search

Azure / azure-powershell

Microsoft Azure PowerShell
Other
4.25k stars 3.85k forks source link

Add-AzIoTDeviceProvisioningServiceEnrollmentGroup yields Cannot find the requested object. #18562

Closed cveld closed 2 years ago

cveld commented 2 years ago

Description

Potentially related to https://github.com/Azure/azure-powershell/issues/18494 And interestingly again the az cli counterpart is successful:

az keyvault certificate download --file certificate.pem --vault-name $KeyVaultName --name $CertificateName

az iot dps enrollment-group create --resource-group $ResourceGroupName --dps-name $IotdpsName --enrollment-id $EnrollmentGroupName --certificate-path certificate.pem

When running Add-AzIoTDeviceProvisioningServiceEnrollmentGroup I get the following error: Cannot find the requested object.

$cert = Get-AzKeyVaultCertificate `
    -VaultName $KeyVaultName `
    -Name $CertificateName

Add-AzIoTDeviceProvisioningServiceEnrollmentGroup `
    -AttestationType X509 `
    -DpsObject $dps `
    -Name $EnrollmentGroupName `
    -PrimaryCertificate $cert

Issue script & Debug output

4:59:50 PM - GetAzureRmIoTDeviceProvisioningService begin processing with ParameterSet 'GetIotDpsByName'.
4:59:50 PM - using account id '<redacted>'...
[Common.Authentication]: Authenticating using Account: '<redacted>', environment: 'AzureCloud', tenant: 'bd98a167-6fd2-4ebb-a79e-15c14977f489'
4:59:50 PM - [SilentAuthenticator] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'bd98a167-6fd2-4ebb-a79e-15c14977f489', Scopes:'https://management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'<redacted>'
SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: 
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:50 - ] Azure region was not configured or could not be discovered. Not using a regional authority.
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:50] Found 1 cache accounts and 0 broker accounts
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:50] Returning 1 accounts
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:50 - ] MSAL MSAL.NetCore with assembly version '4.30.1.0'. CorrelationId(c83954fe-f340-45cc-9013-7dd0f98c3443)
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:50 - ] === AcquireTokenSilent Parameters ===
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:50 - ] LoginHint provided: False
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:50 - ] Account provided: True
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:50 - ] ForceRefresh: False
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:50 - ] 
=== Request Data ===
Authority Provided? - True
Scopes - https://management.core.windows.net//.default
Extra Query Params Keys (space separated) - 
ApiId - AcquireTokenSilent
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - c83954fe-f340-45cc-9013-7dd0f98c3443

(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:50 - ] === Token Acquisition (SilentRequest) started:

    Authority Host: login.microsoftonline.com
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:50 - ] Azure region was not configured or could not be discovered. Not using a regional authority.
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:50 - ] Access token is not expired. Returning the found cache entry. [Current time (06/14/2022 14:59:50) - Expiration Time (06/14/2022 15:22:06 +00:00) - Extended Expiration Time (06/14/2022 15:22:06 +00:00)]
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:50 - ] Returning access token found in cache. RefreshOn exists ? False
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:50 - ] Fetched access token from host login.microsoftonline.com. 
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:50 - ] === Token Acquisition finished successfully. An access token was returned with Expiration Time: 06/14/2022 15:22:06 +00:00 and Scopes https://management.core.windows.net//user_impersonation https://management.core.windows.net//.default
SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId:  ExpiresOn: 2022-06-14T15:22:06.0000000+00:00
[Common.Authentication]: Received token with LoginType 'User', Tenant: 'bd98a167-6fd2-4ebb-a79e-15c14977f489', UserId: '<redacted>'
============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://management.azure.com/subscriptions/74423148-031f-4100-ab0b-f3b3e8c29874/resourceGroups/myresourcegroup/providers/Microsoft.Devices/provisioningServices/mydpsprovs?api-version=2017-11-15

Headers:
x-ms-client-request-id        : 28f31180-3041-412f-a906-faeab0c4b3e6
Accept-Language               : en-US

Body:

============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
Server                        : Microsoft-HTTPAPI/2.0
x-ms-ratelimit-remaining-subscription-reads: 11999
x-ms-request-id               : fc675848-7515-447f-9a8a-76bedcfa6c1e
x-ms-correlation-request-id   : fc675848-7515-447f-9a8a-76bedcfa6c1e
x-ms-routing-request-id       : WESTEUROPE:20220614T145951Z:fc675848-7515-447f-9a8a-76bedcfa6c1e
Strict-Transport-Security     : max-age=31536000; includeSubDomains
X-Content-Type-Options        : nosniff
Date                          : Tue, 14 Jun 2022 14:59:51 GMT

