Add-AzureAccount -ServicePrincipal -Tenant $id -Credential $creds

kevin's Avatar

kevin

04 Dec, 2015 12:06 AM

I am having issues on build environment when my script tries to logon to azure.

1st how does one suppress the warning?

WARNING: Microsoft Azure PowerShell collects data about how users use PowerShell cmdlets and some problems they encounter.  Microsoft uses this information to improve our PowerShell cmdlets.  Participation is voluntary and when you choose to participate your device automatically sends information to Microsoft about how you use Azure PowerShell.
If you choose to participate, you can stop at any time by using Azure PowerShell as follows:
1. Use the Disable-AzureDataCollection cmdlet to turn the feature Off. The cmdlet can be found in the AzureResourceManager module. To disable data collection: PS > Disable-AzureDataCollection
If you choose to not participate, you can enable at any time by using Azure PowerShell as follows:
1. Use the Enable-AzureDataCollection cmdlet to turn the feature On. The cmdlet can be found in the AzureResourceManager module. To enable data collection: PS > Enable-AzureDataCollection 
Select Y to enable data collection [Y/N]: 
WARNING: You choose to participate in Microsoft Azure PowerShell data collection.
WARNING: The setting profile has been saved to the following path 'C:\Users\appveyor\AppData\Roaming\Windows Azure Powershell\AzureDataCollectionProfile.json'.
2nd issue Add-AzureAccount -ServicePrincipal -Tenant $tid -Credential $creds errors with: Add-AzureAccount : The given key was not present in the dictionary.

I RDP'd into the build server and ran the commands manually. Same errors. With debug "on" I get the following nugget of detail: The PUID of the account is not valid.

Strange, that my services account is not valid from the build server, but works perfectly from a number of my VMs.
I also tried the the following:

Get-AzureAccount | Remove-AzureAccount -force
Clear-AzureProfile -force
no joy

How are others adding azure-accounts?

I am using the service account and then Invoke-AzureResourceAction to swap webapp slots.

Any insight into this would be appreciated.
Thanks

  1. Support Staff 1 Posted by Feodor Fitsner on 04 Dec, 2015 12:31 AM

    Feodor Fitsner's Avatar

    I've never used Azure accounts in CI environment (though I use this authentication locally, but it invokes a dialog box with login), but all Azure automation scripts I ever seen were using importing certificate.

    Btw, if it creates AzureDataCollectionProfile.json file after you answer "yes" why wouldn't you just fake that file during the build?

  2. Support Staff 2 Posted by Feodor Fitsner on 04 Dec, 2015 12:40 AM

    Feodor Fitsner's Avatar
  3. 3 Posted by kevin on 04 Dec, 2015 01:20 AM

    kevin's Avatar

    Thanks. I'll have a look later tonight or tomorrow.

    Sent from Outlook<http://aka.ms/Ox5hz3>

  4. 4 Posted by kevin on 06 Dec, 2015 10:16 PM

    kevin's Avatar

    I had a look at the links, unfortunately nothing new here to help with this problem.

    I spent a bit of time working from the appveyor build server (rdp)

    What is working:

    What is Not working:

    • account that are on your Azzure Account Default Subscription's AD usually ending in {AzureAccountUserName}.onmicrosoft.com
    • application (service principle) accounts

    resources:
    https://azure.microsoft.com/en-us/documentation/articles/web-sites-...
    http://blog.davidebbo.com/2014/12/azure-service-principal.html
    https://azure.microsoft.com/en-us/documentation/articles/resource-g...

    I was thinking of putting in a support ticket in with Azure. Wondering what they have to say about an Azure VMs access to Subscription AD's.

    I may use publishsettings file. not thrilled with it, but it will have to do for now.

    Thanks.

  5. Support Staff 5 Posted by Feodor Fitsner on 07 Dec, 2015 07:09 PM

    Feodor Fitsner's Avatar

    We currently don't run builds on Azure - it's either Hyper-V (Pro environment) or Google Compute Engine (OSS). I agree it might be better submitting an issue with Azure.

  6. 6 Posted by kevin on 08 Dec, 2015 07:58 PM

    kevin's Avatar

    Is there a proxy in between the build VM and the internet?
    Any outgoing port restrictions, whitelist?

  7. Support Staff 7 Posted by Feodor Fitsner on 08 Dec, 2015 08:00 PM

    Feodor Fitsner's Avatar

    Nope.

  8. 8 Posted by kevin on 09 Dec, 2015 10:58 PM

    kevin's Avatar

    Ok found the problem, it was a breaking change from Azure PowerShell 0.9.7 to 1.0.x.
    new cmdlet for resource management:
    Add-AzureRmAccount Invoke-AzureRmResourceAction

    The new method to connect with service principle.

    $uid = <servicePrinciple GUID>;
    $pwd = <servicePrinciple Key>;
    $tenantId = <tenant GUID>
    $secPwd = ConvertTo-SecureString $pwd -AsPlainText -Force;
    $credentials = New-Object System.Management.Automation.PSCredential ($uid, $secPwd);


    Add-AzureRmAccount -ServicePrincipal -Tenant $tenantId -Credential $credentials;


    $ParametersObject = @{ targetSlot = "Production" };


    Invoke-AzureRmResourceAction -ResourceGroupName <resourceGroupName> -ResourceType 'Microsoft.Web/sites/slots' -ResourceName "<websiteName>/<slotName>" -Action slotsswap -Parameters $ParametersObject -ApiVersion 2015-07-01 -Force
  9. Support Staff 9 Posted by Feodor Fitsner on 09 Dec, 2015 11:31 PM

    Feodor Fitsner's Avatar

    Nice, thanks for sharing the final solution!
    Looking at the script I've got a feeling that it's getting more and more
    challenging to manage Azure resources.

    -Feodor

  10. kevin closed this discussion on 10 Dec, 2015 09:39 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

16 Jul, 2019 05:17 PM
16 Jul, 2019 10:17 AM
16 Jul, 2019 07:46 AM
16 Jul, 2019 04:51 AM
15 Jul, 2019 06:33 PM

 

15 Jul, 2019 06:09 PM
15 Jul, 2019 05:53 PM
15 Jul, 2019 05:46 PM
15 Jul, 2019 05:21 PM
15 Jul, 2019 04:29 PM
15 Jul, 2019 03:12 PM