuthEnableFailedDueToMissingGraphApiAccessPrincipal','message':'Expected Microsoft Graph API client application with ClientId = xyz is not found in the TenantId = xyz, or does not have required permissions.'}]}

The issue has persisted for several hours and across redeploy attempts (including starting from scratch from an incognito window); it looks like this is a recent issue and one that is also affecting others since there was a seemingly identical issue posted on stackoverflow yesterday that now has 29 views:

https://stackoverflow.com/questions/75301640/expected-microsoft-graph-api-client-application-with-clientid-does-not-have-re

A (redacted) version of the deployment.json is attached (deployment-redacted.json.txt) for further detail, and a few things of note that may or may not be relevant are:

  1. This was the first Azure deployment we attempted after just signing up for a trial from an existing Microsoft 365 subscription
  2. We selected both Azure AD and PostgreSQL access control
  3. We enabled geo-redundant backup
  4. We changed from the default _v4 VM to "Standard_D2ds_v5"
  5. The resource group and listed location are in "westus", but in the deployment json under "vnetData" for the "testVnet" it says location is "eastus2" (we didn't pick the vnet option so this could be a red herring)

How do I fix this so I can deploy the PosgreSQL flexible server on Azure?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,030 questions
Azure Database for PostgreSQL
{count} votes

Accepted answer
  1. Oury Ba-MSFT 15,276 Reputation points Microsoft Employee
    2023-02-08T20:44:48.1466667+00:00

    Hi Christian

    Thank you for your patience while working on this issue. Seems like this issue occurs if the below prerequisite was not performed. https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-configure-sign-in-azure-ad-authentication?source=recommendations#prerequisites

    Our product group are working on removing this requirement sometimes next week but until then customers must complete the perquisites to avoid this error.

    Please check ad let me know if you have any questions.

    Whoever is seeing this above error message please do perform the prerequisites and let us know the result.

    Hope this helps.

    Regards,

    Oury

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful