Share via

Azure File Sync Agent Getting Unauthorized message While Registering the server with Storage Sync Service

Amit Kumar 0 Reputation points
2025-06-24T03:43:14.56+00:00

Hi We have Server which was hosted in AWS and we have enabled the Azure ARC on that machine However while Registering the Sync Agent Server with Sync service we are getting Unauthorized issue My account was having Owner permission and Also the Agent version was set to latest

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,420 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Nandamuri Pranay Teja 3,610 Reputation points Microsoft External Staff Moderator
    2025-06-24T04:30:04.8833333+00:00

    Hello Amit Kumar

    Thank you for the question!

    Please be informed that even if your account holds the Owner role, the Storage Sync Service itself (which is an Azure resource) requires specific permissions for the storage account and possibly the resource group where the server is registered.

    • Navigate to your Storage Sync Service in the Azure portal. Under "Settings," look for "Identity."
    • Ensure "System assigned" managed identity is On. Go to "Access control (IAM)" for your Storage Sync Service. Click "Add" -> "Add role assignment."
    • Search for and assign the following roles to your Storage Sync Service's managed identity:

    Storage Sync Contributor (or "Contributor" if Storage Sync Contributor isn't available) on the storage account you are trying to sync with. Potentially "Contributor" or "Storage Sync Contributor" on the resource group where your Azure Arc-enabled server and Storage Sync Service reside.

    While you have Owner, the account used to run the registration command on the AWS server also needs specific permissions. Ensure the account you are using to run the azcmagent connect (or equivalent) command on the AWS machine has Azure Connected Machine Onboarding role OR Contributor role on the resource group where you are registering the machine. Local administrator/root privileges on the AWS machine itself to install and configure the agent.

    • In the Azure portal, go to your subscription -> "Resource providers" and ensure Microsoft.HybridCompute, Microsoft.GuestConfiguration, Microsoft.HybridConnectivity, and Microsoft.StorageSync are all registered. If not, register them.

    References:

    1. https://learn.microsoft.com/en-us/troubleshoot/azure/azure-storage/files/file-sync/file-sync-troubleshoot-installation
    2. https://learn.microsoft.com/en-us/azure/azure-arc/servers/troubleshoot-vm-extensions

    Hope the above answer helps! Please let us know do you have any further queries.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members. 

    User's image

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.