question

MatthewDailey-5895 avatar image
0 Votes"
MatthewDailey-5895 asked SwathiDhanwada-MSFT commented

Receiving 'RunAsAccount not found' with Managed Identity enabled in Azure Automation

I created an Azure Automation account with system assigned Managed Identity and the Start/Stop VM Solution enabled. The 'ScheduledStartStop_Parent' runbook runs at its scheduled time but it throws this error:

 et-AutomationConnection : RunAsAccount not found. To create this RunAsAccount, navigate to the RunAsAccount blade and create a RunAsAccount. Refer doc for more details (https://docs.microsoft.com/azure/automation/create-runas-account)At line:211 char:37+ ... icePrincipalConnection=Get-AutomationConnection -Name $connectionName+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (:) [Get-AutomationConnection], AssetManagementClientException + FullyQualifiedErrorId : 3,Orchestrator.AssetManagement.Cmdlets.GetAutomationConnectionCmdlet 

The documentation recommends not to use RunAsAccount but its throwing an error telling me to create a RunAsAccount.

Is there an extra configuration step with Managed Identity that I'm missing? How do I solve this error?


azure-automationazure-managed-identity
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SwathiDhanwada-MSFT avatar image
0 Votes"
SwathiDhanwada-MSFT answered SwathiDhanwada-MSFT commented

@MatthewDailey-5895 Welcome to Microsoft Q & A Community Forum. Yes, its recommended to use Managed Identity for authenticating Azure resources from the runbooks. However, the existing Start Stop Solution uses "RunAsAccount" for authentication. I would suggest you create RunAsAccount for this scenario. For information on how to create RunAsAccount , you can refer this document.

I assume you have installed Start Stop Solution v1 version. I would like you to know about the next version, which is in preview right now. This new version (v2) offers all the same functionality as this one but is designed to take advantage of newer technology in Azure. It adds some of the commonly requested features from customers, such as multi-subscription support from a single Start/Stop instance.

Start/Stop VMs during off-hours (v1) will be deprecated soon and the date will be announced once V2 moves to general availability (GA).

Also, we will update our documentation with the information that you have requested.


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@SwathiDhanwada-MSFT Do I still need to create a RunAsAccount in the new version of the Start/Stop Solution or can I use Managed Identity?

0 Votes 0 ·

@MatthewDailey-5895 No, it doesn't use RunAsAccount. Start/Stop VMs v2 (preview) is redesigned and it doesn't depend on Azure Automation or Azure Monitor Logs, as required by the previous version. This version relies on Azure Functions to handle the VM start and stop execution.

A managed identity is created in Azure Active Directory (Azure AD) for this Azure Functions application and allows Start/Stop VMs v2 (preview) to easily access other Azure AD-protected resources, such as the logic apps and Azure VMs.

Kindly note Start Stop v2 version is still in preview. For more information, refer this document.


0 Votes 0 ·