search

microsoftgraph / msgraph-sdk-powershell

Powershell SDK for Microsoft Graph
https://www.powershellgallery.com/packages/Microsoft.Graph
Other
691 stars 165 forks source link

Graph PowerShell broken in Azure Cloud Shell #2816

Closed davidobrien1985 closed 1 month ago

davidobrien1985 commented 2 months ago

Describe the bug

Launch https://shell.azure.com/ and call Connect-MgGraph.

connect-mggraph                                                                                                                                                                          
Connect-MgGraph: DeviceCodeCredential authentication failed: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details.  Original exception: AADSTS7000116: Client application '14d82eec-204b-4c2f-b7e8-296a70dab67e'(Microsoft Graph Command Line Tools) is disabled in tenant cdc5aeea-15c5-4db6-b079-fcadd2505dc2. Please review the documentation: https://go.microsoft.com/fwlink/?linkid=2167553 Trace ID: 7490a6c9-8877-4ea5-a417-5511ac544f00 Correlation ID: b26e1f9b-d3ee-4366-bc6c-068ecf30282d Timestamp: 2024-06-27 06:46:28Z

Expected behavior

It should work, it did work up until 2 days ago.

How to reproduce

See above.

  1. Go to https://shell.azure.com/
  2. Run Connect-MgGraph

I can reproduce this in multiple different tenants and other people on social media confirmed seeing the exact same message.

SDK Version

2.19

Latest version known to work for scenario above?

