error while running az ad

microsoft / PartsUnlimited

.Net Core + SQL Azure app for DevOps Scenarios

MIT License

667 stars 1.53k forks source link

I am getting this error while running this az ad sp create-for-rbac --name PU1app --password Pa$$w0rd01 , this is step 3 in lab excersies

http://microsoft.github.io/PartsUnlimited/pandp/200.1x-PandP-CICDQuickstartwithVSTS.html

C:\Users\VKANCHAN>az ad sp create-for-rbac --name PU1app --password Pa$$w0rd01 Argument 'password' has been deprecated and will be removed in a future release.

Changing "PU1app" to a valid URI of "http://PU1app", which is the required forma t used for service principal names Role assignment creation failed.

role assignment response headers: {'Cache-Control': 'no-cache', 'Pragma': 'no-ca che', 'Content-Type': 'application/json; charset=utf-8', 'Expires': '-1', 'x-ms- failure-cause': 'gateway', 'x-ms-request-id': 'd47eb967-22d8-48e5-9e0f-bf85b10c6 451', 'x-ms-correlation-request-id': 'd47eb967-22d8-48e5-9e0f-bf85b10c6451', 'x- ms-routing-request-id': 'SOUTHEASTASIA:20190514T102856Z:d47eb967-22d8-48e5-9e0f- bf85b10c6451', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains ', 'X-Content-Type-Options': 'nosniff', 'Date': 'Tue, 14 May 2019 10:28:56 GMT', 'Content-Length': '129'}

The subscription '92b796c5-5839-40a6-8dd9-c1fad320c69b' could not be found.

C:\Users\VKANCHAN>az account list [ { "cloudName": "AzureCloud", "id": "92b796c5-5839-40a6-8dd9-c1fad320c69b", "isDefault": true, "name": "N/A(tenant level account)", "state": "Enabled", "tenantId": "92b796c5-5839-40a6-8dd9-c1fad320c69b", "user": { "name": "vkanchan@bmc.com", "type": "user" } } ]

C:\Users\VKANCHAN>

Hi Vivyekkanchan.

I was able to replicate your issue and can offer the following help.

According to the Azure CLI documentation, the --password argument for creating a service principal will not be used in future for security reasons. The documentation states: If you want to use password-based authentication, avoid --password and let the CLI generate a secure password for you.

Please try running the create service principle command again, from lab Step 3, without the --password argument i.e. az ad sp create-for-rbac --name PU1app. If it works, the CLI will return a random (secure) password for you to use.

Note : Please be advised that repeating Step 3 may produce the following console output:

Changing "PU1app" to a valid URI of "http://PU1app", which is the required format used for service principal names
'http://PU1app' already exists.

The message http://PU1app' already exists. indicates that a service principle named http://PU1app was created the first time you ran sp create (with the depreciated --password argument). So, if you see this message, delete the existing http://PU1app service principle and its role assignments as follows:

List the details of your existing http://PU1app service principle with the command az ad sp list --display-name PU1app.
Scroll through the console output and locate the objectId value for the service principle.
Make a note of the objectId shown in the console output (or 'copy' the value instead).
Delete the service principle by running az ad sp delete --id <objectId value>. Substitute <objectId value> for the objectId value you noted/ copied previously.

Note : If you delete the service principle, you can create it again using the command from Step 3 (without the --password argument i.e. az ad sp create-for-rbac --name PU1app).

I'll request fixing the lab for future users, thanks, M.

microsoft / PartsUnlimited

error while running az ad #184