Virtual Private Gateway will not deploy

Question

Virtual Private Gateway will not deploy

James Wilding 0

I get this:

The client with object id '0bb675e8-5669-4fe4-840e-a57b880795ab' does not have authorization to perform action 'Microsoft.Network/publicIPAddresses/join/action' over scope '/subscriptions/b86c36ba-fe4d-4e83-ba06-dfe45541efc2/resourceGroups/westandberry/providers/Microsoft.Network/publicIPAddresses/VPNIP' or the scope is invalid. For details on the required permissions, please visit 'https://aka.ms/vngwroles'. If access was recently granted, please refresh your credentials. (Code: LinkedAccessCheckFailed)

But I am root admin on the domain.

G Sree Vidya 4,005 Reputation points Microsoft External Staff Moderator

2025-08-07T15:41:34.7966667+00:00

Hi James Wilding

We haven't heard back from you regarding our last response and wanted to check if you had the opportunity to review our previous post.

Please let us know if you have any questions or concerns. We are happy to assist you.
G Sree Vidya 4,005 Reputation points Microsoft External Staff Moderator

2025-08-08T19:47:34.8966667+00:00

Hi James Wilding

I wanted to follow up and check if you had the opportunity to review the information provided in our previous post.

Kindly let us know if the above helps or you need further assistance on this issue.

1 answer

Your answer

G Sree Vidya 4,005 Reputation points Microsoft External Staff Moderator

2025-08-07T15:41:34.7966667+00:00

Hi James Wilding

We haven't heard back from you regarding our last response and wanted to check if you had the opportunity to review our previous post.

Please let us know if you have any questions or concerns. We are happy to assist you.
G Sree Vidya 4,005 Reputation points Microsoft External Staff Moderator

2025-08-08T19:47:34.8966667+00:00

Hi James Wilding

I wanted to follow up and check if you had the opportunity to review the information provided in our previous post.

Kindly let us know if the above helps or you need further assistance on this issue.

Answer 1

Hi James Wilding

You're encountering an authorization issue when trying to deploy your Virtual Private Gateway.

The error message indicates that your account doesn't have the necessary permissions to perform the action: Microsoft.Network/publicIPAddresses/join/action on the specified resource.

means that the identity (user or service principal) is missing specific permissions on the Public IP resource or its resource group.

Please ensure that your account has one of the following roles assigned:

Network Contributor
Contributor (broader access)
Virtual Network Contributor (if working with VNet-related resources)

You can assign the role via Azure Portal:

Azure Portal → Resource Group or Resource → Access Control (IAM) → Add Role Assignment

Or via PowerShell:

New-AzRoleAssignment -ObjectId "0bb675e8-5669-4fe4-840e-a57b880795ab" `
-RoleDefinitionName "Network Contributor" `
-Scope "/subscriptions/b86c36ba-fe4d-4e83-ba06-dfe45542efc2/resourceGroups/westandberry"

Please refer this Microsoft document to know about VPN Roles https://docs.azure.cn/en-us/vpn-gateway/roles-permissions

I hope this helps! If these answers your query, do click the "Upvote" of which might be beneficial to other community members reading this thread.

If the above is unclear or you are unsure about something, please add a comment below.

Share via

Virtual Private Gateway will not deploy

1 answer

Your answer