Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

back

Key Broker for Azure Service

Troubleshooting

search

Troubleshooting

Troubleshooting

This section describes some of the common errors and how to overcome them while using the DPoD Key Broker for Azure service.

Sorry, but we’re having trouble signing you in

If you get this error while trying to authenticate with Azure:


Sorry, but we’re having trouble signing you in.

AADSTS50020: User account '...' from identity provider 'live.com' does not exist in tenant '...' and cannot access the application '...' in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.

This error means that you are trying to use a personal Azure account. The Key Broker for Azure service is designed to work with "organizational accounts" (part of a company's Active Directory). For more information about creating an "organizational account" see the section Creating an Azure organizational account.

Received an error (HTTP 403) from MS Azure

If you get this error after completing the Add New Service wizard:


While trying to retrieve managed applications, received an error (HTTP 403) from MS Azure.

This error means that the user is not a "Global Administrator" level user in the Azure Active Directory. The Key Broker for Azure service is designed to work with "Global Administrator" level user accounts. For more information about making an Azure user a "Global Administrator" see the section Creating an Azure organizational account.

Failed to save Transparent Data Encryption settings for SQL resource:

By default, the Key Broker for Azure service does not set an Activation Date on generated service keys. If you attempt to use a service key without an activation date for SQL TDE the Azure Portal returns the following error:


Failed to save Transparent Data Encryption settings for SQL resource: <SQL resource name>

To use the service key to encrypt SQL TDE you must access the key settings in Azure Portal and set a Activation date for the key. See Manage Keys and Secrets in the Azure Portal documentation for more information about updating key settings.