Body:
{
  "etag": "AAAAABDUoPw=",
  "name": "mydpsprovs",
  "location": "westeurope",
  "properties": {
    "state": "Active",
    "provisioningState": "Succeeded",
    "iotHubs": [
      {
        "applyAllocationPolicy": false,
        "name": "myiot.azure-devices.net",
        "connectionString": "HostName=myiot.azure-devices.net;SharedAccessKeyName=dpsRegistry;SharedAccessKey=****",
        "location": "West Europe"
      }
    ],
    "allocationPolicy": "Hashed",
    "serviceOperationsHostName": "mydpsprovs.azure-devices-provisioning.net",
    "deviceProvisioningHostName": "global.azure-devices-provisioning.net",
    "idScope": "0ne00644F34"
  },
  "resourcegroup": "myresourcegroup",
  "type": "Microsoft.Devices/provisioningServices",
  "id": "/subscriptions/74423148-031f-4100-ab0b-f3b3e8c29874/resourceGroups/myresourcegroup/providers/Microsoft.Devices/provisioningServices/mydpsprovs",
  "subscriptionid": "74423148-031f-4100-ab0b-f3b3e8c29874",
  "tags": {
    "CreatedBy": "Azure Pipelines",
    "Tier": "200"
  },
  "sku": {
    "name": "S1",
    "tier": "Standard",
    "capacity": 1
  }
}

AzureQoSEvent: Module: Az.DeviceProvisioningServices:0.10.0; CommandName: Get-AzIoTDeviceProvisioningService; PSVersion: 7.2.4; IsSuccess: True; Duration: 00:00:00.8543579
Finish sending metric.
4:59:51 PM - GetAzureRmIoTDeviceProvisioningService end processing.
4:59:51 PM - GetAzureKeyVaultCertificate begin processing with ParameterSet 'ByName'.
4:59:51 PM - using account id '<redacted>'...
[Common.Authentication]: Authenticating using Account: '<redacted>', environment: 'AzureCloud', tenant: 'bd98a167-6fd2-4ebb-a79e-15c14977f489'
4:59:51 PM - [SilentAuthenticator] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'bd98a167-6fd2-4ebb-a79e-15c14977f489', Scopes:'https://vault.azure.net/.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'<redacted>'
SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://vault.azure.net/.default ] ParentRequestId: 
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:51 - ] Azure region was not configured or could not be discovered. Not using a regional authority.
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:51] Found 1 cache accounts and 0 broker accounts
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:51] Returning 1 accounts
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:51 - ] MSAL MSAL.NetCore with assembly version '4.30.1.0'. CorrelationId(3b2aeb7e-7570-4ff2-b2e7-09d5f8b0babb)
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:51 - ] === AcquireTokenSilent Parameters ===
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:51 - ] LoginHint provided: False
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:51 - ] Account provided: True
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:51 - ] ForceRefresh: False
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:51 - ] 
=== Request Data ===
Authority Provided? - True
Scopes - https://vault.azure.net/.default
Extra Query Params Keys (space separated) - 
ApiId - AcquireTokenSilent
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 3b2aeb7e-7570-4ff2-b2e7-09d5f8b0babb

(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:51 - ] === Token Acquisition (SilentRequest) started:

    Authority Host: login.microsoftonline.com
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:51 - ] Azure region was not configured or could not be discovered. Not using a regional authority.
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:51 - ] Access token is not expired. Returning the found cache entry. [Current time (06/14/2022 14:59:51) - Expiration Time (06/14/2022 16:09:51 +00:00) - Extended Expiration Time (06/14/2022 16:09:51 +00:00)]
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:51 - ] Returning access token found in cache. RefreshOn exists ? False
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:51 - ] Fetched access token from host login.microsoftonline.com. 
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:51 - ] === Token Acquisition finished successfully. An access token was returned with Expiration Time: 06/14/2022 16:09:51 +00:00 and Scopes https://vault.azure.net/user_impersonation https://vault.azure.net/.default
SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https://vault.azure.net/.default ] ParentRequestId:  ExpiresOn: 2022-06-14T16:09:51.0000000+00:00
[Common.Authentication]: Received token with LoginType 'User', Tenant: 'bd98a167-6fd2-4ebb-a79e-15c14977f489', UserId: '<redacted>'
============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://mykv.vault.azure.net//certificates/intermediate2/?api-version=7.0

