Azure custom image template build keeps failing

Zuuber 120 Reputation points
2024-10-01T08:39:36.4266667+00:00

I am trying to build a custom image template, when i attempt to start the build it fails immediately with the following error >

Not authorized to access the resource: /subscriptions/subscriptionID/resourceGroups/resourcegroupname/providers/Microsoft.Network/virtualNetworks/vnetname. Please check the user assigned identity has the correct permissions.

I have assigned the following 'Azure role assignments' to the Managed Identity >
Microsoft.Compute/images/write
Microsoft.Compute/images/read
Microsoft.Compute/images/delete
Microsoft.Compute/galleries/read
Microsoft.Compute/galleries/images/read
Microsoft.Compute/galleries/images/versions/read
Microsoft.Compute/galleries/images/versions/write
Microsoft.Network/virtualNetworks/read
Microsoft.Network/virtualNetworks/subnets/join/action

As a test i have also assigned the Managed Identity 'Owner' of the subscription and resource groups via Access control (IAM), but i still receive the above error reagrding the MI not being able to access the vnet and i am completely lost of what permission is required and where, any help would be greatly appreciated.

Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,546 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. deherman-MSFT 37,241 Reputation points Microsoft Employee
    2024-10-01T15:40:51.4633333+00:00

    @Zuuber

    Please check the following for the virtual network and see if it resolves the issue:
    Checklist for using your virtual network

    1. Allow Azure Load Balancer to communicate with the proxy VM in a network security group.
    2. Disable the private service policy on the subnet.
    3. Allow VM Image Builder to create a load balancer, and add VMs to the virtual network.
    4. Allow VM Image Builder to read and write source images, and create images.
    5. Ensure that you're using a virtual network in the same region as the VM Image Builder service region.

    Hopefully this will resolve your issue. If you are still facing issues, please let me know and we can work with you directly to investigate.


    If you still have questions, please let us know in the "comments" and we would be happy to help you. Comment is the fastest way of notifying the experts.

    If the answer has been helpful, we appreciate hearing from you and would love to help others who may have the same question. Accepting answers helps increase visibility of this question for other members of the Microsoft Q&A community.

    Thank you for helping to improve Microsoft Q&A!

    User's image

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.