Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get-AzureRmSubscription does not return all available subscriptions from other Azure ADs #5255

Closed
slavizh opened this issue Jan 10, 2018 · 5 comments
Closed

Get-AzureRmSubscription does not return all available subscriptions from other Azure ADs #5255

slavizh opened this issue Jan 10, 2018 · 5 comments
Labels
Azure PS Team Investigate 🔍
Milestone
2018-01-26

Comments

@slavizh
Copy link

slavizh commented Jan 10, 2018
edited by cormacpayne

Cmdlet(s)

Get-AzureRmSubscription

PowerShell Version

PS C:\WINDOWS\system32> $PSVersionTable

Name Value

PSVersion 5.1.16299.98
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.16299.98
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1

Module Version

PS C:\WINDOWS\system32> get-module Azurerm -ListAvailable


    Directory: C:\Program Files\WindowsPowerShell\Modules


ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Script     5.1.1      AzureRM

OS Version

BuildVersion 10.0.16299.98

Description

When I login with MSA account that has access to different subscriptions in different Azure ADs I only see the subscription that is in my Azure AD.

PS C:\WINDOWS\system32> Login-AzureRmAccount


Account          : someaccount@outlook.com
SubscriptionName : Visual Studio Ultimate with MSDN
SubscriptionId   : 3c1d68a6-4064-4522-94e4-e0378165932e
TenantId         : eeb91fce-4bc2-4a30-aad8-48e05fefde07
Environment      : AzureCloud



PS C:\WINDOWS\system32> Get-AzureRmSubscription


Name     : Visual Studio Ultimate with MSDN
Id       : 3c1d68a6-4064-4522-94e4-e0378165932e
TenantId : eeb91fce-4bc2-4a30-aad8-48e05fefde07
State    : Enabled



PS C:\WINDOWS\system32> Get-AzureRmSubscription -SubscriptionId a11781dc-e3ac-4ae1-96b0-93be46e82778 -TenantId 82f988bf-86f1-41af-91ab-2d7cd011db46


Name     : <SomeName>
Id       : a11781dc-e3ac-4ae1-96b0-93be46e82778
TenantId : 82f988bf-86f1-41af-91ab-2d7cd011db46
State    : Enabled



PS C:\WINDOWS\system32> Select-AzureRmSubscription  -SubscriptionId a11781dc-e3ac-4ae1-96b0-93be46e82778 -TenantId 82f988bf-86f1-41af-91ab-2d7cd011db46


Name             : [stas@outlook.com, a11781dc-e3ac-4ae1-96b0-93be46e82778]
Account          : stas@outlook.com
SubscriptionName : <SomeName>
TenantId         : 82f988bf-86f1-41af-91ab-2d7cd011db46
Environment      : AzureCloud

Azure Portal also have issue from time to time displaying all Azure AD's so you can switch to another subscription in another Azure AD.
Some of the values above were intentionally modified to hide sensitive information but the output was from actual execution. As you can see the subscription/tenant I am selecting is not available via Get-AzureRmSubscription cmdlet.

Debug Output

Debug is not provided as it contains sensitive information.

Script/Steps for Reproduction

The description has all the steps needed.
Login with MSA account that has access to subscription under multiple tenants.
@cormacpayne cormacpayne removed their assignment Jan 10, 2018
@markcowl
Copy link
Member

@slavizh Can you provide the debug logs during login and switching subscriptions when this occurs? Depending on the details hf how you have access to those tenants, you may need to provide tenantId specifically. The debug logs will tell us.

To create debug logs, set

$DebugPreference="Continue"

@markcowl markcowl added this to the 2018-01-26 milestone Jan 16, 2018
@slavizh
Copy link
Author

slavizh commented Jan 17, 2018

@markcowl is there secure way to provide those. I do not want they to be exposed publicly here.

@maddieclayton
Copy link
Contributor

@slavizh Would it be possible to go through and redact the confidential information? We do not need account specific information, just the general information from the logs.

@slavizh
Copy link
Author

slavizh commented Jan 18, 2018

Hi
I've cleaned up some values. Hoping that I didn't cleaned up something you need.

PS C:\WINDOWS\system32> $DebugPreference="Continue"
PS C:\WINDOWS\system32> Login-AzureRmAccount -Debug
DEBUG: 12:42:03 - AddAzureRMAccountCommand begin processing with ParameterSet 'UserWithSubscriptionId'.

