Having issue while deploying migrate appliance in VMware infra

Question

I am trying to deploy Azure Migrate appliance in my vmware infra but when it's reaching up to save and start discovery phase facing below error.

Details

Azure Key Vault create or update operation failed for 'https://FPA-MIG3085ekv.vault.azure.net'. The error encountered is 'An error occurred while sending the request.'

Recommendation

Please check if you have 'Contributor' access to the the given subscription. You should also check if you have access to the Key Vault specified in the error message and retry the operation. If the issue persists, please contact Microsoft support.

I am the owner of account ever after that facing this issue. separately added my account again as contributor on subscription, resource group and keyvault. even after that facing same issue.

Answer 1

Hi All,

Thanks for all answer. Issue is resolved now.

Actual issue was with proxy. I added *.vault.azure.net in proxy because migrate was trying to make call on https://key{randonnumber}.vault.azure.net and this url was missing from list of required url for migrate.

https://portal.azure.com/
https://hypervehubns2018-11-22-14-28-46-222.servicebus.windows.net
https://hypervehubns2019-03-28-05-32-57-815.servicebus.windows.net
https://vmwareehubns2018-11-22-14-42-52-696.servicebus.windows.net
https://login.windows.net/
https://management.azure.com/
https://login.microsoftonline.com/common/oauth2/deviceauth
https://aka.ms/latestapplianceservices
https://graph.windows.net/

Answer 2

First thing - Check if the appliance has required permissions listed in the documentation - https://learn.microsoft.com/en-us/azure/migrate/migrate-appliance#appliance---vmware

Secondly, If you have proxy configured/enabled, ensure to adjust/update the proxy by adding the machine name, IP to the proxy bypass list allowing those connections to go directly to those machines.

To use Azure Migrate, there are some permissions that are required to manage Vaults and resources.
See the instructions to check the permissions of your account to the Key Vault using the following PowerShell script:

$userPrincipalId = $(Get-AzureRmADUser -UserPrincipalName "loggedin_user").Id

Set-AzureRmKeyVaultAccessPolicy -VaultName "replace_with_key_vault_name" -ObjectId $userPrincipalId -PermissionsToStorage get, list, delete, set, update, regeneratekey, getsas, listsas, deletesas, setsas, recover, backup, restore, purge

Reference: https://learn.microsoft.com/en-us/azure/migrate/tutorial-prepare-vmware

Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

Answer 3

Hi Sadiqh,

Thanks for quick reply.

Appliance has required permission.

Proxy is configured properly and it is registered successfully with azure account.

When I am deploying appliance then it is asking for login to azure portal with device login and I am using my owner account and i verified that account has all privilege which you mention above.

Still unable to understand why I am receiving this error.

Answer 4

This is a long shot but you may also want to validate if you have any policies that restrict the types of resources you can create in the subscription, in this case Key Vault.

See the information here on Policy definitions:
https://learn.microsoft.com/en-us/azure/governance/policy/overview#policy-definition

----------

Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.