Open mrshah-at-ibm opened 8 years ago
@mrshah-at-ibm it looks like it's the same issue as #3334. Can you please clear cookies listed here: https://github.com/docker/machine/issues/3334#issuecomment-211591118 (or simply use an incognito browser tab)?
@ahmetalpbalkan thanks for the reply. I tried that already. It gives me the same error.
Also I saw the following behavior:
Works: Remote (ssh) in to any computer (or VM) which is local and run the docker-machine create --driver azure
command -> Put the auth code at the web url in the chrome browser on my laptop
Doesn't Work: Remote (ssh) in to any VM on Azure or Softlayer (yet to try amazon) and run the docker-machine create --driver azure
command -> Put the auth code at the web url in the chrome browser on my laptop.
Note: If I download azure command-line on the VM on Azure or Softlayer and run azure login
, I can auth using the auth code on my laptop.
@mrshah-at-ibm it should not be related to the azure
command on your laptop. That is interesting, I will forward the issue to the Active Directory team, this may take long, in the meanwhile if you get blocked, you can copy your ~/.docker/machine/credentials
directory to the machine that works and it should work for you.
Thanks @ahmetalpbalkan, I will give it a try.
If you want to reproduce it, create ubuntu VM on azure and try running docker-machine create --driver azure
command. Let me know if it works for you.
@mrshah-at-ibm I just tried that, created a docker-machine VM on Azure, installed docker-machine, authenticated and it works. (both for my Active Directory account and personal Microsoft account)
I will forward your correlation ID to activedirectory team for investigation.
@ahmetalpbalkan thanks. I don't know what the problem is.. I am still trying it.
Let me know if you find out something from correlation ID team.
@mrshah-at-ibm turns out Active Directory's fantastic logging system does not capture enough details and they asked me if you have Fiddler/mitmproxy dumps. I know it's too much to ask, but if you could record the traffic in browser and send it my way, I'll pass it on.
Give me sometime, I'll get the dumps for you.
@mrshah-at-ibm thanks! we really appreciate it.
@mrshah-at-ibm Hey there, for us to continue investigating, if you could get some Fiddler/mitmproxy trace from the browser window during the authentication, that would be great! Let us know if you need anything or the issue does not persist anymore.
@ahmetalpbalkan Can you keep this open? The issue still exists and we do want to investigate. I got pulled into something else, thus the delay. I will get you the logs.
@mrshah-at-ibm I got a response from Active Directory team, saying they are going to add more tracing code to find out why the issue is happening. Unfortunately I'm not sure what is their ETA. When that happens, we shall reach out to you again here and ask you to try again. Until then, I guess you're pretty much out of luck.
My suggestion is, if you are signing in with your personal Microsoft account, try creating an active directory work ID and signing in with it in the Incognito tab. https://azure.microsoft.com/documentation/articles/virtual-machines-windows-create-aad-work-id/ hopefully this would work.
In the meanwhile I am investigating other authentication schemes that do not require you to login through a browser. We already have an open issue about that here.
@ahmetalpbalkan I am still seeing the issue.. Feel free to close this until I get you the network logs.
@mrshah-at-ibm no worries, we can keep it open.
@mrshah-at-ibm Are you still hitting this issue? AAD recently has deployed a fix that should be solving this problem. If you are still hitting the problem, I really apprecaite if you can send me the CorrelationID/Timestamp data from the error page.
Hi,
I get the same issue here. Today.
I created a VM on the azure cloud (using docker_machine from my laptop). Then installed dockermachine on that VM and then tried to create a new machine from that one. It give me the request to authenticate via the weblogin, but then it fails.
Now while writing the report and doing the steps again, all of a sudden it accepts it. It seems that the whole procedure is vurnable to cookies or other sessions/account settings.
kr,
Bert
When using docker-machine from a VM on Azure to create new VMs, I cannot auth using the Link & Code provided.
I have tried running the same command on other local machines and it works fine.
Details: Command:
docker-machine create --driver azure --azure-subscription-id <subscription_id> <machine_name>
Error:
Let me know if I should provide more information.