Cannot login to azure using a managed user identity

Question

Trying to login using the following command using the Azure CLI v2.9: -

az login --identity --username [my-clientid]

However, fails with the following error message

Failed to connect to MSI. Please make sure MSI is configured correctly and check the network connection.

Error detail: HTTPConnectionPool(host='169.254.169.254', port=80): Max retries exceeded with url: /metadata/identity/oauth2/token?resource=https%3A%2F%2Fmanagement.core.windows.net%2F&api-version=2018-02-01&client_id=[my mis clientid] (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x00000248BB122210>, 'Connection to 169.254.169.254 timed out. (connect timeout=None)'))

Answer 1

Thanks for posting your question in the Microsoft Q&A forum.

Ensure that your Azure Automation account or VM is properly configured with a Managed Identity.

The MSI endpoint 169.254.169.254 is only accessible from within Azure. If you are running this command from outside Azure, it won’t be able to reach this endpoint. if you are running the CLI from a local environment or outside Azure, you won't be able to use the --identity parameter.

---

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful

Answer 2

Any idea when will this be fixed

Az Login module and other client libraries which depend on metadata server (169.254.169.254) will not work in a Windows Container. Additionally, Windows containers in vNet won't be able to connect to the endpoint; hence, a managed identity token can't be generated in a Windows virtual network container.