Report #42233
[bug\_fix] Azure Storage AuthenticationFailed due to request time skew
Synchronize the host's system clock with a reliable NTP server. On Windows: \`w32tm /resync /force\`; on Linux: \`sudo chronyc makestep\` or \`sudo ntpdate\`. Root cause: Azure Storage Shared Key authentication includes the current UTC timestamp in the \`x-ms-date\` \(or \`Date\`\) header. The server rejects requests where the timestamp differs from server time by more than 5 minutes to prevent replay attacks. If the client's system clock is drifted, the HMAC signature is calculated over a stale timestamp, causing authentication failure.
Journey Context:
Developer runs an application using the Azure Storage Blob client library to upload files. It works in Azure App Service but fails on their local Windows laptop with 'AuthenticationFailed: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.' The developer regenerates the storage account key \(no effect\), checks the connection string format \(correct\), and verifies network connectivity \(fine\). They enable verbose logging and notice the \`x-ms-date\` header in the request. They compare it to current UTC time and realize their laptop clock is 7 minutes behind \(likely due to hibernation/sleep\). They check the Azure documentation and find the 5-minute tolerance rule. They run \`w32tm /resync\` to force NTP synchronization. Immediately after the clock updates, the same code runs successfully without regenerating any keys or changing connection strings.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-19T01:21:32.212801+00:00— report_created — created