azure-powershell
azure-powershell copied to clipboard
Azure
Az.Accounts v3.0.0 Connect-AzAccount login is broken
Description
Trying to login with: $AlyaAzureEnvironment = "AzureCloud" $AlyaTenantId = "YourTenantId" $SubscriptionName = "YourSubscriptionName" Connect-AzAccount -Environment $AlyaAzureEnvironment -Tenant $AlyaTenantId -Subscription $SubscriptionName
I get a window with known windows accounts:
No way to add an M365 account on the fly. No browser window opens as in the past.
Issue script & Debug output
$AlyaAzureEnvironment = "AzureCloud"
$AlyaTenantId = "YourTenantId"
$SubscriptionName = "YourSubscriptionName"
Connect-AzAccount -Environment $AlyaAzureEnvironment -Tenant $AlyaTenantId -Subscription $SubscriptionName
Please select the account you want to login with.
Environment data
Name Value
---- -----
PSVersion 7.4.2
PSEdition Core
GitCommitId 7.4.2
OS Microsoft Windows 10.0.22631
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
Module versions
ModuleType Version PreRelease Name ExportedCommands
---------- ------- ---------- ---- ----------------
Script 3.0.0 Az.Accounts {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext, Clear-AzDefault…}
Error output
HistoryId: 1
Message : Cannot find a variable with the name 'AlyaIsInternetConnected'.
StackTrace :
Exception : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line : $var = Get-Variable -Name "AlyaIsInternetConnected" -Scope "Global" -ErrorAction SilentlyContinue
Position : At C:\Alya\Repos\SSVDO-ADM-CloudConfiguration\01_ConfigureEnv.ps1:509 char:12
+ $var = Get-Variable -Name "AlyaIsInternetConnected" -Scope "Globa …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId : 1
Message : Cannot find a variable with the name 'AlyaPnpConnections'.
StackTrace :
Exception : System.Management.Automation.ItemNotFoundException
InvocationInfo : {Get-Variable}
Line : $AlyaPnpConnectionsDefined = Get-Variable -Name "AlyaPnpConnections" -Scope Global -ErrorAction SilentlyContinue
Position : At C:\Alya\Repos\SSVDO-ADM-CloudConfiguration\01_ConfigureEnv.ps1:2017 char:30
+ … nsDefined = Get-Variable -Name "AlyaPnpConnections" -Scope Global -Er …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId : 1
Already found it by reading local help:
Update-AzConfig -EnableLoginByWam $false
@AlyaKoni
Normally, there is an item call Work or school account after the Microsoft account for you to add the organization account
For M356 account, per my understanding, it should be added into Microsoft account. What does your account end with? @outlook.com?
From the snapshot your provided, I don't find the option Work or school account. If you don't see the option on your machine, it should be an issue.
So then it is an issue, if I should be able to add in the dialog a work or school account. My actual accounts have the following domains:
@AlyaKoni Reported on MSAL.net repo. May need your further assistance to provide some error logs.
@AlyaKoni will let you know if those who are working on the https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4797 request
To sum up @AlyaKoni and @msJinLei - the issue here is that the account picker does not have a "Use a different account" + "Work and School account" option?
Only the option "Use a different account" + "Personal Account" (Microsoft account ... outlook.com, hotmail.com, live.com) option exists?
Correct. Only able to add a "Personal Account". Not able to add a "Work or School Account"
Correct. Only able to add a "Personal Account". Not able to add a "Work or School Account"
@AlyaKoni Could you run
Update-AzConfig -EnableLoginByWam $true
#restart powershell session
Connnect-AzAccount -Debug
and copy the debug log here? (Note to remove the personal information)
Thanks!
PS C:\Users\username> $PSVersionTable
Name Value
---- -----
PSVersion 7.4.2
PSEdition Core
GitCommitId 7.4.2
OS Microsoft Windows 10.0.22631
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
PS C:\Users\username> Get-Module
ModuleType Version PreRelease Name ExportedCommands
---------- ------- ---------- ---- ----------------
Script 3.0.0 Az.Accounts {Add-AzEnvironment, Clear-AzConfig, Clear-AzConte…
Manifest 7.0.0.0 Microsoft.PowerShell.Management {Add-Content, Clear-Content, Clear-Item, Clear-It…
Manifest 7.0.0.0 Microsoft.PowerShell.Utility {Add-Member, Add-Type, Clear-Variable, Compare-Ob…
Script 2.3.5 PSReadLine {Get-PSReadLineKeyHandler, Get-PSReadLineOption, …
PS C:\Users\username> Connect-AzAccount -Debug
DEBUG: Got version 0 of Az
DEBUG: Got version 0 of Az.Accounts
DEBUG: 23:56:38 - [ConfigManager] Got nothing from [DisplaySecretsWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 23:56:38 - ConnectAzureRmAccountCommand begin processing with ParameterSet 'UserWithSubscriptionId'.
DEBUG: 23:56:38 - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 23:56:38 - [ConfigManager] Got nothing from [DefaultSubscriptionForLogin], Module = [], Cmdlet = []. Returning default value [].
Confirm
Are you sure you want to perform this action?
Performing the operation "log in" on target "User account in environment 'AzureCloud'".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):
DEBUG: 23:56:47 - Autosave setting from startup session: 'CurrentUser'
DEBUG: 23:56:47 - No autosave setting detected in environment variable 'AzContextAutoSave'.
DEBUG: 23:56:47 - Using Autosave scope 'CurrentUser'
Please select the account you want to login with.
