You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/machine-learning/how-to-troubleshoot-managed-network.md
+11-2Lines changed: 11 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,7 +19,7 @@ This article provides information on troubleshooting common issues with Azure Ma
19
19
20
20
## Can I still use an Azure Virtual Network?
21
21
22
-
Yes, you can still use an Azure Virtual Network for network isolation. If you're using the v2 __Azure CLI__ and __Python SDK__, the process is the same as before the introduction of the managed virtual network feature. The process through the Azure portal has changed slightly.
22
+
Yes, you can still use an Azure Virtual Network for network isolation. If you're using the v2 __Azure CLI__ and __Python SDK__, the process is the same as before the introduction of the managed virtual network feature. The process through the Azure portal changed slightly.
23
23
24
24
To use an Azure Virtual Network when creating a workspace through the Azure portal, use the following steps:
25
25
@@ -33,13 +33,22 @@ To use an Azure Virtual Network when creating a workspace through the Azure port
33
33
34
34
When you create a managed virtual network, the operation can fail with an error similar to the following text:
35
35
36
-
"The client '\<GUID\>' with object id '\<GUID\>' does not have authorization to perform action 'Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/read' over scope '/subscriptions/\<GUID\>/resourceGroups/\<resource-group-name\>/providers/Microsoft.MachineLearningServices/workspaces/\<workspace-name\>' or the scope is invalid."
36
+
"The client '\<GUID\>' with object id '\<GUID\>' doesn't have authorization to perform action 'Microsoft.MachineLearningServices/workspaces/privateEndpointConnections/read' over scope '/subscriptions/\<GUID\>/resourceGroups/\<resource-group-name\>/providers/Microsoft.MachineLearningServices/workspaces/\<workspace-name\>' or the scope is invalid."
37
37
38
38
This error occurs when the Azure identity used to create the managed virtual network doesn't have the following Azure role-based access control permissions:
## Troubleshoot configurations on connecting to storage
44
+
45
+
When you create a workspace, required outbound rules to Azure storage are autocreated for data upload scenarios and artifact storage. Ensure your Azure storage is set up correct by checked with the following steps:
46
+
47
+
1. In Azure portal, check the network settings of the storage account that is associated to your hub.
48
+
* If public network access is set to __Enabled from selected virtual networks and IP addresses__, ensure the correct IP address ranges are added to access your storage account.
49
+
* If public network access is set to __Disabled__, ensure you have a private endpoint configured from your Azure virtual network to your storage account with Target subresource as blob. In addition, you must grant the [Reader](/azure/role-based-access-control/built-in-roles#reader) role for the storage account private endpoint to the managed identity.
50
+
2. In Azure portal, navigate to your Azure Machine Learning workspace. Ensure the managed virtual network is provisioned and the outbound private endpoint to blob storage is Active.
51
+
43
52
## Next steps
44
53
45
54
For more information, see [Managed virtual networks](how-to-managed-network.md).
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments