Open bb-froggy opened 3 months ago
Systems where we could reproduce this:
Systems where it worked:
Error output for a a case with Standard SKU Key Vault and RSA-HSM key, which may or may not be the issue:
PS C:\git\scepman-psmodule\SCEPman> New-IntermediateCA -SCEPmanAppServiceName app-scepman-zpmfw57okyw6w -SearchAllSubscriptions 6>&1 -verbose
VERBOSE: Invoked New-IntermediateCA
SCEPman Module version 1.6.0.0 on PowerShell 7.4.2
Detected az version: 2.60.0
Logging in to az
Logged in to az as cloudadmin@gkagamar.onmicrosoft.com
Getting subscription details
User pre-selected to search all subscriptions
Finding correct subscription for App Service app-scepman-zpmfw57okyw6w among the 2 selected subscriptions
VERBOSE: App Service app-scepman-zpmfw57okyw6w is in subscription 627684de-d5d0-4a61-8fdb-fbcc37f8db7b
Subscription is set to MPN Subscription 2021-06
Setting resource group
Found resource group rg-insight-2
VERBOSE: Configured Key Vault URL is https://aga-sm2-kv.vault.azure.net/
Found Key Vault configuration with URL https://aga-sm2-kv.vault.azure.net/ and certificate name SCEPman-Root-CA-V1.
VERBOSE: Performing the operation "Create CSR with name SCEPman-Root-CA-V1" on target "Key Vault https://aga-sm2-kv.vault.azure.net/".
Creating certificate request in Key Vault
WARNING: ERROR: The command failed with an unexpected error. Here is the traceback:
ERROR: not enough values to unpack (expected 2, got 1)
Traceback (most recent call last):
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 664, in execute
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 731, in _run_jobs_serially
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 701, in _run_job
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 334, in __call__
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/util/custom.py", line 24, in rest_call
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/util.py", line 877, in send_raw_request
File "<frozen _collections_abc>", line 954, in update
ValueError: not enough values to unpack (expected 2, got 1)
To check existing issues, please visit: https://github.com/Azure/azure-cli/issues
VERBOSE: Retry 1 for rest --method post --uri https://aga-sm2-kv.vault.azure.net/certificates/SCEPman-Root-CA-V1/create?api-version=7.0 --headers 'Content-Type=application/json' --resource https://vault.azure.net --body { \"policy\":{\"key_props\":{\"exportable\":false,\"reuse_key\":false,\"key_size\":4096,\"kty\":\"RSA-HSM\"},\"x509_props\":{\"key_usage\":[\"cRLSign\",\"digitalSignature\",\"keyCertSign\",\"keyEncipherment\"],\"basic_constraints\":{\"ca\":true},\"ekus\":[\"2.5.29.37.0\",\"1.3.6.1.5.5.7.3.2\",\"1.3.6.1.5.5.7.3.1\",\"1.3.6.1.5.5.7.3.9\",\"1.3.6.1.4.1.311.20.2.2\",\"1.3.6.1.5.2.3.5\"],\"subject\":\"CN=SCEPman Intermediate CA,OU=4f0d83e2-2b31-4b16-a211-623a9cd859c4,O=TestOrg\",\"validity_months\":120},\"issuer\":{\"cert_transparency\":false,\"name\":\"Unknown\"},\"secret_props\":{\"contentType\":\"application/x-pkcs12\"},\"lifetime_actions\":[{\"trigger\":{\"lifetime_percentage\":80},\"action\":{\"action_type\":\"EmailContacts\"}}]}} after 1 seconds of sleep because Error Code is 654
WARNING: ERROR: The command failed with an unexpected error. Here is the traceback:
ERROR: not enough values to unpack (expected 2, got 1)
Traceback (most recent call last):
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 664, in execute
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 731, in _run_jobs_serially
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 701, in _run_job
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 334, in __call__
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/util/custom.py", line 24, in rest_call
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/util.py", line 877, in send_raw_request
File "<frozen _collections_abc>", line 954, in update
ValueError: not enough values to unpack (expected 2, got 1)
To check existing issues, please visit: https://github.com/Azure/azure-cli/issues
VERBOSE: Retry 2 for rest --method post --uri https://aga-sm2-kv.vault.azure.net/certificates/SCEPman-Root-CA-V1/create?api-version=7.0 --headers 'Content-Type=application/json' --resource https://vault.azure.net --body { \"policy\":{\"key_props\":{\"exportable\":false,\"reuse_key\":false,\"key_size\":4096,\"kty\":\"RSA-HSM\"},\"x509_props\":{\"key_usage\":[\"cRLSign\",\"digitalSignature\",\"keyCertSign\",\"keyEncipherment\"],\"basic_constraints\":{\"ca\":true},\"ekus\":[\"2.5.29.37.0\",\"1.3.6.1.5.5.7.3.2\",\"1.3.6.1.5.5.7.3.1\",\"1.3.6.1.5.5.7.3.9\",\"1.3.6.1.4.1.311.20.2.2\",\"1.3.6.1.5.2.3.5\"],\"subject\":\"CN=SCEPman Intermediate CA,OU=4f0d83e2-2b31-4b16-a211-623a9cd859c4,O=TestOrg\",\"validity_months\":120},\"issuer\":{\"cert_transparency\":false,\"name\":\"Unknown\"},\"secret_props\":{\"contentType\":\"application/x-pkcs12\"},\"lifetime_actions\":[{\"trigger\":{\"lifetime_percentage\":80},\"action\":{\"action_type\":\"EmailContacts\"}}]}} after 2 seconds of sleep because Error Code is 654
