Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Import-AzureRmContext does not setup Azure RM profile properly #4115

Closed
afengli opened this issue Jun 12, 2017 · 2 comments
Closed

Import-AzureRmContext does not setup Azure RM profile properly #4115

afengli opened this issue Jun 12, 2017 · 2 comments
Assignees
@cormacpayne
Labels
Azure PS Team
Milestone
July 2017

Comments

@afengli
Copy link

afengli commented Jun 12, 2017
edited by azuresdkci
Loading

Cmdlet(s)

PowerShell Version

Instructions: to get PowerShell version, type $PSVersionTable and look for the value associated with PSVersion

5.1.14393.1198

Module Version

4.1.0

OS Version

Instructions: to get OS version, type $PSversionTable and look for value associated with BuildVersion
5.1.14393.1198

Description

  1. use “Save-AzureRmContext -Path c:\test\azureprofile.json -Force“ to save the azure rm profile to a local file.
  2. then for new powershell instance, add powershell startup script to import the saved profile file using “import-AzureRMContext -Path c:\test\azureprofile.json”.

Debug Output

Instructions: to get Debug Output, set $DebugPreference="Continue" and then execute the cmdlet or script causing the issue

Windows PowerShell
Copyright (C) 2016 Microsoft Corporation. All rights reserved.

PS C:\Users\fengli> Import-AzureRmContext -Path c:\test\AzureProfile.json

Environment : AzureCloud
Account : admin@xxxx.onmicrosoft.com
TenantId : 32b608e7-c186-4746-xxxx-1f1614ec7574
SubscriptionId : be8b8d49-5fe4-4abb-xxxx-b283469b1da9
SubscriptionName : xxxx
CurrentStorageAccount :

PS C:\Users\fengli> Select-AzureRmSubscription -SubscriptionId be8b8d49-5fe4-4abb-xxxx-b283469b1da9
Select-AzureRmSubscription : Provided subscription be8b8d49-5fe4-4abb-xxxx-b283469b1da9 does not exist
At line:1 char:1

  • Select-AzureRmSubscription -SubscriptionId be8b8d49-5fe4-4abb-xxxx-b ...
  •   + CategoryInfo          : CloseError: (:) [Set-AzureRmContext], ArgumentException
  + FullyQualifiedErrorId : Microsoft.Azure.Commands.Profile.SetAzureRMContextCommand

PS C:\Users\fengli> $DebugPreference="Continue"
PS C:\Users\fengli> Select-AzureRmSubscription -SubscriptionId be8b8d49-5fe4-4abb-xxxx-b283469b1da9
DEBUG: 6:44:50 PM - SetAzureRMContextCommand begin processing with ParameterSet 'SubscriptionId'.
DEBUG: 6:44:50 PM - using account id 'admin@fenglihotmailsubad.onmicrosoft.com'...
DEBUG: [Common.Authentication]: Authenticating using configuration values: Domain: 'Common', Endpoint:
'https://login.microsoftonline.com/', ClientId: '1950a258-227b-4e31-xxxx-717495945fc2', ClientRedirect:
'urn:ietf:wg:oauth:2.0:oob', ResourceClientUri: 'https://management.core.windows.net/', ValidateAuthrity: 'True'
DEBUG: [Common.Authentication]: Acquiring token using context with Authority
'https://login.microsoftonline.com/Common/', CorrelationId: '00000000-0000-0000-0000-000000000000', ValidateAuthority:
'True'
DEBUG: [Common.Authentication]: Acquiring token using AdalConfiguration with Domain: 'Common', AdEndpoint:
'https://login.microsoftonline.com/', ClientId: '1950a258-227b-4e31-xxxx-717495945fc2', ClientRedirectUri:
urn:ietf:wg:oauth:2.0:oob
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 06/12/2017 18:44:50: f365870a-2458-4e97-xxxx-4244f957e816 - AcquireTokenHandlerBase: === Token Acquisition
started:
Authority: https://login.microsoftonline.com/Common/
Resource: https://management.core.windows.net/
ClientId: 1950a258-227b-4e31-xxxx-717495945fc2
CacheType: Microsoft.Azure.Commands.Common.Authentication.AuthenticationStoreTokenCache (0 items)
Authentication Target: User

