Skip to content

Azure.CLI Authentication timeout #19955

New issue
New issue
Open
Open
Azure.CLI Authentication timeout#19955
Assignees
dingmeng-xue
Labels
AccountsIssues in Az.Accounts except authentication relatedbugThis issue requires a change to an existing behavior in the product in order to be resolved.customer-reportedneeds-team-attentionThis issue needs attention from Azure service team or SDK team
@KrisSodroski

Description

@KrisSodroski
KrisSodroski
opened on Oct 26, 2022

Description

When using Azure.Powershell > 7.5.0, downstream systems attempting to obtain a token from ManagedIdentityCredential sometimes times out.

In example using Azure.identity 1.7.0 from a c# program shows the following:

Azure PowerShell authentication timed out.

Downgrading to 7.5.0 seems to resolve the issue.

Follows from this issue:

Azure/azure-sdk-for-net#31872

Issue script & Debug output

Working Example: 

Starting: Run App
==============================================================================
Task         : Azure PowerShell
Description  : Run a PowerShell script within an Azure environment
Version      : 5.209.0
Author       : Microsoft Corporation
Help         : https://aka.ms/azurepowershelltroubleshooting
==============================================================================
Generating script.
========================== Starting Command Output ===========================
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command ". 'D:\a\_temp\f0f1c6c7-29b0-41e6-860e-bae07cf5d1aa.ps1'"
Added TLS 1.2 in session.
Import-Module -Name C:\Modules\az_7.5.0\Az.Accounts\2.9.1\Az.Accounts.psd1 -Global
WARNING: Both Az and AzureRM modules were detected on this machine. Az and AzureRM modules cannot be imported in the 
same session or used in the same script or runbook. If you are running PowerShell in an environment you control you can
 use the 'Uninstall-AzureRm' cmdlet to remove all AzureRm modules from your machine. If you are running in Azure 
Automation, take care that none of your runbooks import both Az and AzureRM modules. More information can be found 
here: https://aka.ms/azps-migration-guide
Clear-AzContext -Scope CurrentUser -Force -ErrorAction SilentlyContinue
Clear-AzContext -Scope Process
Connect-AzAccount -ServicePrincipal -Tenant TenantID -Credential System.Management.Automation.PSCredential -Environment AzureCloud @processScope
 Set-AzContext -SubscriptionId SubscriptionID -TenantId TenantID

----------------------------------------------------------------------
Not Working Example (Using latest): 

==============================================================================
Task         : Azure PowerShell
Description  : Run a PowerShell script within an Azure environment
Version      : 5.209.0
Author       : Microsoft Corporation
Help         : https://aka.ms/azurepowershelltroubleshooting
==============================================================================
Az version 8.3.0 not avaiable locally on the agent. Downloading dynamically.

7-Zip [64] 16.00 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-10

Scanning the drive for archives:
1 file, 67255559 bytes (65 MiB)

Extracting archive: C:\Modules\az_8.3.0.zip
--
Path = C:\Modules\az_8.3.0.zip
Type = zip
Physical Size = 67255559

Everything is Ok

Folders: 81
Files: 1282
Size:       319427095
Compressed: 67255559
Generating script.
========================== Starting Command Output ===========================
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command ". 'D:\a\_temp\4ad8c730-46e6-4eaf-8cee-5520d82506b8.ps1'"
Added TLS 1.2 in session.
Import-Module -Name C:\Modules\az_8.3.0\Az.Accounts\2.10.0\Az.Accounts.psd1 -Global
WARNING: Both Az and AzureRM modules were detected on this machine. Az and AzureRM modules cannot be imported in the 
same session or used in the same script or runbook. If you are running PowerShell in an environment you control you can
 use the 'Uninstall-AzureRm' cmdlet to remove all AzureRm modules from your machine. If you are running in Azure 
Automation, take care that none of your runbooks import both Az and AzureRM modules. More information can be found 
here: https://aka.ms/azps-migration-guide
Clear-AzContext -Scope CurrentUser -Force -ErrorAction SilentlyContinue
Clear-AzContext -Scope Process
Connect-AzAccount -ServicePrincipal -Tenant TenantID -Credential System.Management.Automation.PSCredential -Environment AzureCloud @processScope
 Set-AzContext -SubscriptionId SubscriptionID -TenantId TenantID
 --.Net App runs here, attempts to connect to a resource using the managed identity
Azure CLI authentication timed out.

Environment data

Using Azure Agents, windows-latest

https://github.com/actions/runner-images/blob/main/images/win/Windows2022-Readme.md

Module versions

Information is in the above windows image.

Error output

Error is internal to Azure.Identity.

Metadata

Metadata

Assignees

Labels

AccountsIssues in Az.Accounts except authentication relatedbugThis issue requires a change to an existing behavior in the product in order to be resolved.customer-reportedneeds-team-attentionThis issue needs attention from Azure service team or SDK team

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions