Open rosh2020 opened 3 months ago
alexweininger
commented
2 months ago Have you set any proxy related settings in VS Code?
My other request is that you share the Microsoft Authentication extension logs (on trace or debug log level) with us.
Set the log level with the "Developer: Set Log Level..." command.
Then view the logs using the "Developer: Show Logs..." command and selecting "Microsoft Authentication".
rosh2020
commented
2 months ago alexweininger The proxy setting is blank and so are the relevant HTTP_PROXY and HTTPS_PROXY env variables.
I set the log level to Debug but it's still only providing info level: [info] [email https://management.core.windows.net/ .default offline_access openid profile] Got 0 sessions for undefined [error] [email https://management.core.windows.net/ .default offline_access openid profile] Fetching token failed: fetch failed [error] [email https://management.core.windows.net/ .default offline_access openid profile] Error exchanging code for token: Error: Network failure [error] [email https://management.core.windows.net/ .default offline_access openid profile] Error creating session: Error: Network failure
alexweininger
commented
2 months ago Any more logs if you set the log level to trace?
Also by not setting the proxy settings and proxy env variables I'm assuming that means the proxy (corporate?) was disabled, is that correct?
rosh2020
commented
2 months ago alexweininger From my side I'm not sure what else would affect the proxy settings. For AZCLI and the Azure Account extension, the results are very consistent. Without the proxy setting and without any HTTP_PROXY env variable both logins work. Logs remain exactly the same for the Microsoft Authenticator no matter which combination of proxy settings I use (see below).
logs with trace: [info] [email https://management.core.windows.net/ .default offline_access openid profile] Got 0 sessions for undefined [trace] No pending tokens to store [trace] [email https://management.core.windows.net/ .default offline_access openid profile] Queued creating session [trace] [email https://management.core.windows.net/ .default offline_access openid profile] Starting login flow with local server [trace] [email https://management.core.windows.net/ .default offline_access openid profile] Exchanging login code for session [trace] No pending tokens to store [trace] No pending tokens to store [error] [email https://management.core.windows.net/ .default offline_access openid profile] Fetching token failed: fetch failed [error] [email https://management.core.windows.net/ .default offline_access openid profile] Error exchanging code for token: Error: Network failure [error] [email https://management.core.windows.net/ .default offline_access openid profile] Error creating session: Error: Network failure for undefined
alexweininger
commented
2 months ago Ok, thanks for providing those logs.
keanughorbanian-sb
commented
2 months ago For reference, I am experiencing the exact same issue. No proxy settings set, identical output.
keanughorbanian-sb
commented
2 months ago I'm unfortunately not able to downgrade to 7.1 due to a dependency loop:
The following extensions contain dependency loops and have been disabled: 'ms-azuretools.vscode-azureappservice', 'ms-azuretools.vscode-azureresourcegroups', 'ms-azuretools.vscode-azurecontainerapps', 'ms-azuretools.vscode-azurefunctions', 'ms-vscode.azure-account', 'ms-azuretools.vscode-azurestaticwebapps', 'ms-azuretools.vscode-azurestorage', 'ms-azuretools.vscode-cosmosdb'Earliest version I can downgrade to is 8.0, where the error still occurs
harnoor-ai-cloud
commented
2 months ago I have the same issue with the same scenario.
alexweininger
commented
2 months ago Could you retry sign in with the following setting enabled?
Rodion0
commented
2 months ago Hello I am having this same issue with pretty much the same scenario. I tried to use MSAL and it still failed.
alexweininger
commented
2 months ago @Rodion0 could you provide the information that I requested from the original poster from this comment? https://github.com/microsoft/vscode-azureresourcegroups/issues/899#issuecomment-2317877477
Rodion0
commented
2 months ago Issue: I am using Azure Resources extension v0.9.4 and I have unable to sign in to azure in order to use the extension.
Details: I have been able to use this for the past week or so with no issue. However yesterday (9/9/24) I noticed that when I went to the Azure Resources tab within vscode, it was hanging for a long time. So I decided to log out. Unfortunately I have been unable to log back in. It allows me to authenticate but once it says I am signed in and can close that window, it hangs for a couple minutes and then says there was a network failure. I am not using any proxy settings.