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 06/12/2017 18:44:50: f365870a-2458-4e97-xxxx-4244f957e816 - TokenCache: Looking up cache for a token...
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 06/12/2017 18:44:50: f365870a-2458-4e97-xxxx-4244f957e816 - TokenCache: No matching token was found in the cache
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 06/12/2017 18:44:50: - WindowsFormsWebAuthenticationDialogBase: Navigating to
'https://login.microsoftonline.com/Common/oauth2/authorize?resource=https://management.core.windows.net/&client_id=1950
a258-227b-4e31-xxxx-717495945fc2&response_type=code&haschrome=1&redirect_uri=urn:ietf:wg:oauth:2.0:oob&login_hint=admin
@fenglihotmailsubad.onmicrosoft.com&client-request-id=f365870a-2458-4e97-xxxx-4244f957e816&prompt=attempt_none&x-client
-SKU=.NET&x-client-Ver=2.28.3.860&x-client-CPU=x64&x-client-OS=Microsoft Windows NT
10.0.14393.0&site_id=501358&display=popup'.
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Error: 4 :
DEBUG: 06/12/2017 18:44:50: f365870a-2458-4e97-xxxx-4244f957e816 - d__0:
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException: user_interaction_required: One of two conditions was
encountered: 1. The PromptBehavior.Never flag was passed, but the constraint could not be honored, because user
interaction was required. 2. An error occurred during a silent web authentication that prevented the http
authentication flow from completing in a short enough time frame
at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenInteractiveHandler.VerifyAuthorizationResult()
at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenInteractiveHandler.PreTokenRequest()
at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenHandlerBase.d__0.MoveNext()
ErrorCode: user_interaction_required
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 06/12/2017 18:44:50: - TokenCache: Serializing token cache with 0 items.
DEBUG: [Common.Authentication]: Authenticating using configuration values: Domain:
'32b608e7-c186-4746-xxxx-1f1614ec7574', Endpoint: 'https://login.microsoftonline.com/', ClientId:
'1950a258-227b-4e31-xxxx-717495945fc2', ClientRedirect: 'urn:ietf:wg:oauth:2.0:oob', ResourceClientUri:
'https://management.core.windows.net/', ValidateAuthrity: 'True'
DEBUG: [Common.Authentication]: Acquiring token using context with Authority
'https://login.microsoftonline.com/32b608e7-c186-4746-xxxx-1f1614ec7574/', CorrelationId:
'00000000-0000-0000-0000-000000000000', ValidateAuthority: 'True'
DEBUG: [Common.Authentication]: Acquiring token using AdalConfiguration with Domain:
'32b608e7-c186-4746-xxxx-1f1614ec7574', AdEndpoint: 'https://login.microsoftonline.com/', ClientId:
'1950a258-227b-4e31-xxxx-717495945fc2', ClientRedirectUri: urn:ietf:wg:oauth:2.0:oob
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 06/12/2017 18:44:50: 85d55dae-8601-4844-xxxx-a5d90f3df6ab - AcquireTokenHandlerBase: === Token Acquisition
started:
Authority: https://login.microsoftonline.com/32b608e7-c186-4746-b3ac-1f1614ec7574/
Resource: https://management.core.windows.net/
ClientId: 1950a258-227b-4e31-xxxx-717495945fc2
CacheType: Microsoft.Azure.Commands.Common.Authentication.AuthenticationStoreTokenCache (0 items)
Authentication Target: User

