Admin Centre on Gateway server, 403 error when trying to connect to Azure

Copper Contributor

Hello All. 

 

I'm a bit stuck...for obvious reasons I want to install the above as a gateway server, all is working as far as being able to manage internal servers, but I'm unable to connect to Azure, I get the below error when generating the code to copy to connect to the Azure Tenant.

I've run dev tools in Edge and seem to be getting a 403 error when the token is generated, the annoying thing is it the same mechanism works fine when generating from a local machine with a local install of admin centre.

 

The server is a clean install of 2016 and the certificate is installed on the client machine connecting to the server.

 

Simon_Hargraves_0-1692371668928.png

 

Any help would be appreciated.

 

3 Replies

Hi @Simon_Hargraves 

 


The issue you're facing with a 403 error when trying to connect your Admin Centre on a Gateway server to Azure indicates that the server understands your request but refuses to authorize it.

 

Try this:

1. Ensure that the Azure AD application used by your WAC has the necessary permissions to access the resources it's trying to manage. See here Azure Active Directory > App registrations > Your App > API permissions.

2. Since you mentioned that the certificate is installed on the client machine connecting to the server, ensure that the certificate is also trusted by the server where WAC is installed. Additionally, verify that the certificate matches the domain you are trying to connect to and that it has not expired.

3. Ensure that any network devices or firewalls between your Gateway server and Azure do not block the necessary ports or URLs required for Azure connectivity.

4. Verify if the service principal associated with your WAC on the Gateway server has been assigned the correct roles within Azure. It might require Contributor, Reader, or custom roles depending on the operations it needs to perform.

5. If your organization uses Conditional Access Policies, check if any policies might be blocking or restricting access from your Gateway server to Azure services. 

Let me know what you find!

@Rebecca_Wambua 

 

Thank you for your reply, I've since resolved this issue, from memory it was to do was adding a user to a local group allowing the correct permissions.

 

I do appreciate that you've taken the time to reply to such an old post though.

 

Have a great day.

Happy to hear this! Thank you