Attempts at troubleshooting:
Logs:
I set the log level to trace and recorded the logs from Microsoft Authentication.
2024-09-10 15:37:58.254 [info] [email https://management.core.windows.net/.default offline_access openid profile] Got 0 sessions 2024-09-10 15:38:00.131 [trace] for undefined 2024-09-10 15:38:00.131 [info] for undefined 2024-09-10 15:38:00.131 [info] [email https://management.core.windows.net/.default offline_access openid profile] Got 0 sessions 2024-09-10 15:38:02.468 [trace] No pending tokens to store 2024-09-10 15:38:02.486 [trace] [email https://management.core.windows.net/.default offline_access openid profile] Queued creating session 2024-09-10 15:38:02.488 [info] for undefined 2024-09-10 15:38:02.489 [trace] [email https://management.core.windows.net/.default offline_access openid profile] Starting login flow with local server 2024-09-10 15:38:10.931 [trace] [email https://management.core.windows.net/.default offline_access openid profile] Exchanging login code for session 2024-09-10 15:38:13.922 [trace] No pending tokens to store 2024-09-10 15:38:23.089 [trace] No pending tokens to store 2024-09-10 15:39:05.239 [trace] No pending tokens to store 2024-09-10 15:39:21.889 [error] [email https://management.core.windows.net/.default offline_access openid profile] Fetching token failed: fetch failed 2024-09-10 15:39:21.890 [error] [email https://management.core.windows.net/.default offline_access openid profile] Error exchanging code for token: Error: Network failure 2024-09-10 15:39:21.890 [error] [email https://management.core.windows.net/.default offline_access openid profile] Error creating session: Error: Network failure
Rodion0
commented
2 months ago I am also not using any proxy settings
Logs with MSAL: 2024-09-16 16:38:55.657 [info] for undefined 2024-09-16 16:38:55.658 [info] [email https://management.core.windows.net/.default offline_access openid profile] Got 0 sessions 2024-09-16 16:38:56.749 [info] for undefined 2024-09-16 16:40:34.541 [error] [email https://management.core.windows.net/.default offline_access openid profile] Fetching token failed: fetch failed 2024-09-16 16:40:34.541 [error] [email https://management.core.windows.net/.default offline_access openid profile] Error exchanging code for token: Error: Network failure 2024-09-16 16:40:34.541 [error] [email https://management.core.windows.net/.default offline_access openid profile] Error creating session: Error: Network failure 2024-09-16 16:40:34.610 [info] for undefined 2024-09-16 16:40:34.610 [info] [email https://management.core.windows.net/.default offline_access openid profile] Got 0 sessions
rosh2020
commented
2 months ago I don't see a msal option alexweininger, or a Microsoft extension section within Settings. Only relevant extensions in settings are "Azure" and "Microsoft Sovereign Cloud".
alexweininger
commented
2 months ago Ok, the Msal option might be in a newer build of stable VS Code or perhaps insiders. I'm wondering if this issue popped up because of a VS Code update because all of our authentication is built-in and owned by VS Code itself. I know it's a lot of work, but it would help us and the VS Code team if you could confirm that going back to an older version of VS Code fixes the issue.
I would try going to VS Code 1.91.0, two major versions ago.
If we can confirm that this is an issue introduced by a recent update then it's much easier for me to take this to the VS Code team and get it fixed ASAP
Rodion0
commented
2 months ago This would unfortunately not be possible for me
iankb07
commented
2 months ago Exactly the same issue with 1.92.2. Rolled back to 1.85.2 and it works fine again. There is clearly a bug in the later version causing Azure Account signin to fail. I'd have thought this issue will be issue to replicate.
alexweininger
commented
2 months ago Exactly the same issue with 1.92.2. Rolled back to 1.85.2 and it works fine again. There is clearly a bug in the later version causing Azure Account signin to fail. I'd have thought this issue will be issue to replicate.
