azure_arc icon indicating copy to clipboard operation
azure_arc copied to clipboard
verified publisher icon microsoft

ArcBox-Client VM automated scripts errors

Open dalemagna opened this issue 1 year ago • 1 comments

Is your issue related to a Jumpstart scenario, ArcBox, HCIBox, or Agora? https://azurearcjumpstart.io/azure_jumpstart_arcbox/ITPro

Describe the issue or the bug The automated scripts run within the ArcBox-Client VM are failed

To Reproduce The steps are reported here: https://azurearcjumpstart.io/azure_jumpstart_arcbox/ITPro#:~:text=The%20Logon%20scripts,deployment%20is%20complete

Screenshots image image

Additional context ArcBox-Client VM log folder: https://1drv.ms/f/s!AsTKD3oIqrLpgppQHx5AzKl06GFM1g?e=W5u2lV

dalemagna avatar Feb 14 '24 15:02 dalemagna

@dalemagna Hi, could you run the following from Azure CLI (either from your local machine or from Cloud Shell) to determine the RBAC permissions assigned to the service principal used by the deployment?

  1. Retrieve object ID for your deployment SPN az ad sp list --filter "appId eq 'f70cd6ff-a098-4383-9ea6-036a24a1464d'"

  2. Retrieve the subscription RBAC assignments for the SPN on the subscription scope az role assignment list --scope /subscriptions/5d3ddfde-0c18-468c-8563-a74d7aa56a1b--assignee <insert-id>

Expected output is similar to this:

[
  {
    "condition": null,
    "conditionVersion": null,
    "createdBy": "af606f84-8942-408c-9a52-4b478a693b18",
    "createdOn": "2022-12-27T15:27:48.400727+00:00",
    "delegatedManagedIdentityResourceId": null,
    "description": null,
    "id": "/subscriptions/87b8def0-f5cf-402e-a8db-10e0ee958565/providers/Microsoft.Authorization/roleAssignments/27a7589f-4ad0-4bae-9981-440ffd081091",
    "name": "27a7589f-4ad0-4bae-9981-440ffd081091",
    "principalId": "b3f148d2-c92b-43d6-afe4-89ec76277630",
    "principalName": "545e3c87-82b6-4658-948f-52974b28aa50",
    "principalType": "ServicePrincipal",
    "roleDefinitionId": "/subscriptions/87b8def0-f5cf-402e-a8db-10e0ee958565/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
    "roleDefinitionName": "Owner",
    "scope": "/subscriptions/87b8def0-f5cf-402e-a8db-10e0ee958565",
    "type": "Microsoft.Authorization/roleAssignments",
    "updatedBy": "af606f84-8942-408c-9a52-4b478a693b18",
    "updatedOn": "2022-12-27T15:27:48.400727+00:00"
  }
]

janegilring avatar Feb 19 '24 20:02 janegilring

@dalemagna Any updates from your side?

janegilring avatar Feb 22 '24 13:02 janegilring

Closing this for now. @dalemagna please feel free to comment if you need further assistant

likamrat avatar Mar 09 '24 14:03 likamrat