Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Device Authentication Failed - AzAccounts 3.0.0 #25040

Closed
CraigGardinerDXC opened this issue May 30, 2024 · 1 comment
Closed

Device Authentication Failed - AzAccounts 3.0.0 #25040

CraigGardinerDXC opened this issue May 30, 2024 · 1 comment
Labels
Accounts Issues in Az.Accounts except authentication related bug This issue requires a change to an existing behavior in the product in order to be resolved. customer-reported WAM Web Account Manager

Comments

@CraigGardinerDXC
Copy link

CraigGardinerDXC commented May 30, 2024
edited
Loading

Description

When running the following commands, I would expect to receive an access token, instead I'm getting back a bad request and no access token.

Connect-AzAccount -TenantId $TenantId -SubscriptionId $SubscriptionId -UseDeviceAuthentication
$ARMtoken = (Get-AzAccessToken).Token

Issue script & Debug output

PS C:\Users\Administrator> Connect-AzAccount -TenantId $TenantId -SubscriptionId $SubscriptionId -UseDeviceAuthentication
DEBUG: 7:50:30 AM - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 7:50:30 AM - ConnectAzureRmAccountCommand begin processing with ParameterSet 'UserWithSubscriptionId'.
DEBUG: 7:50:30 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 7:50:30 AM - Autosave setting from startup session: 'CurrentUser'
DEBUG: 7:50:30 AM - No autosave setting detected in environment variable 'AzContextAutoSave'.
DEBUG: 7:50:30 AM - Using Autosave scope 'CurrentUser'
Please select the account you want to login with.

