New-AzApiManagementBackendCredential with -CertificateId doesn't seem to work when calling New-AzApiManagementBackend

Description

When creating a New-AzApiManagementBackend using Credentials from New-AzApiManagementBackendCredential with CertificateId there is an error produced saying:

Error Code: ValidationError
Error Message: One or more fields contain incorrect values:
Request Id: 7debb281-5d54-4528-821f-32c7c873fe71
Error Details:
        [Code= ValidationError, Message= Certificate with thumbprint '{{CertificateId}}' not found., Target= credentials]

It appears that New-AzApiManagementBackend only works when using Credentials created with -CertificateThumbprint.

Since -CertificateId is a listed Parameter for New-AzApiManagementBackendCredential I expect it to work.

Issue script & Debug output

$ClientCert = Get-AzApiManagementCertificate -Context $ApiMgmtContext -CertificateId "core-c1-certificate"

$DebugPreference='Continue'

$CertCredentials = New-AzApiManagementBackendCredential -CertificateId $ClientCert.CertificateId
DEBUG: 19:39:53 - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 19:39:53 - NewAzureApiManagementBackendCredential begin processing with ParameterSet '__AllParameterSets'.
DEBUG: 19:39:53 - using account id 'firstname.lastname@contoso.com'...
DEBUG: 19:39:53 - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 19:39:53 - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 19:39:53 - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 19:39:53 - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: AzureQoSEvent:  Module: Az.ApiManagement:4.0.3; CommandName: New-AzApiManagementBackendCredential; PSVersion: 7.4.4; IsSuccess: True; Duration: 00:00:00.0009549; SanitizeDuration: 00:00:00.0000172
DEBUG: 19:39:53 - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 19:39:53 - NewAzureApiManagementBackendCredential end processing.

New-AzApiManagementBackend -Context $ApiMgmtContext -BackendId "azModuleIssue" -Url "https://localhost" -Protocol http -Title "azModuleIssue" -Credential $CertCredentials -Description "azModuleIssue" -SkipCertificateChainValidation $False -SkipCertificateNameValidation $False
DEBUG: 19:47:10 - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 19:47:10 - NewAzureApiManagementBackend begin processing with ParameterSet '__AllParameterSets'.
DEBUG: 19:47:10 - using account id 'firstname.lastname@contoso.com'...
DEBUG: 19:47:10 - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: [Common.Authentication]: Authenticating using Account: 'firstname.lastname@contoso.com', environment: 'AzureCloud', tenant: '{{TENANT_ID}}'
DEBUG: 19:47:10 - [ConfigManager] Got nothing from [DisableInstanceDiscovery], Module = [], Cmdlet = []. Returning default value [False].
DEBUG: 19:47:10 - [ConfigManager] Got nothing from [EnableLoginByWam], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 19:47:10 - [SilentAuthenticator] Calling SharedTokenCacheCredential.GetTokenAsync - TenantId:'{{TENANT_ID}}', Scopes:'https://management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', UserId:'firstname.lastname@contoso.com'
DEBUG: SharedTokenCacheCredential.GetToken invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId:
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - 726b94d2-07ca-4307-a0e0-1e67feb733ff] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - 726b94d2-07ca-4307-a0e0-1e67feb733ff] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - 726b94d2-07ca-4307-a0e0-1e67feb733ff] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - 726b94d2-07ca-4307-a0e0-1e67feb733ff] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - 726b94d2-07ca-4307-a0e0-1e67feb733ff] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [Runtime] WAM supported OS.
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [RuntimeBroker] ListWindowsWorkAndSchoolAccounts option was not enabled.
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - 27ee6063-2695-4334-8afb-184ef8fc9bd8] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] Found 1 cache accounts and 0 broker accounts
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] Returning 1 accounts
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - b671c126-b894-49ca-a288-526edad02d46] MSAL MSAL.CoreCLR with assembly version '4.61.3.0'. CorrelationId(b671c126-b894-49ca-a288-526edad02d46)
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - b671c126-b894-49ca-a288-526edad02d46] === AcquireTokenSilent Parameters ===
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - b671c126-b894-49ca-a288-526edad02d46] LoginHint provided: False
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - b671c126-b894-49ca-a288-526edad02d46] Account provided: True
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - b671c126-b894-49ca-a288-526edad02d46] ForceRefresh: False
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - b671c126-b894-49ca-a288-526edad02d46]
=== Request Data ===
Authority Provided? - True
Scopes - https://management.core.windows.net//.default
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenSilent
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - True
HomeAccountId - False
CorrelationId - b671c126-b894-49ca-a288-526edad02d46
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:

DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - b671c126-b894-49ca-a288-526edad02d46] === Token Acquisition (SilentRequest) started:
         Scopes: https://management.core.windows.net//.default
        Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - b671c126-b894-49ca-a288-526edad02d46] Broker is configured and enabled, attempting to use broker instead.
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [Runtime] WAM supported OS.
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - b671c126-b894-49ca-a288-526edad02d46] Can invoke broker. Will attempt to acquire token with broker.
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0001]      WARNING SetAuthorityUri:78      Initializing authority from URI 'https://login.microsoftonline.com/{{TENANT_ID}}/' without authority type, defaulting to MsSts
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0117]      INFO    LogTelemetryData:422    Printing Telemetry for Correlation ID: b671c126-b894-49ca-a288-526edad02d46
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0117]      INFO    LogTelemetryData:430    Key: start_time, Value: 2024-08-12T17:47:10.000Z
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0117]      INFO    LogTelemetryData:430    Key: api_name, Value: ReadAccountById
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0117]      INFO    LogTelemetryData:430    Key: was_request_throttled, Value: false
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0117]      INFO    LogTelemetryData:430    Key: authority_type, Value: Unknown
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0117]      INFO    LogTelemetryData:430    Key: msal_version, Value: 1.1.0+local
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0117]      INFO    LogTelemetryData:430    Key: correlation_id, Value: b671c126-b894-49ca-a288-526edad02d46
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0117]      INFO    LogTelemetryData:430    Key: broker_app_used, Value: false
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0117]      INFO    LogTelemetryData:430    Key: stop_time, Value: 2024-08-12T17:47:10.000Z
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0117]      INFO    LogTelemetryData:430    Key: msalruntime_version, Value: 0.16.2
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0117]      INFO    LogTelemetryData:430    Key: is_successful, Value: true
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0117]      INFO    LogTelemetryData:430    Key: request_duration, Value: 0
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0117]      INFO    SetCorrelationId:258    Set correlation ID: b671c126-b894-49ca-a288-526edad02d46
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0117]      INFO    EnqueueBackgroundRequest:1000   The original authority is 'https://login.microsoftonline.com/{{TENANT_ID}}'
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0117]      INFO    ModifyAndValidateAuthParameters:219     Additional query parameter added successfully. Key: '(pii)' Value: '(pii)'
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0117]      INFO    ModifyAndValidateAuthParameters:243     Authority Realm: {{TENANT_ID}}
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0117]      WARNING TryEnqueueMsaDeviceCredentialAcquisitionAndContinue:1052        MsaDeviceOperationProvider is not available. Not attempting to register the device.
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0003]      INFO    StorageTokenResponse:84 StorageTokenResponse account constructor invoked. This is only expected in Runtime flows
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0003]      INFO    LogTelemetryData:422    Printing Telemetry for Correlation ID: b671c126-b894-49ca-a288-526edad02d46
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0003]      INFO    LogTelemetryData:430    Key: start_time, Value: 2024-08-12T17:47:10.000Z
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0003]      INFO    LogTelemetryData:430    Key: api_name, Value: AcquireTokenSilently
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0003]      INFO    LogTelemetryData:430    Key: was_request_throttled, Value: false
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0003]      INFO    LogTelemetryData:430    Key: authority_type, Value: AAD
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0003]      INFO    LogTelemetryData:430    Key: access_token_expiry_time, Value: 2024-08-12T18:53:55.000Z
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0003]      INFO    LogTelemetryData:430    Key: read_token, Value: ID|AT
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0003]      INFO    LogTelemetryData:430    Key: msal_version, Value: 1.1.0+local