Confirm
Continue with this operation?
[Y] Yes  [A] Yes to All  [H] Halt Command  [S] Suspend  [?] Help (default is "Y"): a

Confirm
Are you sure you want to perform this action?
Performing the operation "log in" on target "User account in environment 'AzureCloud'".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): a
DEBUG: 12:42:09 - Autosave setting from startup session: 'Process'
DEBUG: 12:42:09 - No autosave setting detected in environment variable 'AzureRmContextAutoSave'.
DEBUG: 12:42:09 - Using Autosave scope 'Process'
DEBUG: [Common.Authentication]: Authenticating using configuration values: Domain: 'Common', Endpoint:
'https://login.microsoftonline.com/', ClientId: '<clientId>', ClientRedirect:
'urn:ietf:wg:oauth:2.0:oob', ResourceClientUri: 'https://management.core.windows.net/', ValidateAuthrity: 'True'
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 01/18/2018 10:42:09:  - AuthenticationContext: ADAL .NET with assembly version '2.28.3.860', file version
'2.28.31117.1411' and informational version '78bd21073cfd91768d97894ace1ba90c5b904eec' is running...
DEBUG: [Common.Authentication]: Acquiring token using context with Authority
'https://login.microsoftonline.com/Common/', CorrelationId: '00000000-0000-0000-0000-000000000000', ValidateAuthority:
'True'
DEBUG: [Common.Authentication]: Acquiring token using AdalConfiguration with Domain: 'Common', AdEndpoint:
'https://login.microsoftonline.com/', ClientId: '<clientId>', ClientRedirectUri:
urn:ietf:wg:oauth:2.0:oob
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 01/18/2018 10:42:09: 6032bfb1-672b-4e6c-a6fe-d57036405433 - AcquireTokenHandlerBase: === Token Acquisition
started:
 Authority: https://login.microsoftonline.com/Common/
 Resource: https://management.core.windows.net/
 ClientId: <clientId>
 CacheType: Microsoft.Azure.Commands.Common.Authentication.AuthenticationStoreTokenCache (0 items)
 Authentication Target: User

