question

JeffWest-9449 avatar image
0 Votes"
JeffWest-9449 asked Monalla-MSFT commented

Connect-AzAccount using service principal times out on version 2.6.1, but works on 1.9.5

Hi All,

I will try to keep it simple, been trying to figure this out for days. Migrating a CI/CD pipeline to a new runner on a new server. Install Azure PowerShell (all worked before on AzureRM) Any suggestions are appreciated!

@{Name=Connect-AzAccount; Version=2.6.1}

Connect-azAccount -ServicePrincipal -Environment $xxx -Tenant $xxx -Credential $CREDENTIAL -Subscription $xxxx

Command fails with PSVersion 7.1.4 and 5.1.17763.2183

@{Name=Connect-AzAccount; Version=1.9.5}

Connect-azAccount -ServicePrincipal -Environment $xxx -Tenant $xxx -Credential $CREDENTIAL -Subscription $xxxx

Command succeeds on PSVersion 5.1.17763.2183 but fails on PSVersion 7.1.4 (Probably because it doesn't support that version)

Some sample output from the -debug:

DEBUG: Sought all Az modules and got latest version 6.6.0
DEBUG: 10:36:19 AM - ConnectAzureRmAccountCommand begin processing with ParameterSet 'ServicePrincipalWithSubscriptionId'.
DEBUG: 10:36:19 AM - Autosave setting from startup session: 'CurrentUser'
DEBUG: 10:36:19 AM - No autosave setting detected in environment variable 'AzContextAutoSave'.
DEBUG: 10:36:19 AM - Using Autosave scope 'CurrentUser'
DEBUG: 10:36:19 AM - Autosave setting from startup session: 'CurrentUser'
DEBUG: 10:36:19 AM - No autosave setting detected in environment variable 'AzContextAutoSave'.
DEBUG: 10:36:19 AM - Using Autosave scope 'CurrentUser'
WARNING: The provided service principal secret will be included in the 'AzureRmContext.json' file found in the user profile ( xxxxxxxxxxx ). Please ensure that this directory has appropriate protections.
DEBUG: 10:36:19 AM - Autosave setting from startup session: 'CurrentUser'
DEBUG: 10:36:19 AM - No autosave setting detected in environment variable 'AzContextAutoSave'.
DEBUG: 10:36:19 AM - Using Autosave scope 'CurrentUser'
DEBUG: 10:36:19 AM - [ServicePrincipalAuthenticator] Calling ClientSecretCredential.GetTokenAsync - ApplicationId:'-----redacted------', TenantId:'---------redacted-------', Scopes:'https://management.core.usgovcloudapi.net//.default', AuthorityHost:'https://login.microsoftonline.us/'
DEBUG: ClientSecretCredential.GetToken invoked. Scopes: [ https://management.core.usgovcloudapi.net//.default ] ParentRequestId:
DEBUG: Request [---------redacted-------] GET https://login.microsoftonline.us/common/discovery/instance?api-version=REDACTED&authorization_endpoint=REDACTED
x-client-SKU:REDACTED
x-client-Ver:REDACTED
x-client-CPU:REDACTED
x-client-OS:REDACTED
client-request-id:REDACTED
return-client-request-id:REDACTED
x-app-name:REDACTED
x-app-ver:REDACTED
x-ms-client-request-id:---------redacted-------
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.4.0,(.NET 5.0.9; Microsoft Windows 10.0.17763)
client assembly: Azure.Identity
DEBUG: Request [---------redacted-------] exception Azure.RequestFailedException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. (login.microsoftonline.us:443)
---> System.Net.Http.HttpRequestException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. (login.microsoftonline.us:443)
---> System.Net.Sockets.SocketException (10060): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
at System.Net.Sockets.Socket.<ConnectAsync>g_WaitForConnectWithCancellation|283_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.DefaultConnectAsync(SocketsHttpConnectionContext context, CancellationToken cancellationToken)
at System.Net.Http.ConnectHelper.ConnectAsync(Func`3 callback, DnsEndPoint endPoint, HttpRequestMessage requestMessage, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.ConnectAsync(Func`3 callback, DnsEndPoint endPoint, HttpRequestMessage requestMessage, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.SendAsyncCore(HttpRequestMessage request, HttpCompletionOption completionOption, Boolean async, Boolean emitTelemetryStartStop, CancellationToken cancellationToken)
at Azure.Core.Pipeline.HttpClientTransport.ProcessAsync(HttpMessage message, Boolean async)
--- End of inner exception stack trace ---
at Azure.Core.Pipeline.HttpClientTransport.ProcessAsync(HttpMessage message, Boolean async)
at Azure.Core.Pipeline.ResponseBodyPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
at Azure.Core.Pipeline.LoggingPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
DEBUG: Request [f28fcf70-fcb3-4aa1-af17-8af3af52bf4f] retry number 1 took 84.2s
DEBUG: Request [f28fcf70-fcb3-4aa1-af17-8af3af52bf4f] GET https://login.microsoftonline.us/common/discovery/instance?api-version=REDACTED&authorization_endpoint=REDACTED
x-client-SKU:REDACTED
x-client-Ver:REDACTED
x-client-CPU:REDACTED
x-client-OS:REDACTED
client-request-id:REDACTED
return-client-request-id:REDACTED
x-app-name:REDACTED
x-app-ver:REDACTED
x-ms-client-request-id:---------redacted-------
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.4.0,(.NET 5.0.9; Microsoft Windows 10.0.17763)
client assembly: Azure.Identity
DEBUG: Request [---------redacted-------] exception System.Threading.Tasks.TaskCanceledException: The operation was canceled.
at Azure.Core.CancellationHelper.ThrowOperationCanceledException(Exception innerException, CancellationToken cancellationToken)
at Azure.Core.CancellationHelper.ThrowIfCancellationRequested(CancellationToken cancellationToken)
at Azure.Core.Pipeline.ResponseBodyPolicy.ThrowIfCancellationRequestedOrTimeout(CancellationToken originalToken, CancellationToken timeoutToken, Exception inner, TimeSpan timeout)
at Azure.Core.Pipeline.ResponseBodyPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
at Azure.Core.Pipeline.LoggingPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
DEBUG: ClientSecretCredential.GetToken was unable to retrieve an access token. Scopes: [ https://management.core.usgovcloudapi.net//.default ] ParentRequestId: Exception: Azure.Identity.AuthenticationFailedException (0x80131500): ClientSecretCredential authentication failed: Retry failed after 2 tries. Retry settings can be adjusted in ClientOptions.Retry. (A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. (login.microsoftonline.us:443)) (The operation was canceled.)
---> System.AggregateException (0x80131500): Retry failed after 2 tries. Retry settings can be adjusted in ClientOptions.Retry. (A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. (login.microsoftonline.us:443)) (The operation was canceled.)
---> Azure.RequestFailedException (0x80131500): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. (login.microsoftonline.us:443)
---> System.Net.Http.HttpRequestException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. (login.microsoftonline.us:443)
---> System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
DEBUG: Azure.Identity.AuthenticationFailedException: ClientSecretCredential authentication failed: Retry failed after 2 tries. Retry settings can be adjusted in ClientOptions.Retry. (A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. (login.microsoftonline.us:443)) (The operation was canceled.)
---> System.AggregateException: Retry failed after 2 tries. Retry settings can be adjusted in ClientOptions.Retry. (A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. (login.microsoftonline.us:443)) (The operation was canceled.)
---> Azure.RequestFailedException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. (login.microsoftonline.us:443)
---> System.Net.Http.HttpRequestException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. (login.microsoftonline.us:443)
---> System.Net.Sockets.SocketException (10060): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.ThrowException(SocketError error, CancellationToken cancellationToken)
at System.Net.Sockets.Socket.AwaitableSocketAsyncEventArgs.System.Threading.Tasks.Sources.IValueTaskSource.GetResult(Int16 token)
at System.Net.Sockets.Socket.<ConnectAsync>g
_WaitForConnectWithCancellation|283_0(AwaitableSocketAsyncEventArgs saea, ValueTask connectTask, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.DefaultConnectAsync(SocketsHttpConnectionContext context, CancellationToken cancellationToken)
at System.Net.Http.ConnectHelper.ConnectAsync(Func`3 callback, DnsEndPoint endPoint, HttpRequestMessage requestMessage, CancellationToken cancellationToken)
--- End of inner exception stack trace ---