DEBUG: 7:50:30 AM - [DeviceCodeAuthenticator] Calling DeviceCodeCredential.AuthenticateAsync - TenantId:'''',
Scopes:'https://management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/'
DEBUG: DeviceCodeCredential.Authenticate invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId:
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET Framework 4.8.9186.0 Microsoft Windows 10.0.25398  [2024-05-30 12:50:30Z - 94965536-cb85-4056-ba5c-7db7b3846a65] MSAL MSAL.CoreCLR with
assembly version '4.60.3.0'. CorrelationId(94965536-cb85-4056-ba5c-7db7b3846a65)
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET Framework 4.8.9186.0 Microsoft Windows 10.0.25398  [2024-05-30 12:50:30Z - 94965536-cb85-4056-ba5c-7db7b3846a65]
=== Request Data ===
Authority Provided? - True
Scopes - https://management.core.windows.net//.default
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenByDeviceCode
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 94965536-cb85-4056-ba5c-7db7b3846a65
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET Framework 4.8.9186.0 Microsoft Windows 10.0.25398  [2024-05-30 12:50:30Z - 94965536-cb85-4056-ba5c-7db7b3846a65] === Token Acquisition
(DeviceCodeRequest) started:
  Scopes: https://management.core.windows.net//.default
 Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET Framework 4.8.9186.0 Microsoft Windows 10.0.25398  [2024-05-30 12:50:30Z - 94965536-cb85-4056-ba5c-7db7b3846a65] [Instance Discovery]
Instance discovery is enabled and will be performed
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET Framework 4.8.9186.0 Microsoft Windows 10.0.25398  [2024-05-30 12:50:30Z - 94965536-cb85-4056-ba5c-7db7b3846a65] [Region discovery] Not
using a regional authority.
DEBUG: Request [b18e93aa-c7a8-4e4d-8aff-88b9da7ffc2f] POST https://login.microsoftonline.com/''/oauth2/v2.0/devicecode
x-client-SKU:REDACTED
x-client-Ver:REDACTED
x-client-OS:REDACTED
client-request-id:REDACTED
return-client-request-id:REDACTED
x-app-name:REDACTED
x-app-ver:REDACTED
Content-Type:application/x-www-form-urlencoded
x-ms-client-request-id:b18e93aa-c7a8-4e4d-8aff-88b9da7ffc2f
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.11.2 (.NET Framework 4.8.9186.0; Microsoft Windows 10.0.25398 )
client assembly: Azure.Identity
DEBUG: Response [b18e93aa-c7a8-4e4d-8aff-88b9da7ffc2f] 200 OK (00.3s)
Pragma:no-cache
Strict-Transport-Security:REDACTED
X-Content-Type-Options:REDACTED
client-request-id:REDACTED
x-ms-request-id:ee43058e-ecff-4153-93a5-a320f2e99000
x-ms-ests-server:REDACTED
x-ms-clitelem:REDACTED
x-ms-srs:REDACTED
X-XSS-Protection:REDACTED
Cache-Control:no-store, no-cache
P3P:REDACTED
Set-Cookie:REDACTED
Date:Thu, 30 May 2024 13:03:14 GMT
Content-Length:473
Content-Type:application/json; charset=utf-8
Expires:-1
DEBUG: Request [020614ee-b1ed-4b04-8b9b-0c316f35286c] POST https://login.microsoftonline.com/''/oauth2/v2.0/token
x-client-SKU:REDACTED
x-client-Ver:REDACTED
x-client-OS:REDACTED
x-client-current-telemetry:REDACTED
x-client-last-telemetry:REDACTED
x-ms-lib-capability:REDACTED
client-request-id:REDACTED
return-client-request-id:REDACTED
x-app-name:REDACTED
x-app-ver:REDACTED
Content-Type:application/x-www-form-urlencoded
x-ms-client-request-id:020614ee-b1ed-4b04-8b9b-0c316f35286c
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.11.2 (.NET Framework 4.8.9186.0; Microsoft Windows 10.0.25398 )
client assembly: Azure.Identity
[Login to Azure] To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code BGNE6Q4H6 to authenticate.
DEBUG: Error response [020614ee-b1ed-4b04-8b9b-0c316f35286c] 400 Bad Request (00.3s)
Pragma:no-cache
Strict-Transport-Security:REDACTED
X-Content-Type-Options:REDACTED
client-request-id:REDACTED
x-ms-request-id:d70c1f2f-1eb5-4b14-af8b-3aab0a8e5200
x-ms-ests-server:REDACTED
x-ms-clitelem:REDACTED
x-ms-srs:REDACTED
X-XSS-Protection:REDACTED
Cache-Control:no-store, no-cache
P3P:REDACTED
Set-Cookie:REDACTED
Date:Thu, 30 May 2024 13:03:14 GMT
Content-Length:501
Content-Type:application/json; charset=utf-8
Expires:-1
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET Framework 4.8.9186.0 Microsoft Windows 10.0.25398  [2024-05-30 12:50:31Z - 94965536-cb85-4056-ba5c-7db7b3846a65] Response status code does
 not indicate success: 400 (BadRequest).
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET Framework 4.8.9186.0 Microsoft Windows 10.0.25398  [2024-05-30 12:50:31Z - 94965536-cb85-4056-ba5c-7db7b3846a65] Request retry failed.
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET Framework 4.8.9186.0 Microsoft Windows 10.0.25398  [2024-05-30 12:50:31Z - 94965536-cb85-4056-ba5c-7db7b3846a65] HttpStatusCode: 400:
BadRequest
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET Framework 4.8.9186.0 Microsoft Windows 10.0.25398  [2024-05-30 12:50:31Z - 94965536-cb85-4056-ba5c-7db7b3846a65] Exception type:
Microsoft.Identity.Client.MsalServiceException
