azure-cli: Error from CloudShell - Failed to connect to MSI. Please make sure MSI is configured correctly.

This is autogenerated. Please review and update as needed.

Describe the bug

Command Name az ad sp show

Errors:

Failed to connect to MSI. Please make sure MSI is configured correctly.
Get Token request returned: <Response [400]>

To Reproduce:

Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.

  • Put any pre-requisite steps here…
  • az ad sp show --id {} -o {} --query {} --debug

Expected Behavior

Environment Summary

Linux-4.15.0-1112-azure-x86_64-with-debian-10.2 (Cloud Shell)
Python 3.6.10
Installer: DEB

azure-cli 2.22.0

Extensions:
aks-preview 0.4.73
ai-examples 0.2.5
ssh 0.1.4

Additional Context

rajkumar@Azure:~$ az ad sp show --id governor-umi-ppe-1 -o tsv --query objectId --debug
cli.knack.cli: Command arguments: ['ad', 'sp', 'show', '--id', 'governor-umi-ppe-1', '-o', 'tsv', '--query', 'objectId', '--debug']
cli.knack.cli: __init__ debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x7fa89e637c80>, <function OutputProducer.on_global_arguments at 0x7fa89e5677b8>, <function CLIQuery.on_global_arguments at 0x7fa89e5838c8>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'ad': ['azure.cli.command_modules.role']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name                  Load Time    Groups  Commands
cli.azure.cli.core: role                      0.004        17        61
cli.azure.cli.core: Total (1)                 0.004        17        61
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name                  Load Time    Groups  Commands  Directory
cli.azure.cli.core: ai-examples               0.116         1         1  /opt/az/lib/python3.6/site-packages/azure-cli-extensions/ai-examples
cli.azure.cli.core: Total (1)                 0.116         1         1
cli.azure.cli.core: Loaded 18 groups, 62 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command  : ad sp show
cli.azure.cli.core: Command table: ad sp show
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x7fa89e0be9d8>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/home/rajkumar/.azure/commands/2021-04-14.20-16-05.ad_sp_show.1445.log'.
az_command_data_logger: command args: ad sp show --id {} -o {} --query {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.<locals>.add_subscription_parameter at 0x7fa89e063bf8>, <function register_global_query_examples_argument.<locals>.register_query_examples at 0x7fa89e039bf8>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument.<locals>.add_ids_arguments at 0x7fa89e039c80>, <function register_cache_arguments.<locals>.add_cache_arguments at 0x7fa89e039d90>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x7fa89e567840>, <function CLIQuery.handle_query_parameter at 0x7fa89e583950>, <function register_global_query_examples_argument.<locals>.handle_example_parameter at 0x7fa89e039b70>, <function register_ids_argument.<locals>.parse_ids_arguments at 0x7fa89e039d08>]
msrest.universal_http.requests: Configuring retry: max_retries=4, backoff_factor=0.8, max_backoff=90
cli.azure.cli.core.commands.client_factory: Adding custom headers to the client:
cli.azure.cli.core.commands.client_factory:     'x-ms-client-request-id': '3d930cbc-9d5e-11eb-9b89-0a580af493d3'
cli.azure.cli.core.commands.client_factory:     'CommandName': 'ad sp show'
cli.azure.cli.core.commands.client_factory:     'ParameterSetName': '--id -o --query --debug'
msrest.async_paging: Paging async iterator protocol is not available for ServicePrincipalPaged
cli.azure.cli.core.adal_authentication: AdalAuthentication.signed_session invoked by Track 1 SDK
cli.azure.cli.core._profile: Retrieving token from ADAL for resource 'https://graph.windows.net/'
urllib3.connectionpool: Starting new HTTP connection (1): localhost:50342
urllib3.connectionpool: http://localhost:50342 "POST /oauth2/token HTTP/1.1" 400 124
msrestazure.azure_active_directory: MSI: Retrieving a token from http://localhost:50342/oauth2/token, with payload {'resource': 'https://graph.windows.net/'}
msrestazure.azure_active_directory: MSI: Failed to retrieve a token from 'http://localhost:50342/oauth2/token' with an error of '400 Client Error: Bad Request for url: http://localhost:50342/oauth2/token'. This could be caused by the MSI extension not yet fully provisioned.
cli.azure.cli.core.adal_authentication: throw requests.exceptions.HTTPError when doing MSIAuthentication:
Traceback (most recent call last):
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/adal_authentication.py", line 167, in set_token
    super(MSIAuthenticationWrapper, self).set_token()
  File "/opt/az/lib/python3.6/site-packages/msrestazure/azure_active_directory.py", line 598, in set_token
    self.scheme, _, self.token = get_msi_token(self.resource, self.port, self.msi_conf)
  File "/opt/az/lib/python3.6/site-packages/msrestazure/azure_active_directory.py", line 486, in get_msi_token
    result.raise_for_status()
  File "/opt/az/lib/python3.6/site-packages/requests/models.py", line 940, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: http://localhost:50342/oauth2/token

cli.azure.cli.core.adal_authentication: A Cloud Shell credential problem occurred. When you report the issue with the error below, please mention the hostname 'cc-3d85b92e-76b8b57597-cts5m'
cli.azure.cli.core.util: azure.cli.core.util.handle_exception is called with an exception:
cli.azure.cli.core.util: Traceback (most recent call last):
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/adal_authentication.py", line 167, in set_token
    super(MSIAuthenticationWrapper, self).set_token()
  File "/opt/az/lib/python3.6/site-packages/msrestazure/azure_active_directory.py", line 598, in set_token
    self.scheme, _, self.token = get_msi_token(self.resource, self.port, self.msi_conf)
  File "/opt/az/lib/python3.6/site-packages/msrestazure/azure_active_directory.py", line 486, in get_msi_token
    result.raise_for_status()
  File "/opt/az/lib/python3.6/site-packages/requests/models.py", line 940, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: http://localhost:50342/oauth2/token

