All geek questions in one place

Set-AzureRmContext error while running in Run program

Update:

It seems that someone had the same problem and reported it.

I am facing the problem of a simple PowerShell script when calling it from Runbook Automation Runbook. The same piece of code works flawlessly when used locally .

I added the Service Principle to Azure Active Directory (hosted on the Azure German Cloud) with password credentials and provided it with a subscription access contributor (also hosted on the Azure German Cloud).

Azure Automation is hosted in Northern Europe because it is currently not available on Azure German Cloud.

All I'm trying to do is log in to my subscription with the aforementioned director using the Add-AzureRmAccount . After that, I try to set the current context using Set-AzureRmContext and get the following error message:

 Set-AzureRmContext : Please provide a valid tenant or a valid subscription. At line:26 char:1 + Set-AzureRmContext -TenantId $TenantId -Su ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : CloseError: (:) [Set-AzureRmContext], ArgumentException + FullyQualifiedErrorId : Microsoft.Azure.Commands.Profile.SetAzureRMContextCommand

Here is the script I'm trying to run (left an empty configuration):

 $TenantId = "" $ApplicationId = "" $ClientSecret = "" $SubscriptionId = "" $secpasswd = ConvertTo-SecureString $ClientSecret -AsPlainText -Force $mycreds = New-Object System.Management.Automation.PSCredential ($ApplicationId , $secpasswd) Add-AzureRmAccount -ServicePrincipal -Environment 'AzureGermanCloud' -Credential $mycreds -TenantId $TenantId Set-AzureRmContext -TenantId $TenantId -SubscriptionId $SubscriptionId

I also tried using Login-AzureRmAccount without success. I can also use the Get-AzureRmResourceGroup to retrieve resource groups, so the login seems to work.

All Azure Modules have been updated to the latest version.

translator:

My main goal is to run the SQL export job using New-AzureRmSqlDatabaseExport from the workbook, but it seems that the above error causes the cmdlet to fail with the message:

 New-AzureRmSqlDatabaseExport : Your Azure credentials have not been set up or have expired, please run Login-AzureRMAccount to set up your Azure credentials. At line:77 char:18 + ... rtRequest = New-AzureRmSqlDatabaseExport -ResourceGroupName $Resource
+5
source share
4 answers

This seems to be a known issue and I could not find a solution for this. But there are two ways:

It is important to specify the -Environment parameter. Otherwise, I received the following exception:

Login-AzureRmAccount: AADSTS90038: Confidential client is not supported in the Cross Cloud request.

Here is the code I use to log in to AzureGermanCloud (MCD) from the Azure Runbook hosted in NorthEurope:

 $connectionAssetName = "AzureRunAsConnection" $conn = Get-AutomationConnection -Name $ConnectionAssetName Login-AzureRmAccount ` -ServicePrincipal ` -CertificateThumbprint $conn.CertificateThumbprint ` -ApplicationId $conn.ApplicationId ` -TenantId $conn.TenantID ` -Environment AzureGermanCloud
+1
source

I had the same problem a few weeks ago, and all that worked was to log in to your Azure account first (which I think you already did) using:

 Login-AzureRmAccount

Then get the subscription ID from Azure and use the subscription to select using the identifier instead of the name, as follows:

 Select-AzureRmSubscription -SubscriptionId {insert-subscription-id}
+2
source

When you log in to your Azure account, you can use the specified subscription ID. You can try to execute the script.

 $subscriptionId="" $tenantid="" $clientid="" $password="" $userPassword = ConvertTo-SecureString -String $password -AsPlainText -Force $userCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $clientid, $userPassword Add-AzureRmAccount -TenantId $tenantid -ServicePrincipal -SubscriptionId $subscriptionId -Credential $userCredential -Environment 'AzureGermanCloud'
+1
source

Below is the code that worked for me (normal DC areas). If this does not work, go to Automation AccountModulesUpdate Azure Modules .

 $ClientSecret = "" $ApplicationId = "" $SubscriptionId = "" #New PSCredential Object $secpasswd = ConvertTo-SecureString $ClientSecret -AsPlainText -Force $mycreds = New-Object System.Management.Automation.PSCredential ($ApplicationId , $secpasswd) #Login to subscription Login-AzureRmAccount -Credential $mycreds -SubscriptionId $SubscriptionId #Export Database New-AzureRmSqlDatabaseExport -ResourceGroupName "<RG>" -ServerName "<SQLSERVERNAME>" -DatabaseName "<DATABASENAME>" -StorageKeyType "StorageAccessKey" -StorageKey "<STRKEY>" -StorageUri "<URITOFILE>" -AdministratorLogin "<DBLOGIN>" -AdministratorLoginPassword "<DBPASS>"

Refresh

Perhaps starting with an "Run as" account might be a workaround. Create it by going to the Azure Automation Account tab → Account SettingsRun as Accounts . Here is a sample code.

 # Authenticate to Azure with service principal and certificate, and set subscription $connectionAssetName = "AzureRunAsConnection" $conn = Get-AutomationConnection -Name $ConnectionAssetName Add-AzureRmAccount -ServicePrincipal -Tenant $conn.TenantID -ApplicationId $conn.ApplicationId -CertificateThumbprint $conn.CertificateThumbprint -ErrorAction Stop | Write-Verbose Set-AzureRmContext -SubscriptionId $conn.SubscriptionId -ErrorAction Stop | Write-Verbose
+1
source

Source: https://habr.com/ru/post/1272132/

More articles:


All Articles