Headers:
x-ms-client-request-id        : 20998c4e-e397-4ffd-9ba2-e7dd5a44fec0
Accept-Language               : en-US

Body:

============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
x-ms-keyvault-region          : westeurope
x-ms-client-request-id        : 20998c4e-e397-4ffd-9ba2-e7dd5a44fec0
x-ms-request-id               : e7192971-a363-4fce-9396-fd51fbf32fc9
x-ms-keyvault-service-version : 1.9.422.1
x-ms-keyvault-network-info    : conn_type=Ipv4;addr=84.241.205.58;act_addr_fam=InterNetwork;
X-Content-Type-Options        : nosniff
Strict-Transport-Security     : max-age=31536000;includeSubDomains
Date                          : Tue, 14 Jun 2022 14:59:50 GMT

Body:
{
  "id": "https://mykv.vault.azure.net/certificates/intermediate2/ee659bda9c3b43378e9f3eb214aa0084",
  "kid": "https://mykv.vault.azure.net/keys/intermediate2/ee659bda9c3b43378e9f3eb214aa0084",
  "sid": "https://mykv.vault.azure.net/secrets/intermediate2/ee659bda9c3b43378e9f3eb214aa0084",
  "x5t": "c5zRATt-E7Ps6L4dXoeSTLLEN7g",
  "cer": "MIIDFTCCAf2gAwIBAgIBEDANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApRdW9va2VyIEJWMB4XDTIyMDYxNDEzNTE0M1oXDTMyMDYxMTEzNTE0M1owIjEgMB4GA1UEAwwXUXVvb2tlciBCViBJbnRlcm1lZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNjYd3C3TBIP+tlfPTXGN/SQj/1EOp8EDhxb2ds+pE9LoqA/Tnc4/6CIOD8giT2VAFu4mMjXbfKrYadfAzpfL/C5Tm9YwKRW5q6ZUnTGMd+XKFBFJLMtVLnSK695EUoyVQG6cFb9HnALtP6thWINy01l1PeFeXvCp9KTsg/vGp1P2g9V8q08llNTv4SIvEbwJZogmLML24DU50Di+LVo2F2GxzkEAf/Tb0qsgYZvWPu/TYrcpqtbJfGZJj8K+6Gj3QX76QmUpXZRQR8HsvPIRJsgGqwMjztBbJcg+b7gsSnChycn1G7t47CLtKJ3UwiIEXKqfncVp0TLkXApinYd5zAgMBAAGjYzBhMB0GA1UdDgQWBBTp5a4CWdIcbtg2h5+lB2DiTSa9cjAfBgNVHSMEGDAWgBSoB6trHpScX2yVwv2mCSyeAQZx8DAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAwaLNyJimjo01ZTK2l9Y86Gz4VtcVD2xzAoBoND+LrtHD+QE/SJ0v9FFOJ2ylUR8PXYppAFljuPDStCJ6glP1KB+TvAhFUAnq31wVjIWuWXXOWFeOAKBjfbekBKvaEKUCG2DC1a5EqlMjYtb2FdbRItTe2itQEkuSjQmdBC/OLanN6k+48ke0/+mOq3CFeV1r9jbYqA1n3WujPt2IpoAPPSsu6USk94qFu1D7zrsX85Hqj4OknA2iUpVyCxosQC8ps53vBU14zWJltveZnQkNc9lk/knYqAZT5DRzMUS9Oj4mMjp1f59mW0bDDxLGfzR88RZ2Gn1gbBgidqah78H8CQ==",
  "attributes": {
    "enabled": true,
    "nbf": 1655214703,
    "exp": 1970574703,
    "created": 1655214725,
    "updated": 1655214725,
    "recoveryLevel": "Recoverable"
  },
  "policy": {
    "id": "https://mykv.vault.azure.net/certificates/intermediate2/policy",
    "key_props": {
      "exportable": true,
      "kty": "RSA",
      "key_size": 2048,
      "reuse_key": false
    },
    "secret_props": {
      "contentType": "application/x-pem-file"
    },
    "x509_props": {
      "subject": "CN=Intermediate",
      "ekus": [],
      "key_usage": [
        "cRLSign",
        "digitalSignature",
        "keyCertSign"
      ],
      "validity_months": 120,
      "basic_constraints": {
        "ca": true
      }
    },
    "lifetime_actions": [
      {
        "trigger": {
          "lifetime_percentage": 80
        },
        "action": {
          "action_type": "EmailContacts"
        }
      }
    ],
    "issuer": {
      "name": "Unknown"
    },
    "attributes": {
      "enabled": true,
      "created": 1655214725,
      "updated": 1655214725
    }
  }
}

