Restoring the Automation Suite Platform Using NFS Backup Fails Due to Managed Identity Assignment Issues

system · January 3, 2025, 4:26pm

How to restore the Automation Suite Platform Using NFS Backup Fails Due to Managed Identity Assignment Issues

Issue Description

While restoring the Automation Suite platform using the NFS backup as per the official documentation, the process fails due to errors related to the assignment of managed identities with Azure resources.

Example error messages include:

Azure resource ‘azure-resource-id’ does not have access to identity ‘managed-identity-id’.
No managed service identities are associated with resource ‘azure-resource-id’.

Additionally, the IMDS (Instance Metadata Service) endpoint may respond with a 400 status code, indicating that the requested identity is not assigned to the VM.

Root Cause

Missing or Incorrect Identity Assignment: The managed identity (user-assigned or system-assigned) is not correctly associated with the Azure resources or VM.
Proxy or Gateway Interference: The IMDS endpoint does not support requests routed via proxies or gateways.

Resolution

Perform the following steps depending on the managed identity configuration:

User-Assigned Managed Identity:
1. Verify the ID being used for the user-assigned identity.
2. Reassign the identity to the Azure resource:
  - Sign in to the Azure portal.
  - Navigate to the target VM.
  - Click Identity > User assigned, then click +Add.
  - Select the required user-assigned identity and click Add.
System-Assigned Managed Identity:

If the system-assigned identity is not functioning correctly, disable the identity, then re-enable it:

- Sign in to the Azure portal.
- Navigate to the target VM.
- Click Identity > System assigned.
- Toggle the status off, then on again.

Further:

For user-assigned identities, ensure the correct ID is specified.
For system-assigned identities, ensure they are enabled and properly configured (review the official Azure-managed identity documentation).
Disable any proxies or gateways running on the VM that could interfere with requests to the IMDS endpoint (http://169.254.169.254).

Additional Notes:

If certain identities are no longer needed, remove them from the Azure resource to reduce potential conflicts.
Ensure all permissions required for the Automation Suite restoration process are correctly assigned at the subscription or resource level.

Topic		Replies	Views
Access identity manager in cloud version Help orchestrator , question	1	1343	January 10, 2021
Orchestartor robot faulted every time while running job getting error details as "Logon failure: unknown user name or bad password" Help	11	5745	October 30, 2017
Not have authorization to perform action 'Microsoft.Compute/virtualMachines/read' over scope '/subscriptions/XX Activities activities , question , azure	0	1108	March 11, 2021
Connect platform.uipath.com Orchestrator to robot in Azure VM Help robot	2	1630	May 22, 2019
UiPath Identity Server URL: "You do not have permission to view this directory or page" Marketplace orchestrator	15	3737	April 23, 2022