, ErrorCode: authorization_pending
HTTP StatusCode 400
CorrelationId 94965536-cb85-4056-ba5c-7db7b3846a65
Microsoft Entra ID Error Code AADSTS70016
To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging
DEBUG: Request [cd9260cf-c35e-4b0d-9f29-7e82c7ce32dc] POST https://login.microsoftonline.com/''/oauth2/v2.0/token
x-client-SKU:REDACTED
x-client-Ver:REDACTED
x-client-OS:REDACTED
x-client-current-telemetry:REDACTED
x-client-last-telemetry:REDACTED
x-ms-lib-capability:REDACTED
client-request-id:REDACTED
return-client-request-id:REDACTED
x-app-name:REDACTED
x-app-ver:REDACTED
Content-Type:application/x-www-form-urlencoded
x-ms-client-request-id:cd9260cf-c35e-4b0d-9f29-7e82c7ce32dc
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.11.2 (.NET Framework 4.8.9186.0; Microsoft Windows 10.0.25398 )
client assembly: Azure.Identity
DEBUG: Error response [cd9260cf-c35e-4b0d-9f29-7e82c7ce32dc] 400 Bad Request (00.4s)
Pragma:no-cache
Strict-Transport-Security:REDACTED
X-Content-Type-Options:REDACTED
client-request-id:REDACTED
x-ms-request-id:90a35d99-aa98-4cb8-8765-3b2a6c8b4f00
x-ms-ests-server:REDACTED
x-ms-clitelem:REDACTED
x-ms-srs:REDACTED
X-XSS-Protection:REDACTED
Cache-Control:no-store, no-cache
P3P:REDACTED
Set-Cookie:REDACTED
Date:Thu, 30 May 2024 13:03:20 GMT
Content-Length:501
Content-Type:application/json; charset=utf-8
Expires:-1
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET Framework 4.8.9186.0 Microsoft Windows 10.0.25398  [2024-05-30 12:50:36Z - 94965536-cb85-4056-ba5c-7db7b3846a65] Response status code does
 not indicate success: 400 (BadRequest).
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET Framework 4.8.9186.0 Microsoft Windows 10.0.25398  [2024-05-30 12:50:36Z - 94965536-cb85-4056-ba5c-7db7b3846a65] Request retry failed.
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET Framework 4.8.9186.0 Microsoft Windows 10.0.25398  [2024-05-30 12:50:36Z - 94965536-cb85-4056-ba5c-7db7b3846a65] HttpStatusCode: 400:
BadRequest
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET Framework 4.8.9186.0 Microsoft Windows 10.0.25398  [2024-05-30 12:50:36Z - 94965536-cb85-4056-ba5c-7db7b3846a65] Exception type:
Microsoft.Identity.Client.MsalServiceException
, ErrorCode: authorization_pending
HTTP StatusCode 400
CorrelationId 94965536-cb85-4056-ba5c-7db7b3846a65
Microsoft Entra ID Error Code AADSTS70016
To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging
DEBUG: Request [fc92a3e4-1ef9-41cf-b47f-307c1edf939f] POST https://login.microsoftonline.com/''/oauth2/v2.0/token
...
=== Request Data ===
Authority Provided? - True
Scopes - https://management.core.windows.net//.default
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenSilent
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 2f9a51a1-0e16-4ead-86ed-2b3106653072
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET Framework 4.8.9186.0 Microsoft Windows 10.0.25398  [2024-05-30 12:51:41Z - 2f9a51a1-0e16-4ead-86ed-2b3106653072] === Token Acquisition
(SilentRequest) started:
  Scopes: https://management.core.windows.net//.default
 Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET Framework 4.8.9186.0 Microsoft Windows 10.0.25398  [2024-05-30 12:51:41Z - 2f9a51a1-0e16-4ead-86ed-2b3106653072] [Region discovery] Not
using a regional authority.
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET Framework 4.8.9186.0 Microsoft Windows 10.0.25398  [2024-05-30 12:51:41Z - 2f9a51a1-0e16-4ead-86ed-2b3106653072] Access token is not
expired. Returning the found cache entry. [Current time (05/30/2024 12:51:41) - Expiration Time (05/30/2024 14:13:07 +00:00) - Extended Expiration Time (05/30/2024 14:13:07 +00:00)]
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET Framework 4.8.9186.0 Microsoft Windows 10.0.25398  [2024-05-30 12:51:41Z - 2f9a51a1-0e16-4ead-86ed-2b3106653072] Returning access token
found in cache. RefreshOn exists ? False
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET Framework 4.8.9186.0 Microsoft Windows 10.0.25398  [2024-05-30 12:51:41Z - 2f9a51a1-0e16-4ead-86ed-2b3106653072] [Region discovery] Not
using a regional authority.
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET Framework 4.8.9186.0 Microsoft Windows 10.0.25398  [2024-05-30 12:51:41Z - 2f9a51a1-0e16-4ead-86ed-2b3106653072]
 === Token Acquisition finished successfully:
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET Framework 4.8.9186.0 Microsoft Windows 10.0.25398  [2024-05-30 12:51:41Z - 2f9a51a1-0e16-4ead-86ed-2b3106653072]  AT expiration time:
5/30/2024 2:13:07 PM +00:00, scopes: https://management.core.windows.net//.default https://management.core.windows.net//user_impersonation. source: Cache
DEBUG: DeviceCodeCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId:  ExpiresOn: 2024-05-30T14:13:07.0000000+00:00
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://management.azure.com/subscriptions/""?api-version=2021-01-01

