azure-powershell
azure-powershell copied to clipboard
Azure
Could not find tenant id for provided tenant domain. Please ensure that the provided service principal is found in the provided tenant domain.
Description
using Connect-AzAccount using a service principal with code below:
$clientSecret = '{Secret}' | ConvertTo-SecureString -AsPlainText -Force $connectCreds = New-Object -TypeName System.Management.Automation.PSCredential ` -ArgumentList '{SPN ID}', $clientSecret Connect-AzAccount -ServicePrincipal -Credential $connectCreds -Tenant '{tenant id}'
this works of one server, but fails of another - we are unable to diagnose why - versions:
- az = 11.5.0
- az.accounts: = 2.17.0
- Az.Resources = 6.16.1
- Az.Network = 7.4.1
- Az.Compute = 7.2.0
error message
_Connect-AzAccount : ClientSecretCredential authentication failed: Retry failed after 4 tries. Retry settings can be adjusted in ClientOptions.Retry or by configuring a custom retry policy in ClientOptions.RetryPolicy. Could not find tenant id for provided tenant domain '{tenantID}'. Please ensure that the provided service principal '{{SPN ID}' is found in the provided tenant domain. At line:15 char:1
- Connect-AzAccount -ServicePrincipal -Credential $connectCreds -Tenan ...
-
- CategoryInfo : CloseError: (:) [Connect-AzAccount], ArgumentNullException
- FullyQualifiedErrorId : Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand_
ErrorRecord : Run Connect-AzAccount to login. Message : Run Connect-AzAccount to login. Data : {} InnerException : TargetSite : Void HandleException(System.Runtime.ExceptionServices.ExceptionDispatchInfo) StackTrace : at Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.ResourceManagerCmdletBase.HandleException(ExceptionDispatchInfo capturedException) at Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.ResourceManagerCmdletBase.ExecuteCmdlet() at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord() HelpLink : Source : Microsoft.Azure.PowerShell.Cmdlets.ResourceManager HResult : -2146233079
Issue script & Debug output
DEBUG: Request [31c393df-c813-4ba8-9df5-94ecde422400] exception Azure.RequestFailedException: An error occurred while sending the request. ---> System.Net.Http.HttpRequestException: An error
occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.ComponentModel.Win32Exception: T
he client and server cannot communicate, because they do not possess a common algorithm
at System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface SecModule, String package, CredentialUse intent, SecureCredential scc)
at System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, SecureCredential& secureCredential)
at System.Net.Security.SecureChannel.AcquireClientCredentials(Byte[]& thumbPrint)
at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)
at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.BeginWrite(Byte[] buffer, Int32 offset, Int32 size, AsyncCallback asyncCallback, Object asyncState)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Azure.Core.Pipeline.HttpClientTransport.<ProcessAsync>d__12.MoveNext()
--- End of inner exception stack trace ---
at Azure.Core.Pipeline.HttpClientTransport.<ProcessAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Azure.Core.Pipeline.HttpPipelineTransportPolicy.<ProcessAsync>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Azure.Core.Pipeline.ResponseBodyPolicy.<ProcessAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Azure.Core.Pipeline.LoggingPolicy.<ProcessAsync>d__9.MoveNext()
Environment data
Name Value
---- -----
PSVersion 5.1.14393.6343
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.14393.6343
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
Module versions
az = 11.5.0
az.accounts: = 2.17.0
Az.Resources = 6.16.1
Az.Network = 7.4.1
Az.Compute = 7.2.0
Error output
Message : The client and server cannot communicate, because they do not possess a common algorithm
StackTrace : at System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface SecModule, String package, CredentialUse intent, SecureCredential scc)
at System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, SecureCredential& secureCredential)
at System.Net.Security.SecureChannel.AcquireClientCredentials(Byte[]& thumbPrint)
at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)
at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.BeginWrite(Byte[] buffer, Int32 offset, Int32 size, AsyncCallback asyncCallback, Object asyncState)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
Exception : System.ComponentModel.Win32Exception
InvocationInfo : {Connect-AzAccount}
Line : Connect-AzAccount -ServicePrincipal -Credential $connectCreds -Tenant 'f009f285-5242-433a-9365-daa1edf145c3'
Position : At line:43 char:1
+ Connect-AzAccount -ServicePrincipal -Credential $connectCreds -Tenant ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId : 1
TLS 1.1 and TLS 1.2 is enabled on the server
I have the same issue since this morning using an Azure Powershell tasks in Azure DevOps
Connect-AzAccount: /home/vsts/work/_tasks/AzurePowerShell_72a1931b-effb-4d2e-8fd8-f8472a07cb62/5.238.11/InitializeAz.ps1:111
Line |
111 | $null = Connect-AzAccount -ServicePrincipal -Tenant $endpointObje …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| ClientAssertionCredential authentication failed: AADSTS90061: Request to
| External OIDC endpoint failed. Trace ID:
| 903c7eca-7598-457d-a199-1753f6b8ca00 Correlation ID:
| 0d8656dd-3d7f-41dd-899f-c62e7e055118 Timestamp: 2024-05-01 08:26:48Z
| Could not find tenant id for provided tenant domain
| 'xxxxxxxx-xxxx-0000-0000-xxxxxxxxxxxxx'
re-created the service connection (with workload identity (automatic)), just to make sure. But that did not help.
It was working fine yesterday
More or less the same issue here since this morning (May 1st 2024). For us it is happening in an Azure DevOps Power Shell task (Azure PowerShell 5.*) during deployment. Yesterday and everything was fine, the deployment was running several times without issues, since today always the same error. Nothing was changed in DevOps since yesterday.
2024-05-01T11:36:52.6226881Z VERBOSE: Command [Connect-AzAccount] failed the maximum number of 5 times.
2024-05-01T11:36:52.7452685Z ##[error]AADSTS50166: Request to External OIDC endpoint failed. Trace ID: bc766619-5c69-4b24-b49d-9905bdfc4400 Correlation ID: 42cdd13a-028c-421d-baa5-19f540815535 Timestamp: 2024-05-01 11:36:54Z
Could not find tenant id for provided tenant domain 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx'.
2024-05-01T11:36:52.8173333Z ##[error]PowerShell exited with code '1'.