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 01/18/2018 10:42:09:  - WindowsFormsWebAuthenticationDialogBase: Navigating to
'https://login.microsoftonline.com/Common/oauth2/authorize?resource=https://management.core.windows.net/&client_id=1950
a258-227b-4e31-a9cf-717495945fc2&response_type=code&haschrome=1&redirect_uri=urn:ietf:wg:oauth:2.0:oob&client-request-i
d=6032bfb1-672b-4e6c-a6fe-d57036405433&prompt=login&x-client-SKU=.NET&x-client-Ver=2.28.3.860&x-client-CPU=x64&x-client
-OS=Microsoft Windows NT 10.0.16299.0&site_id=501358&display=popup'.
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 01/18/2018 10:42:10:  - WindowsFormsWebAuthenticationDialogBase: Navigated to
'https://login.microsoftonline.com/Common/oauth2/authorize?resource=https://management.core.windows.net/&client_id=1950
a258-227b-4e31-a9cf-717495945fc2&response_type=code&haschrome=1&redirect_uri=urn:ietf:wg:oauth:2.0:oob&client-request-i
d=6032bfb1-672b-4e6c-a6fe-d57036405433&prompt=login&x-client-SKU=.NET&x-client-Ver=2.28.3.860&x-client-CPU=x64&x-client
-OS=Microsoft Windows NT 10.0.16299.0&site_id=501358&display=popup'.
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 01/18/2018 10:42:16:  - WindowsFormsWebAuthenticationDialogBase: Navigating to
'https://login.live.com/oauth20_authorize.srf?response_type=code&client_id=<clientId>&scope=o
penid profile email
offline_access&response_mode=form_post&display=host&redirect_uri=https://login.microsoftonline.com/common/federation/oa
uth2&state=rQIIAePiMtIzstAz1rMwMxBiNNRiNtQztFIxtDQ1SDQytdA1MjJP0jVJNTbUTbRMTtM1NzQ3sTS1NDFNSzbyYjM1MDQ2tSgS4hLYuN8oQTs9
x2_Zv6sFZg4hxpMYWQvyC0oLZjFyxudklqXqJefnrmKULC3Ks8pMLUmzKk-3yk8sLcmwMtIzsMrPT9rByHiBkfEFI2MDE-MtJn5_R6CcEYjIL8qsSn3FxJq
Tn56Zt4pZJaOkpKDYSl8_NzEvMT01NzWvBGh0UapeeWZeSn55sV5eaon-JmY2oHW5-Xk3mBkvsDC-YpHgYBKQkWBWuMOmwWLAbMXJwSXAILG6XoHhBwvjIl
ag87_mHvOM_ujvNcPW2fjcP3-GU6z6LmHZBa4Gxu5G-b45JkWF2VGejp4pRgVlru6ZYYXZZTmWZj4untmuoaGVgbbGVoYT2BhPsbHo-bmGfGBj2MWJ26cA0
&max_age=0&estsfed=1&uaid=6032bfb1672b4e6ca6fed57036405433&popupui=1&username=myaccount@outlook.com'.
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 01/18/2018 10:42:17:  - WindowsFormsWebAuthenticationDialogBase: Navigated to
'https://login.live.com/oauth20_authorize.srf?response_type=code&client_id=<clientId>&scope=o
penid profile email
offline_access&response_mode=form_post&display=host&redirect_uri=https://login.microsoftonline.com/common/federation/oa
uth2&state=rQIIAePiMtIzstAz1rMwMxBiNNRiNtQztFIxtDQ1SDQytdA1MjJP0jVJNTbUTbRMTtM1NzQ3sTS1NDFNSzbyYjM1MDQ2tSgS4hLYuN8oQTs9
x2_Zv6sFZg4hxpMYWQvyC0oLZjFyxudklqXqJefnrmKULC3Ks8pMLUmzKk-3yk8sLcmwMtIzsMrPT9rByHiBkfEFI2MDE-MtJn5_R6CcEYjIL8qsSn3FxJq
Tn56Zt4pZJaOkpKDYSl8_NzEvMT01NzWvBGh0UapeeWZeSn55sV5eaon-JmY2oHW5-Xk3mBkvsDC-YpHgYBKQkWBWuMOmwWLAbMXJwSXAILG6XoHhBwvjIl
ag87_mHvOM_ujvNcPW2fjcP3-GU6z6LmHZBa4Gxu5G-b45JkWF2VGejp4pRgVlru6ZYYXZZTmWZj4untmuoaGVgbbGVoYT2BhPsbHo-bmGfGBj2MWJ26cA0
&max_age=0&estsfed=1&uaid=6032bfb1672b4e6ca6fed57036405433&popupui=1&username=myaccount@outlook.com'.
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 01/18/2018 10:42:21:  - WindowsFormsWebAuthenticationDialogBase: Navigating to
'https://login.live.com/ppsecure/post.srf?response_type=code&client_id=<clientId>&scope=openi
d profile email
offline_access&response_mode=form_post&display=host&redirect_uri=https://login.microsoftonline.com/common/federation/oa
uth2&state=rQIIAePiMtIzstAz1rMwMxBiNNRiNtQztFIxtDQ1SDQytdA1MjJP0jVJNTbUTbRMTtM1NzQ3sTS1NDFNSzbyYjM1MDQ2tSgS4hLYuN8oQTs9
x2_Zv6sFZg4hxpMYWQvyC0oLZjFyxudklqXqJefnrmKULC3Ks8pMLUmzKk-3yk8sLcmwMtIzsMrPT9rByHiBkfEFI2MDE-MtJn5_R6CcEYjIL8qsSn3FxJq
Tn56Zt4pZJaOkpKDYSl8_NzEvMT01NzWvBGh0UapeeWZeSn55sV5eaon-JmY2oHW5-Xk3mBkvsDC-YpHgYBKQkWBWuMOmwWLAbMXJwSXAILG6XoHhBwvjIl
ag87_mHvOM_ujvNcPW2fjcP3-GU6z6LmHZBa4Gxu5G-b45JkWF2VGejp4pRgVlru6ZYYXZZTmWZj4untmuoaGVgbbGVoYT2BhPsbHo-bmGfGBj2MWJ26cA0
&max_age=0&estsfed=1&popupui=1&username=myaccount@outlook.com&contextid=17C2254693AE1E86&bk=1516272135&uaid=6032bfb1672b4e6c
a6fed57036405433&pid=15216'.
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 01/18/2018 10:42:21:  - WindowsFormsWebAuthenticationDialogBase: Navigated to
'https://login.live.com/ppsecure/post.srf?response_type=code&client_id=<clientId>&scope=openi
d profile email
offline_access&response_mode=form_post&display=host&redirect_uri=https://login.microsoftonline.com/common/federation/oa
uth2&state=rQIIAePiMtIzstAz1rMwMxBiNNRiNtQztFIxtDQ1SDQytdA1MjJP0jVJNTbUTbRMTtM1NzQ3sTS1NDFNSzbyYjM1MDQ2tSgS4hLYuN8oQTs9
x2_Zv6sFZg4hxpMYWQvyC0oLZjFyxudklqXqJefnrmKULC3Ks8pMLUmzKk-3yk8sLcmwMtIzsMrPT9rByHiBkfEFI2MDE-MtJn5_R6CcEYjIL8qsSn3FxJq
Tn56Zt4pZJaOkpKDYSl8_NzEvMT01NzWvBGh0UapeeWZeSn55sV5eaon-JmY2oHW5-Xk3mBkvsDC-YpHgYBKQkWBWuMOmwWLAbMXJwSXAILG6XoHhBwvjIl
ag87_mHvOM_ujvNcPW2fjcP3-GU6z6LmHZBa4Gxu5G-b45JkWF2VGejp4pRgVlru6ZYYXZZTmWZj4untmuoaGVgbbGVoYT2BhPsbHo-bmGfGBj2MWJ26cA0
&max_age=0&estsfed=1&popupui=1&username=myaccount@outlook.com&contextid=17C2254693AE1E86&bk=1516272135&uaid=6032bfb1672b4e6c
a6fed57036405433&pid=15216'.
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 01/18/2018 10:42:21:  - WindowsFormsWebAuthenticationDialogBase: Navigating to
'https://login.microsoftonline.com/common/federation/oauth2'.
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 01/18/2018 10:42:22:  - WindowsFormsWebAuthenticationDialogBase: WebBrowser state: IsBusy: True, ReadyState:
Complete, Created: True, Disposing: False, IsDisposed: False, IsOffline: False
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 01/18/2018 10:42:22:  - WindowsFormsWebAuthenticationDialogBase: WebBrowser state (after Stop): IsBusy: False,
ReadyState: Complete, Created: True, Disposing: False, IsDisposed: False, IsOffline: False
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 01/18/2018 10:42:23: 6032bfb1-672b-4e6c-a6fe-d57036405433 - TokenCache: Storing token in the cache...
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 01/18/2018 10:42:23: 6032bfb1-672b-4e6c-a6fe-d57036405433 - TokenCache: An item was stored in the cache
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 01/18/2018 10:42:23: 6032bfb1-672b-4e6c-a6fe-d57036405433 - AcquireTokenHandlerBase: === Token Acquisition
finished successfully. An access token was retuned:
 Access Token Hash: <access token hash>
 Refresh Token Hash: <refresh tolen hash>
 Expiration Time: 01/18/2018 11:42:22 +00:00
 User Hash: <user hash>

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 01/18/2018 10:42:23:  - TokenCache: Serializing token cache with 1 items.
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://management.azure.com/tenants?api-version=2016-06-01

Headers:
x-ms-client-request-id        : 871ea2e4-9c49-43fa-8ed8-ccec4934c2c8
accept-language               : en-US

Body:


DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Pragma                        : no-cache
x-ms-ratelimit-remaining-tenant-reads: 14999
x-ms-request-id               : e482edab-f1b5-4824-a2ac-754caa7bd4de
x-ms-correlation-request-id   : e482edab-f1b5-4824-a2ac-754caa7bd4de
x-ms-routing-request-id       : WESTEUROPE:20180118T104323Z:e482edab-f1b5-4824-a2ac-754caa7bd4de
Strict-Transport-Security     : max-age=31536000; includeSubDomains
Cache-Control                 : no-cache
Date                          : Thu, 18 Jan 2018 10:43:22 GMT

Body:
{
  "value": [
    {
      "id": "/tenants/<tenantId2>",
      "tenantId": "<tenantId2>"
    }
  ]
}

DEBUG: [Common.Authentication]: Authenticating using configuration values: Domain:
'<tenantId2>', Endpoint: 'https://login.microsoftonline.com/', ClientId:
'<clientId>', ClientRedirect: 'urn:ietf:wg:oauth:2.0:oob', ResourceClientUri:
'https://management.core.windows.net/', ValidateAuthrity: 'True'
DEBUG: [Common.Authentication]: Acquiring token using context with Authority
'https://login.microsoftonline.com/<tenantId2>/', CorrelationId:
'00000000-0000-0000-0000-000000000000', ValidateAuthority: 'True'
DEBUG: [Common.Authentication]: Acquiring token using AdalConfiguration with Domain:
'<tenantId2>', AdEndpoint: 'https://login.microsoftonline.com/', ClientId:
'<clientId>', ClientRedirectUri: urn:ietf:wg:oauth:2.0:oob
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 01/18/2018 10:43:25: 2cf740b4-0abd-40f2-8a01-8a6afa482a59 - AcquireTokenHandlerBase: === Token Acquisition
started:
 Authority: https://login.microsoftonline.com/<tenantId2>/
 Resource: https://management.core.windows.net/
 ClientId: <clientId>
 CacheType: Microsoft.Azure.Commands.Common.Authentication.AuthenticationStoreTokenCache (1 items)
 Authentication Target: User

