I got a powershell Azure Functions using this command:
Connect-PnPOnline -Url "https://awesome.sharepoint.com" -AppId $appid -AppSecret $appsecret
I get the appid and secret from the key vault and it works. I do connect but when trying to run commands like
Get-PnPSite
Result:
Get-PnPSite : Access denied. You do not have permission to perform this action or access this resource.
I've got an app and I've granted permissions in the app:
Any suggestion??
Extra information:
Using MFA
Related
Trying to install the Azure Devops CLI Extension
https://learn.microsoft.com/en-us/azure/devops/cli/?view=azure-devops
az extension add --name azure-devops
is the command I run
I get the following error message
Error Message
I have tried
git config http.sslVerify "false"
I've tried to do multiple azure cli and powershell commands
I've set my context with
Set-AzContext -Subscription "xxxx-xxxx-xxxx-xxxx"
I don't understand what the issue is here.
I've tried running the commands with and without the VPN ( I use Pulse VPN for reference)
I've tried setting powershell's execution policy to Undefined
**Set-ExecutionPolicy -ExecutionPolicy Undefined -Scope CurrentUser**
If someone could please let me know their thoughts on the specific error:
Please ensure you have network connection. Error detail: HTTPSConnectionPool(host='objects.githubusercontent.com', port=443): Max retries exceeded with url: /github-production-release-asset-2e65be/107708057/665228bd-d0c3-4865-b029-624cbc247ca1?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220701%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220701T163308Z&X-Amz-Expires=300&X-Amz-Signature=dd9381d3d71deeb228b151ec41140e8238f425ca9bf2882889c6bc9592c782e6&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=107708057&response-content-disposition=attachment%3B%20filename%3Dazure_devops-0.25.0-py2.py3-none-any.whl&response-content-type=application%2Foctet-stream (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)')))
I've seen the post here Azure CLI Error and it was of no help
We have tried the same at our local to install the azure devops extension and it works successfully by following the MS DOC as given in question.
Here are the workaround we followed;
az login
Select-AzSubscription -Subscription subscriptionID
And it has been logged in successfully:-
After then installing az extension add --name azure-devops and it works.
Below are az --version we used ;
NOTE:- For the error make sure that you are using the latest version of az cli and enabled the port in your local (Windows security> Advance settings> Inbound Rule> add new rule then add your required port (443) and enable the same).
For configuration details here : How to open port in windows firwall .
For more information please refer the below links:-
Similar SO THREAD|Why Azure CLI login fails? "Connection actively refused" & az login command fails - Azure cli .
BLOG| MICROSOFT TECHNET .
I am just doing this module of Microsoft course:
https://learn.microsoft.com/en-us/learn/modules/microservices-aspnet-core/
I created an azure subscription and tried to run the script given in unit 2.
Something is going on in the console, but at some point it shows something like this:
Getting credentials for AKS...
(ResourceNotFound) The Resource 'Microsoft.ContainerService/managedClusters/eshop-learn-aks' under resource group 'eshop-learn-rg' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix
Code: ResourceNotFound
Message: The Resource 'Microsoft.ContainerService/managedClusters/eshop-learn-aks' under resource group 'eshop-learn-rg' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix
Installing NGINX ingress controller
error: You must be logged in to the server (the server has asked for the client to provide credentials)
error: You must be logged in to the server (the server has asked for the client to provide credentials)
error: You must be logged in to the server (the server has asked for the client to provide credentials)
Getting load balancer public IP
> kubectl get svc -n ingress-nginx -o json | jq -r -e '.items[0].status.loadBalancer.ingress[0].ip // empty'
error: You must be logged in to the server (the server has asked for the client to provide credentials)
Waiting for load balancer IP...
Am I doing something wrong? Strictly followed instructions.
Edit:
I think problem is with VM, not AKS.
> az aks create -n eshop-learn-aks -g eshop-learn-rg --node-count 1 --node-vm-size Standard_D2_v5 --vm-set-type VirtualMachineScaleSets -l centralus --enable-managed-identity --generate-ssh-keys -o json
ERROR: (BadRequest) The VM size of AgentPoolProfile:nodepool1 is not allowed in your subscription in location 'centralus'.
You need to log in :
az login
az account set --subscription <YOUR SUB ID>
az aks get-credentials --resource-group <AKS RG> --name <AKS NAME>
The 'CentralUS' location doesn't accept new VM with the type of subscription you have.
You need to use another location.
To do that, you need to declare a variable 'defaultRegion' in the bash shell (ex.: declare defaultRegion=eastus) before executing wget
I am encountering an error executing the az ad app permission grant command via local terminal.
Do you need to be a Global administrator to be able to execute command? I am getting 403 Forbidden for url error, even though I can exactly do the same in the Portal manually. I am set as the owner for both App Registrations.
clientID = 'xxxx-xxxx-xxx-xxxx-xxxxxx"
$apiID= 'xxxx-xxxx-xxx-xxxx-xxxxxx
az ad app permission grant --api $apiId --id $clientID --scope user_impersonation
Operation failed with status: 'Forbidden'. Details: 403 Client Error: Forbidden for url: https://graph.windows.net/xxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/oauth2PermissionGrants?api-version=1.6
When I run the pipeline on AKS and run az login --identity it gives me an error as below. What should I do to fix this issue.
AzureResponseError: Failed to connect to MSI. Please make sure MSI is configured correctly. Get Token request returned http error: 400, reason: Bad Request
I'm trying to authenticate to Azure container registry with the cli.
I'm using subject name and issuer authentication, and authenticating to azure with service principal.
that's what I do to login to azure
az login --service-principal --use-cert-sn-issuer -u {app id} -p {certificate .pem file} --tenant {tenant id}
it works, and then I try to login to the acr with:
az acr login --name {acr name}
it fails with:
The command failed with an unexpected error. Here is the traceback:
Get Token request returned http error: 401 and server response: {"error":"invalid_client","error_description":"AADSTS700027: Client assertion contains an invalid signature. [Reason - The key was not found., Thumbprint of key used by client: {Thumbprint}, Please visit 'https://developer.microsoft.com/en-us/graph/graph-explorer' and query for 'https://graph.microsoft.com/beta/applications/{app id}' to see configured keys]\r\nTrace ID: 4546d682-75b6-4a8b-9c03-11f4821c5f00\r\nCorrelation ID: 02e4c324-25a9-47ff-a5ba-afdeec0ce5ec\r\nTimestamp: 2020-06-23 08:12:00Z","error_codes":[700027],"timestamp":"2020-06-23 08:12:00Z","trace_id":"4546d682-75b6-4a8b-9c03-11f4821c5f00","correlation_id":"02e4c324-25a9-47ff-a5ba-afdeec0ce5ec","error_uri":"https://login.microsoftonline.com/error?code=700027"}
what could be the problem?
The error shows that your certificate is not very correct. Here is the same issue in Github and you can follow the steps to solve it.
Or you can create the service principal using certificate-based authentication with the CLI command:
az ad sp create-for-rbac --name ServicePrincipalName --create-cert
and then it will work fine for you. Here are the steps with more details. And take care of the caution:
When using a PEM file, the CERTIFICATE must be appended to the PRIVATE
KEY within the file.