Zerto 9 Update 1 – New needed Azure permission

Hi All,

A few days ago I upgraded to U1 and our replication broke to Azure. There was an error in Zerto along the lines of “we can’t spin up a new scale set” I have a support ticket opened but was able to figure it out myself using Google and trying a few things based on the same Azure error popping up in other products. Support was stumped and couldn’t figure it out as they haven’t seen it, so I figure I share here to save others trouble. This only happened after upgrade to U1 as we were running 9 without issues.

Basically it appears that you have to now also have a permission called “Storage Blob Data Owner” right on the storage account itself where Zerto is writing. Previously I had the well documented “Storage Blob Data Contributor” and “Storage Queue Data Contributor”, as well as “Contributor” roles defined for the Managed Identity at the Subscription level, so all I did was add “Storage Blob Data Owner” right on the storage account and after that the scale set was able to spin up and all my replication resumed. A few different articles online seem to point to the fact that this HAS to be set on the storage account itself and not inherited down. I have earlier in my troubleshooting tried setting the Managed Identity as a full Owner on the subscription and that wasn’t enough, only after adding Blob Data Owner on the storage account did things resolve.

Hope this helps someone.