search

microsoft / vscode-azure-account

Common Azure Login extension for VS Code
https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account
Other
138 stars 130 forks source link

Azure Account Extension ( Sign in ) You appear to be offline Please Check your network. #733

Open ChennaiTechie opened 1 year ago

ChennaiTechie commented 1 year ago
Screenshot 2023-03-13 at 14 07 53
ChennaiTechie commented 1 year ago

Device: MacOS Vscode: Version: 1.76.1

During Azure Sign in Process am getting an error you appear to be offline Please Check your network.

jonasohrn commented 1 year ago

I have the same issue. Also latest vscode (arm64).

Looking at logs (see #147), I see this this error in the Extension host log "1-Azure Account.log":

Attempting to reach URL "https://login.microsoftonline.com/"...
certificate has expired

and this in "exthost.log": 2023-03-14 10:37:57.456 [debug] ProxyResolver#resolveProxy cached https://login.microsoftonline.com/ DIRECT Both of them adds one line of this content every 5 seconds.

The SSL certificate on login.microsoftonline.com is NOT invalid but issued three weeks ago (Feb 24th), so quite new. Is there some bundled certificates in Electron? - this was suggested in the discussions in #147

Details: Version: 1.76.1 Commit: 5e805b79fcb6ba4c2d23712967df89a089da575b Date: 2023-03-08T16:48:08.231Z Electron: 19.1.11 Chromium: 102.0.5005.196 Node.js: 16.14.2 V8: 10.2.154.26-electron.0 OS: Darwin arm64 22.3.0 Sandboxed: No

jonasohrn commented 1 year ago

It works from another Macbook from same network (also running Ventura but not enrolled) Both nslookup and dig results in same records for login.microsoftonline.com for both MAcbooks:

;; ANSWER SECTION:
login.microsoftonline.com. 8244 IN  CNAME   login.mso.msidentity.com.
login.mso.msidentity.com. 50    IN  CNAME   ak.privatelink.msidentity.com.
ak.privatelink.msidentity.com. 120 IN   CNAME   www.tm.ak.prd.aadg.akadns.net.
www.tm.ak.prd.aadg.akadns.net. 300 IN   A   20.190.160.15
www.tm.ak.prd.aadg.akadns.net. 300 IN   A   40.126.32.132

curl reports certificate is ok:

curl -v "https://login.microsoftonline.com"
*   Trying 20.190.160.12:443...
* Connected to login.microsoftonline.com (20.190.160.12) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: C=US; ST=Washington; L=Redmond; O=Microsoft Corporation; CN=stamp2.login.microsoftonline.com
*  start date: Feb 24 00:00:00 2023 GMT
*  expire date: Feb 24 23:59:59 2024 GMT
*  subjectAltName: host "login.microsoftonline.com" matched cert's "login.microsoftonline.com"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
*  SSL certificate verify ok.
> GET / HTTP/1.1
> Host: login.microsoftonline.com
> User-Agent: curl/7.86.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 302 Found
< Cache-Control: no-store, no-cache
< Pragma: no-cache
< Content-Type: text/html; charset=utf-8
< Expires: -1
< Location: https://www.office.com/login#
jonasohrn commented 1 year ago

SOLVED for me: Works when updating vscode settings (reload required): "http.systemCertificates": false

kcaswick commented 1 year ago

Same issue here, logs show this repeated endlessly:

Attempting to reach URL "https://login.microsoftonline.com/"... certificate has expired

My token should be expired and it should have asked me to sign in, but it never did. Going into Settings (UI) and unchecking http.systemCertificates it appeared to stop immediately and give me the option to sign in. Once signed in, it appears I can re-enable system certificates.

alexweininger commented 1 year ago

Same issue here, logs show this repeated endlessly:

Attempting to reach URL "https://login.microsoftonline.com/"... certificate has expired My token should be expired and it should have asked me to sign in, but it never did. Going into Settings (UI) and unchecking http.systemCertificates it appeared to stop immediately and give me the option to sign in. Once signed in, it appears I can re-enable system certificates.

@kcaswick, just to clarify, were you able to fix the issue?

kevinblumenfeld commented 1 year ago

I too have this issue. See my comment here: https://github.com/microsoft/vscode-azure-account/issues/745#issuecomment-1479963996

ChenghaoMou commented 1 year ago

Having the same issue. The workaround only works if I disable all Copilot extensions.

kcaswick commented 1 year ago

Same issue here, logs show this repeated endlessly:

Attempting to reach URL "https://login.microsoftonline.com/"... certificate has expired My token should be expired and it should have asked me to sign in, but it never did. Going into Settings (UI) and unchecking http.systemCertificates it appeared to stop immediately and give me the option to sign in. Once signed in, it appears I can re-enable system certificates.

@kcaswick, just to clarify, were you able to fix the issue?

Sorry, I missed the question earlier. The workaround with disabling security certificates and then re-enabling them after it was signed in did work for me. I wouldn't call that a fix though, given the security risk it adds.

I've updated the original comment with a blank line after the log entries, so the block quote formatting ends where it should have.

ChenghaoMou commented 1 year ago

Having the same issue. The workaround only works if I disable all Copilot extensions.

I found a solution, at least for me: remove all expired system certificates in the keychain (macOS). After that, I can use both copilot and azure account without any issues.

Broderick-Westrope commented 11 months ago

@ChenghaoMou I've got this issue when I have the Copillot extension enabled, but cannot see any expired certificates in my Keychain Access. Any other ideas for why this may be?

ChenghaoMou commented 11 months ago

@Broderick-Westrope If you haven't tried this: There is a setting under "View" to show expired certificates. Check certificates under both System and System Roots.

Unfortunately, I am not aware of any other solutions.

oviliz commented 7 months ago

For me worked by uninstalling the Azure Account extension in favour of Azure Resources alone. Usual Micro$oft mess...

aka0 commented 6 months ago

For me worked by uninstalling the Azure Account extension in favour of Azure Resources alone. Usual Micro$oft mess...

This solution worked for me.