How to get through this error please?

Steven Winters 0 Reputation points
2024-03-04T18:15:51.72+00:00

I am trying to learn about vnet peering in the azure cloud. I have two active certs. It tells me to renew a cert to get access to the labs. How to correct this so I can get moving?

(AuthorizationFailed) The client 'live.com#stevenbwinters@hotmail.com' with object id '327a4d14-a3b7-4faa-96c4-b95045d8c9b8' does not have authorization to perform action 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write' over scope '/subscriptions/15d8a956-80fb-4ce9-9ddc-722e26d3ba5a/resourceGroups/steverg/providers/Microsoft.Network/virtualNetworks/SalesVNet/virtualNetworkPeerings/SalesVNet-To-MarketingVNet' or the scope is invalid. If access was recently granted, please refresh your credentials.

Code: AuthorizationFailed

Message: The client 'live.com#stevenbwinters@hotmail.com' with object id '327a4d14-a3b7-4faa-96c4-b95045d8c9b8' does not have authorization to perform action 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write' over scope '/subscriptions/15d8a956-80fb-4ce9-9ddc-722e26d3ba5a/resourceGroups/steverg/providers/Microsoft.Network/virtualNetworks/SalesVNet/virtualNetworkPeerings/SalesVNet-To-MarketingVNet' or the scope is invalid. If access was recently granted, please refresh your credentials.

stevenbwinters [ ~ ]$

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,409 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,460 questions
{count} votes

1 answer

Sort by: Most helpful
  1. GitaraniSharma-MSFT 49,486 Reputation points Microsoft Employee
    2024-03-05T11:54:34.1666667+00:00

    Hello @Steven Winters ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you are trying to configure Azure Vnet peering but it is failing with the following error: "(AuthorizationFailed) The client 'live.com#stevenbwinters@hotmail.com' with object id '327a4d14-a3b7-4faa-96c4-b95045d8c9b8' does not have authorization to perform action 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write' over scope '/subscriptions/15d8a956-80fb-4ce9-9ddc-722e26d3ba5a/resourceGroups/steverg/providers/Microsoft.Network/virtualNetworks/SalesVNet/virtualNetworkPeerings/SalesVNet-To-MarketingVNet' or the scope is invalid. If access was recently granted, please refresh your credentials".

    Are both the Vnets in the same subscription or different subscriptions under the same AD tenant?

    You need an Azure account with permissions in both subscriptions OR an account in each subscription with the proper permissions to create a virtual network peering.

    The error says that the client does not have authorization. So, I would request you to check the permissions for that clientid.

    Kindly look for user account with client ID: '327a4d14-a3b7-4faa-96c4-b95045d8c9b8'.

    Navigate to the subscription > Choose the subscription > Add Role assignment > Select role "Network Contributor" for the 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write' permissions > assign to the user account.

    Refer: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/networking#network-contributor

    https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-troubleshoot-peering-issues#the-virtual-networks-are-in-different-subscriptions-or-active-directory-tenants

    https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering?tabs=peering-portal#permissions

    https://learn.microsoft.com/en-us/azure/virtual-network/create-peering-different-subscriptions?tabs=create-peering-portal#prerequisites

    Kindly let us know if the above helps or you need further assistance on this issue.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.