Select-AzureRmSubscription : Please provide a valid tenant or a valid subscription

2
votes

I have created the Powershell Runbook, and added all the required details and valid values. Still I am facing the error for Select-AzureRmSubscription command. The error I am getting all the time is

Select-AzureRmSubscription : Please provide a valid tenant or a valid subscription.

I am using below connection setting in Powershell runbook:

$connectionName = "AzureRunAsConnection"

try
{

    # Get the connection "AzureRunAsConnection "

    $servicePrincipalConnection=Get-AutomationConnection -Name $connectionName 

    "Logging in to Azure..."

    Add-AzureRmAccount -ServicePrincipal -TenantId $servicePrincipalConnection.TenantId -ApplicationId
    $servicePrincipalConnection.ApplicationId -CertificateThumbprint
    $servicePrincipalConnection.CertificateThumbprint
}
catch {

    if (!$servicePrincipalConnection) 
    {

        $ErrorMessage = "Connection
        $connectionName not found."

        throw $ErrorMessage

    } else{

        Write-Error -Message $_.Exception

        throw $_.Exception
    }
}


fetch-group-memberships | Select-Object UserName, PrincipalName, GroupName, AzureGroupName |Sort-Object GroupName| Export-Csv -NoTypeInformation -Path
'MEMBERSHIP.csv' 

#=======================================================================================

# Select the subscription you are going to work with

#=======================================================================================
Select-AzureRmSubscription -SubscriptionId
"[removed for security purpose]"

#Get-AzureRmSubscription -SubscriptionName "BIG" | Select-AzureRmSubscription

#=======================================================================================

# Set the Current Storage Account to the approperiate location

#=======================================================================================

Set-AzureRmCurrentStorageAccount -StorageAccountName devapacbi01 -ResourceGroupName dev-rgp-apac-01

#=======================================================================================

# Capture the file that is local to automation and save to Storage Blob

#=======================================================================================

Set-AzureStorageBlobContent -Container bi-app-carm-im -File ADGROUP_MEMBERSHIP.csv -Blob _MEMBERSHIP_AL.csv -Force

Even if the subscription id is correct it keeps throwing an error as above.

3
azurepowershellazure-powershellazure-automation
If you run the runbook in the portal, you are already in the subscription, no need to use Select-AzureRmSubscription, then it will work fine.Joy Wang-MSFT
If the subscription that you select is in your current tenant?Charles Xu
@CharlesXu : Yes. that subscription is in current tenantVIshal Tile
@JoyWang : I tried removing Select-AzureRmSubscription command from the script , then I am facing below error for next command : Set-AzureRmCurrentStorageAccount : 'this.Client.SubscriptionId' cannot be null. At line:147 char:1VIshal Tile
Are the runbook and the storage which you used in the same subscription?Joy Wang-MSFT

3 Answers

2
votes

this means you do not have permissions to do so. you need to assign proper permissions to the account you are using for the runbook

0
votes

You do not need to Select-AzureRmSubscription because runbook connection is only tied to on subscription.

Also keep in mid the runbook is running on a environment setup to run your script, I prefer to stay away from Set environment commands.

Removing the subscription line and fixing lines below should work.

$storageAccount = Get-AzureRmStorageAccount -StorageAccountName devapacbi01 -ResourceGroupName dev-rgp-apac-01

Set-AzureStorageBlobContent -Container bi-app-carm-im -File ADGROUP_MEMBERSHIP.csv -Blob _MEMBERSHIP_AL.csv -Context $storageAccount.Context -Force

Hope this helps.

0
votes

Its Solved! You guys were correct, it was an issue with correct permissions with Automation Account only. We should have a access as a contributor on your storage account. After giving right permissions to automation RunAs (contributor on your storage account) it worked and ran successfully. Than you all again.