WARNING: ERROR: The command failed with an unexpected error. Here is the traceback:
ERROR: not enough values to unpack (expected 2, got 1)
Traceback (most recent call last):
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 664, in execute
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 731, in _run_jobs_serially
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 701, in _run_job
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 334, in __call__
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/util/custom.py", line 24, in rest_call
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/util.py", line 877, in send_raw_request
File "<frozen _collections_abc>", line 954, in update
ValueError: not enough values to unpack (expected 2, got 1)
To check existing issues, please visit: https://github.com/Azure/azure-cli/issues
VERBOSE: Retry 3 for rest --method post --uri https://aga-sm2-kv.vault.azure.net/certificates/SCEPman-Root-CA-V1/create?api-version=7.0 --headers 'Content-Type=application/json' --resource https://vault.azure.net --body { \"policy\":{\"key_props\":{\"exportable\":false,\"reuse_key\":false,\"key_size\":4096,\"kty\":\"RSA-HSM\"},\"x509_props\":{\"key_usage\":[\"cRLSign\",\"digitalSignature\",\"keyCertSign\",\"keyEncipherment\"],\"basic_constraints\":{\"ca\":true},\"ekus\":[\"2.5.29.37.0\",\"1.3.6.1.5.5.7.3.2\",\"1.3.6.1.5.5.7.3.1\",\"1.3.6.1.5.5.7.3.9\",\"1.3.6.1.4.1.311.20.2.2\",\"1.3.6.1.5.2.3.5\"],\"subject\":\"CN=SCEPman Intermediate CA,OU=4f0d83e2-2b31-4b16-a211-623a9cd859c4,O=TestOrg\",\"validity_months\":120},\"issuer\":{\"cert_transparency\":false,\"name\":\"Unknown\"},\"secret_props\":{\"contentType\":\"application/x-pkcs12\"},\"lifetime_actions\":[{\"trigger\":{\"lifetime_percentage\":80},\"action\":{\"action_type\":\"EmailContacts\"}}]}} after 3 seconds of sleep because Error Code is 654
WARNING: ERROR: The command failed with an unexpected error. Here is the traceback:
ERROR: not enough values to unpack (expected 2, got 1)
Traceback (most recent call last):
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 664, in execute
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 731, in _run_jobs_serially
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 701, in _run_job
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 334, in __call__
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/util/custom.py", line 24, in rest_call
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/util.py", line 877, in send_raw_request
File "<frozen _collections_abc>", line 954, in update
ValueError: not enough values to unpack (expected 2, got 1)
To check existing issues, please visit: https://github.com/Azure/azure-cli/issues
VERBOSE: Retry 4 for rest --method post --uri https://aga-sm2-kv.vault.azure.net/certificates/SCEPman-Root-CA-V1/create?api-version=7.0 --headers 'Content-Type=application/json' --resource https://vault.azure.net --body { \"policy\":{\"key_props\":{\"exportable\":false,\"reuse_key\":false,\"key_size\":4096,\"kty\":\"RSA-HSM\"},\"x509_props\":{\"key_usage\":[\"cRLSign\",\"digitalSignature\",\"keyCertSign\",\"keyEncipherment\"],\"basic_constraints\":{\"ca\":true},\"ekus\":[\"2.5.29.37.0\",\"1.3.6.1.5.5.7.3.2\",\"1.3.6.1.5.5.7.3.1\",\"1.3.6.1.5.5.7.3.9\",\"1.3.6.1.4.1.311.20.2.2\",\"1.3.6.1.5.2.3.5\"],\"subject\":\"CN=SCEPman Intermediate CA,OU=4f0d83e2-2b31-4b16-a211-623a9cd859c4,O=TestOrg\",\"validity_months\":120},\"issuer\":{\"cert_transparency\":false,\"name\":\"Unknown\"},\"secret_props\":{\"contentType\":\"application/x-pkcs12\"},\"lifetime_actions\":[{\"trigger\":{\"lifetime_percentage\":80},\"action\":{\"action_type\":\"EmailContacts\"}}]}} after 4 seconds of sleep because Error Code is 654
WARNING: ERROR: The command failed with an unexpected error. Here is the traceback:
ERROR: not enough values to unpack (expected 2, got 1)
Traceback (most recent call last):
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 664, in execute
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 731, in _run_jobs_serially
