-
Notifications
You must be signed in to change notification settings - Fork 167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Graph PowerShell broken in Azure Cloud Shell #2816
Comments
This seems to be working again. No message though what was broken and what fixed it. |
I confirm it is now working. |
@davidobrien1985 I am glad that is working now, even though I was not able to reproduce the issue and so it wasn't possible to proceed with further investigations. Kindly consider closing this issue if you are no longer experiencing it. |
This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment. |
Well, it was broken for 2 straight days for everybody globally (confirmed with numerous people online). Then suddenly it worked again. |
Describe the bug
Launch https://shell.azure.com/ and call
Connect-MgGraph
.Expected behavior
It should work, it did work up until 2 days ago.
How to reproduce
See above.
Connect-MgGraph
I can reproduce this in multiple different tenants and other people on social media confirmed seeing the exact same message.
SDK Version
2.19
Latest version known to work for scenario above?
No response
Known Workarounds
none
Debug output
Click to expand log
```connect-mggraph -Debug
DEBUG: InteractiveBrowserCredential.Authenticate invoked. Scopes: [ User.Read ] ParentRequestId:
DEBUG: Executing interactive authentication workflow inline.
DEBUG: InteractiveBrowserCredential.Authenticate was unable to retrieve an access token. Scopes: [ User.Read ] ParentRequestId: Exception: Azure.Identity.AuthenticationFailedException (0x80131500): InteractiveBrowserCredential authentication failed: Persistence check failed. Inspect inner exception for details
---> Microsoft.Identity.Client.Extensions.Msal.MsalCachePersistenceException (0x80131500): Persistence check failed. Inspect inner exception for details
---> System.DllNotFoundException (0x80131524): Unable to load shared library 'libsecret-1.so.0' or one of its dependencies. In order to help diagnose loading problems, consider using a tool like strace. If you're using glibc, consider setting the LD_DEBUG environment variable:
/opt/microsoft/powershell/7/libsecret-1.so.0: cannot open shared object file: No such file or directory
/usr/share/dotnet/shared/Microsoft.NETCore.App/8.0.6/libsecret-1.so.0: cannot open shared object file: No such file or directory
/usr/local/share/powershell/Modules/Az.Accounts/3.0.0/StartupScripts/../lib/netstandard2.0/libsecret-1.so.0: cannot open shared object file: No such file or directory
/opt/microsoft/powershell/7/liblibsecret-1.so.0: cannot open shared object file: No such file or directory
/usr/share/dotnet/shared/Microsoft.NETCore.App/8.0.6/liblibsecret-1.so.0: cannot open shared object file: No such file or directory
/usr/local/share/powershell/Modules/Az.Accounts/3.0.0/StartupScripts/../lib/netstandard2.0/liblibsecret-1.so.0: cannot open shared object file: No such file or directory
/opt/microsoft/powershell/7/libsecret-1.so.0.so: cannot open shared object file: No such file or directory
/usr/share/dotnet/shared/Microsoft.NETCore.App/8.0.6/libsecret-1.so.0.so: cannot open shared object file: No such file or directory
/usr/local/share/powershell/Modules/Az.Accounts/3.0.0/StartupScripts/../lib/netstandard2.0/libsecret-1.so.0.so: cannot open shared object file: No such file or directory
/opt/microsoft/powershell/7/liblibsecret-1.so.0.so: cannot open shared object file: No such file or directory
/usr/share/dotnet/shared/Microsoft.NETCore.App/8.0.6/liblibsecret-1.so.0.so: cannot open shared object file: No such file or directory
/usr/local/share/powershell/Modules/Az.Accounts/3.0.0/StartupScripts/../lib/netstandard2.0/liblibsecret-1.so.0.so: cannot open shared object file: No such file or directory
DEBUG: InteractiveBrowserCredential.Authenticate invoked. Scopes: [ User.Read ] ParentRequestId:
DEBUG: Executing interactive authentication workflow inline.
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - 2b5f4eaa-8862-416c-98fb-b8cbb1c0c81e] MSAL MSAL.CoreCLR with assembly version '4.60.3.0'. CorrelationId(2b5f4eaa-8862-416c-98fb-b8cbb1c0c81e)
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - 2b5f4eaa-8862-416c-98fb-b8cbb1c0c81e] === InteractiveParameters Data ===
LoginHint provided: False
User provided: False
UseEmbeddedWebView: NotSpecified
ExtraScopesToConsent:
Prompt: select_account
HasCustomWebUi: False
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - 2b5f4eaa-8862-416c-98fb-b8cbb1c0c81e]
=== Request Data ===
Authority Provided? - True
Scopes - User.Read
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenInteractive
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 2b5f4eaa-8862-416c-98fb-b8cbb1c0c81e
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - 2b5f4eaa-8862-416c-98fb-b8cbb1c0c81e] === Token Acquisition (InteractiveRequest) started:
Scopes: User.Read
Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - 2b5f4eaa-8862-416c-98fb-b8cbb1c0c81e] [Instance Discovery] Instance discovery is enabled and will be performed
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - 2b5f4eaa-8862-416c-98fb-b8cbb1c0c81e] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - 2b5f4eaa-8862-416c-98fb-b8cbb1c0c81e] Using system browser.
