I'm trying to update an existing Azure AD application using the following PowerShell command:
Set-AzureADApplication -ObjectId $objectId -PublicClient $true
This fails with the following error:
Property identifierUris is invalid.
The identifier URI on the application is "https://name-of-sp.verifieddnsdomainname.com". The homepage URL property (known in the manifest as the "signInUrl" property) is the same as the identifier URI. When I change those URLs to something else (I tried lots of options), I still keep on getting the same error.
With the "Set-AzureADApplication" I also tried the -Debug flag but it does not show me the underlying REST calls. Even with supplying the "-IdentifierUris" and "-Homepage" parameters, I get the same error message.
Also when I use the REST API "https://graph.windows.net/myorganization/applications/guid-of-application-object-id?api-version=1.6", I get the same error message.
Does anyone know why I'm getting this error? The supplied values for the URI should be correct in my opinion.
Related
I have downloaded powershell azure ad modules and I'm trying to connect to azure ad using below command but it throwing error.
Connect-AzureAD -Confirm
AADSTS900144: The request body must contain the following parameter: 'code'.
I have specified correct credentials even then getting above issue .
https://social.msdn.microsoft.com/Forums/en-US/281ffa55-1024-4d39-b83f-a7f184fc4da8/cannot-login-to-azure-portal?forum=AzureAvailabilityZones
Looks like it might be an azure auth issue.
I have been following after this guide step by step:
https://github.com/Azure-Samples/active-directory-angularjs-singlepageapp-dotnet-webapi
The only thing that I didn't do (not sure if its related) is the following line:
"Also in the ToGoAPI project, open the file Controllers/ToGoListController.cs. In the [EnableCors...] attribute, enter the location of the To Do SPA client. By default it is https://localhost:44326. Make sure to omit the trailing slash.
"
The reason I didn't do it is simply because I can't find any [EnableCors...] in the code. I did try to enable CORS in a different way though. following this:
https://learn.microsoft.com/en-us/aspnet/web-api/overview/security/enabling-cross-origin-requests-in-web-api#enable-cors
Anyway, I get the following error:
"Error :invalid_resource
adal.js:973 Error description:AADSTS500011: The resource principal named https://yorecisraportsco.onmicrosoft.com/ToGoAPI was not found in the tenant named yorecisraportsco.onmicrosoft.com. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
Trace ID: 64213edc-4b12-4caa-aa4e-b9ec82bd3000
Correlation ID: 607d25c1-d915-46eb-ba48-67adb70ddab8
Timestamp: 2019-03-04 12:41:33Z"
I am not sure why this is happning as I followed the guide - configured everything in Azure like it said and also configured it in the code.
I'm writing a powershell script to setup a new Data Lake store gen1 account, and create folders with updated ACLs. The New-AzDataLakeStoreAccount statement works fine; New-AzDataLakeStoreItem and Get-AzDataLakeStoreItem fail with similar Unknown Error.
Following powershell code will create a new Data Lake store. I have a resourcegroup and security group in the subscription as listed below. The second and third scripts for listing and adding a folder fail. I'm using https://shell.azure.com to execute the powershell.
New-AzDataLakeStoreAccount -ResourceGroupName "ade-dev-eastus2" -Name "adedeveastus2" -Location "East US 2" -DefaultGroup (Get-AzADGroup -DisplayName "Technical Operations").Id -Encryption ServiceManaged -Tag #{User="ADE";}-Tier Consumption
Get-AzDataLakeStoreItem -AccountName "adedeveastus2" -Path "/"
New-AzDataLakeStoreItem -AccountName "adedeveastus2" -Path "/Staging" -Folder
Following is an error message for Get-AzDataLakeStoreItem
Get-AzDataLakeStoreItem : Error in getting metadata for path /.
Operation: GETFILESTATUS failed with Unknown Error: Token Length is 6. Token is most probably malformed. Source: StackTrace: .
Last encountered exception thrown after 5 tries. [There was an error retrieving the managed service access token for resource 'https://datalake.azure.net' using the URI 'http://localhost:50342/oauth2/token?resource=https%3A%2F%2Fdatalake.azure.net&api-version=2018-02-01'. Please check that this managed service is configured to emit tokens at this address and that the associated managed service identity has the appropriate role assignment and try logging in again.,Token Length is 6. Token is most probably malformed.,Token Length is 6. Token is most probably malformed.,Token Length is 6. Token is most probably malformed.,Token Length is 6. Token is most probably malformed.]
[ServerRequestId:]
At line:1 char:1
+ Get-AzDataLakeStoreItem -Account "adedeveastus2" -Path "/"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzDataLakeStoreItem], AdlsException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.DataLakeStore.GetAzureDataLakeStoreItem
The error returned when using a Windows Powershell host is more descriptive.
