Share via

ERROR: HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url:

Racheal 236 Reputation points
2022-10-27T19:48:03.767+00:00

HI,

Am trying to connect to Azure from Azure VM using service principle and Azure Cli but facing the error as described below

it's a windows VM behind the firewall with no internet connection.

There are some firewall openings to allow application agent in the VM to send logs to Azure portal. as described here.

https://learn.microsoft.com/en-us/azure/azure-monitor/app/ip-addresses#outgoing-ports

we do not want to open internet connection completely but is there a way to connect to Azure portal from VM by opening few ports in firewall ?

**

  • ERROR

**:

az login --service-principal -u "xxxxx..

  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • CategoryInfo : NotSpecified: (ERROR: The comm... the traceback::String) [], RemoteException
  • FullyQualifiedErrorId : NativeCommandError

ERROR: HTTPSConnectionPool(host='login.microsoftonline.com', port=443): Max retries exceeded with url:
/a652adc3-xxxxx-xxxx-xxx/v2.0/.well-known/openid-configuration (Caused by ProtocolError('Connection aborted.', ConnectionResetError(10054, 'An
existing connection was forcibly closed by the remote host', None, 10054, None)))
Traceback (most recent call last):
File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\urllib3/connectionpool.py", line 699, in urlopen
File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\urllib3/connectionpool.py", line 382, in _make_request
File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\s

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,929 questions
0 comments
Accepted answer
  1. Prrudram-MSFT 24,661 Reputation points
    2022-10-28T09:20:00.1+00:00

    Hello @Racheal ,

    Thank you for reaching out to the Microsoft Q&A platform. Happy to answer your question.

    When you said you are trying to connect to the azure, do you mean you are trying to access the URL "Portal.azure.com" alone or if there are any other Azure URLs?
    This error here indicates that Azure CLI cannot connect to the AAD server and port 443. You can try to whitelist the Azure AD URL "login.microsoftonline.com" from your firewall in case of restricted internet connection.

    Since, you are looking for login using Azure AD, whitelisting login.microsoftonline.com:443 shall work and for safe-side, you can add *.login.microsoftonline.com:443 to allow all the matching URLs as well.

    Check out similar issue here. The right thing to do is to ensure thus and all the endpoints azure portal needs, are allowed through the firewall.

    Please "Accept as Answer" and Upvote if the answer provided is useful, so that you can help others in the community looking for remediation for similar issues.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Racheal 236 Reputation points
    2022-11-04T07:57:14.807+00:00

    Hi @Prrudram-MSFT ,

    Thanks for the clear explanation. Requested our Infra team for whitelisting the URL in firewall settings.
    Hope that will fix the issue .

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.