This message was deleted.

Works fine for me. Have been following those cases on the SAS token issue. Are you using multiple subscriptions with your config. I have all the Aop Layering components in the same resource group.

works here, had trouble with the managed identity across multiple resource groups but got that sorted out

@Rob Zylowski, we started trying to cross subscriptions and resource groups but went back to simplify and isolated to the same subscription and resource group as the ELM.

Hmm must be a security setting. My lab environment is plain vanilla. Do you see any particular permission errors in the Azure logs

And that’s where we are stuck; the error clearly says it’s an authorization error. We have the failed request ID. Microsoft can’t seem to find what it’s failing to do, and Citrix can’t tell us more than it’s failing on the SAS token.

Do you have contributor on the subscription or resource group level. Might be interesting to test at subscription level even if you cant use that long term. I assume otherwise those rights need to be on the resource group and network. I think everything else would be within that.

Resource group, I’ll ask to see if they can grant it at the subscription level.

😞

It’s finally working; we had an endpoint policy for the storage accounts attached to the subnet preventing the ELM from populating the cache disk.

Awesome glad you finally figured it out!