0
我正尝试使用对等功能的新Azure虚拟网络公开预览来加入两个网络,我拥有两个不同的订阅,即不同的租户。这是可能的,我还没有看到任何其他的说法,但是当我尝试在PowerShell中对其进行同步时,出现以下错误。虚拟网络可以跨越天蓝色租户进行对等吗?
客户端必须在范围执行操作 'Microsoft.Network/virtualNetworks/peer/action' “/订阅/ {GUID2}/resourceGroups /默认-悉尼/提供商 /Microsoft.Network/virtualNetworks许可/ SYDVN/virtualNetworkPeerings/LinkToSYDVN',但是链接订阅'{Guid1}' 不在当前租户'{Guid3}'中。
完整的错误和命令
PS C:\Windows\system32> Add-AzureRmVirtualNetworkPeering -name LinkToSYDVN -VirtualNetwork $SYDVN -RemoteVirtualNetworkId "/subscriptions/{Guid1}/resourceGroups/Default-Sydney/providers/Microsoft.Network/virtualNetworks/SYDVN1" -BlockVirtualNetworkAccess
WARNING: The output object type of this cmdlet will be modified in a future release.
Add-AzureRmVirtualNetworkPeering : The client has permission to perform action 'Microsoft.Network/virtualNetworks/peer/action' on scope '/s
ubscriptions/{Guid2}/resourceGroups/Default-Sydney/providers/Microsoft.Network/virtualNetworks/SYDVN/virtualNe
tworkPeerings/LinkToSYDVN', however the linked subscription '{Guid1}' is not in current tenant
'{Guid3}'.
StatusCode: 403
ReasonPhrase: Forbidden
OperationID : '{Guid4}'
At line:1 char:1
+ Add-AzureRmVirtualNetworkPeering -name LinkToSYDVN -VirtualNetwork $S ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Add-AzureRmVirtualNetworkPeering], NetworkCloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Network.AddAzureVirtualNetworkPeeringCommand
任何帮助将非常感激。
UPDATE
从MS技术Loydon
“互联星空对等依赖于ARM RBAC进行授权。但是,ARM RBAC不支持跨租户链接访问检查。这样既订阅必须属于同一个Azure Active Directory租户,因此当前的VNet对等仅限于同一个Azure Active Directory域中的客户订阅,这给了他们相同的Tenant标记,允许对等发生。租户“
感谢Anavi,经过一天又没有答案我也在MD论坛发帖。在这里看到更详细的答案https://social.msdn.microsoft.com/Forums/en-US/824aaf76-71df-4235-9190-5816976dbd30/is-virtual-network-peering-across-azure-tenants-possible?论坛= WAVirtualMachinesVirtualNetwork – Martyn
是否有任何支持跨ADT对等的可能性?这个限制实际上限制了强大的VN对等的使用。 –