Boot diagnostics is throwing error whenever I change the network setting on storage account to "Enabled from selected virtual networks and IP addresses" and is working fine with "Enabled from all networks"

Abhishek Zende 0 Reputation points
2024-04-09T12:46:52.04+00:00

Boot diagnostics is throwing error whenever I change the network setting on storage account to "Enabled from selected virtual networks and IP addresses" and is working fine with "Enabled from all networks" Please adviseBootDiagnostics_Error

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,157 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,714 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,157 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deepanshu katara 4,980 Reputation points
    2024-04-09T13:30:21.19+00:00

    Hi Abhishek , Welcome to MS Q&A

    Boot Diagnostics for Azure Virtual Machines relies on a storage account to store logs and metrics. When you change the network setting on the storage account to "Enabled from selected virtual networks and IP addresses," you restrict access to the storage account to specific virtual networks or IP addresses. If Boot Diagnostics is throwing errors after making this change, it suggests that the virtual machine might not be able to access the storage account due to the restricted network settings.

    Here are some steps you can take to troubleshoot and resolve this issue:

    1. Check Storage Network Settings: If you have Selected " Enable from Selected virtual networks or IP addresses in", kindly confirm that the Vnet of the VM is added in to the networking of the storage account (Check below Image for ref) . Kindly perform below steps if not added
    2. Select Networking.
      1. Check that you've chosen to allow access from Selected networks.
      2. To grant access to a virtual network by using a new network rule, under Virtual networks, select Add existing virtual network. Select the Virtual networks and Subnets options, and then select Add. To create a new virtual network and grant it access, select Add new virtual network. Provide the necessary information to create the new virtual network, and then select Create. If a service endpoint for Azure Storage wasn't previously configured for the selected virtual network and subnets, you can configure it as part of this operation. Presently, only virtual networks that belong to the same Microsoft Entra tenant appear for selection during rule creation.
      3. Select Save to apply your changes.

    NOTE: Basically Integration of both Vnet VM vnet and storage account if vnets are not peered

    Please check below Image to add Vnet connectivity to your storage account

    User's image

    Kindly find below link for more details

    https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-portal

    Please accept answer , if it helps, Thanks

  2. KapilAnanth-MSFT 35,246 Reputation points Microsoft Employee
    2024-04-12T04:23:12.7733333+00:00

    @Abhishek Zende ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you have used a custom storage account for boot diagnostic.

    In this case, you must enable "Allow Azure services on the trusted services list to access this storage account" in the networking tab of the Storage Account.

    Please let us know if we can be of any further assistance here.

    Thanks,

    Kapil

    Please Accept an answer if correct.

    Original posters help the community find answers faster by identifying the correct answer.