This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 70%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
Error: creating Managed Kubernetes Cluster "diverse-moth-aks" (Resource Group "diverse-moth-rg"): containerservice.ManagedClustersClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="ServicePrincipalNotFound" Message="Service principal clientID: \t not found in Active Directory tenant , Please see https://aka.ms/aks-sp-help for more details."
whenever i already create service principal and assign role as a contributor so why i find to this type of error.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 30%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Hello jigyasu mishra!
How are you creating the AKS cluster? Also how do you create the service principal? (Portal, CLI, ARM etc.)
Please share these details, for example, if using command, could you please share the command used to create the AKS cluster and service principal?
Please make sure to avoid sending confidential information here.
terraform apply
random_pet.prefix: Refreshing state... [id=diverse-moth]
azurerm_resource_group.default: Refreshing state... [id=/subscriptions/8da9cd6e-c87d-4a79-a60c-80980493e20d/resourceGroups/diverse-moth-rg]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# azurerm_kubernetes_cluster.default will be created
+ resource "azurerm_kubernetes_cluster" "default" {
+ dns_prefix = "diverse-moth-k8s"
+ fqdn = (known after apply)
+ id = (known after apply)
+ kube_admin_config = (known after apply)
+ kube_admin_config_raw = (sensitive value)
+ kube_config = (known after apply)
+ kube_config_raw = (sensitive value)
+ kubernetes_version = (known after apply)
+ location = "australiaeast"
+ name = "diverse-moth-aks"
+ node_resource_group = (known after apply)
+ private_cluster_enabled = (known after apply)
+ private_dns_zone_id = (known after apply)
+ private_fqdn = (known after apply)
+ private_link_enabled = (known after apply)
+ resource_group_name = "diverse-moth-rg"
+ sku_tier = "Free"
+ tags = {
+ "environment" = "Demo"
}
+ addon_profile {
+ aci_connector_linux {
+ enabled = (known after apply)
+ subnet_name = (known after apply)
}
+ azure_policy {
+ enabled = (known after apply)
}
+ http_application_routing {
+ enabled = (known after apply)
+ http_application_routing_zone_name = (known after apply)
}
+ ingress_application_gateway {
+ effective_gateway_id = (known after apply)
+ enabled = (known after apply)
+ gateway_id = (known after apply)
+ gateway_name = (known after apply)
+ ingress_application_gateway_identity = (known after apply)
+ subnet_cidr = (known after apply)
+ subnet_id = (known after apply)
}
+ kube_dashboard {
+ enabled = (known after apply)
}
+ oms_agent {
+ enabled = (known after apply)
+ log_analytics_workspace_id = (known after apply)
+ oms_agent_identity = (known after apply)
}
}
+ auto_scaler_profile {
+ balance_similar_node_groups = (known after apply)
+ empty_bulk_delete_max = (known after apply)
+ expander = (known after apply)
+ max_graceful_termination_sec = (known after apply)
+ max_node_provisioning_time = (known after apply)
+ max_unready_nodes = (known after apply)
+ max_unready_percentage = (known after apply)
+ new_pod_scale_up_delay = (known after apply)
+ scale_down_delay_after_add = (known after apply)
+ scale_down_delay_after_delete = (known after apply)
+ scale_down_delay_after_failure = (known after apply)
+ scale_down_unneeded = (known after apply)
+ scale_down_unready = (known after apply)
+ scale_down_utilization_threshold = (known after apply)
+ scan_interval = (known after apply)
+ skip_nodes_with_local_storage = (known after apply)
+ skip_nodes_with_system_pods = (known after apply)
}
+ default_node_pool {
+ kubelet_disk_type = (known after apply)
+ max_pods = (known after apply)
+ name = "default"
+ node_count = 1
+ orchestrator_version = (known after apply)
+ os_disk_size_gb = 50
+ os_disk_type = "Managed"
+ type = "VirtualMachineScaleSets"
+ vm_size = "Standard_D2s_v3"
}
+ kubelet_identity {
+ client_id = (known after apply)
+ object_id = (known after apply)
+ user_assigned_identity_id = (known after apply)
}
+ network_profile {
+ dns_service_ip = (known after apply)
+ docker_bridge_cidr = (known after apply)
+ load_balancer_sku = (known after apply)
+ network_mode = (known after apply)
+ network_plugin = (known after apply)
+ network_policy = (known after apply)
+ outbound_type = (known after apply)
+ pod_cidr = (known after apply)
+ service_cidr = (known after apply)
+ load_balancer_profile {
+ effective_outbound_ips = (known after apply)
+ idle_timeout_in_minutes = (known after apply)
+ managed_outbound_ip_count = (known after apply)
+ outbound_ip_address_ids = (known after apply)
+ outbound_ip_prefix_ids = (known after apply)
+ outbound_ports_allocated = (known after apply)
}
}
+ role_based_access_control {
+ enabled = true
}
+ service_principal {
+ client_id = "\te6379e6b-7428-4063-8df4-dbf793b15da6"
+ client_secret = (sensitive value)
}
+ windows_profile {
+ admin_password = (sensitive value)
+ admin_username = (known after apply)
+ license = (known after apply)
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
azurerm_kubernetes_cluster.default: Creating...
azurerm_kubernetes_cluster.default: Still creating... [10s elapsed]
╷
│ Error: creating Managed Kubernetes Cluster "diverse-moth-aks" (Resource Group "diverse-moth-rg"): containerservice.ManagedClustersClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="ServicePrincipalNotFound" Message="Service principal clientID: \te6379e6b-7428-4063-8df4-dbf793b15da6 not found in Active Directory tenant 7ea411fc-4a12-4d24-a7f7-e1f909b47bc7, Please see https://aka.ms/aks-sp-help for more details."
│
│ with azurerm_kubernetes_cluster.default,
│ on aks-cluster.tf line 16, in resource "azurerm_kubernetes_cluster" "default":
│ 16: resource "azurerm_kubernetes_cluster" "default" {
│
@Andrei Barbu
please suggest!
Hello jigyasu mishra
The clientId you are using "\te6379e6b-7428-4063-8df4-dbf793b15da6" seems invalid.
I just created a service principal and the appId has 36 characters and no "". Even if we exclude "" from your Id, it still has 37 characters. If there is any particularity for Terraform, I am not aware of.
I would recommend you make sure the appId / clientId is valid. You may go to Azure Portal -> App registrations and try to identify it there.
Additionally, you may want to create the AKS cluster using Azure CLI. For example:
az aks create -g aks-rg -n aks --service-principal <appId> --client-secret <secret>
I hope this is helpful. If any clarification needed, let me know and I will do my best to answer.
Please "Accept as Answer" and Upvote if it helped, so that it can help others in the community looking for help on similar topics.
Thank you!
I just created a service principal and the appId has 36 characters and no but when i run the terraform apply command then it take automatically starting word "t". I also checked my azure directory appid and secret was correct and also given the permission as contributor role.
Unfortunately I don't have Terraform expertise. As an workaround, I would suggest you to use Azure CLI to create the cluster or wait maybe someone else can provide another suggestion on this thread.
@jigyasu mishra according to https://developer.hashicorp.com/terraform/tutorials/kubernetes/aks the service principal and secret values should be declared in variables.tf file and then defined in terraform.tfvars file. It would be worth checking those files and see if you are mistakenly appending the "t" letter.