Lesson Learned #163: Failed to save Auditing settings for server: xxx .Principal xxx does not exist

This post has been republished via RSS; it originally appeared at: Azure Database Support Blog articles.

I have been working on a support ticket were customer was getting the following error trying to save Auditing settings.

 

Palomag_MSFT_0-1613684965611.png

 

“Failed to save Auditing settings for server: xxx .Principal xxx does not exist in the directory xxx”. 

 

During auditing configuration , customer had selected, an storage account that was being used by other Azure SQL server to save their auditing logs.

 

We confirmed that storage account was configured with firewall enabled

 

Palomag_MSFT_2-1613685632822.png

 

The problem came because,  identity assignment  was not getting saved correctly.

 

Executing the following query we could see that identity was not getting saved


select * from sys.database_scoped_credentials

 

The solution was reassign the Identity and resave auditing executing the following PowerShell command

 

Set-AzSqlServer -ResourceGroupName <NameofTheRG> -ServerName  <NameOFTheServer> -AssignIdentity

If server also has TDE with AKV you will need to run :

$server = Get-AzSqlServer -ResourceGroupName rgname -ServerName server $objectid = $server.Identity.PrincipalId Set-AzKeyVaultAccessPolicy -VaultName vault -ObjectId $objectid -PermissionsToKeys get, wrapKey, unwrapKey
 

 

After apply mitigation, "select * from sys.database_scoped_credentials"  output was the following, and auditing configuration could be saved correctly 
 

Palomag_MSFT_1-1613685530926.png

 

Enjoy!

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.