Share via

Authentication_MissingOrMalformed / Access Token missing or malformed.

MOP 6 Reputation points
2022-05-23T12:18:37.41+00:00

Hello,

I was doing some work in CloudShell. The other day I am not any longer able to "correctly" log into the AzureAD...or at least this is my feeling. When I type "connect-AzureAD -confirm" it takes an unsusual long period of time and I just get a nakes prompt line.

"Get-AzureADCurrentSessionInfo" gives back that I am not logged in with my Admin-Account:
204655-session-status.jpg

If I execute any command I get the following message:
204649-error.png

Can someone please advise?

Regards!

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Daniel Otto 0 Reputation points
    2023-09-13T06:41:08.25+00:00

    Hello @MOP,

    Anything new yet? Did anyone resolve this issue?

    Thanks and Regards,

    Daniel Otto

  2. MOP 6 Reputation points
    2022-05-31T06:21:01.447+00:00

    done...looking forward to a reply.

    Thank you in advance!

    0 comments
  3. MOP 6 Reputation points
    2022-05-30T07:48:38.177+00:00

    Hi @sikumars-msft ,

    thank you for the provided answer. Neither the removal of the AzureAD module nor the deletion of the storage account did anything positive to the issue.

    I also manually deleted the associated ressource in Azure Portal and reallocated another resource but this also did nothing to it.

    So I'll write this email to the support...will try to keep this threat updated.

    Thanks and Regards,

    MOP-2762

  4. Siva-kumar-selvaraj 15,736 Reputation points Volunteer Moderator
    2022-05-28T19:31:28.327+00:00

    Hello @MOP ,

    Thanks for reaching out and apologies for the delayed response.

    Azure Cloud Shell uses the AzureAD.Standard.Preview module for Azure AD interaction, and somehow the module failed to retrieve access_token due to which you were getting above error.

    To answer your second question, when you authenticate with Azure AD using 'connect-AzureAD', it uses Managed service 'MSI@50342' to authenticate on behalf of the currently logged in user (user impersonation) to access backend service API (in our case, Graph API), you will only see the managed service account rather than the actual login user when you run 'Get-AzureADCurrentSessionInfo' cmdlet, which is expected

    I would recommend that you try the steps below to see if they resolve the problem. If none of these work, I would recommend calling Azure support because this would require a more extensive investigation. If you do not have a support plan, please send an email to AzCommunity[at]Microsoft[dot]com referencing this article and your subscription id, and we will help you get one-time free technical support.

    • Try uninstalling the Azure AD module with the 'Remove-Module AzureAD.Standard.Preview -Force' cmdlet and restarting CloudShell to see if it resolves the issue.
      206330-untitled.png
    • If the issue persists, there is a chance that some system state and persistence has caused a delay in executing modules, so it is worth clearing out all user settings by deleting associated Azure storage account as detailed here so that when you re-launch CloudShell, a new storage account will be created.

    *Note: If you wish to export user settings before deleting, follow the steps outlined in this article.

    -----
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.