Durable Function Error when accessing Blob Storage behind Private Endpoint

[LumineLittlelight]

Hi,

We would like to seek your advise for this issue.
We are experiencing this error below:

DurableTask.AzureStorage.Storage.DurableTaskStorageException: This request is not authorized to perform this operation.
---> Microsoft.WindowsAzure.Storage.StorageException: This request is not authorized to perform this operation.
at Microsoft.WindowsAzure.Storage.Core.Executor.Executor.ExecuteAsyncInternal[T](RESTCommand1 cmd, IRetryPolicy policy, OperationContext operationContext, CancellationToken token) at Microsoft.WindowsAzure.Storage.Queue.CloudQueue.CreateIfNotExistsAsync(QueueRequestOptions options, OperationContext operationContext, CancellationToken cancellationToken) at DurableTask.AzureStorage.TimeoutHandler.ExecuteWithTimeout[T](String operationName, String account, AzureStorageOrchestrationServiceSettings settings, Func3 operation, AzureStorageOrchestrationServiceStats stats, String clientRequestId) in //src/DurableTask.AzureStorage/TimeoutHandler.cs:line 133
at DurableTask.AzureStorage.Storage.AzureStorageClient.MakeStorageRequest[T](Func3 storageRequest, String accountName, String operationName, String clientRequestId, Boolean force) in /_/src/DurableTask.AzureStorage/Storage/AzureStorageClient.cs:line 137 Request Information RequestID:a3b8c3c0-6003-003e-2e5e-4f221d000000 RequestDate:Thu, 25 Jan 2024 07:14:49 GMT StatusMessage:This request is not authorized to perform this operation. ErrorCode:AuthorizationFailure ErrorMessage:This request is not authorized to perform this operation. RequestId:a3b8c3c0-6003-003e-2e5e-4f221d000000 Time:2024-01-25T07:14:49.8622662Z --- End of inner exception stack trace --- at DurableTask.AzureStorage.Storage.AzureStorageClient.MakeStorageRequest[T](Func3 storageRequest, String accountName, String operationName, String clientRequestId, Boolean force) in //src/DurableTask.AzureStorage/Storage/AzureStorageClient.cs:line 141
at DurableTask.AzureStorage.Storage.Queue.CreateIfNotExistsAsync() in //src/DurableTask.AzureStorage/Storage/Queue.cs:line 127
at DurableTask.AzureStorage.Messaging.TaskHubQueue.CreateIfNotExistsAsync() in //src/DurableTask.AzureStorage/Messaging/TaskHubQueue.cs:line 436

This error is emitted by Python Orchestrator Function when it want to put a blob into the storage account behind a private endpoint in VNet.
The Azure Function has VNet Integration enabled to that corresponding VNet.
We ensure that the Azure Function has sufficient roles to access the storage account with these 3 roles:

1. Storage Blob Data Contributor
2. Storage Queue Data Contributor
3. Storage Table Data Contributor

Strangely, when we make a separate function to put a file into the blob storage that is not a durable function, it can put the blob into the storage without issue.
It seems it only happens when we are using durable function.

May I seek your input that can help to solve this issue?

[nytian]

Hi, @LumineLittlelight . This error msg usually means there is an authentication issue for the storage account linked. Can you check your setting with the guide here? Thanks! Let me know if there is any further question.

[microsoft-github-policy-service]

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.