Unable to Login to DF tenant with tenant id: 07451adf-45ec-46b4-8fca-a98b1d5b452d #26763
Description
Describe the bug
I am not able to login to DF tenant with tenant id: 07451adf-45ec-46b4-8fca-a98b1d5b452d
I executed the following steps to register Dogfood cloud and login:
az cloud register --name Dogfood --endpoint-active-directory-graph-resource-id https://graph.windows-ppe.net/
--endpoint-active-directory-resource-id https://management.core.windows.net/
--endpoint-gallery https://df.gallery.azure-test.net/
--endpoint-resource-manager https://api-dogfood.resources.windows-int.net/
--endpoint-active-directory https://login.windows-ppe.net/
az cloud set Dogfood
az login -t 07451adf-45ec-46b4-8fca-a98b1d5b452d
When I try to login I am seeing the following error:
AADSTS500532: The account is locked, you've tried to sign in too many times with an incorrect user ID or password.
Trace ID: 2a901fdb-1957-4c35-bb8a-97aa4cd03a00
Correlation ID: a4ada1b9-1f66-45ab-8e62-3ac48f8910fa
However I am able to login to the portal from this link: https://df.onecloud.azure-test.net/?flight=0#@07451adf-45ec-46b4-8fca-a98b1d5b452d/dashboard/private/f379f92c-0453-4f8d-ad5d-819528edc023
Related command
az login -t 07451adf-45ec-46b4-8fca-a98b1d5b452d
Errors
AADSTS500532: The account is locked, you've tried to sign in too many times with an incorrect user ID or password.
Trace ID: 2a901fdb-1957-4c35-bb8a-97aa4cd03a00
Correlation ID: a4ada1b9-1f66-45ab-8e62-3ac48f8910fa
Issue script & Debug output
cli.knack.cli: Command arguments: ['login', '-t', '07451adf-45ec-46b4-8fca-a98b1d5b452d', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
Enable VT mode.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x000001AE859A9C60>, <function OutputProducer.on_global_arguments at 0x000001AE85D00430>, <function CLIQuery.on_global_arguments at 0x000001AE85D35750>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'login': ['azure.cli.command_modules.profile']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: profile 0.006 2 9
cli.azure.cli.core: Total (1) 0.006 2 9
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name Load Time Groups Commands Directory
cli.azure.cli.core: Total (0) 0.000 0 0
cli.azure.cli.core: Loaded 2 groups, 9 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : login
cli.azure.cli.core: Command table: login
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x000001AE88844940>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\lthela.azure\commands\2023-06-26.22-09-51.login.16020.log'.
az_command_data_logger: command args: login -t {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x000001AE88847370>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x000001AE888C11B0>, <function register_cache_arguments..add_cache_arguments at 0x000001AE888C12D0>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x000001AE85D004C0>, <function CLIQuery.handle_query_parameter at 0x000001AE85D357E0>, <function register_ids_argument..parse_ids_arguments at 0x000001AE888C1240>]
cli.azure.cli.core.auth.persistence: build_persistence: location='C:\Users\lthela\.azure\msal_token_cache.bin', encrypt=True
cli.azure.cli.core.auth.binary_cache: load: C:\Users\lthela.azure\msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.windows-ppe.net/07451adf-45ec-46b4-8fca-a98b1d5b452d/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.windows-ppe.net/07451adf-45ec-46b4-8fca-a98b1d5b452d/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.windows-ppe.net/07451adf-45ec-46b4-8fca-a98b1d5b452d/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft-ppe.com/oidc/userinfo', 'authorization_endpoint': 'https://login.windows-ppe.net/07451adf-45ec-46b4-8fca-a98b1d5b452d/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.windows-ppe.net/07451adf-45ec-46b4-8fca-a98b1d5b452d/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.windows-ppe.net/07451adf-45ec-46b4-8fca-a98b1d5b452d/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.windows-ppe.net/07451adf-45ec-46b4-8fca-a98b1d5b452d/kerberos', 'tenant_region_scope': 'NA', 'cloud_instance_name': 'windows-ppe.net', 'cloud_graph_host_name': 'graph.ppe.windows.net', 'msgraph_host': 'graph.microsoft-ppe.com', 'rbac_url': 'https://pas.windows-ppe.net'}
msal.application: Broker enabled? False
cli.azure.cli.core.auth.identity: A web browser has been opened at https://login.windows-ppe.net/07451adf-45ec-46b4-8fca-a98b1d5b452d/oauth2/v2.0/authorize. Please continue the login in the web browser. If no web browser is available or if the web browser fails to open, use device code flow with az login --use-device-code.
