When I run the pipeline on AKS and run az login --identity it gives me an error as below. What should I do to fix this issue.
AzureResponseError: Failed to connect to MSI. Please make sure MSI is configured correctly. Get Token request returned http error: 400, reason: Bad Request
Related
Trying to install the Azure Devops CLI Extension
https://learn.microsoft.com/en-us/azure/devops/cli/?view=azure-devops
az extension add --name azure-devops
is the command I run
I get the following error message
Error Message
I have tried
git config http.sslVerify "false"
I've tried to do multiple azure cli and powershell commands
I've set my context with
Set-AzContext -Subscription "xxxx-xxxx-xxxx-xxxx"
I don't understand what the issue is here.
I've tried running the commands with and without the VPN ( I use Pulse VPN for reference)
I've tried setting powershell's execution policy to Undefined
**Set-ExecutionPolicy -ExecutionPolicy Undefined -Scope CurrentUser**
If someone could please let me know their thoughts on the specific error:
Please ensure you have network connection. Error detail: HTTPSConnectionPool(host='objects.githubusercontent.com', port=443): Max retries exceeded with url: /github-production-release-asset-2e65be/107708057/665228bd-d0c3-4865-b029-624cbc247ca1?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220701%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220701T163308Z&X-Amz-Expires=300&X-Amz-Signature=dd9381d3d71deeb228b151ec41140e8238f425ca9bf2882889c6bc9592c782e6&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=107708057&response-content-disposition=attachment%3B%20filename%3Dazure_devops-0.25.0-py2.py3-none-any.whl&response-content-type=application%2Foctet-stream (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)')))
I've seen the post here Azure CLI Error and it was of no help
We have tried the same at our local to install the azure devops extension and it works successfully by following the MS DOC as given in question.
Here are the workaround we followed;
az login
Select-AzSubscription -Subscription subscriptionID
And it has been logged in successfully:-
After then installing az extension add --name azure-devops and it works.
Below are az --version we used ;
NOTE:- For the error make sure that you are using the latest version of az cli and enabled the port in your local (Windows security> Advance settings> Inbound Rule> add new rule then add your required port (443) and enable the same).
For configuration details here : How to open port in windows firwall .
For more information please refer the below links:-
Similar SO THREAD|Why Azure CLI login fails? "Connection actively refused" & az login command fails - Azure cli .
BLOG| MICROSOFT TECHNET .
Trying to install the Azure Devops CLI Extension
https://learn.microsoft.com/en-us/azure/devops/cli/?view=azure-devops
az extension add --name azure-devops
is the command I run
I get the following error message
Error Message I have tried
git config http.sslVerify "false"
I've tried to do multiple azure cli and powershell commands
I've set my context with
Set-AzContext -Subscription "xxxx-xxxx-xxxx-xxxx"
I don't understand what the issue is here.
I've tried running the commands with and without the VPN ( I use Pulse VPN for reference)
I've tried setting powershell's execution policy to Undefined
Set-ExecutionPolicy -ExecutionPolicy Undefined -Scope CurrentUser
If someone could please let me know their thoughts on the specific error:
Please ensure you have network connection. Error detail: HTTPSConnectionPool(host='objects.githubusercontent.com', port=443): Max retries exceeded with url: /github-production-release-asset-2e65be/107708057/665228bd-d0c3-4865-b029-624cbc247ca1?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220701%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220701T163308Z&X-Amz-Expires=300&X-Amz-Signature=dd9381d3d71deeb228b151ec41140e8238f425ca9bf2882889c6bc9592c782e6&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=107708057&response-content-disposition=attachment%3B%20filename%3Dazure_devops-0.25.0-py2.py3-none-any.whl&response-content-type=application%2Foctet-stream (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)')))
Normally, when executing the command line "az extension add --name azure-devops", it will go to the Azure DevOps CLI Extension GitHub Repo to download the latest release of the extension.
You can try to manually open the Azure DevOps CLI Extension GitHub Repo and download the extension on your browser:
If you also cannot manually access the GitHub Repo and download the extension, check whether there is any networking restriction or firewall set on your machine and the current network.
If you can manually access the GitHub Repo and download the extension, try to manually install the extension on your machine.
I'm trying to add ECR registry in anchore that is setup in kubernetes. I created an achore-cli pod and tried to execute the below command
anchore-cli registry add /
1234567890.dkr.ecr.us-east-1.amazonaws.com /
awsauto /
awsauto /
--registry-type=awsecr
and I got the following output,
Error: 'awsauto' is not enabled in service configuration
HTTP Code: 406
Detail: {'error_codes': []}
I configured IAM Role via service account with AmazonEC2ContainerRegistryReadOnly policy. Can someone help me with this?
I'm trying to authenticate to Azure container registry with the cli.
I'm using subject name and issuer authentication, and authenticating to azure with service principal.
that's what I do to login to azure
az login --service-principal --use-cert-sn-issuer -u {app id} -p {certificate .pem file} --tenant {tenant id}
it works, and then I try to login to the acr with:
az acr login --name {acr name}
it fails with:
The command failed with an unexpected error. Here is the traceback:
Get Token request returned http error: 401 and server response: {"error":"invalid_client","error_description":"AADSTS700027: Client assertion contains an invalid signature. [Reason - The key was not found., Thumbprint of key used by client: {Thumbprint}, Please visit 'https://developer.microsoft.com/en-us/graph/graph-explorer' and query for 'https://graph.microsoft.com/beta/applications/{app id}' to see configured keys]\r\nTrace ID: 4546d682-75b6-4a8b-9c03-11f4821c5f00\r\nCorrelation ID: 02e4c324-25a9-47ff-a5ba-afdeec0ce5ec\r\nTimestamp: 2020-06-23 08:12:00Z","error_codes":[700027],"timestamp":"2020-06-23 08:12:00Z","trace_id":"4546d682-75b6-4a8b-9c03-11f4821c5f00","correlation_id":"02e4c324-25a9-47ff-a5ba-afdeec0ce5ec","error_uri":"https://login.microsoftonline.com/error?code=700027"}
what could be the problem?
The error shows that your certificate is not very correct. Here is the same issue in Github and you can follow the steps to solve it.
Or you can create the service principal using certificate-based authentication with the CLI command:
az ad sp create-for-rbac --name ServicePrincipalName --create-cert
and then it will work fine for you. Here are the steps with more details. And take care of the caution:
When using a PEM file, the CERTIFICATE must be appended to the PRIVATE
KEY within the file.
I have set up WSL. And then installed docked following this tutorial and then installed azure cli.
I can login from windows command line; but I cannot login to azure container registry by using the command below from bash
$ az acr login --name $ACRNAME
I get the following error
Error response from daemon: Get https://ACRNAME.azurecr.io/v2/:
unauthorized: authentication required
And also if i tried to pull the image by
$ docker pull ${ACRNAME}.azurecr.io/image_name
get the same error
Error response from daemon: Get https://ACRNAME.azurecr.io/v2/:
unauthorized: authentication required
But i am able to see the list. The following command returns list
$ az acr repository list -n $ACRNAME
I have found this closed issue and change my machine DNS server to 8.8.8.8 but no progress. What am i missing?
For you issue, you maybe use the wrong username and password. So, first you can check your username and password which you choose to login. You can get the information in portal: container->Access keys.
You can get more information from this document az acr with az acr check-name and az acr create.