Issue with Azure VM Creation. AuthorizationFailed Error

Valentyn Tonkonih 25 Reputation points
2024-06-11T12:01:13.3166667+00:00

Hello.

I'm currently learning Azure on Microsoft Learn and working through the module  Describe Azure compute and networking services. However, I've encountered an issue in the first exercise.
Task 1: Create a Linux virtual machine and install Nginx.
I tried running the following code:
az vm create \
--resource-group "learn-f34bee4d-130e-4a9b-98ae-b494dd63fb80" \
--name my-vm \
--public-ip-sku Standard \
--image Ubuntu2204 \
--admin-username azureuser \
--generate-ssh-keys
But I got this error:
(AuthorizationFailed) The client 'live.com#walen.tonk@gmail.com' with object id '06e0ccea-1c47-4def-82d6-73a016d84a7f' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/02dd49b6-b1df-4b19-bce6-b6188492ff0b/resourcegroups/learn-f34bee4d-130e-4a9b-98ae-b494dd63fb80' or the scope is invalid. If access was recently granted, please refresh your credentials.

Code: AuthorizationFailed

Message: The client 'live.com#walen.tonk@gmail.com' with object id '06e0ccea-1c47-4def-82d6-73a016d84a7f' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/02dd49b6-b1df-4b19-bce6-b6188492ff0b/resourcegroups/learn-f34bee4d-130e-4a9b-98ae-b494dd63fb80' or the scope is invalid. If access was recently granted, please refresh your credentials.

User's image

I've seen similar cases on the forum, but none of the solutions helped me.

Trying to solve the issue, I accidentally created a Concierge Subscription in my Microsoft Learn Sandbox directory. Honestly, I don't understand how I did it. However, I can't delete it due to permission configurations. Or maybe it was created automatically.
User's image

Solutions I've tried:

  1. Since the error informs about access rights, I tried to change at least something in the Access control tab, but since it’s a Microsoft Learn Sandbox directory that was created automatically during the completion of tasks in the previous module, access permissions were configured automatically, and I am not able to change anything. Additionally, I don’t have any administrators over my account; it’s merely my personal account for self-education.
    User's image
  2. The most common recommendation I've come across is to replace "[sandbox resource group name]" in the template with something like “learn-f34bee4d-130…,” which I’ve already done (see screenshot_1).
  3. I tried running slightly different code based on other recommendations, but they didn’t solve my problem either.

Thank you in advance for your attention and help.

Azure Training
Azure Training
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Training: Instruction to develop new skills.
1,295 questions
0 comments No comments
{count} vote

Accepted answer
  1. pnaroju 2,540 Reputation points Microsoft Vendor
    2024-06-11T19:30:21.49+00:00

    Hi Valentyn Tonkonih,

    Thank you for reaching out to us on the Microsoft Q&A forum.

    We understand you are experiencing issues creating a VM in the sandbox while working through the module "Describe Azure compute and networking services."

    Here are the troubleshooting steps to resolve the issue:

    1. Sign Out of Existing Azure Portal: Ensure you completely sign out from the Azure portal created in the previous module unit "Exercise - Create an Azure resource," which has an active Microsoft Learn sandbox directory with a Concierge subscription.
    2. Sign Out of Azure Cloud Shell: Sign out completely from the existing Azure Cloud Shell sandbox or wait until the sandbox activation time expires.
    3. Activate a New Sandbox: Click on the "Activate Sandbox" button to activate a new sandbox. This will create a default subscription called "Concierge subscription" along with a default resource group name starting with "learn." We recommend using a different browser or an incognito/private window to rule out any browser-related issues.
    4. Verify Resource Group Name: Sign in to the Azure portal and verify that the resource group name used in the "az vm create" command matches the one displayed in the Azure portal for the sandbox environment.
    5. Refresh the Sandbox Environment: Since you lack permission to modify the sandbox environment and the error indicates an authorization problem, the most effective solution is to refresh the Microsoft Learn sandbox environment. This will recreate the environment with the appropriate permissions.
    6. Follow Microsoft Learn Instructions: Follow the instructions provided in the exercise within the Microsoft Learn document. These instructions are tailored for the sandbox environment and often use Cloud Shell commands to avoid permission issues. Ensure you are running the Azure CLI commands in the correct directory (Microsoft Learn Sandbox) and with the correct subscription selected.

    Please note that modifying permissions in the Microsoft Learn sandbox is restricted to prevent unintended consequences. The Concierge Subscription is automatically created for sandbox environments to provide necessary resources, and we do not have permission to delete or modify it due to these inherent restrictions.

    Also, in a sandbox environment, the access control configurations are pre-set and typically cannot be modified by the user.

    If you continue to face issues, please let us know in the comments. We are here to help.

    If you find this information helpful, please acknowledge by clicking the "Upvote" and "Accept Answer" buttons on the post.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful