Azure CLI initialization saying invalid login?

0
votes

I have just opened a free trial account for Azure and I am experiencing some very strange behavior trying to install the Azure CLI on a fresh Ubuntu VM....I am printing the steps I am trying below 1 by 1 in case anyone else has experienced this.

  1. Start up a Ubuntu virtual machine, install the Azure CLI tool, and run "az login". It will display a web address plus code to authenticate.
  2. Open Edge and clear all browsing data (this includes cookies). Close Edge and re-open.
  3. Go to portal.azure.com and verify that I am not signed in. It displays a login prompt (specifically, it says "Work or school, or personal Microsoft account"). Leave this tab open for now.

  4. In a new tab, go to aka.ms/devicelogin, put in my authentication code, and click "Continue". It will redirect to the same Microsoft login prompt as above ("Work or school, or personal Microsoft account")

  5. Enter the Outlook.com email address associated with my free trial. When I tab into the password entry, it will redirect me to a different Microsoft login screen for me to enter my password.

  6. When I type in the (correct) password, it will tell me "We don't recognize this user ID and password". There is no chance the user ID or password is wrong. This can be verified by immediately refreshing the still open tab from Step #3 (to portal.azure.com) and discovering it is now logged into the Azure portal. So I am definitely entering the correct ID/password, but for some reason the aka.ms/devicelogin is telling me it is incorrect. My other tab is recognizing I am now logged in.

Has anyone else experienced this? I was thinking it might have to do with the fact that I have a personal (@Outlook.com) Azure account as well as a work (@WorkDomain.com) account, but I've cleared cookies as well as deleted all Windows/Web Credentials in Credential Manager as indicated in this link: Error: We don't have a valid access azure with Azure CLI

2
azureazure-active-directoryazure-cli

2 Answers

1
votes

install the Azure CLI on a fresh Ubuntu VM

Do you open browser on this VM or open browser on your local PC?

I had test in my lab, use outlook.com account to test, when I use Linux VM CLI 2.0 to login Azure, then use my local windows IE browser to open https://aka.ms/devicelogin and type code, then get the same error message as you.

But when I use my windows PC CLI 2.0 to login Azure, and use windows IE to open that page, works fine.

But when I use Linux VM CLI 2.0 to login Azure with hotmail.com, then use my local windows IE to login it, works find.

It seems that outlook account is Microsoft account, it need sign-in verify.

As a workaround, we can use CLI 2.0 to login Azure whit this command:
az login -u [email protected]

enter image description here

Then type the password, we will login to Azure.

Update:
As a workaround, we can create service principal to login CLI:

About create service principal, we can use this command : az ad sp create-for-rbac:

About login CLI:

az login --service-principal -u a487e0c1-82af-47d9-9a0b-af184eb87646d --password {password} --tenant {tenant}

More information about service principal, please refer to this link.

0
votes

Run below command to login azure on virtual machine.Instead of app-url use name which u generated from below steps

az login --service-principal -u *app-url* -p *password-or-cert* --tenant *tenant*

Follow below steps to generate client-id(app-id) and secret 

az account show --query "{subscriptionId:id, tenantId:tenantId}"
az account set --subscription="${SUBSCRIPTION_ID}"
az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/${SUBSCRIPTION_ID}"

Your appId, password, sp_name, and tenant are returned. Make a note of the appId and password.