azure-automation
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@JeffWest-9449 - Thanks for reaching out and sorry for the inconvenience caused.

I have raised this issue with Product team and logged a bug here : https://github.com/Azure/azure-powershell/issues/16333

I will keep you posted as soon as we hear back from the Product team.

Thank you for your patience.


0 Votes 0 ·
JeffWest-9449 avatar image
0 Votes"
JeffWest-9449 answered

I have managed to get the connect-azaccount and az-context to work with older versions which makes me scratch my head.... Having the following modules installed so they can be called upon is working for my script that is just retrieving lists of resources in a particular subscription. Hope this helps....

Import-Module -Name Az.accounts -RequiredVersion 1.9.5
Import-Module Az.Resources -RequiredVersion 2.5.0 (Higher versions have dependencies on higher version of Az.Accounts)
Import-Module Az.Network -RequiredVersion 3.5.0 (Higher versions have dependencies on higher version of Az.Accounts)
Import-Module Az.Compute -RequiredVersion 4.3.1 (Higher versions have dependencies on higher version of Az.Accounts)

Interesting -

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JeffWest-9449 avatar image
0 Votes"
JeffWest-9449 answered Monalla-MSFT commented
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Glad to hear that the issue is resolved for you. Please feel free to reach us back out if you have any further questions,

0 Votes 0 ·