I got the following error when deploying AzPerfDiagExtension via Azure Portal
"VMExtensionProvisioningError", "message": "VM has reported a failure when processing extension 'AzurePerformanceDiagnostics' (publisher 'Microsoft.Azure.Performance.Diagnostics' and type 'AzurePerformanceDiagnostics'). Error message: 'Failed to enable extension 'AzPerfDiagExtension' because either the storage account name or key provided is invalid. Please re-install extension 'AzPerfDiagExtension' using a valid storage account name and key or install Performance Diagnostics by navigating to the VM -> Help -> Performance Diagnostics blade.'. More information on troubleshooting is available at https://aka.ms/vmextensionwindowstroubleshoot. "
There are two blades how to initiate PerfDiag installation. One is to add an extension to the VM, and the second is to scroll down to the independent tab "Performance Diagnostics" in the Help column of the virtual machine.
It offers to use storage keys and managed identity. I could list SAK so I expected at least this option working but it wasn't. My role was "only" contributor so I was expecting an error coming from some permission issue.
Here are the permissions needed listed to Run Performance Diagnostics.
- The Owner role on the VM and an Azure role that includes the Microsoft.Storage/storageAccounts/listkeys/action permission on the storage account
I requested owner role for VM and I got it. The issue is that I am owner for my user account, but that isn't affecting relation between the VM and the storage account. What I did to fix the problem is to assign permissions of owner" (actually somehting less should be better) for the managed identity of the VM via IAM configuration.
What is interesting on this solution is that I previously tried to configure performance diagnostic with manual storage account name and SAK insertion to the Azure portal installation wizard (for VM Extension installation) but it failed as many time before.
What was tried (before granting permission for SA to managed identity of the VM)
- Copied fresh keys from the Storage account “Access keys” blade and manually pasted into the extension protected settings (not using connection strings).
- Explicitly set
authenticationType:StorageKey. - Confirmed account name syntax (lowercase, alphanumeric).
- Verified region match (VM and storage in same Azure region).
- Ensured network access (public “All networks”).
- Retried installation through both Support + troubleshooting → Performance diagnostics blade and extension install path.
The error might have more verbose version from Performance diagnostic blade
Failed to retrieve storage account information for performance diagnostics. Try reinstalling performance diagnostics. Error details: {"name":"StorageError","message":"Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.\n
"xhr":{"status":403,"statusText":"Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.","responseText":"{\"odata.error\":{\"code\":\"AuthenticationFailed\",\"message\":{\"lang\":\"en-US\",\"value\":\"Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.\"}}}"}}} {"name":"StorageError","message":"The table specified does not exist\n
"status":404,"statusText":"Not Found","responseText":"{\"odata.error\":{\"code\":\"TableNotFound\",\"message\":{\"lang\":\"en-US\",\"value\":\"The table specified does not exist.\"}}}"}}}
