StorageAccountAccessKeyServiceImpl - AttemptAADAppAttachWorkflowAsync: Failed to retrieve access keys for storage accounts.

JD 0 Reputation points
2024-05-03T11:51:46.3166667+00:00

I keep getting this error every time I attempt to load an MSIX package via app attach for azure virtual desktop.

Please help.

Error expanding msix app attach package. The MSIX Application metadata expand request failed on all Session Hosts that it was sent to. Session Host: LVV-0, StorageAccountAccessKeyServiceImpl - AttemptAADAppAttachWorkflowAsync: Failed to retrieve access keys for storage accounts. Cannot proceed with AAD app attach workflow..

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,322 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,267 questions
Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,599 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Anand Prakash Yadav 7,805 Reputation points Microsoft Vendor
    2024-05-06T08:16:39.0333333+00:00

    Hello JD,

    Thank you for posting your query here!

    I understand that you are facing issue with accessing the storage account keys necessary for the MSIX app attach process in Azure Virtual Desktop (AVD).

    Please make sure that the storage account settings are correctly configured to allow access from Azure Virtual Desktop. This includes checking network rules and ensuring that public access is configured if necessary, or if private, that proper networking setups like Service Endpoints or Private Links are configured.

    Also, make sure that the session host has the required permissions to access the storage account where the MSIX package is stored. This can happen if the session host is not assigned a role that allows it to read from the storage account, or if the session host is not using a managed identity that is granted access to the storage account. To fix this, you can either assign the session host a role that allows it to read from the storage account (Storage Blob Data Reader or Contributor roles) or enable a managed identity for the session host and grant it access to the storage account.

    Please check if the storage account where the MSIX package is stored is registered with Azure Active Directory (AAD). This can happen if the storage account was created before AAD integration was enabled, or if the storage account was created with a different subscription than the one used for Azure Virtual Desktop.

    In case, the storage account where the MSIX package is stored is not in the same region as the session host. Please try to move the storage account to the same region as the session host and check if that helps.

    Do let us know if you have any further queries. I’m happy to assist you further.

    0 comments No comments

  2. Prakash Patil 0 Reputation points
    2024-10-26T22:46:55+00:00

    For me this fixed this specific issue:

    add role assignments for role - Reader and Data Access to the following entities

    Azure Virtual Desktop and Azure Virtual Desktop ARM Provider

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.