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - 2b5f4eaa-8862-416c-98fb-b8cbb1c0c81e] Exception type: Microsoft.Identity.Client.MsalClientException
, ErrorCode: linux_xdg_open_failed
---> Inner Exception Details
Exception type: Microsoft.Identity.Client.MsalClientException
, ErrorCode: linux_xdg_open_failed
To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging
at Microsoft.Identity.Client.Platforms.netcore.NetCorePlatformProxy.StartDefaultOsBrowserAsync(String url, Boolean isBrokerConfigured)
=== End of inner exception stack trace ===
To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging
at Microsoft.Identity.Client.Platforms.netcore.NetCorePlatformProxy.StartDefaultOsBrowserAsync(String url, Boolean isBrokerConfigured)
at Microsoft.Identity.Client.Platforms.Shared.Desktop.OsBrowser.DefaultOsBrowserWebUi.<>c__DisplayClass10_0.b__0(Uri u)
at Microsoft.Identity.Client.Platforms.Shared.Desktop.OsBrowser.DefaultOsBrowserWebUi.InterceptAuthorizationUriAsync(Uri authorizationUri, Uri redirectUri, Boolean isBrokerConfigured, CancellationToken cancellationToken)
at Microsoft.Identity.Client.Platforms.Shared.Desktop.OsBrowser.DefaultOsBrowserWebUi.AcquireAuthorizationAsync(Uri authorizationUri, Uri redirectUri, RequestContext requestContext, CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.FetchAuthCodeAndPkceInternalAsync(IWebUI webUi, CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.AuthCodeRequestComponent.FetchAuthCodeAndPkceVerifierAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.GetTokenResponseAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.ExecuteAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
DEBUG: InteractiveBrowserCredential.Authenticate was unable to retrieve an access token. Scopes: [ User.Read ] ParentRequestId: Exception: Azure.Identity.AuthenticationFailedException (0x80131500): InteractiveBrowserCredential authentication failed: Unable to open a web page using xdg-open, gnome-open, kfmclient or wslview tools. See inner exception for details. Possible causes for this error are: tools are not installed or they cannot open a URL. Make sure you can open a web page by invoking from a terminal: xdg-open https://www.bing.com
---> Microsoft.Identity.Client.MsalClientException (0x80131500): Unable to open a web page using xdg-open, gnome-open, kfmclient or wslview tools. See inner exception for details. Possible causes for this error are: tools are not installed or they cannot open a URL. Make sure you can open a web page by invoking from a terminal: xdg-open https://www.bing.com
---> Microsoft.Identity.Client.MsalClientException (0x80131500): Unable to open a web page using xdg-open, gnome-open, kfmclient or wslview tools. See inner exception for details. Possible causes for this error are: tools are not installed or they cannot open a URL. Make sure you can open a web page by invoking from a terminal: xdg-open https://www.bing.com
DEBUG: DeviceCodeCredential.Authenticate invoked. Scopes: [ User.Read ] ParentRequestId:
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - a19b6bed-18c3-4c77-a458-b8cd64aeff84] MSAL MSAL.CoreCLR with assembly version '4.60.3.0'. CorrelationId(a19b6bed-18c3-4c77-a458-b8cd64aeff84)
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - a19b6bed-18c3-4c77-a458-b8cd64aeff84]
=== Request Data ===
Authority Provided? - True
Scopes - User.Read
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenByDeviceCode
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - a19b6bed-18c3-4c77-a458-b8cd64aeff84
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - a19b6bed-18c3-4c77-a458-b8cd64aeff84] === Token Acquisition (DeviceCodeRequest) started:
Scopes: User.Read
Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - a19b6bed-18c3-4c77-a458-b8cd64aeff84] [Instance Discovery] Instance discovery is enabled and will be performed
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:02Z - a19b6bed-18c3-4c77-a458-b8cd64aeff84] [Region discovery] Not using a regional authority.
