In order to do the lab I am being asked to create storage, however when I follow the steps in tutorial to create storage I get error due to policy restriction.
Storage creation failed
Error: 403
{"error":{"code":"RequestDisallowedByPolicy","target":"tststccacc","message":"Resource ‘tststccacc’ was disallowed by policy. Policy identifiers: ‘[{"policyAssignment":{"name":"Allowed locations","id":"/providers/Microsoft.Management/managementGroups/Vader-Gen2-Labs/providers/Microsoft.Authorization/policyAssignments/47f9111a3dc447249295c3e2"},"policyDefinition":{"name":"Allowed locations","id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c"}},{"policyAssignment":{"name":"Allowed locations – Exclude IoTCentral","id":"/providers/Microsoft.Management/managementGroups/Vader-Gen2-Labs/providers/Microsoft.Authorization/policyAssignments/c2fa07b5891b4e31baff87a9"},"policyDefinition":{"name":"Allowed locations – Exclude IoTCentral","id":"/providers/Microsoft.Management/managementGroups/Vader-Gen2-Labs/providers/Microsoft.Authorization/policyDefinitions/ad14bdb6-1405-40f3-8e13-96b56d70251e"}}]’.","additionalInfo":[{"type":"PolicyViolation","info":{"policyDefinitionDisplayName":"Allowed locations","evaluationDetails":{"evaluatedExpressions":[{"result":"True","expressionKind":"Field","expression":"location","path":"location","expressionValue":"westeurope","targetValue":["canadaeast","centralindia","centralus","eastasia","eastus","eastus2","germanynorth","germanywestcentral","global","japanwest","koreacentral","koreasouth","northcentralus","southcentralus","southindia","westcentralus","westindia","westus","westus2"],"operator":"NotIn"},{"result":"True","expressionKind":"Field","expression":"location","path":"location","expressionValue":"westeurope","targetValue":"global","operator":"NotEquals"},{"result":"True","expressionKind":"Field","expression":"type","path":"type","expressionValue":"Microsoft.Storage/storageAccounts","targetValue":"Microsoft.AzureActiveDirectory/b2cDirectories","operator":"NotEquals"}]},"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","policyDefinitionName":"e56962a6-4747-49cd-b67b-bf8b01975c4c","policyDefinitionEffect":"deny","policyAssignmentId":"/providers/Microsoft.Management/managementGroups/Vader-Gen2-Labs/providers/Microsoft.Authorization/policyAssignments/47f9111a3dc447249295c3e2","policyAssignmentName":"47f9111a3dc447249295c3e2","policyAssignmentDisplayName":"Allowed locations","policyAssignmentScope":"/providers/Microsoft.Management/managementGroups/Vader-Gen2-Labs","policyAssignmentParameters":{"listOfAllowedLocations":{"value":["canadaeast","centralindia","centralus","eastasia","eastus","eastus2","germanynorth","germanywestcentral","global","japanwest","koreacentral","koreasouth","northcentralus","southcentralus","southindia","westcentralus","westindia","westus","westus2"]}}}},{"type":"PolicyViolation","info":{"policyDefinitionDisplayName":"Allowed locations – Exclude IoTCentral","evaluationDetails":{"evaluatedExpressions":[{"result":"True","expressionKind":"Field","expression":"location","path":"location","expressionValue":"westeurope","targetValue":["canadaeast","centralindia","centralus","eastasia","eastus","eastus2","germanynorth","germanywestcentral","global","japanwest","koreacentral","koreasouth","northcentralus","southcentralus","southindia","westcentralus","westindia","westus","westus2"],"operator":"NotIn"},{"result":"True","expressionKind":"Field","expression":"location","path":"location","expressionValue":"westeurope","targetValue":"global","operator":"NotEquals"},{"result":"True","expressionKind":"Field","expression":"type","path":"type","expressionValue":"Microsoft.Storage/storageAccounts","targetValue":"Microsoft.AzureActiveDirectory/b2cDirectories","operator":"NotEquals"},{"result":"True","expressionKind":"Field","expression":"type","path":"type","expressionValue":"Microsoft.Storage/storageAccounts","targetValue":"Microsoft.IoTCentral/IoTApps","operator":"NotEquals"}]},"policyDefinitionId":"/providers/Microsoft.Management/managementGroups/Vader-Gen2-Labs/providers/Microsoft.Authorization/policyDefinitions/ad14bdb6-1405-40f3-8e13-96b56d70251e","policyDefinitionName":"ad14bdb6-1405-40f3-8e13-96b56d70251e","policyDefinitionEffect":"deny","policyAssignmentId":"/providers/Microsoft.Management/managementGroups/Vader-Gen2-Labs/providers/Microsoft.Authorization/policyAssignments/c2fa07b5891b4e31baff87a9","policyAssignmentName":"c2fa07b5891b4e31baff87a9","policyAssignmentDisplayName":"Allowed locations – Exclude IoTCentral","policyAssignmentScope":"/providers/Microsoft.Management/managementGroups/Vader-Gen2-Labs","policyAssignmentParameters":{"listOfAllowedLocations":{"value":["canadaeast","centralindia","centralus","eastasia","eastus","eastus2","germanynorth","germanywestcentral","global","japanwest","koreacentral","koreasouth","northcentralus","southcentralus","southindia","westcentralus","westindia","westus","westus2"]}}}}]}}
Can’t create a storage account. Please try again.
4 Answers
Hi there,
When you are configuring the cloud shell, are you providing a unique name for the Storage account and file share? I was getting this same error and it was due to this.
Hi, Yes I am providing unique name. Looking at the error log which I posted with the question, it seems that there is policy which is not allowing to create storage.
Saw this answer in another thread. I was having the same issue until I followed these instructions:
1) Login to your hands-on lab
2) Take a look at Resource Groups
3) Take note of the location your Resource Group is currently in
4) Navigate to Create New Resource > Storage
5) Create a new storage account as below:
Use the location of the Resource Group you noted earlier
Ensure you use a unique Storage Account name
Leave the defaults as-is for now, and see if everything works
If you run in to any issues through this step, the deployment should fail, and you should be able to see more information about why. You can also navigate in to the Resource Group itself, choose ‘Deployments’ in the menu on the left, and see any history of failed attempts.
My own notes to that: After I created the storage resource, I went back to the Cloud Shell Icon and hit ‘advanced settings’. Made sure my lab account was in the first dropdown, my storage I just created using the above instructions in the second and gave a unique name to the file share in the third. Voila!
Works like a charm. Thank you.
thank you – changing the location to be the same in both the resource group and storage resolved to issue
I think I had this problem. It was due to me being logged into Azure with the wrong account ie my personal email rather then the Cloudguru Lab account. So log off azure, reboot your computer, make yourself a cup of tea and try again and it should work and you will have a nice cup of tea for yourself – all good.
As Nicole mentioned, you need to provision the storage account in the same region as the subscription – after login at the Overview page, check the Location next to the subscription ID. In my case it was East US, creating the storage account was easy following the lab process with the right region 🙂
I have this problem in this lab too.