Troubleshoot the ServicePrincipalValidationClientError error code
Article
This article discusses how to identify and resolve the ServicePrincipalValidationClientError error that might occur if you try to create and deploy a Microsoft Azure Kubernetes Service (AKS) cluster.
Prerequisites
Azure CLI, version 2.0.59 or a later version. If Azure CLI is already installed, you can find the version number by running az --version.
Symptoms
When you try to deploy an AKS cluster, you receive the following error message:
adal: Refresh request failed. Status Code = '401'.
Response body: {
"error": "invalid_client",
"error_description": "AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app '123456789-1234-1234-1234-1234567890987'.\r\n
Note the appId and password values that are generated. After you get these values, you can rerun the cluster creation command for the new service principal and secret.
To update your AKS cluster with the new service principal's credential, run the following command:
Azure CLI
az aks update-credentials --resource-group<resource-group>--name<aks-cluster>--service-principal<new-client-id>--client-secret<new-client-secret>