Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix error message for failed domain login to include the correct credential type #6936

Closed
slavizh opened this issue Aug 15, 2018 · 8 comments
Closed

Fix error message for failed domain login to include the correct credential type #6936

slavizh opened this issue Aug 15, 2018 · 8 comments
Assignees
@cormacpayne
Labels
Azure PS Team
Milestone
2018-11-06

Comments

@slavizh
Copy link

slavizh commented Aug 15, 2018
edited
Loading

Description

When you want to be asked for credentials interactively the Connect-AzureRmAccount with domain provided does not work.

Script/Steps for Reproduction

Connect-AzureRmAccount -TenantId contoso.onmicrosoft.com

Connect-AzureRmAccount : Value cannot be null.
Parameter name: Could not find tenant id for provided tenant domain 'contoso.onmicrosoft.com. Please ensure that
 the provided service principal is found in the provided tenant domain.
At line:1 char:1
+ Connect-AzureRmAccount -TenantId contoso.onmicrosoft.com
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [Connect-AzureRmAccount], ArgumentNullException
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand

Doing something like this works:

Connect-AzureRmAccount -TenantId contoso.onmicrosoft.com -Credential (Get-Credential)

Module Version

PS C:\WINDOWS\system32> Get-Module -Name AzureRM -ListAvailable


    Directory: C:\Program Files\WindowsPowerShell\Modules


ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Script     6.7.0      AzureRM

Environment Data

$PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.17134.228
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.17134.228
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Debug Output

This is easily reproducible so no debug is needed.
@markcowl
Copy link
Member

@slavizh Can you verify which actual domain name you used for this, and whether you were using an msa account, or a work or school account?

@markcowl markcowl added this to the 2018-09-17 - Ignite milestone Aug 21, 2018
@slavizh
Copy link
Author

slavizh commented Aug 22, 2018

@markcowl I cannot specify the exact domain as I do not want to reveal information for a customer. I do not think the actual domain matters as long as the scenario described above is achieved. I've used Azure AD account (work). I haven't tried if the above scenario appears for MSA as well. Make sure that command Clear-AzureRmContext is executed before trying this scenario as if previous contexts are present you will not see the error.

@markcowl
Copy link
Member

@slavizh The reason I ask is to determine if this is a real domain name with Azure assets that the user has access to. The actual domain name doesn't matter.

@markcowl markcowl self-assigned this Aug 27, 2018
@slavizh
Copy link
Author

slavizh commented Aug 28, 2018

@markcowl Yes, it is a real domain.

@markcowl markcowl assigned maddieclayton and unassigned markcowl Aug 30, 2018
@markcowl
Copy link
Member

@maddieclayton This looks like a logic error when determining the paramneter set - these parameters shoudl result in an interactive login, but instead are resulting in an attempt at SPN login.

@maddieclayton maddieclayton removed their assignment Sep 26, 2018
@cormacpayne cormacpayne self-assigned this Oct 2, 2018
@markcowl markcowl modified the milestones: 2018-10-05, 2018-10-23 Oct 13, 2018
@markcowl markcowl changed the title Connect-AzureRmAccount -TenantId contoso.onmicrosoft.com does not work with interactive login Fix error message for failed cdomain login to include the correct credential type Oct 13, 2018
@markcowl
Copy link
Member

Description

The message returned when domain lookup fails should look at the accoutn type, rether than assuming it is an SPN

  • Change the message to make the account type variable

Cost: 1

@markcowl markcowl modified the milestones: 2018-10-23, 2018-11-06 Oct 13, 2018
@markcowl markcowl changed the title Fix error message for failed cdomain login to include the correct credential type Fix error message for failed domain login to include the correct credential type Oct 15, 2018
@cormacpayne cormacpayne mentioned this issue Oct 22, 2018
Merged
8 tasks
@cormacpayne
Copy link
Member

This has been fixed and will be available in the upcoming release (2018-11-06)

@shellby1
Copy link

Hi,
Have the same issue with CMDLet

Connect-AzAccount -Credential $ServicePrincipal -Tenant $configurationData.azureTenant
Parameter 'Could not find tenant id for provided tenant domain 'PD*********'. Please ensure that the provided service principal '************-****-****-****-**************' is found in the provided tenant domain.'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cormacpayne cormacpayne

Labels
Azure PS Team
Projects
None yet
Milestone
2018-11-06
Development

No branches or pull requests
5 participants
@markcowl @cormacpayne @maddieclayton @slavizh @shellby1