AzureQoSEvent: Module: Az.KeyVault:4.4.0; CommandName: Get-AzKeyVaultCertificate; PSVersion: 7.2.4; IsSuccess: True; Duration: 00:00:00.2878489
Finish sending metric.
4:59:51 PM - GetAzureKeyVaultCertificate end processing.
4:59:54 PM - AddAzIotDeviceProvisioningServiceEnrollmentGroup begin processing with ParameterSet 'InputObjectSet'.
4:59:54 PM - using account id '<redacted>'...
[Common.Authentication]: Authenticating using Account: '<redacted>', environment: 'AzureCloud', tenant: 'bd98a167-6fd2-4ebb-a79e-15c14977f489'
4:59:54 PM - [SilentAuthenticator] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'bd98a167-6fd2-4ebb-a79e-15c14977f489', Scopes:'https://management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'<redacted>'
SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: 
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:54 - ] Azure region was not configured or could not be discovered. Not using a regional authority.
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:54] Found 1 cache accounts and 0 broker accounts
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:54] Returning 1 accounts
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:54 - ] MSAL MSAL.NetCore with assembly version '4.30.1.0'. CorrelationId(ff6a61b7-f7a1-43fe-85a5-7f395026bbe0)
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:54 - ] === AcquireTokenSilent Parameters ===
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:54 - ] LoginHint provided: False
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:54 - ] Account provided: True
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:54 - ] ForceRefresh: False
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:54 - ] 
=== Request Data ===
Authority Provided? - True
Scopes - https://management.core.windows.net//.default
Extra Query Params Keys (space separated) - 
ApiId - AcquireTokenSilent
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - ff6a61b7-f7a1-43fe-85a5-7f395026bbe0

(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:54 - ] === Token Acquisition (SilentRequest) started:

    Authority Host: login.microsoftonline.com
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:54 - ] Azure region was not configured or could not be discovered. Not using a regional authority.
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:54 - ] Access token is not expired. Returning the found cache entry. [Current time (06/14/2022 14:59:54) - Expiration Time (06/14/2022 15:22:06 +00:00) - Extended Expiration Time (06/14/2022 15:22:06 +00:00)]
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:54 - ] Returning access token found in cache. RefreshOn exists ? False
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:54 - ] Fetched access token from host login.microsoftonline.com. 
(False) MSAL 4.30.1.0 MSAL.NetCore Microsoft Windows 10.0.22000 [06/14/2022 14:59:54 - ] === Token Acquisition finished successfully. An access token was returned with Expiration Time: 06/14/2022 15:22:06 +00:00 and Scopes https://management.core.windows.net//user_impersonation https://management.core.windows.net//.default
SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId:  ExpiresOn: 2022-06-14T15:22:06.0000000+00:00
[Common.Authentication]: Received token with LoginType 'User', Tenant: 'bd98a167-6fd2-4ebb-a79e-15c14977f489', UserId: '<redacted>'
============================ HTTP REQUEST ============================

HTTP Method:
POST

Absolute Uri:
https://management.azure.com/subscriptions/74423148-031f-4100-ab0b-f3b3e8c29874/resourceGroups/myresourcegroup/providers/Microsoft.Devices/provisioningServices/mydpsprovs/listkeys?api-version=2017-11-15

Headers:
x-ms-client-request-id        : 04015877-3611-485f-8266-35ccb9e0fd6a
Accept-Language               : en-US

Body:

============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Cache-Control                 : no-cache
Pragma                        : no-cache
Server                        : Microsoft-HTTPAPI/2.0
x-ms-ratelimit-remaining-subscription-writes: 1199
x-ms-request-id               : 13bb0344-4aef-4851-a8ce-6768fb1e959f
x-ms-correlation-request-id   : 13bb0344-4aef-4851-a8ce-6768fb1e959f
x-ms-routing-request-id       : WESTEUROPE:20220614T145955Z:13bb0344-4aef-4851-a8ce-6768fb1e959f
Strict-Transport-Security     : max-age=31536000; includeSubDomains
X-Content-Type-Options        : nosniff
Date                          : Tue, 14 Jun 2022 14:59:54 GMT

