locked
Register Key Vault for Tenant Subscription RRS feed

  • Question

  • I have Azure Stack TP2 running. I have one tenant who is a typical user in AAD.  This tenant has created a subscription and has added an Offer from the provider successfully.  I want to deploy ARM Templates that use Key Vault to this tenant subscription.  However, when I follow the instructions in the "Getting Started with Key Vault" documentation, I keep getting a "InvalidResourceNamespace: The resource namespace 'Microsoft.KeyVault' is invalid".

    Even if I add my AAD Global Admin as an Owner of the tenant subscription, I am unable to register the Key Vault Resource Provider to this subscription without that error.  Am I missing something?  The documentation seems to indicate that you simply need to register the Microsoft.KeyVault namespace with a subscription, and you're ready to go.

    Thanks.

    Tuesday, October 18, 2016 7:20 PM

Answers

  • Hello lamiam1,

    Can you please confirm that Microsoft.KeyVault is registered as a available service in the subscription you using? Please refer to Step 6 on this document for how to add the service to the Plan. 

    How are you defining the Azure Stack endpoints on your PowerShell script *before* calling Register-AzureRmResourceProvider? The fact that your are unable to Register the provider as either Service Admin or Tenant, leads me to believe that your KeyVault endpoint is not defined.

    Can you please run the following script and provide the output:  Get-AzureRmEnvironment | Select-Object -Property Name, AzureKeyVaultDnsSuffix, AzureKeyVaultServiceEndpointResourceId

    Thanks,

    Ricardo

    Wednesday, October 19, 2016 7:11 PM

All replies

  • To follow up, this is not just about Key Vault.  Why is it that the same Resource Providers available for the Admin Subscription (Default Provider Subscription) are not available for a Tenant Subscription?  I can understand the elevated administrator functions not being available, but why not things like Key Vault?  In fact, all I see available for a Tenant Subscription are Microsoft.Compute, Microsoft.Storage, and Microsoft.Network.  Can someone explain the differences between Admin Subscriptions and Tenant Subscriptions at a more granular level?

    Thanks for any insight you can provide.

    Wednesday, October 19, 2016 11:45 AM
  • Hello,

    We are checking on the query and would get back to you soon on this.

    Apologize for the inconvenience and appreciate your time and patience in this matter.

     

    Regards,

    Pradeep

    Wednesday, October 19, 2016 3:26 PM
  • Hello lamiam1,

    Can you please confirm that Microsoft.KeyVault is registered as a available service in the subscription you using? Please refer to Step 6 on this document for how to add the service to the Plan. 

    How are you defining the Azure Stack endpoints on your PowerShell script *before* calling Register-AzureRmResourceProvider? The fact that your are unable to Register the provider as either Service Admin or Tenant, leads me to believe that your KeyVault endpoint is not defined.

    Can you please run the following script and provide the output:  Get-AzureRmEnvironment | Select-Object -Property Name, AzureKeyVaultDnsSuffix, AzureKeyVaultServiceEndpointResourceId

    Thanks,

    Ricardo

    Wednesday, October 19, 2016 7:11 PM
  • Hi Ricardo,

    You solved this for me!  I neglected to add the Microsoft.KeyVault Service to the Plan. 

    Thanks a ton.

    Mike

    Wednesday, October 19, 2016 9:00 PM