Key Vault – Failed to sync the certificate.: The service does not have access to ‘*’ Key Vault

TLDR; How to fix Failed to sync the certificate.: The service does not have access to ‘*’ Key Vault

Hello! You may want to read this post if you have come across one of the following errors related to Key Vault:

  • Failed to update all the resources with the latest certificate
  • Failed to sync the certificate.: The service does not have access to ‘*’ Key Vault
  • Resource Microsoft.Web/certificates “[XXX]” failed with message { “Code”: “BadRequest”, “Message”: “The service does not have access to ‘/subscriptions/[subscription]/resourcegroups/[resource-group-name]/providers/microsoft.keyvault/vaults/[vault-name]’ Key Vault. Please make sure that you have granted necessary permissions to the service to perform the request operation.
  • Failed to add App Service certificate to the app, Check error for more details. Error Details: The service does not have access to ‘XXX’ Key Vault. Please make sure that you have granted necessary permissions to the service to perform the request operation.

add/sync certificate error


I came across a similar challenge recently.

We have an App Service Certificate purchased from Microsoft Azure Portal, and stored in a Key-Vault.

The same certificate was then imported and bound to many app services.

The App Services Certificate was configured to auto-renew and it was expected to be synced once it renews, but surprisingly – it just expired.

What Happened

When I investigated – I found that the App Service Certificate was renewed sometimes back before the expiry date, but it did not sync for some reason.

I, obviously, tried googling for solutions. Few of the links I explored:

I tried the suggestions but nothing worked for me. Then I decided to contact Microsoft Azure Support.

In the process, I found a potential solution. I appreciate they have initial trouble-shooting cards available on the support page.

Azure portal Trouble-Shooting page

Though I read it, I didn’t help. Then I realized that step #2 has some contents in markdown:

I tried fixing the markdown for appropriate message and I got this:

The two Service Principals above need to be granted with mentioned permissions.

These two service principals are default Resource Provider principals and their object-Ids are supposed to be common for everyone.

How to fix the permissions on the key-vault

  • Navigate to your key-vault
  • Click on “Access policies”
Navigate to Access policies
  • “Add Access Policy” if you do not have the two given service principals added already.
  • Assign the permissions for the two service principals as in the table below:
Service PrincipalSecret PermissionsCertificates
Microsoft Azure App ServiceGetGet

access policies
  • Save the access policy changes.
  • Navigate to App Service Certificate in question
  • click on “Rekey and Sync”
rekey and sync
  • click on “Sync”. Make sure your certificate is listed under “Linked Private Certificate”.
  • After the sync the existing certificate should be renewed.


To fix the app service certificate sync issues – you need to fix the permissions on the key vault for the two service principals and then Sync the certificate once. Please refer to the post above for the details of the service principals.

Thanks for reading this article on 🙂

Error CS0234: The type or namespace name ‘HelloWorld.Core’ does not exist in the namespace ‘HelloWorld’

Warning MSB3245: Could not resolve this reference. Could not locate the assembly “HelloWorld.Core”. Check to make sure the assembly exists on disk. If this reference is required by your code, you may get compilation errors.

Error CS0234: The type or namespace name ‘Core’ does not exist in the namespace ‘Document360’ (are you missing an assembly reference?)

Are you seeing your Azure Pipelines build failing with similar error/warning message? It’s very likely that it’s a missing project dependency issue. It’s a usual case when you have a solution inside which you have multiple project and have added project-A as a dependency in project-B under the same solution.

How to fix Error CS0234: The type or namespace name ‘XXXX.Core’ does not exist in the namespace ‘XXXX’?

Check if you have added the project as dependency. It’s likely that you may have added the reference to the project’s DLL instead of the Project itself inside the solution.

While adding the reference to another project – always add the reference to the Project, and not the Project’s DLL by browsing for it.

While adding the reference you can find all the project for the current solution under “Projects” tab. Select the project that you want to refer. This way it will always build the referred Project first and then the current one (to resolve the dependency).

There’s another way of doing this. You can right click on the solution and select “Project Dependencies”. This window allows you to select the project and mark the projects it is dependent on.

Happy Learning! ?
DevsDaily | Azure DevOps

How to run Console Applications on Azure Pipelines

Learn how to run console apps on Azure DevOps without hosting!

I came across multiple similar questions on StackOverflow for running a Console Application on Microsoft Azure. Answers mostly suggesting running the console app on WebJobs. Here I’m sharing another way of running console apps on Microsoft Azure DevOps, with Azure Pipelines.

[Azure]: Run your console app on Azure Pipelines

If you have a subscription to Azure DevOps, you will be able to run your console app. Upload your console app and create a pipeline to run a script. Add the command and necessary arguments if any and run the pipeline.

