Data not uploaded to storage and index not created due to errors with AzureDeveloperCliCredential not found and SSL certificate error

[SonalPrabhune]

Please provide us with the following information:

This issue is for a: (mark with an x)

- [ x] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

I was getting the error "The index 'gptkbindex' for service 'gptkb-****' was not found" when I try to ask a question to the application. I have looked into #79 issue recently closed. I followed the steps mentioned there and tried deleting all resources and re-deploying several times by running 'azd up'. I have also tried assigning the role 'owner' to my account and running 'azd up' but unable to fix the error. When I looked into my storage, I did not find any .pdfs copied into the 'content' container. So I tried running python ./scripts/prepdocs.py $cwd/data/ --storageaccount $env:AZURE_STORAGE_ACCOUNT --container $env:AZURE_STORAGE_CONTAINER --searchservice $env:AZURE_SEARCH_SERVICE --index $env:AZURE_SEARCH_INDEX --formrecognizerservice $env:AZURE_FORMRECOGNIZER_SERVICE --tenantid $env:AZURE_TENANT_ID -v manually from the VSCode terminal and found out that the imports for all azure libraries and pypdf had to be installed explicitly. After installing those, I am getting this error. ImportError: cannot import name 'AzureDeveloperCliCredential' from 'azure.identity' This I fixed by using AzureCliCredential instead. Now I get the SSL certificate error. I am copying the entire stacktrace below. I have ensured that my proxy settings are off.

Any directions you can give are greatly appreciated! Thanks in advance for your help!

Any log messages given by the failure

python ./scripts/prepdocs.py $cwd/data/ --storageaccount stxm5jt6ev67obg --container content --searchservice gptkb-xm5jt6ev67obg --index gptkbindex --formrecognizerservice cog-fr-xm5jt6ev67obg --tenantid <I-have-my-tenent-id-here> -v Ensuring search index gptkbindex exists AzureCliCredential.get_token failed: ERROR: HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: //v2.0/.well-known/openid-configuration (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:997)'))) Certificate verification failed. This typically happens when using Azure CLI behind a proxy that intercepts traffic with a self-signed certificate. Please add this certificate to the trusted CA bundle. More info: https://docs.microsoft.com/cli/azure/use-cli-effectively#work-behind-a-proxy.

Traceback (most recent call last): File "C:\Users<my-user>\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\identity_credentials\azure_cli.py", line 148, in _run_command
return subprocess.check_output(args, **kwargs) File "C:\Users<my-user>\AppData\Local\Programs\Python\Python310\lib\subprocess.py", line 421, in check_output return run(*popenargs, stdout=PIPE, timeout=timeout, check=True, File "C:\Users<my-user>\AppData\Local\Programs\Python\Python310\lib\subprocess.py", line 526, in run raise CalledProcessError(retcode, process.args, subprocess.CalledProcessError: Command '['cmd', '/c', 'az account get-access-token --output json --resource https://search.azure.com --tenant ']' returned non-zero exit status 1.

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "C:\Users<my-user><my-directory>\azure-search-openai-demo-main\scripts\prepdocs.py", line 300, in create_search_index() File "C:\Users<my-user><my-directory>\azure-search-openai-demo-main\scripts\prepdocs.py", line 238, in create_search_index
if args.index not in index_client.list_index_names(): File "C:\Users<my-user>\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\paging.py", line 124, in next return next(self._page_iterator) File "C:\Users<my-user>\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\paging.py", line 76, in next self._response = self._get_next(self.continuation_token) File "C:\Users<my-user>\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\search\documents\indexes_generated\operations_indexes_operations.py", line 189, in get_next pipeline_response = self._client._pipeline.run(request, stream=False, **kwargs) File "C:\Users<my-user>\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\pipeline_base.py", line 202, in run return first_node.send(pipeline_request) File "C:\Users<my-user>\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\pipeline_base.py", line 70, in send response = self.next.send(request) File "C:\Users<my-user>\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\pipeline_base.py", line 70, in send response = self.next.send(request) File "C:\Users<my-user>\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\pipeline_base.py", line 70, in send response = self.next.send(request) [Previous line repeated 2 more times] File "C:\Users<my-user>\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\pipeline\policies_redirect.py", line 156, in send response = self.next.send(request) File "C:\Users<my-user>\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\pipeline\policies_retry.py", line 448, in send response = self.next.send(request) File "C:\Users<my-user>\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\pipeline\policies_authentication.py", line 108, in send self.on_request(request) File "C:\Users<my-user>\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\pipeline\policies_authentication.py", line 87, in on_request
self._token = self._credential.get_token(*self._scopes) File "C:\Users<my-user>\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\identity_internal\decorators.py", line 32, in wrapper token = fn(*args, **kwargs) File "C:\Users<my-user>\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\identity_credentials\azure_cli.py", line 80, in get_token output = _run_command(command) File "C:\Users<my-user>\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\identity_credentials\azure_cli.py", line 161, in _run_command
raise ClientAuthenticationError(message=message) azure.core.exceptions.ClientAuthenticationError: ERROR: HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: //v2.0/.well-known/openid-configuration (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:997)'))) Certificate verification failed. This typically happens when using Azure CLI behind a proxy that intercepts traffic with a self-signed certificate. Please add this certificate to the trusted CA bundle. More info: https://docs.microsoft.com/cli/azure/use-cli-effectively#work-behind-a-proxy.

