Problem Statement: I was working on deploying Sitecore XP1 environment on Azure App Services. For accomplishing this task, we need to provide Web Deploy Packages as input to Azure. The Web Deploy Packages are stored in a Storage Account in Blob Container.  To allow access for downloading these packages, I have created Shared Access Signatures and added the SAS Token correctly to the Blob Service in my parameter.json file. Even after generating the SAS token multiple times, I got the following error message while deploying the Sitecore XP1 instance.

For more information about deploying Sitecore XP1 on Azure, please refer Sitecore XP1 on Azure using Azure App Service and to know more about Shared Access Signatures, please refer Azure Storage Account – Configure Security using Shared Access Signature

Error Message: AppGallery Deploy Failed: ‘System.ArgumentException: Missing mandatory parameters for valid Shared Access Signature

Status Message:

{ “status”: “failed”, “error”: { “code”: “ResourceDeploymentFailure”, “message”: “The resource operation completed with terminal provisioning state ‘failed’.”, “details”: [ { “code”: “Failed”, “message”: “AppGallery Deploy Failed: ‘System.ArgumentException: Missing mandatory parameters for valid Shared Access Signature\r\n at Microsoft.WindowsAzure.Storage.Core.Util.NavigationHelper.ParseBlobQueryAndVerify(Uri address, StorageCredentials& parsedCredentials, Nullable`1& parsedSnapshot)\r\n at Microsoft.WindowsAzure.Storage.Core.Util.NavigationHelper.ParseBlobQueryAndVerify(StorageUri address, StorageCredentials& parsedCredentials, Nullable`1& parsedSnapshot)\r\n at Microsoft.WindowsAzure.Storage.Blob.CloudBlob.ParseQueryAndVerify(StorageUri address, StorageCredentials credentials)\r\n at Microsoft.WindowsAzure.Storage.Blob.CloudBlob..ctor(StorageUri blobAbsoluteUri, Nullable`1 snapshotTime, StorageCredentials credentials)\r\n at Microsoft.Web.Deployment.WebApi.AppGalleryPackage.IsPremiumApp()\r\n at Microsoft.Web.Deployment.WebApi.DeploymentController.CheckCanDeployIfAppIsPremium(AppGalleryPackageInfo packageInfo, Boolean& isPremium)’\r\nFailed to download package.\r\nAppGallery Deploy Failed: ‘System.Net.WebException: The remote server returned an error: (403) Forbidden.\r\n at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)\r\n at System.Net.WebClient.GetWebResponse(WebRequest request, IAsyncResult result)\r\n at System.Net.WebClient.DownloadBitsResponseCallback(IAsyncResult result)\r\n— End of stack trace from previous location where exception was thrown —\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at Microsoft.Web.Deployment.WebApi.AppGalleryPackage.<Download>d__a.MoveNext()\r\n— End of stack trace from previous location where exception was thrown —\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at Microsoft.Web.Deployment.WebApi.AppGalleryPackage.<Download>d__0.MoveNext()\r\n— End of stack trace from previous location where exception was thrown —\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at Microsoft.Web.Deployment.WebApi.DeploymentController.<DownloadPackageAndSettings>d__1b.MoveNext()\r\n— End of stack trace from previous location where exception was thrown —\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at Microsoft.Web.Deployment.WebApi.DeploymentController.<DownloadAndDeployPackage>d__d.MoveNext()'” } ] } }

If you observe the highlighted error message, you can understand that Server couldn’t authorize the request and so it returned 403 forbidden error and the Web Deploy Packages couldn’t be downloaded.

Solution: Basically, when you generate the Shared Access Signature, you should be careful with the Start Time and TimeZone.

  • By default, it takes, UTC. You should be setting your local Timezone.
  • Please make sure you set at least 15 minutes ago.

After making the above two changes and regenerated the SAS token and used the same in my parameters.json file and I was able to successfully overcome the error  and deploy the instance successfully.