Onboarding of subscription fails
Issue
Onboarding of subscription fails and you get an error message as shown below in the logs:
Error in connection service
Aug 14 08:06:55 uazuq-uEcs-ip-10-63-140-190 uazuq/uconnsvc/use1: ts=1692000414236718910 service=ConnectionSvc QWERTYTS=14-08-2023#08:06:54 type=debug correlationid=1799eaf10eb559f3545d8c8420645ec0:545d8c8420645ec0:2f0ffe190a3d2836 tokenType=ProductToken identityType=admin identityID=hp2@druva.org globalID=67ca049b-1977-4fd2-ad08-c369253a6d63 MicrosoftTenantID=74e1ac8c-ac5f-4233-967d-9f4fd3d56629 org=68 message=" Error in creating key vault " error="Codes:[MissingSubscriptionRegistration], Msg: The subscription is not registered to use namespace 'Microsoft.KeyVault'. Seehttps://aka.ms/rps-not-foundfor how to register subscriptions." microsoftSubscriptionID=2c52c669-66ad-4361-9931-3dcf0c30253b
Cause
A resource provider or Key Vault service is not registered for the subscription.
Resolution
Register the Azure Key Vault service for the subscription and then onboard the subscription.
Onboarding of subscription fails with policy restrictions
Issue
Onboarding of subscription fails with the DisallowedByPolicy error.
Cause
Policy restrictions for the Region selected during onboarding, indicating a deny policy definition for the specific Region.
Resolution
Verify that all the prerequisites for onboarding your Azure subscriptions are met.
Ensure that the Region where you want to create the resource group and key vault are selected as Allowed locations under Policy assignments.
For more information, see Onboarding failure with policy restrictions.
Issue
Onboarding of subscription fails because Resource group creation is disallowed by the Azure policy.
β
Resolution
Update policy definition and allow Resource group creation without tags.
Issue
Onboarding of subscription fails because key vault creation is disallowed by the Azure policy.
β
Resolution
Update the Azure policy to allow key vault creation.
Issue
Onboarding of subscription fails because Managed Identity creation is disallowed by the Azure policy.
β
Resolution
Update the Azure policy to allow Managed Identity creation.
Issue
Onboarding of subscription fails because the selected subscription has a read-only lock.
Resolution
Remove the read-only lock from the subscription.
Go to "Subscriptions".
Select your target subscription.
In the left menu, click "Locks" under Settings.
Issue
Onboarding of subscription fails because of conditional access.
Resolution
Ensure that you have the appropriate permissions to perform this task. The required permissions are listed here.
Related keywords: key vault, keyvault, azurevault, vault, azure vault, azure vault key, azurevaultkey