Support Center > Search Results > SecureKnowledge Details
vSEC Cluster in Microsoft Azure failed over even though there was no connectivity between networks Technical Level
Symptoms
  • vSEC Cluster in Microsoft Azure failed over even though there was no connectivity between networks.

  • Running the $FWDIR/scripts/azure_ha_test.py script (per sk110194) on cluster members showed:

    All tests were successful!
  • Debug of Azure HA daemon (per sk110194) showed in the $FWDIR/log/azure_had.elg file that the API calls fails:

    {"error":{"code":"AuthorizationFailed","message":"The client '<XXX>' with object id '<XXX>' does not have authorization to perform action '<YYY>' over scope '/subscriptions/...'."}}

    Examples:

    • {"error":{"code":"AuthorizationFailed","message":"The client 'f7...f9' with object id 'f7...f9' does not have authorization to perform action 'microsoft.compute/virtualmachines/read' over scope '/subscriptions/b4...10/resourceGroups/MY-CLUSTER/providers/Microsoft.Compute/virtualMachines/MyClusterMember1'."}}
    • {"error":{"code":"AuthorizationFailed","message":"The client '96...c2' with object id '96...c2' does not have authorization to perform action 'Microsoft.Network/routeTables/read' over scope '/subscriptions/ca...da/resourceGroups/MY-CLUSTER/providers/Microsoft.Network/routeTables/From_Apim_Route'."}}
Cause

The Microsoft Azure cluster API calls fail due to a lack of a proper user or a role configured for the specific object.


Solution
Note: To view this solution you need to Sign In .