Question

Peter Cassetta on Wed, 07 Feb 2018 19:14:10


I'm having issues with a Key Vault that was working fine in the past, not quite sure when the problem started.

I'm seeing the following warning: "The directory currently selected differs from this key vault's directory. Some actions will be disabled." I cannot view keys, secrets, or certificates, and see this error when I try to do so: "Something went wrong. Please refresh and try again."

I'm pretty lost on where to start with this.

Screenshots of the issue: twitter dot com /PeterCassetta/status/961303792561086464


Sponsored



Replies

Micah McKittrick on Wed, 07 Feb 2018 20:54:12


Hi Peter, 

Do you have any other directories in Azure? 

You can check this by selecting your username at the top right corner of the Azure Portal: 

If yes, you might not be selecting the right directory that is associated with that KeyVault. 

Peter Cassetta on Wed, 07 Feb 2018 21:10:04


Hi Micah, I do not have any other directories, at least that are listed in that dropdown. (I don't see any directories listed in the dropdown, in fact.)

Micah McKittrick on Wed, 07 Feb 2018 21:21:17


Got it, thanks for checking that. 

Are you aware of any subscription changes that occurred recently? 

Do you have multiple subscriptions? 

Peter Cassetta on Wed, 07 Feb 2018 23:13:52


Yes, we do have multiple (2) subscriptions. I'm not entirely sure why. I don't think we had two when the Key Vault was created. Should I try moving the Key Vault to the other subscription?

Micah McKittrick on Wed, 07 Feb 2018 23:28:24


I am wondering if you are having an issue similar to the one described here: 

https://docs.microsoft.com/en-us/azure/key-vault/key-vault-subscription-move-fix

We have an operation to move a keyvault to another subscription in the portal so it is not something that would have been hidden:

Do you have multiple people that have access to your Azure Subscription? 

I wouldn't suggest you move the vault yet unless we determine it was moved. 

Another thing to check would be the activity log of this KeyVault:

You can select a custom time range too and we could see if there were any actives log that might correlate to why you are seeing this error. 

Peter Cassetta on Thu, 08 Feb 2018 23:24:50


I believe the tenant move described in the article you linked is exactly what happened. I'll try to confirm and let you know, thanks!

Micah McKittrick on Thu, 08 Feb 2018 23:49:17


Sounds good! I'll be here :) 

Peter Cassetta on Fri, 09 Mar 2018 16:52:01


It's been a while, but to follow up, this was indeed it. We've solved the issue, thanks for the assistance!

Micah McKittrick on Fri, 09 Mar 2018 17:07:50


Thank you for confirming Peter! Very Happy to hear it was resolved :) 

MKKiiskinen on Mon, 26 Mar 2018 05:56:44


Thanks for the guidance, we recently faced the same issue with key vault: "The directory currently selected differs from this key vault's directory...". Root cause was fixed with guidelines pointed out in this thread by Micah: https://docs.microsoft.com/en-us/azure/key-vault/key-vault-subscription-move-fix

In our case broken key vault caused additional problem. We have App Service certificate stored in key vault, the certificate has auto renew enabled. A subscription with the key vault was transferred to a new tenant, which broke the key vault. Anyhow we did not notice the issue until certificate was expired and renewed. The renewal was not reflected to App Service which continued to use the expired version of the certificate, and secure HTTPS connection was broken. Even after vault was fixed according to the guidance, the App Service continued to use expired version of certificate.

We solved the remaining issue by first deleting the binding and certificate from App Service (expired one), and then importing and binding the certificate again (valid one). See guidance for Assign Certificate to App Service App. After these steps, App Service uses valid certificate and SSL works again.