azure-cli icon indicating copy to clipboard operation
azure-cli copied to clipboard
verified publisher icon Azure

az login with UAMI (-i) experienced slowness

Open chungyuhuang opened this issue 1 month ago • 5 comments

Describe the bug

When running the command "az login -i --debug", we experienced a slowness after the below log.

cli.azure.cli.core.auth.msal_credentials: ManagedIdentityCredential.acquire_token: scopes=['https://management.core.windows.net//.default'], kwargs={}

It took almost 10 seconds to output the next line of log.

msal.managed_identity: Obtaining token via managed identity on Azure VM

The rest of the process is fast when calling the IMDS but before obtaining token with the UAMI on VM, it got stuck.

The VM has one UAMI assigned and no SAMI.

Same slowness observed for the command az account get-access-token --debug as well. The msal_credentials: ManagedIdentityCredential.acquire_token step took longer time to process.

We've checked the VM and it doesn't have any HTTP proxy configured in the env.

Related command

az login -i debug az account get-access-token --debug

Errors

No error observed but experienced slowness when running the command.

cli.azure.cli.core.auth.msal_credentials: ManagedIdentityCredential.acquire_token: scopes=['https://management.core.windows.net//.default'], kwargs={} ---> stuck for 10 second then conitnue the below output msal.managed_identity: Obtaining token via managed identity on Azure VM urllib3.connectionpool: Starting new HTTP connection (1): 169.254.169.254:80

Issue script & Debug output

cli.azure.cli.core.auth.msal_credentials: ManagedIdentityCredential.acquire_token: scopes=['https://management.core.windows.net//.default'], kwargs={} ---> stuck for 10 second then conitnue the below output msal.managed_identity: Obtaining token via managed identity on Azure VM urllib3.connectionpool: Starting new HTTP connection (1): 169.254.169.254:80

Expected behavior

Expect the login to be finished within 10 seconds.

Environment Summary

azure-cli 2.76.0 azure-cli-core 2.76.0 azure-cli-telemetry 1.1.0 extensions: {}

Additional context

No response

chungyuhuang avatar Nov 17 '25 08:11 chungyuhuang

Hi @chungyuhuang,

2.76.0 is not the latest Azure CLI(2.79.0).

If you haven't already attempted to do so, please upgrade to the latest Azure CLI version by following https://learn.microsoft.com/en-us/cli/azure/update-azure-cli.

azure-client-tools-bot-prd[bot] avatar Nov 17 '25 08:11 azure-client-tools-bot-prd[bot]

Thank you for opening this issue, we will look into it.

yonzhan avatar Nov 17 '25 08:11 yonzhan

Hi team, this issue can be reproduced with the latest cli version 2.80.0.

It happened when we deploy the VM in the Azure VNET with CIDR 192.200.7.160/27. Installation for the CLI is following the option 1 here in the document. https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-linux?view=azure-cli-latest&pivots=apt

Same testing was done for VM in VNET CIDR 172.16.0.0/16 and 193.200.7.160/27. However, we can't reproduce the same issue.

Seems like VNET with CIDR 192.200.7.160/27 trigger this symptom but not sure why.

chungyuhuang avatar Nov 19 '25 02:11 chungyuhuang

more testing (az login -i) for different VNET using latest version (2.80.0).

slow

192.200.7.160/27 192.200.7.64/27 192.200.7.32/27

fast

192.200.6.64/27 192.200.6.160/27

chungyuhuang avatar Nov 19 '25 02:11 chungyuhuang

MSAL team is working on this one.

Alex-AZPS avatar Dec 11 '25 05:12 Alex-AZPS