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 701, in _run_job
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 334, in __call__
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/util/custom.py", line 24, in rest_call
File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/util.py", line 877, in send_raw_request
File "<frozen _collections_abc>", line 954, in update
ValueError: not enough values to unpack (expected 2, got 1)
To check existing issues, please visit: https://github.com/Azure/azure-cli/issues
VERBOSE: Retry 5 for rest --method post --uri https://aga-sm2-kv.vault.azure.net/certificates/SCEPman-Root-CA-V1/create?api-version=7.0 --headers 'Content-Type=application/json' --resource https://vault.azure.net --body { \"policy\":{\"key_props\":{\"exportable\":false,\"reuse_key\":false,\"key_size\":4096,\"kty\":\"RSA-HSM\"},\"x509_props\":{\"key_usage\":[\"cRLSign\",\"digitalSignature\",\"keyCertSign\",\"keyEncipherment\"],\"basic_constraints\":{\"ca\":true},\"ekus\":[\"2.5.29.37.0\",\"1.3.6.1.5.5.7.3.2\",\"1.3.6.1.5.5.7.3.1\",\"1.3.6.1.5.5.7.3.9\",\"1.3.6.1.4.1.311.20.2.2\",\"1.3.6.1.5.2.3.5\"],\"subject\":\"CN=SCEPman Intermediate CA,OU=4f0d83e2-2b31-4b16-a211-623a9cd859c4,O=TestOrg\",\"validity_months\":120},\"issuer\":{\"cert_transparency\":false,\"name\":\"Unknown\"},\"secret_props\":{\"contentType\":\"application/x-pkcs12\"},\"lifetime_actions\":[{\"trigger\":{\"lifetime_percentage\":80},\"action\":{\"action_type\":\"EmailContacts\"}}]}} after 5 seconds of sleep because Error Code is 654
Write-Error: C:\git\scepman-psmodule\SCEPman\Private\az-commands.ps1:246
Line |
246 | … eAzOutput = CheckAzOutput -azOutput $lastAzOutput -fThrowOnError $fal …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| ERROR: The command failed with an unexpected error. Here is the traceback: ERROR: not enough values to
| unpack (expected 2, got 1) Traceback (most recent call last): File
| "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
| File
| "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py",
| line 664, in execute File
| "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py",
| line 731, in _run_jobs_serially File
| "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py",
| line 701, in _run_job File
| "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py",
| line 334, in __call__ File
| "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/util/custom.py", line 24, in rest_call File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/util.py", line 877, in send_raw_request File "<frozen _collections_abc>", line 954, in update ValueError: not enough values to unpack (expected 2, got 1) To check existing issues, please visit: https://github.com/Azure/azure-cli/issues
Exception: C:\git\scepman-psmodule\SCEPman\Private\az-commands.ps1:248
Line |
248 | throw "Error $azErrorCode when executing $azCommand : $readable …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Error 654 when executing rest --method post --uri
| https://aga-sm2-kv.vault.azure.net/certificates/SCEPman-Root-CA-V1/create?api-version=7.0 --headers
| 'Content-Type=application/json' --resource https://vault.azure.net --body {
| \"policy\":{\"key_props\":{\"exportable\":false,\"reuse_key\":false,\"key_size\":4096,\"kty\":\"RSA-HSM\"},\"x509_props\":{\"key_usage\":[\"cRLSign\",\"digitalSignature\",\"keyCertSign\",\"keyEncipherment\"],\"basic_constraints\":{\"ca\":true},\"ekus\":[\"2.5.29.37.0\",\"1.3.6.1.5.5.7.3.2\",\"1.3.6.1.5.5.7.3.1\",\"1.3.6.1.5.5.7.3.9\",\"1.3.6.1.4.1.311.20.2.2\",\"1.3.6.1.5.2.3.5\"],\"subject\":\"CN=SCEPman Intermediate CA,OU=4f0d83e2-2b31-4b16-a211-623a9cd859c4,O=TestOrg\",\"validity_months\":120},\"issuer\":{\"cert_transparency\":false,\"name\":\"Unknown\"},\"secret_props\":{\"contentType\":\"application/x-pkcs12\"},\"lifetime_actions\":[{\"trigger\":{\"lifetime_percentage\":80},\"action\":{\"action_type\":\"EmailContacts\"}}]}} :
Does this error message also appear when there is already a CSR? If that is the case, then we should give a good error message that explains this and how to access the CSR.
There seems to have been an intermediate issue with Azure. There are multiple systems on which we couldn't reproduce the error anymore, although we could two weeks ago. Possibly, the issue is already resolved.
The CMDlet fails, but the CSR seems to be created. It is just not displayed, because of some python error. More details following, when this has a stable reproduction using anonymous data.