Expected/desired behavior

Should be able to run the application and chat with it.

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?) Windows 10

Versions

10.0.19044

Mention any other details that might be useful

---

Thanks! We'll be in touch soon.

[vhvb1989]

had to be installed explicitly

There a .sh and .ps1 file within the /scripts folder to launch the prepdocs.py These scripts take care of creating a python virtual environment and installing all dependencies before running the python app.

If you are using Windows, try running the ps1 file from powershell7

[SonalPrabhune]

Yes that’s the one I have been using all along, the power shell script, .ps1. Why do I still keep getting the certificate error?

[vhvb1989]

The error on your logs:

subprocess.CalledProcessError: Command '['cmd', '/c', 'az account get-access-token --output json --resource https://search.azure.com --tenant ']' returned non-zero exit status 1.

It looks like there's a call to az which is failing. Do you have az installed?

Note: az and azd does not share the same authentication. This means that if you have az login to another account, it might be failing when it is been called. You can try running az logout so it is not used as source of auth. Then try running again.

[SonalPrabhune]

Thanks for your input. I installed az and then tried to login but I get the certificate error for that as well. What kind of authentication is required for that? My azd login is successful, but if az and azd don't share the same authentication, how do I configure az for Azure services? Here's what I did. I have confirmed that my proxy is still disabled like in my previous screenshot. Also, 'azd login' command takes me to browser to confirm my username and pwd but 'az login' command did not do so. PS C:\Users<my-path>\azure-search-openai-demo-main> pip install az Collecting az Downloading az-0.1.0.dev1-py3-none-any.whl (1.5 kB) Installing collected packages: az Successfully installed az-0.1.0.dev1 PS C:\Users<my-path>\azure-search-openai-demo-main> az logout HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /organizations/v2.0/.well-known/openid-configuration (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:997)'))) Certificate verification failed. This typically happens when using Azure CLI behind a proxy that intercepts traffic with a self-signed certificate. Please add this certificate to the trusted CA bundle. More info: https://docs.microsoft.com/cli/azure/use-cli-effectively#work-behind-a-proxy. PS C:\Users<my-path>\azure-search-openai-demo-main> az login HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url: /organizations/v2.0/.well-known/openid-configuration (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:997)'))) Certificate verification failed. This typically happens when using Azure CLI behind a proxy that intercepts traffic with a self-signed certificate. Please add this certificate to the trusted CA bundle. More info: https://docs.microsoft.com/cli/azure/use-cli-effectively#work-behind-a-proxy.

I tried this approach as well after reading Microsoft documentation PS C:\Users<my-path>\azure-search-openai-demo-main> Install-Module -Name Az

Untrusted repository You are installing the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want
to install the modules from 'PSGallery'? [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "N"): Y Install-Package: The following commands are already available on this system:'Login-AzAccount,Logout-AzAccount,Resolve-Error,Send-Feedback'. This module 'Az.Accounts' may override the existing commands. If you still want to install this module 'Az.Accounts', use -AllowClobber parameter. PS C:\Users<my-path>\azure-search-openai-demo-main> Login-AzAccount Connect-AzureRmAccount: Could not load type 'System.Security.Cryptography.SHA256Cng' from assembly 'System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'.

I have also done this

After installing Install-Module Az And I ran 'Connect-AzAccount'

Account SubscriptionName TenantId Environment xxxx Visual Studio Enterprise Subscription xxx AzureCloud when I tried running command 'az login --identity' I get the following error Failed to connect to MSI. Please make sure MSI is configured correctly and check the network connection. Error detail: HTTPConnectionPool(host='169.254.169.254', port=80): Max retries exceeded with url: /metadata/identity/oauth2/token?resource=https%3A%2F%2Fmanagement.core.windows.net%2F&api-version=2018-02-01 (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x04E65AA8>: Failed to establish a new connection: [WinError 10051] A socket operation was attempted to an unreachable network'))

Also I dont have any Managed Certificates

What else do I need to do?

[pauldj54]

Hi @SonalPrabhune , I'm running into the same issues. I would like to ask you if you managed to solve them?

[MSavka]

Hi guys, if someone still has the same issue or #79, and you have the "Owner" role assigned, etc. - the problem is in the ".../scripts/prepdocs.ps1" file, line 39, actually here:

$cwd = (Get-Location) Start-Process -FilePath $venvPythonPath -ArgumentList "./scripts/prepdocs.py $cwd/data/* --storageaccount ...

, and this parameter: $cwd/data/* in the code above. You can quickly notice (Windows OS) that if your folder/path with the project contains spaces, the whole line will be parsed incorrectly and not executed (but this Python script actually uploads PDF documents in chunks and creates the necessary search index).

So the easiest fix - is to move the project into some folder without spaces (whole path), wrap this parameter with some quotes, or use a variable. Also (ideally), you need to replace slashes in the opposite direction for this path (so it will be $cwd\data\* ). That's all, hope it will help somebody )

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this issue will be closed.