Thanks for confirming this. We believe it's related to this change https://github.com/microsoft/vscode/pull/221736 in VS Code and we're hoping to get a fix out in the next stable VS Code release.
Rodion0
commented
2 months ago Any estimate on when that would be?
alexweininger
commented
2 months ago Early October, the next stable release of VS Code.
faidhi066
commented
2 months ago Exactly the same issue with 1.92.2. Rolled back to 1.85.2 and it works fine again. There is clearly a bug in the later version causing Azure Account signin to fail. I'd have thought this issue will be issue to replicate.
Thankss :). This solved my problem... that i was having for the past three months!!
rosh2020
commented
2 months ago @alexweininger I'm unable to roll back to an earlier version of vs code but looks like this will be fixed soon. Looking forward to hearing when the fix is pushed/when the new update is pushed. Thank you for the help. And thanks others for contributing to the thread
faidhi066
commented
2 months ago @rosh2020 you can download it here https://code.visualstudio.com/updates/v1_85. Also make sure to update your vscode settings to disable auto update, so that you won't update it to the latest one after you close your 1.85.2 version of vscode.
To turn off the auto update:
change it to none
Rodion0
commented
1 month ago I downloaded the new version of VSCode 1.94 and am still experiencing the issue. Any advice?
Rodion0
commented
1 month ago I also cannot roll back to 1.85
Rodion0
commented
1 month ago It's weird because I can log in with the Azure Accounts but not with this extension
hmrc87
commented
2 weeks ago This prevents Azure Machine learning VSCode Extension from working and Azure Functions from deploying. Please fix this
alexweininger
commented
1 week ago This prevents Azure Machine learning VSCode Extension from working and Azure Functions from deploying. Please fix this
@hmrc87 could you file a separate issue and provide details about your setup? Please include logs from the Azure Resources extension. There are many variables at play that can cause sign in failures so I want to make sure we can address your issue.
See https://github.com/microsoft/vscode-azureresourcegroups/issues/899#issuecomment-2317877477 for how to get logs.
alexweininger
commented
1 week ago @Rodion0 the new version of VS Code has been released with the fix. Is it working now for you?
keanughorbanian-sb
commented
1 week ago @alexweininger I'm also still not able to access resources. Here are my logs for microsoft authentication:
2024-11-13 10:08:08.262 [debug] Acquired MSAL enablement value from default. Value: false
2024-11-13 10:08:08.262 [trace] Reading sessions from secret storage...
2024-11-13 10:08:08.271 [trace] Got 2 stored sessions
2024-11-13 10:08:08.271 [trace] [email https://management.core.windows.net/.default offline_access openid profile] Read stored session
2024-11-13 10:08:08.271 [trace] [email https://management.core.windows.net/.default offline_access openid profile] Queued refreshing token
2024-11-13 10:08:08.274 [trace] [email https://management.core.windows.net/.default offline_access openid profile] Read stored session
2024-11-13 10:08:08.274 [trace] [email https://management.core.windows.net/.default offline_access openid profile] Queued refreshing token
2024-11-13 10:08:08.275 [trace] [email https://management.core.windows.net/.default offline_access openid profile] Refreshing token
2024-11-13 10:08:08.275 [trace] [email https://management.core.windows.net/.default offline_access openid profile] Refreshing token
2024-11-13 10:09:18.627 [error] [email https://management.core.windows.net/.default offline_access openid profile] Fetching token failed: fetch failed
2024-11-13 10:09:18.628 [trace] [email https://management.core.windows.net/.default offline_access openid profile] Setting refresh timeout for 1800000 milliseconds
2024-11-13 10:09:18.629 [error] [email https://management.core.windows.net/.default offline_access openid profile] Fetching token failed: fetch failed
2024-11-13 10:09:18.629 [trace] [email https://management.core.windows.net/.default offline_access openid profile] Setting refresh timeout for 1800000 milliseconds
2024-11-13 10:09:18.670 [info] Getting sessions for all scopes...
2024-11-13 10:09:18.670 [info] Got 2 sessions for all scopes...
2024-11-13 10:09:18.670 [info] Getting sessions for all scopes...
