search

Azure / azure-powershell

Microsoft Azure PowerShell
Other
4.22k stars 3.82k forks source link

Find-AzureRMResource fails in remote execution #2568

Closed rem8 closed 7 years ago

rem8 commented 8 years ago

When I run a script with Find-AzureRMResource it works fine, but when I run a script which executes a second script with Find-AzureRMResource, it fails with:

Your Azure credentials have not been set up or have expired, please run Add-AzureAccount to set up your Azure credentials. Unable to retrieve service key for ServicePrincipal account 49ebcdfe-93c2-4c28-b093-794dbc83b462. Please log in again to supply the credentials for this service principal. In PowerShell, execute Login-AzureRMAccount for Azure Resource Manager cmdlets or Add-AzureAccount for service management cmdlets.

Code sample:

try {

$sub = Set-AzureRmContext -SubscriptionName $subscription $sub.Subscription >>\pllod-v-scom002\SQL\TEST\test.txt

$resource = Find-AzureRmResource $resource >>\pllod-v-scom002\SQL\TEST\test.txt

Find-AzureRmResource -ResourceType "Microsoft.Network/virtualNetworkGateways"

}

catch

{ $ErrorMessage = $.Exception.Message $FailedItem = $.Exception.ItemName $InnerException = $_.Exception.InnerException

"ERROR:" >>\\pllod-v-scom002\SQL\TEST\test.txt
$ErrorMessage >>\\pllod-v-scom002\SQL\TEST\test.txt
$FailedItem >>\\pllod-v-scom002\SQL\TEST\test.txt
$InnerException >>\\pllod-v-scom002\SQL\TEST\test.txt

}

vivsriaus commented 8 years ago

@rem8 the error message indicates that the issue is with credentials being expired or not being set correctly before calling the Find-AzureRmResource cmdlet in your second script. Are you able to successfully run other cmdlets (for instance, Get-AzureRmResourceGroup or Get-AzureRmResource) in your second script?

rem8 commented 8 years ago

Yes, apparently I can run any other command (well, at least other what we tried). We are in need on monitoring Virtual Network Gateway and we checked that after Login-AzureRMAccount when we run Find-AzureRmResource fails (with or without parameters), but when we run Get-AzureRMVirtualNetworkGateway - it works as well as any other Get-AzureRM.

vivsriaus commented 8 years ago

@rem8 I'm unable to reproduce this issue if I run Find-AzureRmResource (with or without params) from a script. Can you please send us your exact repro steps (feel free to omit sensitive information), along with the azure powershell version you're using?

rem8 commented 8 years ago

OK, this would be a tricky part. We are using latest 1.5.1 Azure RM Module on PowerShell 5 version. System 2012 R2. The funny thing is that you might not have SCOM system installed. The strange thing is that when I run SCRIPT 1 which runs ./GetAzureVNG.ps1 which contains Login-AzureRMAccound and Find-AzureRmResource, it works fine. Whenever the SCRIPT is run by SCOM (on LocalSystem creds) which from within runs ./GetAzureVNG.ps1, I cannot run Find-AzureRmResource, but I can run any other cmdlet instead. I'm able to log you into my environment through Skype if you would like to.

vivsriaus commented 8 years ago

@rem8 sure, can we do the skype meeting sometime on Monday? I'm in the west coast (Pacific Time), so please feel free to ping me @vivsriaus (my Skype ID) during a reasonable work hour timeframe :)

cc: @markcowl @hovsepm to see if they're aware of any known issues with 1.5.1. It doesn't look like an issue with the cmdlet per se, but I may be wrong.

rem8 commented 8 years ago

Well it also didn't work with 1.5.0 :) So we moved to specifying exactly Get-AzureRMVirtualNetworkGateway instead of Find-AzureRmResource with -ResourceType.

ravbhatnagar commented 8 years ago

@rem8 - I am not sure if this is by design, but Get-AzureRmVirtualNetworkGateway cmdlet and some other networking cmdlets do not immediately fail if the client is not connected to Azure. It will still prompt for the params. But they do eventually fail asking you to login. I would have expected it to fail right away if not connected to Azure. @markjbrown @markcowl to comment on this behavior.

A couple of things to check -

  1. Does Get-AzureRmSubscription return the subscriptions for the account when run through SCOM.
  2. Does Get-AzureRmVIrtualNetworkGateway cmdlet succeed when run through SCOM even when #1 above fails?

If #1 and #2 both run successfully then there might be an issue in the Find-AzureRmResource cmdlet.

Another thing to check would be - If the AzureRM.Resources and AzureRm.Profile modules loaded in the second script execution. If not you might have to explicitly import them

rem8 commented 8 years ago

1 - Yes, I'm getting the Subscription info

2 - Yes, I'm getting the cmdlet working (fortunately) and many others too.

Whenever I put Find-AzureRmResource, it just pops up with error as in the first post like would break the connection. This is really strange as working with it locally even with nested scripts, works fine...

ravbhatnagar commented 8 years ago

hmm interesting, can you check if the AzureRm.Resources module is loaded in the second execution?

ravbhatnagar commented 8 years ago

@rem8 - Is this still an issue? If yes, will you be able to share the output after adding the debug switch to this cmdlet?

ravbhatnagar commented 7 years ago

Closing. Please let us know if you still see this issue

ghost commented 5 years ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @rthorn17