I keep hitting "Storage creation failed" when trying to start up cloud shell for azure learning

Hesmondjeet Oon 0

As part of the Azure learning exercise below, I'm trying to start up my Powershell in order to run the shell commands. Exercise - Create an Azure Virtual Machine However, when I try starting up the PowerShell, it shows the following error: Storage creation failed

{"error":{"code":"AuthorizationFailed","message":"The client 'xxx@xxx.com' with object id 'xxx' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/xxx/resourcegroups/cloud-shell-storage-southeastasia' or the scope is invalid. If access was recently granted, please refresh your credentials."}}

I tried to wait a day before activating another sandbox (currently at 4/10), but am still hitting this issue. I also tried using incognito to resolve the issue to no avail. Any ideas? #azure-fundamentals

Fabricio Godoy 2,611 Reputation points

2023-04-17T02:39:16.38+00:00

Hello @Hesmondjeet Oon your question still open. do u have any comments?...this is help you?. if yes, please don`t forget to upvote and accept the answer. regards
Ernsdorff, Ron 5 Reputation points

2023-05-30T21:39:22.04+00:00

Was there ever a solution to this? I am running into the same issue. I was attempting to use bash shell:

I attempted to log into Azure AD, but get this error:

You do not have access | Overview

Azure Active Directory

and this is the box on the bottom of the screen
{ "shellProps": { "sessionId": "3659e370cd554eb98d73af35e6e45d23", "extName": "Microsoft_AAD_IAM", "contentName": "ActiveDirectoryMenuBlade", "code": 403 }, "error": { "message": "No access", "code": 403 }}
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

4 answers

Ernsdorff, Ron 5 Reputation points

2023-05-30T21:59:16.7766667+00:00

I was able to see in the portal that my sandbox account had a cloudshellXXXXXXXXX storage account. All Services --> Storage Accounts --> cloudshellXXXXXXXX(I think this number will be unique for everyone)

So I navigated to the advance settings in the storage account creation, change to the South Central US which matched what the storage account was using as it's location. Then I was able to create a new file share with a unique name. That allowed me to create the use the bash shell.
Please sign in to rate this answer.

1 person found this answer helpful.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Sign in to comment
Fabricio Godoy 2,611 Reputation points

2023-04-14T02:21:19.86+00:00
Hello @Hesmondjeet Oon
Apparently the account that is connected is without proper permissions in RBAC on resource grup target.

Go to azure AD portal > locate the user > assing an approprieate role-based access on the subscription / resource group > save this is will be fix your problem. Regards.
Please sign in to rate this answer.
Hesmondjeet Oon 0 Reputation points

2023-04-14T02:30:24.6466667+00:00

As the subscription/resource group are created automatically by the sandbox, it seems that I do not have any access to assign/change my role as per your recommendation. Subscription Error: "You do not have permissions to read role assignments at this scope. Check that you are assigned a role that has the Microsoft.Authorization/roleAssignments/read permission at scope /subscriptions/fec12bf7-44d5-422e-806d-6e4e1d535050 or above." Resource Group Error: "You do not have permissions to read this directory. Contact a Global Administrator and have them assign you the Directory Readers role in Azure Active Directory."

Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Sign in to comment
Deleted

This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Comments have been turned off. Learn more
Martin Adamsson 0 Reputation points

2023-07-17T12:14:02.86+00:00

---this solved my 403 error, Use the lab-provided subscription. Use the existing resource group. Use Central US for the location. Create a new, uniquely named Storage account and a new, uniquely named File Share.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Share via

I keep hitting "Storage creation failed" when trying to start up cloud shell for azure learning

4 answers