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 06/12/2017 18:44:50: 85d55dae-8601-4844-xxxx-a5d90f3df6ab - TokenCache: Looking up cache for a token...
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 06/12/2017 18:44:50: 85d55dae-8601-4844-xxxx-a5d90f3df6ab - TokenCache: No matching token was found in the cache
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 06/12/2017 18:44:50: - WindowsFormsWebAuthenticationDialogBase: Navigating to
'https://login.microsoftonline.com/32b608e7-c186-4746-xxxx-1f1614ec7574/oauth2/authorize?resource=https://management.co
re.windows.net/&client_id=1950a258-227b-4e31-xxxx-717495945fc2&response_type=code&haschrome=1&redirect_uri=urn:ietf:wg:
oauth:2.0:oob&login_hint=admin@fenglihotmailsubad.onmicrosoft.com&client-request-id=85d55dae-8601-4844-xxxx-a5d90f3df6a
b&prompt=attempt_none&x-client-SKU=.NET&x-client-Ver=2.28.3.860&x-client-CPU=x64&x-client-OS=Microsoft Windows NT
10.0.14393.0&site_id=501358&display=popup'.
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Error: 4 :
DEBUG: 06/12/2017 18:44:50: 85d55dae-8601-4844-xxxx-a5d90f3df6ab - d__0:
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException: user_interaction_required: One of two conditions was
encountered: 1. The PromptBehavior.Never flag was passed, but the constraint could not be honored, because user
interaction was required. 2. An error occurred during a silent web authentication that prevented the http
authentication flow from completing in a short enough time frame
at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenInteractiveHandler.VerifyAuthorizationResult()
at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenInteractiveHandler.PreTokenRequest()
at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenHandlerBase.d__0.MoveNext()
ErrorCode: user_interaction_required
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 06/12/2017 18:44:50: - TokenCache: Serializing token cache with 0 items.
Select-AzureRmSubscription : Provided subscription be8b8d49-5fe4-4abb-xxxx-b283469b1da9 does not exist
At line:1 char:1

  • Select-AzureRmSubscription -SubscriptionId be8b8d49-5fe4-4abb-xxxx-b ...
  •   + CategoryInfo          : CloseError: (:) [Set-AzureRmContext], ArgumentException
  + FullyQualifiedErrorId : Microsoft.Azure.Commands.Profile.SetAzureRMContextCommand

DEBUG: 6:44:50 PM - SetAzureRMContextCommand end processing.
DEBUG: 6:44:50 PM - SetAzureRMContextCommand end processing.
PS C:\Users\fengli>

Script/Steps for Reproduction

create profile:

# Set User and Password
$AzureCLIName = "admin@xxxx.onmicrosoft.com"

$AzureCLIPassword = ConvertTo-SecureString 'xxxx' -AsPlainText -Force

# Get Credential Object
$AzureRMCredential = New-Object -TypeName System.Management.Automation.PSCredential($AzureCLIName, $AzureCLIPassword)


Add-AzureRMAccount -Credential $AzureRMCredential

Write-Host "Executing Get-AzureRmSubscription..."
Get-AzureRmSubscription -SubscriptionId be8b8d49-5fe4-4abb-xxxx-b283469b1da9 | Select-AzureRmSubscription

# Save Azure RM Profile for later use
Write-Host "Executing Save-AzureRmContext (V2)..."
Save-AzureRmContext -Path c:\test\azureprofile.json -Force

Use the profile

Import-AzureRmContext -Path c:\test\AzureProfile.json
@cormacpayne cormacpayne added this to the July 2017 milestone Jun 13, 2017
@markcowl
Copy link
Member

Found the root cause: #4145 When there is no ProtectedFileTokenCache file, the tokens will not be transmitted from the saved context. Slated to fix in the July release.

markcowl added a commit to markcowl/azure-powershell that referenced this issue Jun 18, 2017
@markcowl
Fixing issues with TokenCache load [Azure#4080], [Azure#4115], [Azure…
1e291d0 
…#3954], [Azure#4144], [Azure#4145]
@markcowl
Copy link
Member

Fix checked in. Wil ship in next release

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cormacpayne cormacpayne

Labels
Azure PS Team
Projects
None yet
Milestone
July 2017
Development

No branches or pull requests
3 participants
@markcowl @cormacpayne @afengli