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 01/18/2018 10:43:25: 2cf740b4-0abd-40f2-8a01-8a6afa482a59 - TokenCache: Looking up cache for a token...
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 01/18/2018 10:43:25: 2cf740b4-0abd-40f2-8a01-8a6afa482a59 - TokenCache: No matching token was found in the cache
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 01/18/2018 10:43:25:  - WindowsFormsWebAuthenticationDialogBase: Navigating to
'https://login.microsoftonline.com/<tenantId2>/oauth2/authorize?resource=https://management.co
re.windows.net/&client_id=<clientId>&response_type=code&haschrome=1&redirect_uri=urn:ietf:wg:
oauth:2.0:oob&login_hint=myaccount@outlook.com&client-request-id=2cf740b4-0abd-40f2-8a01-8a6afa482a59&x-client-SKU=.NET&x-cl
ient-Ver=2.28.3.860&x-client-CPU=x64&x-client-OS=Microsoft Windows NT 10.0.16299.0&site_id=501358&display=popup'.
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 01/18/2018 10:43:26: 2cf740b4-0abd-40f2-8a01-8a6afa482a59 - TokenCache: Storing token in the cache...
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 01/18/2018 10:43:26: 2cf740b4-0abd-40f2-8a01-8a6afa482a59 - TokenCache: An item was stored in the cache
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 01/18/2018 10:43:26: 2cf740b4-0abd-40f2-8a01-8a6afa482a59 - AcquireTokenHandlerBase: === Token Acquisition
finished successfully. An access token was retuned:
 Access Token Hash: <access token hash>
 Refresh Token Hash: <refresh tolen hash>
 Expiration Time: 01/18/2018 11:43:25 +00:00
 User Hash: <user hash>

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 01/18/2018 10:43:26:  - TokenCache: Serializing token cache with 2 items.
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://management.azure.com/subscriptions?api-version=2016-06-01

Headers:
x-ms-client-request-id        : c2b4e7e7-afd2-4751-9a47-eb0bb148af4f
accept-language               : en-US

Body:


DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Pragma                        : no-cache
x-ms-ratelimit-remaining-tenant-reads: 14997
x-ms-request-id               : 3c4d387d-0095-44b8-91ea-49022dbb0a50
x-ms-correlation-request-id   : 3c4d387d-0095-44b8-91ea-49022dbb0a50
x-ms-routing-request-id       : WESTEUROPE:20180118T104325Z:3c4d387d-0095-44b8-91ea-49022dbb0a50
Strict-Transport-Security     : max-age=31536000; includeSubDomains
Cache-Control                 : no-cache
Date                          : Thu, 18 Jan 2018 10:43:25 GMT

Body:
{
  "value": [
    {
      "id": "/subscriptions/<subscruptionId1>",
      "subscriptionId": "<subscruptionId1>",
      "displayName": "Visual Studio Ultimate with MSDN",
      "state": "Enabled",
      "subscriptionPolicies": {
        "locationPlacementId": "Public_2014-09-01",
        "quotaId": "MSDN_2014-09-01",
        "spendingLimit": "On"
      },
      "authorizationSource": "Legacy"
    }
  ]
}



Account          : myaccount@outlook.com
SubscriptionName : Visual Studio Ultimate with MSDN
SubscriptionId   : <subscruptionId1>
TenantId         : <tenantId2>
Environment      : AzureCloud

DEBUG: AzureQoSEvent: CommandName - Add-AzureRmAccount; IsSuccess - True; Duration - 00:01:23.5227944; Exception - ;
DEBUG: Finish sending metric.
DEBUG: 12:43:28 - AddAzureRMAccountCommand end processing.
DEBUG: 12:43:28 - AddAzureRMAccountCommand end processing.


PS C:\WINDOWS\system32> Get-AzureRmSubscription -Debug
DEBUG: 12:43:36 - GetAzureRMSubscriptionCommand begin processing with ParameterSet 'ListByIdInTenant'.

