Failed to validate the access token in the 'Authorization' header.


  • After creating a new Data Lake Storage from the portal I receive the error - AuthenticationFailed: Failed to validate the access token in the 'Authorization' header. Trace: f14e8797-dfc5-4d42-9321-3c2de8fee869 Time: 2017-10-13T11:53:54.7418896-07:00

    • Edited by rriopel Monday, October 16, 2017 12:50 PM
    Friday, October 13, 2017 7:16 PM

All replies

  • This error can happen when classic Azure subscription administrators log in to the new Azure portal using an MSA (aka ‘live ID’, Personal account, Hotmail address, …) instead of an account in the Azure subscription’s AAD tenant/directory (‘Work or School account’).

    Does this sound like your scenario?

    In this scenario, these classic Azure subscription administrators will have access to management-plane APIs, but not some data-plane APIs.

    This problem can sometimes be solved by having the owner of the AAD tenant invite the MSA user (in this case, the email address you see in the top right of the portal) as a “guest user”. This adds the MSA user as a guest to the AAD tenant/directory, giving them an entry in the directory needed for some data-plane API calls. The MSA user will be able to log in to the Azure subscription’s AAD tenant/directory and perform data-plane API calls as needed. 

    Please try this out and let us know if you run into any issues. 

    I hope this helps!

    Best regards,

    Matthew Hicks
    Azure Data Lake

    Saturday, October 14, 2017 12:18 AM
  • Hi Matthew.  This does sound like the right scenario. I didn't have an subscription associated with my default directory. After associating a subscription with it I was able to authorize to the Data Lake storage.  Thanks 
    Monday, October 16, 2017 3:39 PM