How to access storage account table (enabled from selected VNet) from logic app standard

Priyanka Gupta 0 Reputation points
2024-01-30T13:12:03.54+00:00

Hi, I am new to Azure and I am struggling to fix an issue. There is a Logic App Standard named 'test-las' which is inside App Service Environment (ASE) named 'test-ase'. This ASE is inside a VNet/subnet named 'test-ase-snet'. There is a Storage Account named 'teststoragedata', currently whose Networking setting is 'Enabled from all networks'. This Storage Account has a Table named 'Test01' whose Authentication method = Access key In this Logic App Standard, I am using KeyVault to get UserName and Password. KeyVaults Networking setting is enabled as 'Allow public access from specific virtual networks and IP addresses'. I am successfully able to access the KeyVault (which is VNet enabled) in the Logic App Standard workflow. In the same Logic App Standard, I am using Azure Table Storage Connector 'Insert or Replace Entity (V2)' which is inserting/updating records in storage account table. The Connector's connection Type = Access Key. Below is the Connector setting and workflow design: User's image

Issue: When I try to change the Networking setting of Storage Account to 'Enabled from selected virtual networks and IP addresses' and 'Allow Azure services on the trusted services list to access this storage account', I get below error in the workflow:

Forbidden

User's image

User's image

When I run path in the browser, I get ResourceNotFound error. Same I am getting in App Insights. But when I run Uri of App Insight in browser, I get this error:
AuthenticationFailed: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:1b923ebd-2002-000d-7f8c-53a90a000000 Time:2024-01-30T14:55:18.4088718Z  
Also, now I am able to run the Logic App workflow using storage account enabled from all network. Please help to understand the root cause and solution to fix the issue. NOTE: I'm not allowed to create the logic app in another region than the storage account (company rules).  

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,517 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Sumarigo-MSFT 42,516 Reputation points Microsoft Employee
    2024-01-30T14:21:29.28+00:00

    @Priyanka Gupta Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

    As I understand you are facing an issue with the Azure Table Storage connector in your Logic App. Based on the information you have provided, it is possible that the issue is related to changes in the network configuration of your storage account. If you were able to run the same Logic App previously with the "Enabled from all networks" setting, but are now facing issues, it is possible that the network configuration of your storage account has been changed to only allow access from selected virtual networks.

    ****Ensure you have the full Azure Storage table endpoint when creating an "Access Key" connection or using V2 operations.

    **Enter the full Azure Storage table endpoint on Azure Storage account name or table endpoint parameter for "Access Key" authentications

    To troubleshoot this issue, you can try the following steps:

    1. Check the network configuration of your storage account to ensure that it is set up correctly. You can do this by going to the "Networking" tab in the Azure portal and verifying that the appropriate virtual networks are selected.
    2. Check the firewall settings of your storage account to ensure that they are not blocking access from your Logic App. You can do this by going to the "Firewalls and virtual networks" tab in the Azure portal and verifying that the appropriate IP addresses and ranges are allowed.
    3. Check the connection settings of your Logic App to ensure that they are configured correctly. You can do this by going to the "Connections" tab in the Logic App designer and verifying that the connection to your storage account is set up correctly.
    4. Enable diagnostic logging for both your Logic App and Azure Table Storage. Check the logs for more detailed error messages or information about what might be causing the problem.
    5. If the issue persists, you can try creating a new Logic App in the same region as your storage account and see if that resolves the issue. If you are not allowed to create the Logic App in another region, you can try creating a new storage account in the same region and see if that resolves the issue.

    Additional information: https://stackoverflow.com/questions/67208970/azure-logic-app-unable-to-create-connection-to-table-storage

    https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-portal#grant-access-to-trusted-azure-services

    Please let us know if you have any further queries. I’m happy to assist you further.

    ---Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.