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0003]      INFO    LogTelemetryData:430    Key: client_id, Value: 1950a258-227b-4e31-a9cf-717495945fc2
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0003]      INFO    LogTelemetryData:430    Key: correlation_id, Value: b671c126-b894-49ca-a288-526edad02d46
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0003]      INFO    LogTelemetryData:430    Key: broker_app_used, Value: false
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0003]      INFO    LogTelemetryData:430    Key: stop_time, Value: 2024-08-12T17:47:10.000Z
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0003]      INFO    LogTelemetryData:430    Key: msalruntime_version, Value: 0.16.2
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0003]      INFO    LogTelemetryData:430    Key: original_authority, Value: https://login.microsoftonline.com/{{TENANT_ID}}
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0003]      INFO    LogTelemetryData:430    Key: request_eligible_for_broker, Value: true
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0003]      INFO    LogTelemetryData:430    Key: additional_query_parameters_count, Value: 1
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0003]      INFO    LogTelemetryData:430    Key: storage_read, Value: DAC|DAT|DID
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0003]      INFO    LogTelemetryData:430    Key: auth_flow, Value: AT
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0003]      INFO    LogTelemetryData:430    Key: is_successful, Value: true
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0003]      INFO    LogTelemetryData:430    Key: authorization_type, Value: WindowsIntegratedAuth
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0003]      INFO    LogTelemetryData:430    Key: request_duration, Value: 1
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0003]      INFO    LogTelemetryData:435    Printing Execution Flow:
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [MSAL:0003]      INFO    LogTelemetryData:443    {"t":"4s7uc","tid":117,"ts":0,"l":2},{"t":"4sufd","tid":117,"ts":0,"s":2,"l":2},{"t":"4swgg","tid":117,"ts":0,"s":115,"l":2},{"t":"4swgf","tid":117,"ts":0,"s":1,"l":2},{"t":"4swgi","tid":3,"ts":0,"s":115,"l":2},{"t":"8b2yn","tid":3,"ts":0,"l":2},{"t":"8dqkx","tid":3,"ts":0,"l":2},{"t":"8dqik","tid":3,"ts":0,"l":2},{"t":"4q2di","tid":3,"ts":0,"l":2},{"t":"4qnng","tid":3,"ts":0,"l":2,"a":2,"ie":0},{"t":"4qnnf","tid":3,"ts":1,"l":2,"a":2,"ie":1},{"t":"8dqit","tid":3,"ts":1,"l":2},{"t":"8b2ht","tid":3,"ts":1,"l":2},{"t":"4qnno","tid":3,"ts":1,"l":2,"a":2,"ie":0},{"t":"4qnnn","tid":3,"ts":1,"l":2,"a":2,"ie":1},{"t":"6xuag","tid":3,"ts":1,"l":2}
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z] [RuntimeBroker] WAM response status success
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - b671c126-b894-49ca-a288-526edad02d46] Checking MsalTokenResponse returned from broker.
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - b671c126-b894-49ca-a288-526edad02d46] Success. Response contains an access token.
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - b671c126-b894-49ca-a288-526edad02d46] Checking client info returned from the server..
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - b671c126-b894-49ca-a288-526edad02d46] Saving token response to cache..
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - b671c126-b894-49ca-a288-526edad02d46] [Instance Discovery] Instance discovery is enabled and will be performed
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - b671c126-b894-49ca-a288-526edad02d46] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - b671c126-b894-49ca-a288-526edad02d46] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - b671c126-b894-49ca-a288-526edad02d46] [SaveTokenResponseAsync] Saving Id Token and Account in cache ...
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - b671c126-b894-49ca-a288-526edad02d46]
        === Token Acquisition finished successfully:
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - b671c126-b894-49ca-a288-526edad02d46]  AT expiration time: 2024-08-12 18:53:54 +00:00, scopes: https://management.core.windows.net//.default https://management.core.windows.net//user_impersonation. source: Broker
DEBUG: False MSAL 4.61.3.0 MSAL.CoreCLR .NET 8.0.7 Microsoft Windows 10.0.22631 [2024-08-12 17:47:10Z - b671c126-b894-49ca-a288-526edad02d46] Fetched access token from host login.microsoftonline.com.
DEBUG: SharedTokenCacheCredential.GetToken succeeded. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId:  ExpiresOn: 2024-08-12T18:53:54.7472701+00:00
DEBUG: [Common.Authentication]: Received token with LoginType 'User', Tenant: '{{TENANT_ID}}', UserId: 'firstname.lastname@contoso.com'
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
PUT

