Azure Logic App: Azure VM Connector - InvalidAuthenticationTokenTenant
Question
I'm try to use the Azure VM Connector to start and stop a Virtual Machine.
When I edit the Logic App it uses my User Id to authenticate (successfully).
However, my User Id is in a different Tenant than the VM. The Start Virtual Machine connector allows you to specify the SubscriptionId , ResourceGroup , and VM Name , but not the TenantId .
I get an Authorization (401) error ( InvalidAuthenticationTokenTenant ) when I try to run the Logic App . How can I specify the correct TenantId to get it working?
"error": { "code": "InvalidAuthenticationTokenTenant", "message": "The access token is from the wrong issuer 'https://sts.windows.net/a35caae4-15e1-4518-bd0f-c1fd0f22814c/'. It must match the tenant 'https://sts.windows.net/600ab0db-7c24-401f-b5be-d765e88dfb09/' associated with this subscription. Please use the authority (URL) 'https://login.windows.net/600ab0db-7c24-401f-b5be-d765e88dfb09b' to get the token. Note, if the subscription is transferred to another tenant there is no impact to the services, but information about new tenant could take time to propagate (up to an hour). If you just transferred your subscription and see this error message, please try back later." }
1 answers
solution1
1 2021-05-22 23:47:28
I solved the problem by doing 3 things:
- Enable Managed Identities for the Logic App
- Add a new role assignment in the VMs Access Control (IAM) section for the Logic App
- Updated the Start virtual machine task in the Logic App to connect using the managed identity
The following link regarding Azure Functions to Start/Stop VMS provided the basic steps that I applied to the Azure Logic App(s) in my case.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.