DEBUG: Request [f02d79ee-0b54-4f8a-993b-edda5bb5f778] POST https://login.microsoftonline.com/organizations/oauth2/v2.0/devicecode
x-client-SKU:REDACTED
x-client-Ver:REDACTED
x-client-OS:REDACTED
client-request-id:REDACTED
return-client-request-id:REDACTED
x-app-name:REDACTED
x-app-ver:REDACTED
Content-Type:application/x-www-form-urlencoded
x-ms-client-request-id:f02d79ee-0b54-4f8a-993b-edda5bb5f778
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.11.2 (.NET 8.0.6; CBL-Mariner/Linux)
client assembly: Azure.Identity
DEBUG: Error response [f02d79ee-0b54-4f8a-993b-edda5bb5f778] 400 Bad Request (01.0s)
Cache-Control:no-store, no-cache
Pragma:no-cache
Strict-Transport-Security:REDACTED
X-Content-Type-Options:REDACTED
P3P:REDACTED
client-request-id:REDACTED
x-ms-request-id:e196a988-2ecf-4d8f-9fb9-2d572cec5300
x-ms-ests-server:REDACTED
x-ms-clitelem:REDACTED
x-ms-srs:REDACTED
X-XSS-Protection:REDACTED
Set-Cookie:REDACTED
Date:Thu, 27 Jun 2024 07:19:03 GMT
Content-Type:application/json; charset=utf-8
Expires:-1
Content-Length:595
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:03Z - a19b6bed-18c3-4c77-a458-b8cd64aeff84] Response status code does not indicate success: 400 (BadRequest).
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:03Z - a19b6bed-18c3-4c77-a458-b8cd64aeff84] Request retry failed.
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:03Z - a19b6bed-18c3-4c77-a458-b8cd64aeff84] HttpStatusCode: 400: BadRequest
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:03Z - a19b6bed-18c3-4c77-a458-b8cd64aeff84] === Token Acquisition (1008) failed.
Host: login.microsoftonline.com.
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:03Z - a19b6bed-18c3-4c77-a458-b8cd64aeff84] Exception type: Microsoft.Identity.Client.MsalServiceException
, ErrorCode: invalid_client
HTTP StatusCode 400
CorrelationId a19b6bed-18c3-4c77-a458-b8cd64aeff84
Microsoft Entra ID Error Code AADSTS7000116
To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.6 Linux [2024-06-27 07:19:03Z - a19b6bed-18c3-4c77-a458-b8cd64aeff84] Exception type: Microsoft.Identity.Client.MsalServiceException
, ErrorCode: invalid_client
HTTP StatusCode 400
CorrelationId a19b6bed-18c3-4c77-a458-b8cd64aeff84
Microsoft Entra ID Error Code AADSTS7000116
To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging
at Microsoft.Identity.Client.OAuth2.OAuth2Client.ThrowServerException(HttpResponse response, RequestContext requestContext)
at Microsoft.Identity.Client.OAuth2.OAuth2Client.CreateResponse[T](HttpResponse response, RequestContext requestContext)
at Microsoft.Identity.Client.OAuth2.OAuth2Client.ExecuteRequestAsync[T](Uri endPoint, HttpMethod method, RequestContext requestContext, Boolean expectErrorsOn200OK, Boolean addCommonHeaders, Func
2 onBeforePostRequestData) at Microsoft.Identity.Client.Internal.Requests.DeviceCodeRequest.ExecuteAsync(CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func
1 codeBlock)at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
DEBUG: DeviceCodeCredential.Authenticate was unable to retrieve an access token. Scopes: [ User.Read ] ParentRequestId: Exception: Azure.Identity.AuthenticationFailedException (0x80131500): DeviceCodeCredential authentication failed: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000116: Client application '14d82eec-204b-4c2f-b7e8-296a70dab67e'(Microsoft Graph Command Line Tools) is disabled in tenant cdc5aeea-15c5-4db6-b079-fcadd2505dc2. Please review the documentation: https://go.microsoft.com/fwlink/?linkid=2167553 Trace ID: e196a988-2ecf-4d8f-9fb9-2d572cec5300 Correlation ID: a19b6bed-18c3-4c77-a458-b8cd64aeff84 Timestamp: 2024-06-27 07:19:03Z
---> Microsoft.Identity.Client.MsalServiceException (0x80131500): A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000116: Client application '14d82eec-204b-4c2f-b7e8-296a70dab67e'(Microsoft Graph Command Line Tools) is disabled in tenant cdc5aeea-15c5-4db6-b079-fcadd2505dc2. Please review the documentation: https://go.microsoft.com/fwlink/?linkid=2167553 Trace ID: e196a988-2ecf-4d8f-9fb9-2d572cec5300 Correlation ID: a19b6bed-18c3-4c77-a458-b8cd64aeff84 Timestamp: 2024-06-27 07:19:03Z
Connect-MgGraph: DeviceCodeCredential authentication failed: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000116: Client application '14d82eec-204b-4c2f-b7e8-296a70dab67e'(Microsoft Graph Command Line Tools) is disabled in tenant cdc5aeea-15c5-4db6-b079-fcadd2505dc2. Please review the documentation: https://go.microsoft.com/fwlink/?linkid=2167553 Trace ID: e196a988-2ecf-4d8f-9fb9-2d572cec5300 Correlation ID: a19b6bed-18c3-4c77-a458-b8cd64aeff84 Timestamp: 2024-06-27 07:19:03Z
The text was updated successfully, but these errors were encountered: