Share via

Cannot provision memory store in Azure AI Foundry for agents despite all infra in place

Samuel Robel 0 Reputation points
2026-03-10T14:25:57.8033333+00:00

We’re trying to provision an Azure AI Foundry Agent memory store, but creation fails consistently.

We tested two creation paths:

  1. Python SDK with AIProjectClient and client.beta.memory_stores.create(...)
  2. Direct REST call to POST /api/projects/{project}/memory_stores?api-version=2025-11-15-preview using AAD token for https://ai.azure.com/

Both paths return the same backend failure: HTTP 500 server_error during memory store creation.

Current environment/config:

  • Region alignment: Foundry account, Foundry project, Cosmos DB (NoSQL), Azure AI Search, and Storage are all in East US
  • Project capability host: present, provisioning state Succeeded
  • Cosmos connection auth type: Microsoft Entra ID
  • Cosmos throughput mode for memory containers: fixed manual throughput, 1000 RU/s per container
  • Azure AI Search: supported paid tier (not free)
  • Blob storage connection: configured
  • Permissions: project managed identity has Cosmos data-plane read/write, Search data/index permissions, and Blob Data Contributor on storage
  • Models used in tests: gpt-4.1 (chat), text-embedding-3-small (embeddings)

Additional signal that connectivity/auth is likely working: Foundry already created the enterprise_memory database and memory-related containers in Cosmos, so the project-to-Cosmos link appears functional.

Given this setup, we expected memory store provisioning to succeed, but it still fails with server_error from both SDK and REST.

Is there any known service-side condition or additional required setting that can cause this failure pattern?

Foundry Tools
Foundry Tools

Formerly known as Azure AI Services or Azure Cognitive Services is a unified collection of prebuilt AI capabilities within the Microsoft Foundry platform

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Manas Mohanty 16,105 Reputation points Microsoft External Staff Moderator
    2026-04-01T07:26:48.94+00:00

    Hi Samuel Robel

    I wanted to add the following clarification.

    Memory Store Provisioning – Key Considerations

    Memory Store provisioning is not only a runtime data‑plane operation. It also performs creation and configuration of Cosmos DB containers and Azure AI Search indexes, which requires:

    • Control‑plane permissions
    • Network reachability from the Foundry capability host

    As a result, a setup that successfully validates connections can still fail during provisioning if:

    • Resources are behind private endpoints or firewalls, or
    • Only data‑plane roles are assigned.

    Therefore, 500 – Internal Server Error responses may originate from the following causes, in addition to backend or regional issues.

    1. Network (VNET) Perspective

    • The outbound network path from the Foundry capability host may be blocked.
      Please review:
      • NSG outbound rules
      • Firewall / proxy logs
    • Ensure DNS resolution works for all connected resources.
    • Whitelist the Azure AI Foundry Project in the firewall of dependent resources (trusted services / instances).
    • Consider using a Managed VNET to reduce networking effort and avoid misconfiguration.

    Reference:
    https://github.com/strudel0209/ai-foundry-infra-networking/blob/main/README.md

    2. Permissions Perspective

    Provisioning requires control‑plane permissions that are not included in “data‑plane read/write” roles.

    Please ensure appropriate roles are assigned, such as:

    • Azure AI Account Owner
    • Azure AI Account Administrator

    Reference:
    https://learn.microsoft.com/en-us/azure/foundry/concepts/rbac-foundry

    3. Code Syntax Perspective (Difference Observed)

    ✅ Working Code (From Support)

    options = MemoryStoreDefaultOptions(
    chat_summary_enabled=True,
    user_profile_enabled=True,
    user_profile_details=(
        "Avoid irrelevant or sensitive data, such as age, financials, "
        "precise location, and credentials"
    )
)

# Create memory store
chat_model = MEMORY_STORE_CHAT_MODEL_DEPLOYMENT_NAME
embedding_model = MEMORY_STORE_EMBEDDING_MODEL_DEPLOYMENT_NAME

definition = MemoryStoreDefaultDefinition(
    chat_model=chat_model,
    embedding_model=embedding_model,
    options=options
)

memory_store = project_client.beta.memory_stores.create(
    name=memory_store_name,
    definition=definition,
    description="Memory store for customer support agent",
)

    ⚠️ Code Used by Customer

    client = AIProjectClient(
    endpoint=PROJECT_ENDPOINT,
    credential=DefaultAzureCredential(),
    allow_preview=True,
)

memory_store = client.beta.memory_stores.create(
    name=MEMORY_STORE_NAME,
    definition=MemoryStoreDefaultDefinition(
        kind=MemoryStoreKind.DEFAULT,
        chat_model=CHAT_MODEL,
        embedding_model=EMBEDDING_MODEL,
    ),
)

    4. Resource Provider Perspective

    Please ensure the following Azure resource providers are registered in the subscription:

    • Microsoft.KeyVault
    • Microsoft.CognitiveServices
    • Microsoft.Storage
    • Microsoft.MachineLearningServices
    • Microsoft.Search
    • Microsoft.Network
    • Microsoft.App
    • Microsoft.ContainerService
    • (Optional – for Bing Search tool) Microsoft.Bing

    5. Regions Perspective

    Please test the models in supported regions

    Reference:
    https://learn.microsoft.com/en-us/azure/foundry/agents/how-to/virtual-networks

    <https://learn.microsoft.com/en-us/azure/foundry/reference/region-support#foundry-projects>

    I hope this helps in addressing the issue.

    Looking forward to hearing from you.

    Thank you.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.