2024-11-13 10:09:18.670 [info] Got 2 sessions for all scopes...
2024-11-13 10:09:18.672 [trace] for undefined
2024-11-13 10:09:18.673 [info] for undefined
2024-11-13 10:09:18.673 [info] [email https://management.core.windows.net/.default offline_access openid profile] Got 1 sessions
2024-11-13 10:09:18.673 [trace] [email https://management.core.windows.net/.default offline_access openid profile] Token expired or unavailable, trying refresh
2024-11-13 10:09:18.673 [trace] [email https://management.core.windows.net/.default offline_access openid profile] Queued refreshing token
2024-11-13 10:14:50.303 [trace] No pending tokens to store@alexweininger It is still not working for me even with the update, same errors.
alexweininger
commented
1 week ago @rosh2020, @keanughorbanian-sb could you enable the microsoft.useMsal setting and try again?
rosh2020
commented
5 days ago @alexweininger Seems like it works now! Only issue was it was a two step process. I sign in to my Azure account through VS Code and then VS Code asks me to "Sign in to directory" and then I sign in again and then it works.
alexweininger
commented
5 days ago Ok, then that's working as intended I think. Basically we have to sign in to a general endpoint then list your tenants. And if we can't automatically sign in to your tenants we need to ask you to sign in again. Glad you got it working
hmrc87
commented
5 days ago OH MY GOD I AM BLIND. I had to click on the actual text "Sign in to directory" after the first sign in - which does not look like a button at all in order for it to work. That's so stupid :( - or am I? :)
alexweininger
commented
5 days ago Yes, it's a button. Hmm, I wonder if many users are not realizing it's a button, it doesn't really standout as a button. We can probably fix that.
hmrc87
commented
5 days ago Maybe it's possible to style it as a blue button like the first Sign-In Button, that would help for sure!
alexweininger
commented
5 days ago Maybe it's possible to style it as a blue button like the first Sign-In Button, that would help for sure!
Do you have a screenshot of this? I don't think the Azure Resources extension has a blue sign in button? For me it shows
alexweininger
commented
5 days ago FYI you can sign out like so:
alexweininger
commented
5 days ago And also, does everyone understand that tenants == directories? We are trying to decide if we should use directory or tenant in our UI.
hmrc87
commented
5 days ago Regarding directory or tenant: Just use both :)
"Sign in to Tenant (Directory)"
Regarding the button: after signing out and signing in again I did not have to choose the directory again. I think adding the same Icon next to the "Sing in to directory"-text as the "Sign in to Azure..." text should do the trick for the blind-eyed people like me and @rosh2020 :)
alexweininger
commented
5 days ago Thanks. That's helpful feedback. I'm experimenting with this too (will be updating the wording):
alexweininger
commented
5 days ago Regarding the button: after signing out and signing in again I did not have to choose the directory again.
Yeah, once signed in to a tenant in the browser it will automatically grant access next time unless you sign out everywhere and close the browser, etc. No worries.
alexweininger
commented
5 days ago @hmrc87 thanks to your feedback, I have a PR up to improve the experience: https://github.com/microsoft/vscode-azureresourcegroups/pull/962
Issue: Network Failure error occurs when trying to Sign In with the Azure Resource Groups extension latest version (0.9.1).
Details: The interactive login does pop up and allows me to authenticate with my username/password and MFA and looks successful on the browser. But in VS Code it loads for a long time and eventually ends with a Network Failure. Proxy seems to work for everything else (ie AZ CLI). Our network engineer said the only thing getting dropped from the proxy perspective due to bad SSL handshake is default.exp-tas.com. The domain itself is permitted, it's just a bad handshake. All other parts of the transaction seem to go through so doesn't appear to be a problem on the corporate side.
Workaround: Currently using v0.7.1 which uses the "Azure Account" extension. But this extension will be deprecated soon.
Attempts at Solutioning: Turned all extensions (including the Microsoft Auth provider built-in extension) off and on. Deleted Azure Account Extension. Reinstalled all extensions. Turned off VS Code telemetry setting. Changed proxy env variable. Used both the Sign In command and the GUI.
Please advise.