Error when trying to change configuration of a storage account: "Failed to update storage account Error: "Managed Service Identity (MSI) was not found for account on tenant"

Thomas Falck 0 Reputation points
2024-08-30T10:14:28.4533333+00:00

When trying to modify the configuration of a storage account - e.g. upgrading from TLS 1.0 to TLS 1.2, I get the following error:

"Failed to update storage account Error: Managed Service Identity (MSI) was not found for account on tenant"

Looks like the same issues as here: https://video2.skills-academy.com/en-us/answers/questions/1332329/upgrading-from-tls1-0-to-tls1-2-giving-an-errorfai

But there are no Managed Identities in our subscription to delete.

Kind regards

Thomas

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,105 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vinodh247 18,101 Reputation points
    2024-08-30T14:38:32.62+00:00

    Hi Thomas Falck,

    Thanks for reaching out to Microsoft Q&A.

    The error message you're seeing typically indicates that there's an issue with the Managed Identity configuration, but it can be a bit misleading in some contexts.

    Verify Managed Identity Configuration

    1. Ensure the managed identity is properly configured in your azure subscription. It should be listed under "Identity" in the resource menu for the appropriate resource (ex. App Service, VM, etc).
    2. Verify the managed identity has the necessary permissions to perform the desired actions, such as the "Owner" role on the subscription as you mentioned.

    Check Service Connection Settings

    1. Double check the service connection settings in Azure DevOps. Make sure the correct managed identity is selected and that it has the expected permissions.
    2. Try creating a new service connection to rule out any issues with the existing one.

    Troubleshoot Pipeline Execution

    1. Add additional logging and debugging steps to your pipeline to get more information about the failure. For example, add a script to list all the resource groups in the subscription to verify connectivity.
    2. Ensure the pipeline is running on a Microsoft-hosted agent, as user-assigned managed identities are not supported on self-hosted agents.
    3. If using a self-hosted agent, make sure the agent VM has the managed identity assigned and has network connectivity to the Azure endpoints.
    4. Verify the pipeline is targeting the correct Azure subscription and resource group.

    Verify Managed Identity Permissions

    1. Ensure the managed identity has the necessary permissions to perform the desired actions, such as modifying the storage account configuration.
    2. Check the Azure role assignments for the managed identity to confirm it has the required permissions.
    3. If using a user-assigned managed identity, make sure it is properly linked to the Azure resources in the pipeline.

    If the issue persists, you can try the following:

    1. Create a new managed identity and update the service connection to use the new identity.
    2. Recreate the pipeline and service connection from scratch to rule out any configuration issues.

    Please 'Upvote'(Thumbs-up) and 'Accept' as an answer if the reply was helpful. This will benefit other community members who face the same issue.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.