Note: At the time of writing this post I'm not sure of any downside of this approach, will update here if I find one.

What did I do?

In Azure DevOps, under one of demo Organizations I created a test project (“TestProject”), and initialized the empty repository with file.

empty repository initialized with file

Created a new C# Console App Project in Visual Studio 2019. “HelloWorld-Console”.

HelloWorld-Console app

Published the executable. While publishing, I changed the deployment mode to “Self-contained” and enabled “Produce single file” option. It produced 2 files in the publish folder:

  • HelloWorld-Console.exe, and
  • HelloWorld-Console.pdb

publish options
publish output

since .pdb file file contains debugging info, I had my concerns only with the executable (.exe) file.

I tried uploading the file in the Azure DevOps repository directly from the browser but the browser has a limitation of 20 MB max per file. So I chose to upload it using the git tools.

I cloned the repository on my machine, copied the executable (.exe) in the repository from the publish folder, staged the changes, committed and pushed it to remote repository.

Uploading the Console App to Azure DevOps repository

Finally, I setup a pipeline with a “Command Line Script” task to run the executable. Since it’s a Windows executable file, I set the Agent specification to “Windows-2019”.

In the “Script” block I just entered the file name of console app as it didn’t require any additional parameter to run.

Pipeline with “Command Line Script” task
Agent Specification set to “Windows-2019” for the pipeline

The pipeline ran just fine and I could see the output from the console app in the logs: ?

Command Line Task output in the pipeline log

In the pipeline, I extended the command to save the console app output to a text file. I added one more task to publish the output file in artifacts directory. I kept the artifact’s name as “pipeline-run-$(Build.BuildNumber)” in order to have different folder for every run, containing the output text file.

Extended the Command Line Script’s script to save the output in helloworld-output.txt

added “Publish Pipeline Artifact” task to publish the console app output file in Artifacts folder.

Now for every run of the pipeline, I could see an artifact produced, containing the output text file.

successful run with an artifact
the output text file contains the expected “Hello World!”

So, with that I’m wrapping this post but you can always extend the pipeline with tasks to share the console app’s output to email, or other channels. This way you can run your console apps without an App Service/WebJob/Azure Functions. The Azure DevOps platform will run the console app for you for free I guess, until they start charging. ?

Further, you can extend the pipeline with scheduled trigger to run it on scheduled time as well.

? Did I miss anything or you have any feedback? Please help me fix it by dropping a line at, thanks!

Happy Learning!
/Sunny Sharma

ssh: connect to host x.x.x.x port 22: Connection timed out

Did you just change some network configuration on your Ubuntu virtual machine and now you’re not able to connect? Here’s how you can fix the ssh connection.

how to fix – ssh: connect to host x.x.x.x port 22: Connection timed out


I spinned up an Ubuntu (18.04.3 LTS, Bionic Beaver) virtual machine on Azure for an experiment. I was setting up apache2 server (for a web server) and in the process I made some changes in network configuration (I literally allowed IPv4 & IPv6 in the firewall, that’s all). While making those changes I got a clear message on the screen that the current network may be unstable but it continued to work flawlessly until the connection was closed. The very next day and I wasn’t able to connect to the Ubuntu VM using ssh on the same IP/Port. Though the web server was responding well at port 80.

What I tried first?

I had forgotten the warning message I received earlier, about the network instability, while making the changes in network configuration and now I had this. So, at first I jumped on to Azure Portal and I tried restarting the virtual machine, it didn’t work. I removed and re-added the allow port 22 under the Networking tab, it also didn’t work.

How to fix “ssh: connection to host X.X.X.X on port:22”?

So, I did some digging on the internet and I found two lines of script required to fix the connection. It’s a firewall issue, it gets updated while changing the network configuration. Thankfully, Azure Portal offers a console to run shell scripts from the browser itself.

You can find the “RunShellScript” option under Operations > Run Command on the virtual machine’s setting blade. I believe all the cloud providers offer similar connectivity for the VMs using which you can connect to the VM using ssh or RDP for recovery purposes. Please refer to the snapshot below

RunShellScript from Azure portal

After I ran the two above lines, I tried to connect the virtual machine on the ssh and the connection was successful.

Edit: I later discovered that the commands in the browser console above can be run without sudo prefix.

You can later verify the status of the firewall using “sudo ufw status” on the same window.

Microsoft Azure offers a wide range of tools to troubleshoot network errors, check out the documentation for more details

This resolution may apply for other Linux OS as well but I haven’t verified. You may want to read more article Microsoft Azure on DevsDaily.

I welcome any suggestions or feedback to this post, Happy learning!