Headers:
x-ms-client-request-id        : 951b7ff7-527b-4aed-8d4d-765696437561
accept-language               : en-US

Body:


DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Pragma                        : no-cache
x-ms-throttling-version       : v1
x-ms-ratelimit-remaining-subscription-reads: 11998
x-ms-request-id               : 79d96c36-8e1e-4572-99ec-01216d2e7f37
x-ms-correlation-request-id   : 79d96c36-8e1e-4572-99ec-01216d2e7f37
x-ms-routing-request-id       : SOUTHCENTRALUS:20240530T130425Z:79d96c36-8e1e-4572-99ec-01216d2e7f37
Strict-Transport-Security     : max-age=31536000; includeSubDomains
X-Content-Type-Options        : nosniff
X-Cache                       : CONFIG_NOCACHE
X-MSEdge-Ref                  : Ref A: FE3F4772C16E48BCA294DC21692CAB7D Ref B: SN4AA2022305053 Ref C: 2024-05-30T13:04:25Z
Cache-Control                 : no-cache
Date                          : Thu, 30 May 2024 13:04:24 GMT

Body:
{
  "id": "/subscriptions/",
  "authorizationSource": "RoleBased",
  "managedByTenants": [
    {
      "tenantId": ""
    }
  ],
  "tags": {
    "DXCManagedServicesRelease": "AZR-41164-AMM-Feature-Test"
  },
  "subscriptionId": "",
  "tenantId": "''",
  "displayName": "Managed Service Development NRNS1",
  "state": "Enabled",
  "subscriptionPolicies": {
    "locationPlacementId": "Public_2014-09-01",
    "quotaId": "EnterpriseAgreement_2014-09-01",
    "spendingLimit": "Off"
  }
}

Retrieving subscriptions for the selection...
DEBUG: 7:51:41 AM - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].

[Announcements]
With the new Azure PowerShell login experience, you can select the subscription you want to use more easily. Learn more about it and its configuration at https://go.microsoft.com/fwlink/?linkid=2271909.

If you encounter any problem, please open an issue at: https://aka.ms/azpsissue

DEBUG: 7:51:41 AM - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 7:51:41 AM - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: AzureQoSEvent:  Module: Az.Accounts:3.0.0; CommandName: Connect-AzAccount; PSVersion: 5.1.25398.469; IsSuccess: True; Duration: 00:01:11.1935440; SanitizeDuration:
00:00:00.0061111
DEBUG: 7:51:41 AM - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 7:51:42 AM - ConnectAzureRmAccountCommand end processing.
Subscription name                 Tenant
-----------------                 ------

Environment data

Name                           Value
----                           -----
PSVersion                      5.1.25398.469
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.25398.469
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Module versions

ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Script     3.0.0      Az.Accounts                         {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext, Clear-AzDefault...}

Error output

PS> Resolve-AzError
DEBUG: 9:09:17 AM - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 9:09:17 AM - ResolveError begin processing with ParameterSet 'AnyErrorParameterSet'.
DEBUG: 9:09:17 AM - using account id ''''...
DEBUG: 9:09:17 AM - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 9:09:17 AM - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].


