New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WARNING: Unable to acquire token for tenant 'organizations' #13530
Comments
@alexandair, could you please share the debug stream by running |
|
@alexandair , thanks for raising the issue. We noticed unclear error message is shown again in 2.2.0, we just released 2.2.1. Now it looks like if using Az.Accounts 2.2.1:
As to warning message |
WARNING: Interactive authentication is not supported in this session, please run Connect-AzAccount using the -UseDeviceAuthentication parameter. |
@alexandair, good suggestion, we'll update it in next release. |
This issue seems not resolved. |
I am running onto this as well ^ |
Same here: Script 2.2.2 Az.Accounts {Add-AzEnvironment, Clear-AzContext, Clear-AzDefault, Connect-AzAccount…} |
Reopening the issue for triage as many customers are encounting the same problem |
Add me to the list... |
Same here. Just downloaded the module for the first time.
...and yes, the subscription id and tenant are correct. |
+1 |
Just for info: I encountered this issue today, out of nowhere. I solved it by going to portal.azure.com, where for some reason suddenly two factor authentication was required. After logging in, connect-azaccount worked without issues. |
Same here. It´s stopped working just out of the blue. |
This started happening to me too and I think I know why. |
I also started facing same issue today but got it fixed by installing microsoft authenticator app and using the same for default browser which is used by powershell session while we run connect-azaccount. This took a long time to figure out but was able to fix this way. Let me know who all gets this fixed by following same process. |
Can you elaborate.
I am already using the authenticator app and it only present in my csp
account.
Op wo 3 feb. 2021 15:28 schreef shikhachauhan1989 <notifications@github.com
…:
I also started facing same issue today but got it fixed by installing
microsoft authenticator app and using the same for default browser which is
used by powershell session while we run connect-azaccount. This took a long
time to figure out but was able to fix this way. Let me know who all gets
this fixed by following same process.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#13530 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABIWZN4SKYVUSFTSGFQ7TL3S5FMRLANCNFSM4TYPWG7A>
.
|
Just check what browser is set as default in your system as when you run connect-azaccount with powershell it uses the default browser for the login process. once identified, launch browser, complete the login process using two factor authentication and select the checkbox which says keep me signedin. once you are successfully signedin to azure portal. you can launch powershell and try logging-in from there. i hope it fixes your issue as same worked for me. |
note that I am using a service account that doesn't have MFA and still running into this issue |
Close this issue as some of you solved the issue by using Authenticator app, and some issues are not same as issue author reported. If you still encountered the issue, please create a new issue with debug stream, thanks. |
I have just deleted the 2 extra Tenants i had created for training purposes. The issue is now solved for me and i can login again via Powershell from within a Docker container |
In my case I solved just running: Clear-AzContext And them trying to connect again Connect-AzAccount |
This just started happening to me and none of the other fixes have worked. |
I know this is snarky... but... As PowerShell (Az cmdlets) is a part of an API platform, there should be zero dependency on which browser (or local user profile) you're using or which "account" your logged into other than the identity you're using "within" the PowerShell console/ISE. Otherwise, that's pretty ridiculous. When I log on to my jump host to do PowerShell work, I am logging on as a CyberArk protected user (not as "me" which is where my 0365/Azure rights are granted). Hence, I have to open a browser, make sure i log out as "DomainAdmin5" or whomever is my CYBR identity, and logon to the browser as "me" in order to make a Warning message not be in context... grrrrrrrrrrrrrrrrrrr |
I'm having this issue also. I noticed that when I ran To solve it I had to run:
Then I finally got the MFA prompt and was able to log in successfully. Not sure if it contributed but i had also opened my default browser, cleared my cache and logged into the azure portal with the account I wanted to use. |
This issue still occurs as of July 2021 |
Just ran into this yesterday with a service principal account. The fix was basically what @simone-bennett posted above but modified to run for a service principal: Clear-AzContext -Force
$credential = New-Object System.Management.Automation.PSCredential($servicePrincipalUsername, $(ConvertTo-SecureString $servicePrincipalPassword -AsPlainText -Force))
Connect-AzAccount -Credential $credential -Tenant $tenantId -ServicePrincipal |
I think this issue may be related to the version of Newtonsoft Json thats loaded, have seen this issue when using MicrosoftPowerBIMgmt cmdlets both with AzureAD module and also Az.Accounts Use and that will show you which version is currently loaded. The order you connect to services changes the behaviour of this. |
Still happening in 2023. Using latest Powershell and latest AZ module on Win11. |
Happening to me too.. Windows 11, latest AZ module |
Happening to me too |
Found my problem, was the use of ad-blockers on my browser.. Proved by using Chromium edge as my default browser with no ad-blocking extensions installed.. everything just works as expected. |
that makes no sense. We're talking about Powershell here. Powershell has got nothing to do with your browser. |
Well the default browser is part of the authorization process to my knowledge, hence my assumption would be to start looking there... when digging deeper similar issues can occur when the communications are not properly handled via a proxy, therefore my assumption around the ad-blocker getting in the way. Have you tried the above? |
I don't need to try the above because I know it's completely unrelated. When you run Connect-AZAccount, yes it uses your browser to do the 2FA authentication. However, Connect-AzAccount has never been a problem for me. The problem is that even though I'm already authenticated, i.e I already have the access/bearer token right in my Powershell session, but looping through certain subscriptions will generate this error. If I do a Get-AZContext, I can see the context I'm currently in. I can list all the subs and it's fine. When I do something like this:
It works fine for 99% of the subs, but occasionally one or 2 subs will show the "unable to acquire token for tenant" error. If I re-run the code, it'll sometimes fix itself and work fine. At this point, everything is done within Powershell session. The token has already been generated via the browser and passed to Powershell. Also, the majority of the subscriptions are fine and they obviously use the same access token. This is definitely not a browser issue. |
Why are we seeing this warning message when we run
Connect-AzAccount
in Az PowerShell v5.x?The text was updated successfully, but these errors were encountered: