Having a bit of an issue with Azure and Powershell. I'm just checking to see if a resource group exists and I keep hitting this error. The next step after this is to create the resource group if it does not exist, but that is also throwing the same error. Was hoping someone might be able to suggest some workarounds or fixes.
Please note, I have access to the subscriptions, I can see them and sucessfully set the default subscription as can be seen in the script below.
Full Error Returned
'this.Client.SubscriptionId' cannot be null.
At **********************\envir\create-env.ps1:21 char:1
+ Get-AzResourceGroup -Name $resourceGroup -ErrorVariable $doesNotExist ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzResourceGroup], ValidationException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.GetAzureResourceGroupCmdlet
I've just installed the Az module, version details below.
Version Name Repository
------- ---- ----------
1.6.0 Az PSGallery
I'm just running a pretty straight forward script (below), I thought it might be something to do with a default subscription not been set, but setting that has made no difference.
$passwd = ConvertTo-SecureString $servicePrincipalKey -AsPlainText -Force
$pscredential = New-Object
System.Management.Automation.PSCredential($servicePrincipalUserName, $passwd)
Connect-AzAccount -ServicePrincipal -Credential $pscredential -TenantId $tenantId
Select-AzureSubscription -Default -SubscriptionName $subscriptioName
Get-AzResourceGroup -Name $resourceGroup -ErrorVariable $doesNotExist
I then get the error listed above.
I found the problem, the Service Principal I had created did not have sufficient access to the subscription as suggested by #4c74356b41, I ended up giving it a role of Contributor and that resolved the problem.
Related
$storageAccount = New-AzStorageAccount -ResourceGroupName $resourceGroup -Name "blobstgaccdemo" -SkuName Standard_LRS -Location $location
New-AzStorageAccount : An error occurred while sending the request.
At line:1 char:19
+ ... geAccount = New-AzStorageAccount -ResourceGroupName $resourceGroup -N ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [New-AzStorageAccount], HttpRequestException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Management.Storage.NewAzureStorageAccountCommand
This is a generic error and can occur in more than a few conditions, including when Azure PowerShell is not able to reach/resolve the underlying management REST APIs, or in case of SSL errors.
To get more information about the error, run the PS cmdlet passing the -Debug parameter along, or set $DebugPreference to Continue before executing the cmdlet. This would surface the details of the exception along with the stack trace.
If this is consistently happening with other cmdlets as well, then you could try upgrading PS modules, or re-installing Azure PowerShell itself. Another quick alternative would be to use Azure Cloud Shell that is preconfigured with all the required modules.
I am trying to login to Azure from Azure Automation using my AD credential. However seems like I am doing something wrong and it's throwing error while testing.
$Cred = Get-AutomationPSCredential -Name 'DefaultAzureCredential'
$null = Add-AzureRmAccount -Credential $Cred -ErrorAction Stop -ErrorVariable err
if($err) {
throw $err
}
Get-AzureRmResourceGroup -Name "my-resource-group"
Error:
Get-AzureRmResourceGroup : No subscription found in the context. Please ensure that the credentials you provided are
authorized to access an Azure subscription, then run Login-AzureRMAccount to login.
At line:8 char:1
+ Get-AzureRmResourceGroup -Name "my-resource-group"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzureRmResourceGroup], ApplicationException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Resources.GetAzureResourceGroupCommand
Update:
When I run Get-AzureRm-Context from Azure Automation script it shows me following which is completely different than when I run the same command from Azure Cloud Shell. Should I do things differently ?
Account Environment Subscription Tenant
------- ----------- ------------ ------
AzureCloud
Looking at the error, i do not see an issue with Login or credential. The error is in the get-AzureRmResourceGroup No subscription found in the context.
This happens when credential provided does not have a subscription. If you are sure account has subscription, then the issue might be with the module loaded in Azure Automation.
The main problem is, that I can assign IAM role using the Azure portal, but got an error when trying the same via PowerShell.
This is the result of a portal action:
And I receive following error when I try to do the same via PowerShell:
> New-AzureRmRoleAssignment -ObjectId "d585d0b6-eb2b-4d7c-99b4-7c357219f78d" -RoleDefinitionName "Reader" -ResourceName "datalaketestmh" -ResourceType "Microsoft.DataLakeStore/accounts" -ResourceGroupName "My-Test-Resource-Group"
New-AzureRmRoleAssignment : Principal d585d0b6eb2b4d7c99b47c357219f78d does not exist in the directory 3596192b-fdf5-4e2c-a6fa-acb706c963d8.
At line:1 char:1
+ New-AzureRmRoleAssignment -ObjectId "d585d0b6-eb2b-4d7c-99b4-7c357219 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [New-AzureRmRoleAssignment], CloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Resources.NewAzureRoleAssignmentCommand
Any ideas where to look for the error?
Please use this script to get user ID:
$a = Get-AzureRmADUser | ?{ $_.UserPrincipalName -eq 'username#xxxx.onmicrosoft.com' } | select id
$userid = $a.id.Guid
Then use $userid to assign the role:
New-AzureRmRoleAssignment -ObjectId $userid -RoleDefinitionName "Reader" -ResourceName "datalaketestmh" -ResourceType "Microsoft.DataLakeStore/accounts" -ResourceGroupName "My-Test-Resource-Group"
By the way, please check your Azure PowerShell version, my Azure powershell version is 5.1.1, that script works for me:
PS C:\Users\jason> Get-Module -ListAvailable -Name Azure -Refresh
Directory: C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\ServiceManagement
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 5.1.1 Azure {Get-AzureAutomationCertificate, Get-AzureAutomationConnection, New-AzureAutomationConnection, Remove-AzureAutomationConnection...}
Also you can use SignInName inside of ObjectId, like this:
New-AzureRmRoleAssignment -SignInName john.doe#contoso.com -RoleDefinitionName Owner -Scope "/subscriptions/86f81fc3-b00f-48cd-8218-3879f51ff362/resourcegroups/rg1/providers/Microsoft.Web/sites/site1"
More information about command New-AzureRmRoleAssignment, please refer to this article.
Hope this helps.
I recently had to delete and re-install my VM due to an issue with the VM locking up. Now that the VM is back online, I noticed the shutdown automation is not working. It was working fine before I ran into the issue with the VM. Below is the PS script from the runbook, it returns the following error:
Correlation ID: 72fa8e58-89f1-4612-bc43-1b05876c2bff
Timestamp: 2015-08-25 06:04:14Z: The remote server returned an error: (401) Unauthorized.
At Shutdown:6 char:6
+
+ CategoryInfo : CloseError: (:) [Add-AzureAccount], AadAuthenticationFailedException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.Profile.AddAzureAccount
8/24/2015 11:04:25 PM, Error: Get-azurevm : No default subscription has been designated.
Use Select-AzureSubscription -Default <subscriptionName> to set the default subscription.
At Shutdown:8 char:8
+
+ CategoryInfo : CloseError: (:) [Get-AzureVM], ApplicationException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.GetAzureVMCommand
Any idea what I am missing to get this working with new VM? I have been wracking my brain for something with the credentials that would not include this new VM, but have come up empty handed.
workflow Shutdown
{
$Cred = Get-AutomationPSCredential -Name "auto"
Add-AzureAccount -Credential $Cred
$vms = Get-azurevm
foreach($VM in $VMS)
{
$VMName = $VM.Name
Stop-AzureVM -ServiceName $VM.ServiceName -Name $VM.Name -Force
Write-Output "Shutting down VM : $VMName "
}
}
I think you should also add the subscription name (select-azuresubscription in the error log) in the script you are using. There are quite some examples of doing this in various ways in the TechNet Script libraries like this one https://gallery.technet.microsoft.com/scriptcenter/Stop-Azure-VM-with-OrgID-41a79d91
I created a new user, granted them admin rights to the subscription, and updated the credential. That seemed to fix it, guessing it was something with the existing co-admin account not having access to the new VM.
I'm trying to get an automation script up and running in Windows Azure.
I got an error telling the I have to use Select-AzureSubscription.
This one is failing with the following error:
Error: Select-AzureSubscription : The subscription named 'xxx' cannot be found. Use Set-AzureSubscription to
initialize the subscription data.
Parameter name: name
At my-script:15 char:15
+
+ CategoryInfo : CloseError: (:) [Select-AzureSubscription], ArgumentException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.Profile.SelectAzureSubscriptionCommand
So I used Set-AzureSubscription but this one is failing as well.
I tried passing the subscription name and the subscription ID.
Did someone managed to properly configure this?
You need to set up authentication to Azure using Add-AzureAccount. See https://msdn.microsoft.com/en-us/library/azure/dn865019.aspx for more details.
Before Selecting subscription you need to add your azure account through any of the methods available. The simplest one is using credentials
$username = "your username"
$password = ConvertTo-SecureString 'yourpassword' –asplaintext –force
$Cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
<#you can also use Azure assets to store the credential and use it directly like
$Cred=Get-AutomationPSCredential -Name $AzureAccountCredentialName
#>
Add-AzureAccount -Credential $Cred
#Now select your subscription