   HistoryId: 31


Message        : Authentication failed against tenant ''. User interaction is required. This may be due to the conditional access policy settings
                 such as multi-factor authentication (MFA). If you need to access subscriptions in that tenant, please rerun 'Connect-AzAccount' with additional parameter '-TenantId
                 '''.
StackTrace     :    at Microsoft.Azure.Commands.Common.Authentication.Factories.AuthenticationFactory.Authenticate(IAzureAccount account, IAzureEnvironment environment, String
                 tenant, SecureString password, String promptBehavior, Action`1 promptAction, IAzureTokenCache tokenCache, String resourceId)
                    at Microsoft.Azure.Commands.Profile.GetAzureRmAccessTokenCommand.ExecuteCmdlet()
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
Exception      : Microsoft.Azure.Commands.Common.Exceptions.AzPSAuthenticationFailedException
InvocationInfo : {Get-AzAccessToken}
Line           : $ARMtoken = (Get-AzAccessToken).Token

Position       : At line:1 char:14
                 + $ARMtoken = (Get-AzAccessToken).Token
                 +              ~~~~~~~~~~~~~~~~~
HistoryId      : 31

DEBUG: 9:09:17 AM - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].
Message        : SharedTokenCacheCredential authentication unavailable. Token acquisition failed for user ''. Ensure that you have authenticated with a developer
                 tool that supports Azure single sign on.
StackTrace     :    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                    at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex, String additionalMessage, Boolean isCredentialUnavailable)
                    at Azure.Identity.SharedTokenCacheCredential.<GetTokenImplAsync>d__31.MoveNext()
                 --- End of stack trace from previous location where exception was thrown ---
                    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
                    at Azure.Identity.SharedTokenCacheCredential.<GetTokenAsync>d__30.MoveNext()
                 --- End of stack trace from previous location where exception was thrown ---
                    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
                    at Microsoft.Azure.PowerShell.Authenticators.MsalAccessToken.<GetAccessTokenAsync>d__33.MoveNext()
                 --- End of stack trace from previous location where exception was thrown ---
                    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                    at Microsoft.Azure.Commands.Common.Authentication.Factories.AuthenticationFactory.Authenticate(IAzureAccount account, IAzureEnvironment environment, String
                 tenant, SecureString password, String promptBehavior, Action`1 promptAction, IAzureTokenCache tokenCache, String resourceId)
Exception      : Azure.Identity.CredentialUnavailableException
InvocationInfo : {Get-AzAccessToken}
Line           : $ARMtoken = (Get-AzAccessToken).Token

Position       : At line:1 char:14
                 + $ARMtoken = (Get-AzAccessToken).Token
                 +              ~~~~~~~~~~~~~~~~~
HistoryId      : 31