Absolute Uri:
https://management.azure.com/subscriptions/{{SUBSCRIPTION_ID}}/resourceGroups/{{RESOURCE_GROUP}}/providers/Microsoft.ApiManagement/service/{{APIM_SERVICE_NAME}}/backends/azModuleIssue?api-version=2021-08-01

Headers:
Accept-Language               : en-US
x-ms-client-request-id        : 7cf124d1-e9d5-4d12-83a7-a31538588129

Body:
{
  "properties": {
    "title": "azModuleIssue",
    "description": "azModuleIssue",
    "credentials": {
      "certificate": [
        "core-c1-certificate"
      ]
    },
    "tls": {
      "validateCertificateChain": true,
      "validateCertificateName": true
    },
    "url": "https://localhost",
    "protocol": "http"
  }
}

DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
BadRequest

Headers:
Cache-Control                 : private
Strict-Transport-Security     : max-age=31536000; includeSubDomains
X-Content-Type-Options        : nosniff
x-ms-request-id               : a9920858-d9c6-4a71-8588-2c17562fd6a2
x-ms-ratelimit-remaining-subscription-writes: 199
x-ms-ratelimit-remaining-subscription-global-writes: 2999
x-ms-correlation-request-id   : a9920858-d9c6-4a71-8588-2c17562fd6a2
x-ms-routing-request-id       : SWEDENSOUTH:20240812T174711Z:a9920858-d9c6-4a71-8588-2c17562fd6a2
X-Cache                       : CONFIG_NOCACHE
X-MSEdge-Ref                  : Ref A: F13C16B452334DB6A04FD0AFB61DB6F2 Ref B: FRA231050413037 Ref C: 2024-08-12T17:47:10Z
Date                          : Mon, 12 Aug 2024 17:47:10 GMT

Body:
{
  "error": {
    "code": "ValidationError",
    "message": "One or more fields contain incorrect values:",
    "details": [
      {
        "code": "ValidationError",
        "target": "credentials",
        "message": "Certificate with thumbprint 'core-c1-certificate' not found."
      }
    ]
  }
}

DEBUG: 19:47:11 - [ConfigManager] Got nothing from [EnableErrorRecordsPersistence], Module = [], Cmdlet = []. Returning default value [False].
New-AzApiManagementBackend:
Error Code: ValidationError
Error Message: One or more fields contain incorrect values:
Request Id: a9920858-d9c6-4a71-8588-2c17562fd6a2
Error Details:
        [Code= ValidationError, Message= Certificate with thumbprint 'core-c1-certificate' not found., Target= credentials]
DEBUG: 19:47:11 - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 19:47:11 - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 19:47:11 - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: AzureQoSEvent:  Module: Az.ApiManagement:4.0.3; CommandName: New-AzApiManagementBackend; PSVersion: 7.4.4; IsSuccess: False; Duration: 00:00:00.7889455; SanitizeDuration: 00:00:00; Exception:
Error Code: ValidationError
Error Message: One or more fields contain incorrect values:
Request Id: a9920858-d9c6-4a71-8588-2c17562fd6a2
Error Details:
        [Code= ValidationError, Message= Certificate with thumbprint 'core-c1-certificate' not found., Target= credentials]
;
DEBUG: 19:47:11 - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 19:47:11 - NewAzureApiManagementBackend end processing.


### Environment data

```PowerShell
$PSVersionTable

Name                           Value
----                           -----
PSVersion                      7.4.4
PSEdition                      Core
GitCommitId                    7.4.4
OS                             Microsoft Windows 10.0.22631
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Module versions

❯ Get-Module Az*

ModuleType Version    PreRelease Name                                ExportedCommands
---------- -------    ---------- ----                                ----------------
Script     3.0.2                 Az.Accounts                         {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext, Clear-AzDefault…}
Script     4.0.3                 Az.ApiManagement                    {Add-AzApiManagementApiToGateway, Add-AzApiManagementApiToProduct, Add-AzApiManagementProductToGroup, Add-AzApiManagementRegion…}

Error output

❯ Resolve-AzError
DEBUG: 19:54:40 - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 19:54:40 - ResolveError begin processing with ParameterSet 'AnyErrorParameterSet'.
DEBUG: 19:54:40 - using account id 'firstname.lastname@contoso.com'...
DEBUG: 19:54:40 - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 19:54:40 - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].

   HistoryId: 145

Message        :
                 Error Code: ValidationError
                 Error Message: One or more fields contain incorrect values:
                 Request Id: a9920858-d9c6-4a71-8588-2c17562fd6a2
                 Error Details:
                        [Code= ValidationError, Message= Certificate with thumbprint 'core-c1-certificate' not found., Target= credentials]

StackTrace     :
Exception      : System.Exception
InvocationInfo : {New-AzApiManagementBackend}
Line           : New-AzApiManagementBackend -Context $ApiMgmtContext -BackendId "azModuleIssue" -Url "https://localhost" -Protocol http -Title "azModuleIssue" -Credential $CertCredentials -Description "azModuleIssue" -SkipCertificateChainValidation $False -SkipCertificateNameValidation $False
Position       : At line:1 char:1
                 + New-AzApiManagementBackend -Context $ApiMgmtContext -BackendId "azMod …
                 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 145

Azure / azure-powershell

New-AzApiManagementBackendCredential with -CertificateId doesn't seem to work when calling New-AzApiManagementBackend #25799

Description

Issue script & Debug output

Module versions

Error output