Confirm
Continue with this operation?
[Y] Yes  [A] Yes to All  [H] Halt Command  [S] Suspend  [?] Help (default is "Y"): a
DEBUG: 12:43:37 - using account id 'myaccount@outlook.com'...
DEBUG: [Common.Authentication]: Authenticating using configuration values: Domain:
'<tenantId2>', Endpoint: 'https://login.microsoftonline.com/', ClientId:
'<clientId>', ClientRedirect: 'urn:ietf:wg:oauth:2.0:oob', ResourceClientUri:
'https://management.core.windows.net/', ValidateAuthrity: 'True'
DEBUG: [Common.Authentication]: Acquiring token using context with Authority
'https://login.microsoftonline.com/<tenantId2>/', CorrelationId:
'00000000-0000-0000-0000-000000000000', ValidateAuthority: 'True'
DEBUG: [Common.Authentication]: Acquiring token using AdalConfiguration with Domain:
'<tenantId2>', AdEndpoint: 'https://login.microsoftonline.com/', ClientId:
'<clientId>', ClientRedirectUri: urn:ietf:wg:oauth:2.0:oob
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 01/18/2018 10:43:37: 236ddd61-9785-4be3-884d-38c5b1d34765 - AcquireTokenHandlerBase: === Token Acquisition
started:
 Authority: https://login.microsoftonline.com/<tenantId2>/
 Resource: https://management.core.windows.net/
 ClientId: <clientId>
 CacheType: Microsoft.Azure.Commands.Common.Authentication.AuthenticationStoreTokenCache (2 items)
 Authentication Target: User

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 01/18/2018 10:43:37: 236ddd61-9785-4be3-884d-38c5b1d34765 - TokenCache: Looking up cache for a token...
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 01/18/2018 10:43:37: 236ddd61-9785-4be3-884d-38c5b1d34765 - TokenCache: An item matching the requested resource
was found in the cache
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 01/18/2018 10:43:37: 236ddd61-9785-4be3-884d-38c5b1d34765 - TokenCache: 59.8047228233333 minutes left until
token in cache expires
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 01/18/2018 10:43:37: 236ddd61-9785-4be3-884d-38c5b1d34765 - TokenCache: A matching item (access token or refresh
 token or both) was found in the cache
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 01/18/2018 10:43:37: 236ddd61-9785-4be3-884d-38c5b1d34765 - AcquireTokenHandlerBase: === Token Acquisition
finished successfully. An access token was retuned:
 Access Token Hash: <access token hash>
 Refresh Token Hash: <refresh tolen hash>
 Expiration Time: 01/18/2018 11:43:25 +00:00
 User Hash: <user hash>

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 01/18/2018 10:43:37:  - TokenCache: Serializing token cache with 2 items.
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://management.azure.com/tenants?api-version=2016-06-01

Headers:
x-ms-client-request-id        : 8ab9eb70-0acc-4070-8c7f-fe2286797d6a
accept-language               : en-US

Body:


DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Pragma                        : no-cache
x-ms-ratelimit-remaining-tenant-reads: 14999
x-ms-request-id               : 870992af-fa56-44c1-8bd9-8ab24d0e13d9
x-ms-correlation-request-id   : 870992af-fa56-44c1-8bd9-8ab24d0e13d9
x-ms-routing-request-id       : WESTEUROPE:20180118T104436Z:870992af-fa56-44c1-8bd9-8ab24d0e13d9
Strict-Transport-Security     : max-age=31536000; includeSubDomains
Cache-Control                 : no-cache
Date                          : Thu, 18 Jan 2018 10:44:36 GMT

Body:
{
  "value": [
    {
      "id": "/tenants/<tenantId2>",
      "tenantId": "<tenantId2>"
    }
  ]
}

DEBUG: [Common.Authentication]: Authenticating using configuration values: Domain:
'<tenantId2>', Endpoint: 'https://login.microsoftonline.com/', ClientId:
'<clientId>', ClientRedirect: 'urn:ietf:wg:oauth:2.0:oob', ResourceClientUri:
'https://management.core.windows.net/', ValidateAuthrity: 'True'
DEBUG: [Common.Authentication]: Acquiring token using context with Authority
'https://login.microsoftonline.com/<tenantId2>/', CorrelationId:
'00000000-0000-0000-0000-000000000000', ValidateAuthority: 'True'
DEBUG: [Common.Authentication]: Acquiring token using AdalConfiguration with Domain:
'<tenantId2>', AdEndpoint: 'https://login.microsoftonline.com/', ClientId:
'<clientId>', ClientRedirectUri: urn:ietf:wg:oauth:2.0:oob
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 01/18/2018 10:44:38: 23dbcf92-d6b0-49b4-8a54-aab65e382822 - AcquireTokenHandlerBase: === Token Acquisition
started:
 Authority: https://login.microsoftonline.com/<tenantId2>/
 Resource: https://management.core.windows.net/
 ClientId: <clientId>
 CacheType: Microsoft.Azure.Commands.Common.Authentication.AuthenticationStoreTokenCache (2 items)
 Authentication Target: User

