Managed Identity not working on Windows container in Azure Container Instances

Patrick Vogler 0 Reputation points
2024-05-08T05:53:02.6+00:00

I am trying to make managed identity work on a windows container in Azure Container Instances.

After checking in the official documentation this scenario seems to be supported now, since the limitations on windows container are removed:

https://learn.microsoft.com/en-us/azure/container-instances/container-instances-managed-identity

I was now able to successfully deploy a Windows Container in Azure Container Instances adding a managed identity (user or system) without any errors or warnings.

Checking with Azure CLI after the deployment the managed identities are visible.

Unfortunately, I am unable to get an access token, no matter what way I try.

As this functionality seems to be new I cannot find any information, about how to make this work, although it should be quite straightforward, as it was for Linux Containers

Any help is appreciated

Error message with Connect-AzAccount:

Connect-AzAccount : ManagedIdentityCredential authentication failed: Retry

failed after 4 tries. Retry settings can be adjusted in ClientOptions.Retry or

by configuring a custom retry policy in ClientOptions.RetryPolicy.

See the troubleshooting guide for more information.

https://aka.ms/azsdk/net/identity/managedidentitycredential/troubleshoot

At line:1 char:1

+ Connect-AzAccount -Identity

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : CloseError: (:) [Connect-AzAccount], Authenticat

ionFailedException

+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Profile.ConnectAzureRmA

ccountCommand

Azure Container Instances
Azure Container Instances
An Azure service that provides customers with a serverless container experience.
656 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,920 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Anveshreddy Nimmala 2,875 Reputation points Microsoft Vendor
    2024-05-08T13:01:21.6766667+00:00

    Hello Patrick Vogler,

    Welcome to microsoft Q&A, thankyou for posting your query here.

    use powershell to bring a token directly within the container .

    This can help isolate whether the issue is with the SDK or the identity setup itself.

    If this works, the issue might be with the Connect-AzAccount setup.

    $url = 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/'
    $response = Invoke-RestMethod -Uri $url -Headers @{Metadata='true'} -Method Get
    Write-Output $response.access_token
    

    try using Azure CLI to authenticate:

    az login --identity

    Screenshot 2024-05-08 160455

    Hope this helps you.

    0 comments No comments