Share via

Error when doing vcenter discovery from Azure Migrate Vmware appliance

Elmer Tubiera 6 Reputation points
2020-06-23T13:22:02.59+00:00

Hi,

I'm getting the below error messages. Permissions are fine.

Details Azure Key Vault create or update operation failed for https://azmigrate0357aekv.vault.azure.net/.
The error encountered is AKV10022: Invalid audience. Expected https://vault.azure.net, found: https://management.azure.com/.
Recommendation Please check if you have Contributor access to the the given subscription. You should also check if you have access to the Key Vault specified in the error message and retry the operation. If the issue persists, please contact Microsoft support

Please advise.

Regards,

Azure Migrate
Azure Migrate
A central hub of Azure cloud migration services and tools to discover, assess, and migrate workloads to the cloud.
722 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. olufemia-MSFT 2,861 Reputation points
    2020-06-30T03:05:55.147+00:00

    Hi ElmerTubiera-2113,

    The error "AKV 10022" suggests you have an Authorization issue trying to access the Key vault resource. Specifically, the "audience" scope set on the bearer/authorization token is expecting "https://vault.azure.net/" but incorrectly set to "https://management.azure.com/". To successfully call & invoke Key Vault CRUD operations, you may need to set additional access policies on the Key Vault resource for your appliance - suggest adding a similar access policy if you haven't already.

    11024-kvaccessolicy.png

    Here are other useful references that address similar scenarios. Hope this helps.

    1. Data plane and access policies
    2. StackOverflow: How to update Azure key vault

    If issue persists, please share a redacted screenshot of your access policy and we can investigate further or engage the technical support team for help.

    0 comments