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 01/18/2018 10:44:38: 23dbcf92-d6b0-49b4-8a54-aab65e382822 - TokenCache: Looking up cache for a token...
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 01/18/2018 10:44:38: 23dbcf92-d6b0-49b4-8a54-aab65e382822 - TokenCache: An item matching the requested resource
was found in the cache
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 01/18/2018 10:44:38: 23dbcf92-d6b0-49b4-8a54-aab65e382822 - TokenCache: 58.7845465 minutes left until token in
cache expires
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 01/18/2018 10:44:38: 23dbcf92-d6b0-49b4-8a54-aab65e382822 - TokenCache: A matching item (access token or refresh
 token or both) was found in the cache
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 01/18/2018 10:44:38: 23dbcf92-d6b0-49b4-8a54-aab65e382822 - AcquireTokenHandlerBase: === Token Acquisition
finished successfully. An access token was retuned:
 Access Token Hash: <access token hash>
 Refresh Token Hash: <refresh tolen hash>
 Expiration Time: 01/18/2018 11:43:25 +00:00
 User Hash: <user hash>

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 01/18/2018 10:44:38:  - TokenCache: Serializing token cache with 2 items.
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://management.azure.com/subscriptions?api-version=2016-06-01

Headers:
x-ms-client-request-id        : a3da01a1-d22b-4ea5-8784-ec286e851af8
accept-language               : en-US

Body:


DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Pragma                        : no-cache
x-ms-ratelimit-remaining-tenant-reads: 14999
x-ms-request-id               : 727ef621-36d5-498b-8302-686c00d12825
x-ms-correlation-request-id   : 727ef621-36d5-498b-8302-686c00d12825
x-ms-routing-request-id       : WESTEUROPE:20180118T104437Z:727ef621-36d5-498b-8302-686c00d12825
Strict-Transport-Security     : max-age=31536000; includeSubDomains
Cache-Control                 : no-cache
Date                          : Thu, 18 Jan 2018 10:44:36 GMT

Body:
{
  "value": [
    {
      "id": "/subscriptions/<subscruptionId1>",
      "subscriptionId": "<subscruptionId1>",
      "displayName": "Visual Studio Ultimate with MSDN",
      "state": "Enabled",
      "subscriptionPolicies": {
        "locationPlacementId": "Public_2014-09-01",
        "quotaId": "MSDN_2014-09-01",
        "spendingLimit": "On"
      },
      "authorizationSource": "Legacy"
    }
  ]
}



Name     : Visual Studio Ultimate with MSDN
Id       : <subscruptionId1>
TenantId : <tenantId2>
State    : Enabled

DEBUG: AzureQoSEvent: CommandName - Get-AzureRmSubscription; IsSuccess - True; Duration - 00:01:02.9470531; Exception -
 ;
DEBUG: Finish sending metric.
DEBUG: 12:44:40 - GetAzureRMSubscriptionCommand end processing.
DEBUG: 12:44:40 - GetAzureRMSubscriptionCommand end processing.


PS C:\WINDOWS\system32> Select-AzureRmSubscription -SubscriptionId <subscriptionId2> -Tenant <aad domain2> -Debug
DEBUG: 12:49:09 - SetAzureRMContextCommand begin processing with ParameterSet 'Subscription'.

Confirm
Continue with this operation?
[Y] Yes  [A] Yes to All  [H] Halt Command  [S] Suspend  [?] Help (default is "Y"): a
DEBUG: 12:49:10 - using account id 'myaccount@outlook.com'...

Confirm
Targeting all subsequent cmdlets in this session at a different subscription
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): a
DEBUG: 12:49:12 - Autosave setting from startup session: 'Process'
DEBUG: 12:49:12 - No autosave setting detected in environment variable 'AzureRmContextAutoSave'.
DEBUG: 12:49:12 - Using Autosave scope 'Process'
DEBUG: [Common.Authentication]: Authenticating using configuration values: Domain: '<aad domain2>',
Endpoint: 'https://login.microsoftonline.com/', ClientId: '<clientId>', ClientRedirect:
'urn:ietf:wg:oauth:2.0:oob', ResourceClientUri: 'https://management.core.windows.net/', ValidateAuthrity: 'True'
DEBUG: [Common.Authentication]: Acquiring token using context with Authority
'https://login.microsoftonline.com/<aad domain2>/', CorrelationId: '00000000-0000-0000-0000-000000000000',
ValidateAuthority: 'True'
DEBUG: [Common.Authentication]: Acquiring token using AdalConfiguration with Domain: '<aad domain2>',
AdEndpoint: 'https://login.microsoftonline.com/', ClientId: '<clientId>', ClientRedirectUri:
urn:ietf:wg:oauth:2.0:oob
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 01/18/2018 10:49:12: c04f97c7-d191-47fe-9765-330da579c479 - AcquireTokenHandlerBase: === Token Acquisition
started:
 Authority: https://login.microsoftonline.com/<aad domain2>/
 Resource: https://management.core.windows.net/
 ClientId: <clientId>
 CacheType: Microsoft.Azure.Commands.Common.Authentication.AuthenticationStoreTokenCache (2 items)
 Authentication Target: User

