azure-sdk-for-net
azure-sdk-for-net copied to clipboard
Azure
[BUG] Azure Identity not able to connect to Key Vault using System Managed identity of Virtual machine Scale set
Library name and version
Azure.Identity 1.2.0
Describe the bug
We have been using the Azure.identity to use Managed identity to connect to key vault. but after upgrading the storage library , the Azure.identity is not able to connect to Key vault and fails with attached exception. (same version of package was working earlier but now it has stopped working)
Azure.Identity.AuthenticationFailedException: DefaultAzureCredential failed to retrieve a token from the included credentials.
- EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
- ManagedIdentityCredential authentication failed: Retry failed after 4 tries. Retry settings can be adjusted in ClientOptions.Retry.
- SharedTokenCacheCredential authentication unavailable. No accounts were found in the cache.
- Visual Studio Token provider can't be accessed at C:\Windows\system32\config\systemprofile\AppData\Local\.IdentityService\AzureServiceAuth\tokenprovider.json
- VisualStudioCodeCredential authentication failed: CredRead has failed but error is unknown.
- Azure CLI not installed
at Azure.Identity.DefaultAzureCredential.<GetTokenFromSourcesAsync>d__14.MoveNext()
troubleshooting tried • From VM we can get MI token using the Powershell command • Other Apps running on the same Service fabric cluster and VMs can connect to Key Vault. • Tried adding logging as mentioned in doc, but nothing is getting logged and none of the exception messages mentioned in doc matches with what we are getting.
Expected behavior
System assigned managed identity should work.
Actual behavior
getting attached exception
Reproduction Steps
var credential = new DefaultAzureCredential(options);
var client = new SecretClient(new Uri(configuration.Endpoint), credential);
var secret = await client.GetSecretAsync(key);
Environment
Azure Service Fabric, VMSS VM
Thank you for your feedback. Tagging and routing to the team member best able to assist.
The version of Azure.Identity you mentioned is quite a few versions old. Are you able to try with the latest version?
Hi, we're sending this friendly reminder because we haven't heard back from you in 7 days. We need more information about this issue to help address it. Please be sure to give us your input. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you!
@christothes Please reopen this - it seems that this is still an issue. We are having this when running build agents on the latest version of the Microsoft runner-images scripted image.
