0

I am trying to re-write a powershell functions that creates a new Storage Share and File share with specific settings. All of the customization works, however it fails on the last line. I tried using Storage Account Keys to create the storage share amongst other things. Here is the relevant code:

$storageAccountName = "filestest2"
$storageContext = New-AzStorageContext -StorageAccountName $storageAccountName
New-AzStorageShare -Name "pubs" -Context $storageContext

The Storage account already exists because it is created earlier in the function. Here is the line that I use to create the Storage Account. All the variables are defined.

$storageAccount = New-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName -SkuName Premium_LRS -location $location -Kind "FileStorage" `
          -enableLargeFileShare -AllowBlobPublicAccess $false  -EnableAzureActiveDirectoryDomainServicesForFile $true

This is the actual error message. I can't find anything relating to my issue and this error message online.

New-AzStorageShare : Server failed to authenticate the request. Make sure the value of Authorization header is formed
correctly including the signature. HTTP Status Code: 403 - HTTP Error Message: Server failed to authenticate the
request. Make sure the value of Authorization header is formed correctly including the signature.
ErrorCode: AuthenticationFailed
ErrorMessage: Server failed to authenticate the request. Make sure the value of Authorization header is formed
correctly including the signature.
RequestId:5ba2ea9d-201a-0028-0837-747c83000000
Time:2021-07-08T20:23:15.5271563Z
AuthenticationErrorDetail: Authentication scheme Bearer is not supported for Files.
At line:1 char:1
+ New-AzStorageShare -Name "pubs" -Context $storageContext
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [New-AzStorageShare], StorageException
    + FullyQualifiedErrorId : StorageException,Microsoft.WindowsAzure.Commands.Storage.File.Cmdlet.NewAzureStorageShare

This seems to be a fairly recent, and new issue. This exact function used to work a month ago (that's when I originally wrote it).

I found a similar thread here, however I tried following what it said and it did not work. (My time is not off, and I tried using the keys like I said above)

.

EDIT: According to one of the comments, I tried using Set-AzCurrentStorageAccount. I reduced my code to 4 lines so that nothing else could be causing a problem (all of my configuration).

$storageAccount = New-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName -SkuName Premium_LRS -location $location
    
    Set-AzCurrentStorageAccount -ResourceGroupName $resourceGroupName -StorageAccountName $storageAccountName
    
    $fileshareName = "pubs"

    New-AzStorageShare -name $fileShareName

This error Message is:

New-AzStorageShare : An error occurred while sending the request.
At C:\scripts\functions.ps1:2201 char:5
+     New-AzStorageShare -name $fileShareName
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [New-AzStorageShare], StorageException
    + FullyQualifiedErrorId : StorageException,Microsoft.WindowsAzure.Commands.Storage.File.Cmdlet.NewAzureStorageShar
   e
William
  • 62
  • 1
  • 8

1 Answers1

1

I had run into the same issue earlier and found this related thread.

The workaround specified by @blueww resolved the issue for me, which is to set the current storage account with Set-AzCurrentStorageAccount cmdlet before creating the new file share:

Set-AzCurrentStorageAccount -ResourceGroupName "Resource-Group-Name" -StorageAccountName "Storage-Account-Name"
New-AzStorageShare -Name "MyStorageShare" -Context $storageContext

Check if this helps.

..

EDIT: This is the working script I'm running:

#New-AzStorageShare.ps1

$resourceGroupName = "Resource-Group-Name"
$storageAccountName = "Storage-Account-Name"
$region = "westus2"

$storageAccount = New-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccountName -SkuName Premium_LRS -location $region -Kind "FileStorage"

Set-AzCurrentStorageAccount -ResourceGroupName $resourceGroupName -StorageAccountName $storageAccountName

New-AzStorageShare -Name "pubs"
Bhargavi Annadevara
  • 4,923
  • 2
  • 13
  • 30
  • I edited the script to use this code: `Set-AzCurrentStorageAccount -ResourceGroupName $resourceGroupName -StorageAccountName $storageAccountName $fileshareName = "pubs" New-AzStorageShare -name $fileShareName` It doesn't work, however the error message is slightly different `New-AzStorageShare : This request is not authorized to perform this operation. HTTP Status Code: 403 - HTTP Error Message: This request is not authorized to perform this operation. ErrorCode: AuthorizationFailure ErrorMessage: This request is not authorized to perform this operation.` – William Jul 09 '21 at 13:52
  • @William Could you run the commands passing the -Debug parameter along and post the relevant log snippet? Do remove any PII info from the log before posting it here. – Bhargavi Annadevara Jul 09 '21 at 15:24
  • I tried running it with a contest passed in however it also failed. Where are the log files stored? I haven't had to use them with PowerShell yet. – William Jul 09 '21 at 15:38
  • @William Edited my response above with the script that worked for me. Please check and run it as is and let me know how it goes. – Bhargavi Annadevara Jul 09 '21 at 16:21
  • @William You can run a cmdlet in debug mode by passing the `-Debug` parameter like this: `New-AzStorageShare -Name "pubs" -Debug`. This would print the debug logs to the console. – Bhargavi Annadevara Jul 09 '21 at 16:24
  • Here are 2 links to the relevant part of the logs in the powershell window. [Link 1](https://imgur.com/a/uHex4YG) [Link 2](https://pastebin.com/FMWh16kE) – William Jul 09 '21 at 17:17
  • Not sure what is different between my script and yours, but it is now working now. Maybe I spelled something wrong. I'm going to see if it will work in my script now. Thanks for the help! – William Jul 09 '21 at 17:22
  • @William From the links you provided above, I noticed that you are running the `New-AzureFileShare` and `New-AzureStorageShare` cmdlets. These seem to belong to the [Azure Service Management module](https://learn.microsoft.com/en-us/powershell/azure/servicemanagement/overview), which allows you to work with *classic* Azure deployments that have not been converted to *Azure Resource Manager*. So, unless you really intended to do so, you should [install the Azure Az PowerShell module](https://learn.microsoft.com/en-us/powershell/azure/install-az-ps) to work with newer ARM resources. – Bhargavi Annadevara Jul 09 '21 at 18:16
  • I'm unsure of why it says `New-AzureStorageShare`, but the `New-AzureFileShare` is the name of the function I am writing. All of the cmdlets I use in the function all use the `Azure Az` Module, rather than the `Azure Service` Module – William Jul 09 '21 at 18:20