No response

Known Workarounds

none

Debug output

Click to expand log ``` connect-mggraph -Debug DEBUG: InteractiveBrowserCredential.Authenticate invoked. Scopes: [ User.Read ] ParentRequestId: DEBUG: Executing interactive authentication workflow inline. DEBUG: InteractiveBrowserCredential.Authenticate was unable to retrieve an access token. Scopes: [ User.Read ] ParentRequestId: Exception: Azure.Identity.AuthenticationFailedException (0x80131500): InteractiveBrowserCredential authentication failed: Persistence check failed. Inspect inner exception for details ---> Microsoft.Identity.Client.Extensions.Msal.MsalCachePersistenceException (0x80131500): Persistence check failed. Inspect inner exception for details ---> System.DllNotFoundException (0x80131524): Unable to load shared library 'libsecret-1.so.0' or one of its dependencies. In order to help diagnose loading problems, consider using a tool like strace. If you're using glibc, consider setting the LD_DEBUG environment variable: /opt/microsoft/powershell/7/libsecret-1.so.0: cannot open shared object file: No such file or directory /usr/share/dotnet/shared/Microsoft.NETCore.App/8.0.6/libsecret-1.so.0: cannot open shared object file: No such file or directory /usr/local/share/powershell/Modules/Az.Accounts/3.0.0/StartupScripts/../lib/netstandard2.0/libsecret-1.so.0: cannot open shared object file: No such file or directory /opt/microsoft/powershell/7/liblibsecret-1.so.0: cannot open shared object file: No such file or directory /usr/share/dotnet/shared/Microsoft.NETCore.App/8.0.6/liblibsecret-1.so.0: cannot open shared object file: No such file or directory /usr/local/share/powershell/Modules/Az.Accounts/3.0.0/StartupScripts/../lib/netstandard2.0/liblibsecret-1.so.0: cannot open shared object file: No such file or directory /opt/microsoft/powershell/7/libsecret-1.so.0.so: cannot open shared object file: No such file or directory /usr/share/dotnet/shared/Microsoft.NETCore.App/8.0.6/libsecret-1.so.0.so: cannot open shared object file: No such file or directory /usr/local/share/powershell/Modules/Az.Accounts/3.0.0/StartupScripts/../lib/netstandard2.0/libsecret-1.so.0.so: cannot open shared object file: No such file or directory /opt/microsoft/powershell/7/liblibsecret-1.so.0.so: cannot open shared object file: No such file or directory /usr/share/dotnet/shared/Microsoft.NETCore.App/8.0.6/liblibsecret-1.so.0.so: cannot open shared object file: No such file or directory /usr/local/share/powershell/Modules/Az.Accounts/3.0.0/StartupScripts/../lib/netstandard2.0/liblibsecret-1.so.0.so: cannot open shared object file: No such file or directory DEBUG: InteractiveBrowserCredential.Authenticate invoked. Scopes: [ User.Read ] ParentRequestId: DEBUG: Executing interactive authentication workflow inline. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - 2b5f4eaa-8862-416c-98fb-b8cbb1c0c81e] MSAL MSAL.CoreCLR with assembly version '4.60.3.0'. CorrelationId(2b5f4eaa-8862-416c-98fb-b8cbb1c0c81e) DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - 2b5f4eaa-8862-416c-98fb-b8cbb1c0c81e] === InteractiveParameters Data === LoginHint provided: False User provided: False UseEmbeddedWebView: NotSpecified ExtraScopesToConsent: Prompt: select_account HasCustomWebUi: False DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - 2b5f4eaa-8862-416c-98fb-b8cbb1c0c81e] === Request Data === Authority Provided? - True Scopes - User.Read Extra Query Params Keys (space separated) - ApiId - AcquireTokenInteractive IsConfidentialClient - False SendX5C - False LoginHint ? False IsBrokerConfigured - False HomeAccountId - False CorrelationId - 2b5f4eaa-8862-416c-98fb-b8cbb1c0c81e UserAssertion set: False LongRunningOboCacheKey set: False Region configured: DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - 2b5f4eaa-8862-416c-98fb-b8cbb1c0c81e] === Token Acquisition (InteractiveRequest) started: Scopes: User.Read Authority Host: login.microsoftonline.com DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - 2b5f4eaa-8862-416c-98fb-b8cbb1c0c81e] [Instance Discovery] Instance discovery is enabled and will be performed DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - 2b5f4eaa-8862-416c-98fb-b8cbb1c0c81e] [Region discovery] Not using a regional authority. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - 2b5f4eaa-8862-416c-98fb-b8cbb1c0c81e] Using system browser. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - 2b5f4eaa-8862-416c-98fb-b8cbb1c0c81e] Exception type: Microsoft.Identity.Client.MsalClientException , ErrorCode: linux_xdg_open_failed ---> Inner Exception Details Exception type: Microsoft.Identity.Client.MsalClientException , ErrorCode: linux_xdg_open_failed To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging at Microsoft.Identity.Client.Platforms.netcore.NetCorePlatformProxy.StartDefaultOsBrowserAsync(String url, Boolean isBrokerConfigured) === End of inner exception stack trace === To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging at Microsoft.Identity.Client.Platforms.netcore.NetCorePlatformProxy.StartDefaultOsBrowserAsync(String url, Boolean isBrokerConfigured) at Microsoft.Identity.Client.Platforms.Shared.Desktop.OsBrowser.DefaultOsBrowserWebUi.