JIT Network Access request initiate failed

Regular Visitor

Hi, I am come across an issue where i have deployed s pair of NVA in a a VNet both NVA and VNet are part of same resource group. The deployment was done through Azure Blueprint that included ARM template using system managed identity. This blue print also deployed additional VNets as well. However now when i enable JIT for the NVAs in Security center. NSGs are as expected  modified to include the new JIT rules. However when i request access for JIT through ASC, it does not work and i get message in logs  "JIT Network Access request initiate failed". I have owner rights on the subscription. If i deploy new VM in this VNet same issue happens with that VM as well. However if i deploy VM in other VNets deployed through the same blueprint they have no issue and JIT works as expected. Just to confirm all resource groups and VNets are in same region. however if i create a new VNet if problematic resource group JIT works with new VNet in same resource group. 

Since NVA has multiple NICs and accelerated networking enabled i simulated that as well in other Vnets but no issues with JIT. Any help would be appreciated as I cannot anything apart from the message above in logs. 

1 Reply

@mynxt Hi

I would suggest reviewing the activity log for the affected VM and the activity log for the affected NSG. At least to get more details. Another thing will be to validate if a policy or initiative is affecting the JIT request.