Body:
{
  "value": [
    {
      "keyName": "provisioningserviceowner",
      "primaryKey": "Wf9DNQi6ayp9uyQ/vXxRuF3334wyyMeeYHrlrz4ejQg=",
      "secondaryKey": "m+hI5RZPAl63zdwUGSTXgOfYQc73/b0dF3BxXeGKG2s=",
      "rights": "ServiceConfig, DeviceConnect, EnrollmentWrite"
    }
  ]
}

Environment data

$psversiontable

Name                           Value
----                           -----
PSVersion                      7.2.4
PSEdition                      Core
GitCommitId                    7.2.4
OS                             Microsoft Windows 10.0.22000
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Module versions

get-module az*

ModuleType Version    PreRelease Name                                ExportedCommands
---------- -------    ---------- ----                                ----------------
Script     2.7.6                 Az.Accounts                         {Add-AzEnvironment, Clear-AzContext, Clear-AzDefault, Connect-AzAccount…}
Script     0.10.0                Az.DeviceProvisioningServices       {Add-AzIoTDeviceProvisioningServiceAccessPolicy, Add-AzIoTDeviceProvisioningServ… 
Script     4.4.0                 Az.KeyVault                         {Add-AzKeyVaultCertificate, Add-AzKeyVaultCertificateContact, Add-AzKeyVaultKey,…

Error output

Message        : Cannot find the requested object.
StackTrace     :    at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(ReadOnlySpan`1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
                    at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(ReadOnlySpan`1 data)
                    at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData)
                    at Microsoft.Azure.Devices.Provisioning.Service.X509CertificateWithInfo.ValidateCertificate(String certificate)
                    at Microsoft.Azure.Devices.Provisioning.Service.X509CertificateWithInfo..ctor(String certificate)
                    at Microsoft.Azure.Devices.Provisioning.Service.X509Certificates..ctor(String primary, String secondary)
                    at Microsoft.Azure.Devices.Provisioning.Service.X509Attestation.CreateFromClientCertificates(String primary)
                    at Microsoft.Azure.Commands.Management.DeviceProvisioningServices.AddAzIotDeviceProvisioningServiceEnrollmentGroup.ExecuteCmdlet()
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.<>c__3`1.<ExecuteSynchronouslyOrAsJob>b__3_0(T c)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet, Action`1 executor)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.CmdletExtensions.ExecuteSynchronouslyOrAsJob[T](T cmdlet)
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
Exception      : Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException
InvocationInfo : {Add-AzIoTDeviceProvisioningServiceEnrollmentGroup}
Line           : Add-AzIoTDeviceProvisioningServiceEnrollmentGroup `
                 
Position       : At C:\work\git\Inspiro\IOT_Cloud_Infra\1306-Dps Generate certs\Resources\IotDPS\Scripts\New-EnrollmentGroup.ps1:31 char:1
                 + Add-AzIoTDeviceProvisioningServiceEnrollmentGroup `
                 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 43
ghost commented 2 years ago

Thank you for your feedback. This has been routed to the support team for assistance.

navba-MSFT commented 2 years ago

@cveld Apologies for the late reply. Thanks for reaching out to us and reporting this issue. We are looking into this issue and we will provide an update.

navba-MSFT commented 2 years ago

@cveld I have 2 actions plans to isolate this issue:

Plan 1: Could you please grant the right permissions to the certificate in key vault then test it again?

Plan 2: If the above plan doesnt help, could you download the same certificate from keyvault to your local machine and then run the below command ?

Add-AzIoTDeviceProvisioningServiceEnrollmentGroup -ResourceGroupName $ResourceGroupName -DpsName "mydps" -Name $EnrollmentGroupName -AttestationType X509 -PrimaryCertificate "D:/primary.cer"

Awaiting your reply.

navba-MSFT commented 2 years ago

@cveld I wanted to do quick follow-up to check if you had a chance to look at my above comment. Please let us know if you have tried the above suggesstion. Awaiting your reply.

navba-MSFT commented 2 years ago

@cveld The action is pending on you to follow the above suggestion and get back to us with an update. We will now proceed with closure of this GitHub issue. If you need any further assistance on this issue in future, please feel free to reopen this thread. We would be happy to help.