Share via

Azure Storage Account : Blob service (SAS) Connectivity Check FAILED

amsDeveloper 71 Reputation points
2020-06-29T03:51:34.083+00:00

We created a new Storage Account on Azure. And, when we perform the Connectivity Check, it shows that Blob service (SAS) endpoint is not accessible with message "Public access is not permitted on this storage account." The status code is 409.

The Storage Account was upgraded from V1 to General-Purpose V2. Is that causing this issue?

10881-blob-sas.png

Also, "Generate SAS and connection string" button in "Shared access signature" is disabled and greyed out.

10828-screen-shot-2020-06-29-at-181219.png

How do we create and enable this endpoint? My search so far doesn't point to any solution to create/enable this over the Portal. Is it possible only through the REST API?

Blob service (SRP) check, Share Access Signature check is successful. There is no private endpoint, firewall created and access is allowed from "All Networks".

Accessing blob from client side with Storage Account Key with an API is currently failing with error code 403.

Also, we are successfully able to fetch the blob details from "Microsoft Azure Storage Explorer" connected with the 'Connection String' of the Storage Account.

Additional Details :

I can also see that "Blob service (Azure AD)" endpoint is not accessible, but "Queue service (Azure AD) endpoint is.

10976-blob-ad.png

Azure Storage
Azure Storage
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,543 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
3,202 questions
0 comments

7 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. AzDevAd1 1 Reputation point
    2020-09-17T01:16:06.613+00:00

    Facing a similar issue. Allow public blob access is Enabled. N/W traffic is set to All Networks. (Have F/w and N/w rules but disabled for time being).

    It still gives Blob service (Azure AD) and Blob service (SAS) end points are not accessible. What is causing this and how to remediate this ? Please note its not a new storage account and it was a legacy account working from quite some time and facing this issue all of a sudden.

    Strangely, happening only for one storage account and not for others.

    The only other clue i see is that the Static Website pane is also not accessible and is showing a weird message with no error code. (Not sure if its related or not but mentioning here).

  2. Tom Jones 6 Reputation points
    2020-11-28T15:43:56.227+00:00

    Hi, I'm sorry, I don't follow it.

    • AllowBlobPublicAccess needs to be set to true. Is it for making "https://MY_ACCOUNT.blob.core.windows.net" available in "internet"?
    • How can I enforce SAS key check? I don't want any anonymous access. I want:
      • upload and download to and from storage using specific SAS keys.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.