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/adal_authentication.py", line 179, in set_token
    .format(err.response.status, err.response.reason))
AttributeError: 'Response' object has no attribute 'status'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/az/lib/python3.6/site-packages/knack/cli.py", line 231, in invoke
    cmd_result = self.invocation.execute(args)
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 657, in execute
    raise ex
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 720, in _run_jobs_serially
    results.append(self._run_job(expanded_arg, cmd_copy))
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 712, in _run_job
    return cmd_copy.exception_handler(ex)
  File "/opt/az/lib/python3.6/site-packages/azure/cli/command_modules/role/commands.py", line 69, in graph_err_handler
    raise ex
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 691, in _run_job
    result = cmd_copy(params)
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/__init__.py", line 328, in __call__
    return self.handler(*args, **kwargs)
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/arm.py", line 756, in handler
    show_exception_handler(ex)
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/arm.py", line 771, in show_exception_handler
    raise ex
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/arm.py", line 754, in handler
    return getter(**args)
  File "/opt/az/lib/python3.6/site-packages/azure/cli/command_modules/role/custom.py", line 1229, in show_service_principal
    object_id = _resolve_service_principal(client, identifier)
  File "/opt/az/lib/python3.6/site-packages/azure/cli/command_modules/role/custom.py", line 1314, in _resolve_service_principal
    result = list(client.list(filter="servicePrincipalNames/any(c:c eq '{}')".format(identifier)))
  File "/opt/az/lib/python3.6/site-packages/msrest/paging.py", line 143, in __next__
    self.advance_page()
  File "/opt/az/lib/python3.6/site-packages/msrest/paging.py", line 129, in advance_page
    self._response = self._get_next(self.next_link)
  File "/opt/az/lib/python3.6/site-packages/azure/graphrbac/operations/service_principals_operations.py", line 156, in internal_paging
    response = self._client.send(request, stream=False, **operation_config)
  File "/opt/az/lib/python3.6/site-packages/msrest/service_client.py", line 336, in send
    pipeline_response = self.config.pipeline.run(request, **kwargs)
  File "/opt/az/lib/python3.6/site-packages/msrest/pipeline/__init__.py", line 197, in run
    return first_node.send(pipeline_request, **kwargs)  # type: ignore
  File "/opt/az/lib/python3.6/site-packages/msrest/pipeline/__init__.py", line 150, in send
    response = self.next.send(request, **kwargs)
  File "/opt/az/lib/python3.6/site-packages/msrest/pipeline/requests.py", line 65, in send
    self._creds.signed_session(session)
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/adal_authentication.py", line 125, in signed_session
    scheme, token, _, external_tenant_tokens = self._get_token()
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/adal_authentication.py", line 44, in _get_token
    raise err
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/adal_authentication.py", line 38, in _get_token
    scheme, token, token_entry = self._token_retriever(sdk_resource)
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 577, in _retrieve_token
    return self._get_token_from_cloud_shell(token_resource)
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 395, in _get_token_from_cloud_shell
    auth = MSIAuthenticationWrapper(resource=resource)
  File "/opt/az/lib/python3.6/site-packages/msrestazure/azure_active_directory.py", line 592, in __init__
    self.set_token()
  File "/opt/az/lib/python3.6/site-packages/azure/cli/core/adal_authentication.py", line 182, in set_token
    'Get Token request returned: {}'.format(err.response))
azure.cli.core.azclierror.AzureResponseError: Failed to connect to MSI. Please make sure MSI is configured correctly.
Get Token request returned: <Response [400]>

cli.azure.cli.core.azclierror: Failed to connect to MSI. Please make sure MSI is configured correctly.
Get Token request returned: <Response [400]>
az_command_data_logger: Failed to connect to MSI. Please make sure MSI is configured correctly.
Get Token request returned: <Response [400]>
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x7fa89e0bebf8>]
az_command_data_logger: exit code: 1
cli.__main__: Command ran in 40.550 seconds (init: 0.135, invoke: 40.415)
telemetry.save: Save telemetry record of length 3170 in cache
telemetry.check: Negative: The /home/rajkumar/.azure/telemetry.txt was modified at 2021-04-14 20:15:03.045126, which in less than 600.000000 s

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Reactions: 1
  • Comments: 18 (2 by maintainers)

Most upvoted comments

I was able to mitigate this issue by switching to PowerShell and running the same command. It was executed successfully. Now back in bash also - it works fine. Not sure what the exact root cause is though.

+7
rajdhandus on Apr 18, 2021

Hi @rajdhandus, this is a known issue of Cloud Shell service (https://github.com/Azure/azure-cli/issues/11749). Please see https://github.com/Azure/azure-cli/issues/11749#issuecomment-570975762 for a workaround.

Meanwhile, I will contact Cloud Shell team to check it.

+2
jiasli on Apr 19, 2021

@nrd26 Works for me too.

+1
ultrasounder on May 13, 2023

Running an ‘az login’ and using the code it provides resolved the issue for me

+1
nrd26 on May 9, 2023

I’m facing a similar issue from a cloudshell started as part of Learn.

+1
born-2learn on Nov 21, 2022

I am experiencing the same issue. I am attempting to work on Microsoft Learning Path using the sandbox cloud shell terminal

+1
robidas on Nov 16, 2022

I am experiencing same issue. Not sure why ticket has been closed since I don’t see any resolution from Microsoft.

+1
Boss96 on Oct 24, 2022
Read more comments on GitHub
← azure-cli: Error "'C:\Program' is not recognized as an internal or external command" when running az role assignment create cmd
azure-cli: Error in list device for iothub →