<>c__DisplayClass10_0.b__0(Uri u) at Microsoft.Identity.Client.Platforms.Shared.Desktop.OsBrowser.DefaultOsBrowserWebUi.InterceptAuthorizationUriAsync(Uri authorizationUri, Uri redirectUri, Boolean isBrokerConfigured, CancellationToken cancellationToken) at Microsoft.Identity.Client.Platforms.Shared.Desktop.OsBrowser.DefaultOsBrowserWebUi.AcquireAuthorizationAsync(Uri authorizationUri, Uri redirectUri, RequestContext requestContext, CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.FetchAuthCodeAndPkceInternalAsync(IWebUI webUi, CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.FetchAuthCodeAndPkceVerifierAsync(CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.GetTokenResponseAsync(CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.ExecuteAsync(CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<b__1>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock) at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken) DEBUG: InteractiveBrowserCredential.Authenticate was unable to retrieve an access token. Scopes: [ User.Read ] ParentRequestId: Exception: Azure.Identity.AuthenticationFailedException (0x80131500): InteractiveBrowserCredential authentication failed: Unable to open a web page using xdg-open, gnome-open, kfmclient or wslview tools. See inner exception for details. Possible causes for this error are: tools are not installed or they cannot open a URL. Make sure you can open a web page by invoking from a terminal: xdg-open https://www.bing.com ---> Microsoft.Identity.Client.MsalClientException (0x80131500): Unable to open a web page using xdg-open, gnome-open, kfmclient or wslview tools. See inner exception for details. Possible causes for this error are: tools are not installed or they cannot open a URL. Make sure you can open a web page by invoking from a terminal: xdg-open https://www.bing.com ---> Microsoft.Identity.Client.MsalClientException (0x80131500): Unable to open a web page using xdg-open, gnome-open, kfmclient or wslview tools. See inner exception for details. Possible causes for this error are: tools are not installed or they cannot open a URL. Make sure you can open a web page by invoking from a terminal: xdg-open https://www.bing.com DEBUG: DeviceCodeCredential.Authenticate invoked. Scopes: [ User.Read ] ParentRequestId: DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - a19b6bed-18c3-4c77-a458-b8cd64aeff84] MSAL MSAL.CoreCLR with assembly version '4.60.3.0'. CorrelationId(a19b6bed-18c3-4c77-a458-b8cd64aeff84) DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - a19b6bed-18c3-4c77-a458-b8cd64aeff84] === Request Data === Authority Provided? - True Scopes - User.Read Extra Query Params Keys (space separated) - ApiId - AcquireTokenByDeviceCode IsConfidentialClient - False SendX5C - False LoginHint ? False IsBrokerConfigured - False HomeAccountId - False CorrelationId - a19b6bed-18c3-4c77-a458-b8cd64aeff84 UserAssertion set: False LongRunningOboCacheKey set: False Region configured: DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - a19b6bed-18c3-4c77-a458-b8cd64aeff84] === Token Acquisition (DeviceCodeRequest) started: Scopes: User.Read Authority Host: login.microsoftonline.com DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - a19b6bed-18c3-4c77-a458-b8cd64aeff84] [Instance Discovery] Instance discovery is enabled and will be performed DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - a19b6bed-18c3-4c77-a458-b8cd64aeff84] [Region discovery] Not using a regional authority. DEBUG: Request [f02d79ee-0b54-4f8a-993b-edda5bb5f778] POST https://login.microsoftonline.com/organizations/oauth2/v2.0/devicecode x-client-SKU:REDACTED x-client-Ver:REDACTED x-client-OS:REDACTED client-request-id:REDACTED return-client-request-id:REDACTED x-app-name:REDACTED x-app-ver:REDACTED Content-Type:application/x-www-form-urlencoded x-ms-client-request-id:f02d79ee-0b54-4f8a-993b-edda5bb5f778 x-ms-return-client-request-id:true User-Agent:azsdk-net-Identity/1.11.2 (.NET 8.0.6; CBL-Mariner/Linux) client assembly: Azure.Identity DEBUG: Error response [f02d79ee-0b54-4f8a-993b-edda5bb5f778] 400 Bad Request (01.0s) Cache-Control:no-store, no-cache Pragma:no-cache Strict-Transport-Security:REDACTED X-Content-Type-Options:REDACTED P3P:REDACTED client-request-id:REDACTED x-ms-request-id:e196a988-2ecf-4d8f-9fb9-2d572cec5300 x-ms-ests-server:REDACTED x-ms-clitelem:REDACTED x-ms-srs:REDACTED X-XSS-Protection:REDACTED Set-Cookie:REDACTED Date:Thu, 27 Jun 2024 07:19:03 GMT Content-Type:application/json; charset=utf-8 Expires:-1 Content-Length:595 DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:03Z - a19b6bed-18c3-4c77-a458-b8cd64aeff84] Response status code does not indicate success: 400 (BadRequest). DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:03Z - a19b6bed-18c3-4c77-a458-b8cd64aeff84] Request retry failed. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:03Z - a19b6bed-18c3-4c77-a458-b8cd64aeff84] HttpStatusCode: 400: BadRequest DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:03Z - a19b6bed-18c3-4c77-a458-b8cd64aeff84] === Token Acquisition (1008) failed. Host: login.microsoftonline.com. DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:03Z - a19b6bed-18c3-4c77-a458-b8cd64aeff84] Exception type: Microsoft.Identity.Client.MsalServiceException , ErrorCode: invalid_client HTTP StatusCode 400 CorrelationId a19b6bed-18c3-4c77-a458-b8cd64aeff84 Microsoft Entra ID Error Code AADSTS7000116 To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:03Z - a19b6bed-18c3-4c77-a458-b8cd64aeff84] Exception type: Microsoft.Identity.Client.MsalServiceException , ErrorCode: invalid_client HTTP StatusCode 400 CorrelationId a19b6bed-18c3-4c77-a458-b8cd64aeff84 Microsoft Entra ID Error Code AADSTS7000116 To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging at Microsoft.Identity.Client.OAuth2.OAuth2Client.ThrowServerException(HttpResponse response, RequestContext requestContext) at Microsoft.Identity.Client.OAuth2.OAuth2Client.CreateResponse[T](HttpResponse response, RequestContext requestContext) at Microsoft.Identity.Client.OAuth2.OAuth2Client.ExecuteRequestAsync[T](Uri endPoint, HttpMethod method, RequestContext requestContext, Boolean expectErrorsOn200OK, Boolean addCommonHeaders, Func`2 onBeforePostRequestData) at Microsoft.Identity.Client.Internal.Requests.DeviceCodeRequest.ExecuteAsync(CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<b__1>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock) at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken) DEBUG: DeviceCodeCredential.Authenticate was unable to retrieve an access token. Scopes: [ User.Read ] ParentRequestId: Exception: Azure.Identity.AuthenticationFailedException (0x80131500): DeviceCodeCredential authentication failed: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000116: Client application '14d82eec-204b-4c2f-b7e8-296a70dab67e'(Microsoft Graph Command Line Tools) is disabled in tenant cdc5aeea-15c5-4db6-b079-fcadd2505dc2. Please review the documentation: https://go.microsoft.com/fwlink/?linkid=2167553 Trace ID: e196a988-2ecf-4d8f-9fb9-2d572cec5300 Correlation ID: a19b6bed-18c3-4c77-a458-b8cd64aeff84 Timestamp: 2024-06-27 07:19:03Z ---> Microsoft.Identity.Client.MsalServiceException (0x80131500): A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000116: Client application '14d82eec-204b-4c2f-b7e8-296a70dab67e'(Microsoft Graph Command Line Tools) is disabled in tenant cdc5aeea-15c5-4db6-b079-fcadd2505dc2. Please review the documentation: https://go.microsoft.com/fwlink/?linkid=2167553 Trace ID: e196a988-2ecf-4d8f-9fb9-2d572cec5300 Correlation ID: a19b6bed-18c3-4c77-a458-b8cd64aeff84 Timestamp: 2024-06-27 07:19:03Z Connect-MgGraph: DeviceCodeCredential authentication failed: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000116: Client application '14d82eec-204b-4c2f-b7e8-296a70dab67e'(Microsoft Graph Command Line Tools) is disabled in tenant cdc5aeea-15c5-4db6-b079-fcadd2505dc2. Please review the documentation: https://go.microsoft.com/fwlink/?linkid=2167553 Trace ID: e196a988-2ecf-4d8f-9fb9-2d572cec5300 Correlation ID: a19b6bed-18c3-4c77-a458-b8cd64aeff84 Timestamp: 2024-06-27 07:19:03Z ```

Configuration

No response

Other information

No response

davidobrien1985 commented 2 months ago

This seems to be working again. No message though what was broken and what fixed it.

helderpinto commented 2 months ago

I confirm it is now working.

timayabi2020 commented 1 month ago

@davidobrien1985 I am glad that is working now, even though I was not able to reproduce the issue and so it wasn't possible to proceed with further investigations. Kindly consider closing this issue if you are no longer experiencing it.

microsoft-github-policy-service[bot] commented 1 month ago

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.

davidobrien1985 commented 1 month ago

@davidobrien1985 I am glad that is working now, even though I was not able to reproduce the issue and so it wasn't possible to proceed with further investigations. Kindly consider closing this issue if you are no longer experiencing it.

Well, it was broken for 2 straight days for everybody globally (confirmed with numerous people online). Then suddenly it worked again.