Operation: GETFILESTATUS failed with Unknown Error: The 'User-Agent' header must be modified using the appropriate property or method.
I would expect to get back a DataLakeStoreItem object, and things like Name and Path. I think a general error for other users of ADL or the Cloud shell powershell?
I can reproduce your issue in the Azure Cloud Shell, when I run the command in local(PSVersion is 5.1.17134.228), I got the same error with the GitHub known issue.
As the datalake team said, see this link:
This is a problem with Httpwebrequest class used by our SDK. Setting useragent for httpwebrequest is different across netframework and netcore:
NET framework: webReq.UserAgent = client.GetUserAgent()
net standard: webReq.Headers["User-Agent"] = client.GetUserAgent()
If you try to later thing in net framework you get the error you are getting above.
When you use this az module which is using the netstandard dll of our SDK. When you use that from windows powershell, its trying to use net standard dll on netframework which gives this error.
And the soluation:
I tested this in net core powershell. It runs fine.
We are moving from httpwebrequest to httpclient which will probably fix the issue.
So basically if you are using windows powershell use azurerm or else use Az from powershell netcore.
It seems explains the error The 'User-Agent' header must be modified using the appropriate property or method, so you could try to use the Az powershell in Powershell core. If it is acceptable, you can also use AzureRM powershell module in windows powershell, it works fine on my side.
Get-AzureRmDataLakeStoreItem -Account "joydatalake2" -Path "/"
New-AzureRmDataLakeStoreItem -Account "joydatalake2" -Path "/Staging" -Folder
I'm trying to set the diagnostic logging for the keyvault.
When I first run this command
Get-AzureRmDiagnosticSetting on the keyvault.
I get
Operation returned an invalid status code 'NotFound'
Any thoughts on why this may be
I use the command below, it works fine on my side.
Get-AzureRmDiagnosticSetting -ResourceId <ResourceId>
If I use an incorrect ResourceId, it will return a Not Found error. So I think you could check if your ResourceId is correct, you could find it in your keyvault-> Properties in the portal.
I am now using the current Azure Dev Pack (18.03). When following the tutorial for connection there is now the following error when trying to connect:
The problem is, that the tutorial is only mentioning the following dialog for connecting a storage:
where the ARM endpoint has to be set to "https://adminmanagement.local.azurestack.external".
But after this dialog another dialog is shown which is not mentioned in the documenation at all:
Here it is not clear what is meant by the "Sign in ressource id" or the "ARM resource id".
I found something, which might be at least the "ARM resource id":
So finally: What to insert for "Sign in resource id" and "ARM resource id"?
EDIT:
So after the answers below I requested these IDs manually:
But I still don't know exactly how to insert it. Doing it the following way:
still ends up in another error message:
EDIT 2:
So what I corrected was, that I again checked to use a base64 encoded Certificate. Further it appeared to be an issue that in above screenshot I had ARM Endpoint for "adminmanagement..." and the resource ids I requested were for "management...". So I altered the Rest call for the ID to (Invoke-RestMethod -Uri https://adminmanagement.local.azurestack.external/metadata/endpoints?api-version=1.0).authentication.audiences[0].
IT appears to be an improvement, because it ends up in a brand new error message:
Additional hint: If I now use a nonesense login not available at the stack, I get the Unable to sign in: access_denied: AADSTS65005: Invalid resource error message in the popup at the top border of the Azure explorer.
From an internal program manager, This seems to be caused by some known regression issue in Storage Explorer 0.9.6 version that Sign in resource id and ARM resource id aren’t fetched properly during sign-in.
As a workaround, user can execute the sample cmdlet for ASDK below and then input the returned value for these two resource ids.
For multi-node integrated system, the Azure Stack endpoint needs to be changed according to the environment configuration.
PowerShell:
Invoke-RestMethod -Uri (https://management.local.azurestack.external/metadata/endpoints?api-version=1.0 -Method Get).authentication.audiences[0]
There is also a new release of Storage Explorer to fix this bug soon.
Second Fix:
This issue could also happen when the incorrect certificate type is exported. The certificate must be exported in Base-64 x.509 format:
Try entering the invoke command like this:
(Invoke-RestMethod -Uri https://Adminmanagement.3171r06a.azcatcpec.com/metadata/endpoints?api-version=1.0).authentication.audiences[0]
or
(Invoke-RestMethod -Uri https://Adminmanagement.3171r06a.azcatcpec.com/metadata/endpoints?api-version=1.0).authentication
Returned results for me. Replace you region and dns with what you have deployed.
The problems have been solved together with Azure Storage Explorer v1.0.