msal.telemetry: Generate or reuse correlation_id: 902bdb1a-3f73-4e7a-9d78-3bb967d38efa
msal.oauth2cli.oauth2: Using http://localhost:54612 as redirect_uri
msal.oauth2cli.authcode: Abort by visit http://localhost:54612?error=abort
msal.oauth2cli.authcode: Open a browser on this device to visit: https://login.windows-ppe.net/07451adf-45ec-46b4-8fca-a98b1d5b452d/oauth2/v2.0/authorize?client_id=04b07795-8ddb-461a-bbee-02f9e1bf7b46&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A54612&scope=https%3A%2F%2Fmanagement.core.windows.net%2F%2F.default+offline_access+openid+profile&state=RUPMdYTbXIgHlhOF&code_challenge=v8vf8gbIlTCuWNqZwoCLUJRQnTxlYEw9sUDpBGN_QYk&code_challenge_method=S256&nonce=27243f2d78e18dab5ecf713b9e5fa6c82e1e6cbf09d42d82d469c9837de67b25&client_info=1&claims=%7B%22access_token%22%3A+%7B%22xms_cc%22%3A+%7B%22values%22%3A+%5B%22CP1%22%5D%7D%7D%7D&prompt=select_account
msal.oauth2cli.authcode: Got auth response: {'error': 'interaction_required', 'error_description': "AADSTS500532: The account is locked, you've tried to sign in too many times with an incorrect user ID or password.\r\nTrace ID: 2a901fdb-1957-4c35-bb8a-97aaa5fd3a00\r\nCorrelation ID: 27dbce82-7b33-4304-9c8c-131dc56fa0a6\r\nTimestamp: 2023-06-26 22:11:52Z", 'error_uri': 'https://login.windows-ppe.net/error?code=500532', 'state': 'RUPMdYTbXIgHlhOF'}
msal.oauth2cli.authcode: "GET /?error=interaction_required&error_description=AADSTS500532%3a+The+account+is+locked%2c+you%27ve+tried+to+sign+in+too+many+times+with+an+incorrect+user+ID+or+password.%0d%0aTrace+ID%3a+2a901fdb-1957-4c35-bb8a-97aaa5fd3a00%0d%0aCorrelation+ID%3a+27dbce82-7b33-4304-9c8c-131dc56fa0a6%0d%0aTimestamp%3a+2023-06-26+22%3a11%3a52Z&error_uri=https%3a%2f%2flogin.windows-ppe.net%2ferror%3fcode%3d500532&state=RUPMdYTbXIgHlhOF HTTP/1.1" 200 -
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "E:\lthela\user-test\venv\lib\site-packages\knack\cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
File "E:\lthela\user-test\venv\lib\site-packages\azure\cli\core\commands_init_.py", line 663, in execute
raise ex
File "E:\lthela\user-test\venv\lib\site-packages\azure\cli\core\commands_init_.py", line 726, in _run_jobs_serially
results.append(self.run_job(expanded_arg, cmd_copy))
File "E:\lthela\user-test\venv\lib\site-packages\azure\cli\core\commands_init.py", line 697, in run_job
result = cmd_copy(params)
File "E:\lthela\user-test\venv\lib\site-packages\azure\cli\core\commands_init.py", line 333, in call
return self.handler(*args, **kwargs)
File "E:\lthela\user-test\venv\lib\site-packages\azure\cli\core\commands\command_operation.py", line 121, in handler
return op(**command_args)
File "E:\lthela\user-test\venv\lib\site-packages\azure\cli\command_modules\profile\custom.py", line 139, in login subscriptions = profile.login(
File "E:\lthela\user-test\venv\lib\site-packages\azure\cli\core_profile.py", line 154, in login
user_identity = identity.login_with_auth_code(scopes=scopes, **kwargs)
File "E:\lthela\user-test\venv\lib\site-packages\azure\cli\core\auth\identity.py", line 159, in login_with_auth_code
return check_result(result)
File "E:\lthela\user-test\venv\lib\site-packages\azure\cli\core\auth\util.py", line 133, in check_result
aad_error_handler(result, **kwargs)
File "E:\lthela\user-test\venv\lib\site-packages\azure\cli\core\auth\util.py", line 43, in aad_error_handler
raise AuthenticationError(error_description, msal_error=error, recommendation=login_message)
azure.cli.core.azclierror.AuthenticationError: AADSTS500532: The account is locked, you've tried to sign in too many times with an incorrect user ID or password.
Trace ID: 2a901fdb-1957-4c35-bb8a-97aaa5fd3a00
Correlation ID: 27dbce82-7b33-4304-9c8c-131dc56fa0a6
Timestamp: 2023-06-26 22:11:52Z
cli.azure.cli.core.azclierror: AADSTS500532: The account is locked, you've tried to sign in too many times with an incorrect user ID or password.
Trace ID: 2a901fdb-1957-4c35-bb8a-97aaa5fd3a00
Correlation ID: 27dbce82-7b33-4304-9c8c-131dc56fa0a6
Timestamp: 2023-06-26 22:11:52Z
az_command_data_logger: AADSTS500532: The account is locked, you've tried to sign in too many times with an incorrect user ID or password.
Trace ID: 2a901fdb-1957-4c35-bb8a-97aaa5fd3a00
Correlation ID: 27dbce82-7b33-4304-9c8c-131dc56fa0a6
Timestamp: 2023-06-26 22:11:52Z
Interactive authentication is needed. Please run:
az login
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x000001AE88844B80>]
az_command_data_logger: exit code: 1
cli.main: Command ran in 122.586 seconds (init: 0.878, invoke: 121.708)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 3445 in cache
telemetry.check: Negative: The C:\Users\lthela.azure\telemetry.txt was modified at 2023-06-26 22:09:15.436310, which in less than 600.000000 s
Expected behavior
Expected to login
Environment Summary
azure-cli 2.49.0
core 2.49.0
telemetry 1.0.8
Extensions:
arcappliance 0.2.31
Dependencies:
msal 1.20.0
azure-mgmt-resource 22.0.0
Python location 'E:\lthela\aishwarya-test\venv\Scripts\python.exe'
Extensions directory 'C:\Users\lthela.azure\cliextensions'
Python (Windows) 3.10.8 (tags/v3.10.8:aaaf517, Oct 11 2022, 16:50:30) [MSC v.1933 64 bit (AMD64)]
Legal docs and information: aka.ms/AzureCliLegal
Your CLI is up-to-date.
Additional context
No response