Trying to create an event hub but the Azure Storage Container I chose to use brings up an error message

Question

Trying to create an event hub but the Azure Storage Container I chose to use brings up an error message

Troy London 5

I'm trying to create an event hub that captures data from a Azure storage account but I've encountered the following error:

SubCode=40000. Error returned from 'BlobContainer' when making a test call. Error: The account being accessed does not have sufficient permissions to execute this operation. TrackingId:fb521c27-6d35-4688-a39d-99f4556276cc_G7S3, SystemTracker:avddeltaalerts.servicebus.windows.net:avdeventhub, Timestamp:2023-03-27T21:13:28

What access does this account need? I've tried to look up the error message but so far haven't come across anything which could help.

2 answers

Your answer

Answer 1

Bhargava-MSFT 31,261 Microsoft Employee Moderator

Hello Troy London,

Welcome to the MS Q&A platform.

Per the error message, the account being accessed does not have sufficient permissions to execute the operation. To resolve this issue, you will need to grant the necessary permissions to the storage account.

To grant the necessary permissions, you can follow the steps below

In the Azure portal, go into your storage account to grant your event hub access
Select Access control (IAM) in the left pane, and then select Role assignments
You'll see a list of who has access to the storage account. Now you want to add a role assignment to the event hub that needs access to the storage account
Select Add > Add role assignment to open the Add role assignment page
Assign the Storage Blob Data Contributor role to the Event Hub After granting the necessary permissions, you can capture data from the Azure storage account.

If you are using a Gen1 account, here is a document explaining how to assign permissions to event hubs.

I hope this helps. Please let me know if you have any further questions.

Bhargava-MSFT 31,261 Reputation points Microsoft Employee Moderator

2023-03-30T23:44:33.92+00:00

Hello Troy London,
I am checking to see if you got a chance to look into the earlier response. Please let us know if you have any further questions.
Troy London 5 Reputation points

2023-04-03T20:56:48.8+00:00

I don't seem to be able to add that role to my storage account
Bhargava-MSFT 31,261 Reputation points Microsoft Employee Moderator

2023-04-03T23:50:18.59+00:00

Are you getting any errors while adding the role? Or you do not have permission to add that role?
BSK 0 Reputation points

2023-05-31T13:50:02.12+00:00

@Bhargava-MSFT While I am trying to add a member in storage account eventhub name space is coming, no event hub instance is seen. Please see the error.

SubCode=40000. Generic: Linked access check failed for capture storage destination /subscriptions/ba836b90-0404-4a9c-8723-902ec98c83ed/resourceGroups/AzureBackupRG_centralus_1/providers/Microsoft.Storage/storageAccounts/stgtestsri123. User or the application with object id 67dc94f0-24eb-4738-80aa-48896ffe6561 making the request doesn't have the required data plane write permissions. Please enable Microsoft.Storage/storageAccounts/blobServices/containers/write, Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write permission(s) on above resource for the user or the application and retry. TrackingId:90d8e0b9-82c3-42a6-a206-06dad2ded9d7_G16S2, SystemTracker:eventhubtestsri2023.servicebus.windows.net:eventhubtestsri12023, Timestamp:2023-05-31T12:41:33

Answer 2

Silvia Wibowo 6,041 Microsoft Employee Volunteer Moderator

Hi @Troy London , are you enabling Event Hub Capture to put streaming event into Azure Data Lake Storage Gen 1?

You could try assigning permission to Event Hubs.

Troy London 5 Reputation points

2023-04-03T20:58:07.9333333+00:00

I'm trying to setup alerting for our Azure Virtual Desktop environment and push those alerts to an external monitoring vendor. Granted I am unsure if this is correct method but I am going by some Microsoft documentation
Troy London 5 Reputation points

2023-04-03T21:06:28.87+00:00

I'm trying to setup some alerting for our Azure Virtual Desktop environment and push those alerts to our external monitoring vendor just incase there are any issues etc
Silvia Wibowo 6,041 Reputation points Microsoft Employee Volunteer Moderator

2023-04-03T21:28:58.0366667+00:00

It will be helpful to detail out your current config and what you're trying to achieve. Alert for AVD (Azure Virtual Desktop) -> is this diagnostic logs, alert based on Azure Monitor metrics, service alert, or something else? Is there any particular reason of choosing Event Hub? If it's not a streaming data, would Event Grid do? Source of data: storage account (is it v1/v2, is it blob/files/queues, is hierarchical namespace enabled) or Log Analytics workspace?
Troy London 5 Reputation points

2023-04-03T21:46:32.6466667+00:00

Honestly I am open to suggestions - our vendor suggested using the Azure Event Hub so they could use Qradar to connect to it, using a storage account and then sending the AVD logs to it. This is the first time delving into this side of Azure so I am not completely sure this is the correct process to follow, or the correct solution going forward. I have previously setup log analytics for AVD so if I could use an existing setup that would be preferable to me.
Silvia Wibowo 6,041 Reputation points Microsoft Employee Volunteer Moderator

2023-04-03T23:29:25.9533333+00:00

You can use Log Analytics workspace data export in Azure Monitor: Azure Monitor ingestion pipeline -> Event Hub -> Qradar. Please review the limitations to determine whether this method will work for your use case. Alternatively, you can use Logic Apps to periodically export data to Event Hub.

Share via

Trying to create an event hub but the Azure Storage Container I chose to use brings up an error message

2 answers

Your answer