Experiencing authentication issues - Network flow logs

Question

Hi,

I have a random issue enabling traffic analytics on my virtual network:

Error:
The portal is having issues getting an authentication token. The experience rendered may be degraded.

Additional information from the call to get a token: Extension: Microsoft_Azure_Network Resource: storagedataplane Details: The extension 'Microsoft_Azure_Network' has not defined the resource access for resource 'storagedataplane' in the extension's configuration, or in the portal's configuration.

Other tenant's do not have this problem, so what could be the issue here? On the Q&A the same issue occures for different Extensions so it looks like a back-end issue on Microsoft side.

Answer 1

Hello Rudy Evers

This error suggests that the creation or updating of the Network Watcher flow log has failed, which could be due to various reasons, such as configuration issues, resource dependencies, Resource lock or insufficient permissions.

Here are steps to troubleshoot and resolve the problem:

• Can you please ensure that you have the necessary permissions to configure flow logs. You need at least the Network Contributor or Owner role on the target subscription/resource group.
• Flow logs require a storage account to store logs. so please ensure that storage account exists and is accessible. If it has a firewall configuration that allows access from the virtual network, it requires permissions (like "Microsoft.Network" access) are assigned.
• Also, Confirm that the Network Watcher is enabled in the region where you're trying to create the flow log.
• To isolate the issue, you can try creating or enabling the flow log again using PowerShell or Azure CLI: New-AzNetworkWatcherFlowLog -NetworkWatcherName "<NetworkWatcherName>" -ResourceGroupName "<ResourceGroupName>" -Location "<Region>" -TargetResourceId "<NSGResourceId>" -StorageId "<StorageAccountId>" ` -Enabled $true

Alternatively,

Please ensure that no Resource Lock is enabled. Test this by unlocking or deleting the lock on the resource group and let me know if the issue persists.

---

Should there be any follow-up questions or concerns, please let us know and we shall try to address them.

Please do consider to “up-vote” and "Accept the answer" wherever the information provided helps you, this can be beneficial to other community members.

Answer 2

Hi Ruby,

Thx for asking here, I would like to try to help...
As u said it could be a transient issue. Check azure service health for any ongoing incidents. Verify permissions and ensure ur account has storage data plane access. Try cli or PShell as a workaround

Set-AzNetworkWatcherConfigFlowLog -Enabled $true -NetworkWatcherName "WatcherName" -ResourceGroupName "RGName" -TargetResourceId "VNetID" 

that is enable traffic analytics using PShell or azure cli if the azure portal is giving authentication errors. Bypasses the ui issue if the error is portal-related (e.g., extension misconfiguration), the script might still work. direct API access PShell and cli communicates with azure directly, avoiding potential ui glitches. As well u can explicitly set parameters (network watcher, log storage, analytics interval).

If this still doesn’t work, the issue might be deeper (missing permissions for the Microsoft.Network service principal in your tenant etc.)

Best regards,

Alex

P.S. If my answer help to you, please Accept my answer