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 01/18/2018 10:49:12: c04f97c7-d191-47fe-9765-330da579c479 - TokenCache: Looking up cache for a token...
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 01/18/2018 10:49:12: c04f97c7-d191-47fe-9765-330da579c479 - TokenCache: No matching token was found in the cache
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 01/18/2018 10:49:12:  - WindowsFormsWebAuthenticationDialogBase: Navigating to
'https://login.microsoftonline.com/<aad domain2>/oauth2/authorize?resource=https://management.core.windows.
net/&client_id=<clientId>&response_type=code&haschrome=1&redirect_uri=urn:ietf:wg:oauth:2.0:o
ob&login_hint=myaccount@outlook.com&client-request-id=c04f97c7-d191-47fe-9765-330da579c479&prompt=attempt_none&x-client-SKU=
.NET&x-client-Ver=2.28.3.860&x-client-CPU=x64&x-client-OS=Microsoft Windows NT
10.0.16299.0&site_id=501358&display=popup'.
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 01/18/2018 10:49:14: c04f97c7-d191-47fe-9765-330da579c479 - TokenCache: Storing token in the cache...
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 01/18/2018 10:49:14: c04f97c7-d191-47fe-9765-330da579c479 - TokenCache: An item was stored in the cache
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 01/18/2018 10:49:14: c04f97c7-d191-47fe-9765-330da579c479 - AcquireTokenHandlerBase: === Token Acquisition
finished successfully. An access token was retuned:
 Access Token Hash: <access token hash>
 Refresh Token Hash:<refresh token hash>
 Expiration Time: 01/18/2018 11:49:13 +00:00
 User Hash: <user hash>

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 01/18/2018 10:49:14:  - TokenCache: Serializing token cache with 3 items.
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://management.azure.com/subscriptions?api-version=2016-06-01

Headers:
x-ms-client-request-id        : 210ed1ba-77c2-42c7-88ee-d466498aec89
accept-language               : en-US

Body:


DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Pragma                        : no-cache
x-ms-ratelimit-remaining-tenant-reads: 14999
x-ms-request-id               : 87d90f01-576e-4dba-a0ba-b4143decbe74
x-ms-correlation-request-id   : 87d90f01-576e-4dba-a0ba-b4143decbe74
x-ms-routing-request-id       : WESTEUROPE:20180118T104915Z:87d90f01-576e-4dba-a0ba-b4143decbe74
Strict-Transport-Security     : max-age=31536000; includeSubDomains
Cache-Control                 : no-cache
Date                          : Thu, 18 Jan 2018 10:49:15 GMT

Body:
{
  "value": [
    {
      "id": "/subscriptions/<subscriptionId2>",
      "subscriptionId": "<subscriptionId2>",
      "displayName": "<subscriptionName2>",
      "state": "Enabled",
      "subscriptionPolicies": {
        "locationPlacementId": "Internal_2014-09-01",
        "quotaId": "Internal_2014-09-01",
        "spendingLimit": "Off"
      },
      "authorizationSource": "RoleBased"
    }
  ]
}



Name             : [myaccount@outlook.com, <subscriptionId2>]
Account          : myaccount@outlook.com
SubscriptionName : <subscriptionName2>
TenantId         : <tenantId2>
Environment      : AzureCloud

DEBUG: AzureQoSEvent: CommandName - Set-AzureRmContext; IsSuccess - True; Duration - 00:00:07.9032733; Exception - ;
DEBUG: Finish sending metric.
DEBUG: 12:49:18 - SetAzureRMContextCommand end processing.
DEBUG: 12:49:18 - SetAzureRMContextCommand end processing.

@slavizh
Copy link
Author

slavizh commented Jan 24, 2018

Turned out this was caused by ARM and AD Graph API issue.
Quote:
Hi Stanislav,

We have tracked down the issue to delays in api calls between Azure Resource Manager and Azure Active Directory Graph API. We're following up to get the issue addressed. Sorry for the delay here.

Thanks,

madhur

For more info the following people can be contacted from MSFT:
Madhur Joshi, Purav Saraiya, Nadir Ahmed

e-mails are intentionally not posted.

@slavizh slavizh closed this as completed Jan 24, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Azure PS Team Investigate 🔍
Projects
None yet
Milestone
2018-01-26
Development

No branches or pull requests
4 participants
@markcowl @cormacpayne @maddieclayton @slavizh