DEBUG: 9:09:17 AM - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].
Message        : Could not find a WAM account for the selected user. Error: Status: AccountNotFound
                 Context: Account with id '(pii)' not found
                 Tag: 0x1f553780
StackTrace     :    at Microsoft.Identity.Client.Internal.Requests.Silent.SilentRequest.<ExecuteAsync>d__5.MoveNext()
                 --- End of stack trace from previous location where exception was thrown ---
                    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
                    at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext()
                 --- End of stack trace from previous location where exception was thrown ---
                    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
                    at Microsoft.Identity.Client.Utils.StopwatchService.<MeasureCodeBlockAsync>d__4.MoveNext()
                 --- End of stack trace from previous location where exception was thrown ---
                    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
                    at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__11.MoveNext()
                 --- End of stack trace from previous location where exception was thrown ---
                    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
                    at Microsoft.Identity.Client.ApiConfig.Executors.ClientApplicationBaseExecutor.<ExecuteAsync>d__2.MoveNext()
                 --- End of stack trace from previous location where exception was thrown ---
                    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
                    at Azure.Identity.AbstractAcquireTokenParameterBuilderExtensions.<ExecuteAsync>d__0`1.MoveNext()
                 --- End of stack trace from previous location where exception was thrown ---
                    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
                    at Azure.Identity.MsalPublicClient.<AcquireTokenSilentCoreAsync>d__11.MoveNext()
                 --- End of stack trace from previous location where exception was thrown ---
                    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
                    at Azure.Identity.MsalPublicClient.<AcquireTokenSilentAsync>d__10.MoveNext()
                 --- End of stack trace from previous location where exception was thrown ---
                    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
                    at Azure.Identity.SharedTokenCacheCredential.<GetTokenImplAsync>d__31.MoveNext()
Exception      : Microsoft.Identity.Client.MsalUiRequiredException
InvocationInfo : {Get-AzAccessToken}
Line           : $ARMtoken = (Get-AzAccessToken).Token

Position       : At line:1 char:14
                 + $ARMtoken = (Get-AzAccessToken).Token
                 +              ~~~~~~~~~~~~~~~~~
HistoryId      : 31

DEBUG: 9:09:17 AM - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].


   HistoryId: 29


Message        : Authentication failed against tenant ''. User interaction is required. This may be due to the conditional access policy settings
                 such as multi-factor authentication (MFA). If you need to access subscriptions in that tenant, please rerun 'Connect-AzAccount' with additional parameter '-TenantId
                 '''.
StackTrace     :    at Microsoft.Azure.Commands.Common.Authentication.Factories.AuthenticationFactory.Authenticate(IAzureAccount account, IAzureEnvironment environment, String
                 tenant, SecureString password, String promptBehavior, Action`1 promptAction, IAzureTokenCache tokenCache, String resourceId)
                    at Microsoft.Azure.Commands.Profile.GetAzureRmAccessTokenCommand.ExecuteCmdlet()
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
Exception      : Microsoft.Azure.Commands.Common.Exceptions.AzPSAuthenticationFailedException
InvocationInfo : {Get-AzAccessToken}
Line           : $ARMtoken = (Get-AzAccessToken).Token

Position       : At line:1 char:14
                 + $ARMtoken = (Get-AzAccessToken).Token
                 +              ~~~~~~~~~~~~~~~~~
HistoryId      : 29
...
DEBUG: 9:09:18 AM - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 9:09:18 AM - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: AzureQoSEvent:  Module: Az.Accounts:3.0.0; CommandName: Resolve-AzError; PSVersion: 5.1.25398.469; IsSuccess: True; Duration: 00:00:01.0253419; SanitizeDuration:
00:00:00.2093799
DEBUG: 9:09:18 AM - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 9:09:18 AM - ResolveError end processing.
@CraigGardinerDXC CraigGardinerDXC added bug This issue requires a change to an existing behavior in the product in order to be resolved. needs-triage This is a new issue that needs to be triaged to the appropriate team. labels May 30, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added customer-reported and removed needs-triage This is a new issue that needs to be triaged to the appropriate team. labels May 30, 2024
@msJinLei msJinLei added WAM Web Account Manager Accounts Issues in Az.Accounts except authentication related labels May 31, 2024
@msJinLei
Copy link
Contributor

Hi @CraigGardinerDXC sorry for inconvenience. Please refer to the second workaround in #25005
close it as it is the duplicate issue with
#24962
#24963

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Accounts Issues in Az.Accounts except authentication related bug This issue requires a change to an existing behavior in the product in order to be resolved. customer-reported WAM Web Account Manager
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@msJinLei @CraigGardinerDXC