dataplat
Connection to SQL in Azure broken following latest Az module update
Verified issue does not already exist?
I have searched and found no existing issue
What error did you receive?
After update to the latest Az (Azure) powershell module - the ability to connect to an Azure SQL Managed Instance has broken. When you issue the Get-AzAccessToken, starting with module version 14 - the value was changed from a plain text String to SecureString per their documentation (https://learn.microsoft.com/en-us/powershell/module/az.accounts/get-azaccesstoken?view=azps-14.0.0).
From everything I've found - Connect-DbaInstance does not currently support the ability to pass a SecureString. Attempted to connect does result in an authentication failure.
Error connecting to [YOUR-AZURE-SQL-MANAGED-INSTANCE.database.windows.net]: Login failed for user '
This is reproduced by using the latest Az module along with the latest dbatools module
- Connect-AzAccount
- $azureToken = (Get-AzAccessToken -ResourceUrl https://database.windows.net).Token
- $azureInstance = "YOUR-AZURE-SQL-MANAGED-INSTANCE.database.windows.net"
- $server = Connect-DbaInstance -SqlInstance $azureInstance -Database "YOURDATABASE" -AccessToken $azureToken
Steps to Reproduce
# provide your command(s) executed pertaining to dbatools
# please include variable values (redacted or fake if needed) for reference
Connect-AzAccount $azureToken = (Get-AzAccessToken -ResourceUrl https://database.windows.net).token/ $azureInstance = "YOUR-AZURE-SQL-MANAGED-INSTANCE.database.windows.net" $server = Connect-DbaInstance -SqlInstance $azureInstance -Database "YOURDATABASE" -AccessToken $azureToken
Please confirm that you are running the most recent version of dbatools
DBATools --> 2.1.31 Az --> 14.0.0
Other details or mentions
This worked as expected with prior module (13.5.0)
What PowerShell host was used when producing this error
PowerShell Core (pwsh.exe)
PowerShell Host Version
Name Value
PSVersion 7.4.7 PSEdition Core GitCommitId 7.4.7 OS Microsoft Windows 10.0.22631 Platform Win32NT PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…} PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 WSManStackVersion 3.0
SQL Server Edition and Build number
Microsoft SQL Azure (RTM) - 12.0.2000.8 Apr 1 2025 12:07:14 Copyright (C) 2022 Microsoft Corporation
.NET Framework Version
.NET 8.0.12
we are also facing similar issue after update.
Error connecting to [sql-dev.database.windows.net]: Login failed for user token-identified principal. At line:98281 char:9
-
throw $records[0] -
~~~~~~~~~~~~~~~~~- CategoryInfo : ConnectionError: (sql-..ase.windows.net:String) [], Exception
- FullyQualifiedErrorId : dbatools_Connect-DbaInstance
You can get around this in the interim by installing / launching just the Az.Accounts module. As long as you are on anything less than 5 - this will continue to work. Not ideal, but a workaround until this is able to be fixed.
Install-Module -Name Az.Accounts -RequiredVersion 4.0.0 -Force Import-Module -Name Az.Accounts -RequiredVersion 4.0.0 -Force Connect-AzAccount
far from ideal. Sidenote, we're trying to push a new library out but the dependency hell is a nightmare to resolve https://github.com/dataplat/dbatools.library/pull/16
@potatoqualitee the light at the end of the tunnel is near ? :D
Please try now 🙏🏼 we dont have an MI to test with. will this fail anywhere else thats more affordable?
@potatoqualitee - Just tried again with 2.5.1 and received the same error with the 5.x version of the Azure module. If you force the old module for Azure it continues to work --> specifically --> Import-Module Az.Accounts -RequiredVersion 4.0.0 -Force
I would suspect (which, I need to validate) that you would have the same issue connecting to an Azure SQL DB (instead of the MI). Instead of the "YOUR-AZURE-SQL-MANAGED-INSTANCE" it'd just be your SQL db name.
Thanks, added support and tested with a regular azure db! will be in next release.