Troubleshooting
This section describes some of the common errors and how to overcome them while using the DPoD Key Broker for Azure service.
Sorry, but we’re having trouble signing you in
If you get this error while trying to authenticate with Azure:
Sorry, but we’re having trouble signing you in.
AADSTS50020: User account '...' from identity provider 'live.com' does not exist in tenant '...' and cannot access the application '...' in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
This error means that you are trying to use a personal Azure account. The Key Broker for Azure service is designed to work with "organizational accounts" (part of a company's Active Directory). For more information about creating an "organizational account" see the section Creating an Azure organizational account.
Received an error (HTTP 403) from MS Azure
If you get this error after completing the Add Service wizard:
While trying to retrieve managed applications, received an error (HTTP 403) from MS Azure.
This error means that the user is not a "Global Administrator" level user in the Azure Active Directory. The Key Broker for Azure service is designed to work with "Global Administrator" level user accounts. For more information about making an Azure user a "Global Administrator" see the section Creating an Azure organizational account.
Failed to save Transparent Data Encryption settings for SQL resource:
By default, the Key Broker for Azure service does not set an Activation Date on generated service keys. If you attempt to use a service key without an activation date for SQL TDE the Azure Portal returns the following error:
Failed to save Transparent Data Encryption settings for SQL resource: <SQL resource name>
To use the service key to encrypt SQL TDE you must access the key settings in Azure Portal and set a Activation date for the key. See Manage Keys and Secrets in the Azure Portal documentation for more information about updating key settings.
Operation sign is not allowed on expired key
When a key is created using the Key Broker for Azure service and no activation or expiration date is defined the Azure service will set and display a default date of 01/01/1970
. You can update the key activation and expiration date using the Azure user interface or the Azure Update Key API.