DEBUG: 23:56:47 - [InteractiveWamAuthenticator] Calling InteractiveBrowserCredential.AuthenticateAsync with TenantId:'', Scopes:'https://management.core.windows.net//.default', AuthorityHost:'https://login.microsoftonline.com/', RedirectUri:'http://localhost:8400/'
DEBUG: InteractiveBrowserCredential.Authenticate invoked. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId:
DEBUG: Executing interactive authentication workflow inline.
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:56:47Z - 300327ba-3c69-4ec6-8a57-2dc2b648e5cb] MSAL MSAL.CoreCLR with assembly version '4.60.3.0'. CorrelationId(300327ba-3c69-4ec6-8a57-2dc2b648e5cb)
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:56:47Z - 300327ba-3c69-4ec6-8a57-2dc2b648e5cb] === InteractiveParameters Data ===
LoginHint provided: False
User provided: False
UseEmbeddedWebView: NotSpecified
ExtraScopesToConsent:
Prompt: select_account
HasCustomWebUi: False
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:56:47Z - 300327ba-3c69-4ec6-8a57-2dc2b648e5cb]
=== Request Data ===
Authority Provided? - True
Scopes - https://management.core.windows.net//.default
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenInteractive
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - True
HomeAccountId - False
CorrelationId - 300327ba-3c69-4ec6-8a57-2dc2b648e5cb
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:56:47Z - 300327ba-3c69-4ec6-8a57-2dc2b648e5cb] === Token Acquisition (InteractiveRequest) started:
Scopes: https://management.core.windows.net//.default
Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:56:47Z - 300327ba-3c69-4ec6-8a57-2dc2b648e5cb] [Instance Discovery] Instance discovery is enabled and will be performed
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:56:47Z - 300327ba-3c69-4ec6-8a57-2dc2b648e5cb] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:56:47Z - 300327ba-3c69-4ec6-8a57-2dc2b648e5cb] Fetching instance discovery from the network from host login.microsoftonline.com.
DEBUG: Request [59fa9eec-6c1e-4b6d-bd9d-b3d60031c9dd] GET https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=REDACTED
x-client-SKU:REDACTED
x-client-Ver:REDACTED
x-client-OS:REDACTED
client-request-id:REDACTED
return-client-request-id:REDACTED
x-app-name:REDACTED
x-app-ver:REDACTED
x-ms-client-request-id:59fa9eec-6c1e-4b6d-bd9d-b3d60031c9dd
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity.Broker/1.1.0 (.NET 8.0.4; Microsoft Windows 10.0.22631)
client assembly: Azure.Identity.Broker
DEBUG: Response [59fa9eec-6c1e-4b6d-bd9d-b3d60031c9dd] 200 OK (00.2s)
Cache-Control:max-age=86400, private
Strict-Transport-Security:REDACTED
X-Content-Type-Options:REDACTED
Access-Control-Allow-Origin:REDACTED
Access-Control-Allow-Methods:REDACTED
P3P:REDACTED
client-request-id:REDACTED
x-ms-request-id:f55a80bf-d60d-40b2-b58e-20b4b3592600
x-ms-ests-server:REDACTED
x-ms-srs:REDACTED
X-XSS-Protection:REDACTED
Set-Cookie:REDACTED
Date:Thu, 13 Jun 2024 21:56:48 GMT
Content-Type:application/json; charset=utf-8
Content-Length:957
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:56:48Z - 300327ba-3c69-4ec6-8a57-2dc2b648e5cb] Authority validation enabled? True.
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:56:48Z - 300327ba-3c69-4ec6-8a57-2dc2b648e5cb] Authority validation - is known env? True.
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:56:48Z - 300327ba-3c69-4ec6-8a57-2dc2b648e5cb] Broker is configured. Starting broker flow without knowing the broker installation app link.
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:56:48Z] [Runtime] WAM supported OS.
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:56:48Z - 300327ba-3c69-4ec6-8a57-2dc2b648e5cb] Can invoke broker. Will attempt to acquire token with broker.
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:56:48Z] [RuntimeBroker] Calling SignInInteractivelyAsync this will show the account picker.
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:56:48Z] [MSAL:0001] WARNING SetAuthorityString:98 Initializing authority from string 'https://login.microsoftonline.com/organizations/' without authority type, defaulting to MsSts
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:56:48Z] [MSAL:0002] INFO SetCorrelationId:273 Set correlation ID: 300327ba-3c69-4ec6-8a57-2dc2b648e5cb
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:56:48Z] [MSAL:0002] INFO ExecuteInteractiveRequest:1103 The original authority is 'https://login.microsoftonline.com/organizations'
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:56:48Z] [MSAL:0002] WARNING TryNormalizeRealm:2421 No HomeAccountId provided to normalize the realm
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:56:48Z] [MSAL:0002] INFO ExecuteInteractiveRequest:1114 The normalized realm is ''
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:56:48Z] [MSAL:0002] INFO ModifyAndValidateAuthParameters:191 Additional query parameter added successfully. Key: '(pii)' Value: '(pii)'
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:56:48Z] [MSAL:0002] INFO ModifyAndValidateAuthParameters:215 Authority Realm: organizations
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:56:48Z] [MSAL:0003] WARNING ReturnResponseDueToMissingParameter:693 Attempted to read cache with a non-normalized realm, access token and ID token reads will fail
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:56:48Z] [MSAL:0003] WARNING ReadAccountById:227 Account id is empty - account not found
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO ErrorInternalImpl:116 Created an error: 55xnk, StatusInternal::UserCanceled, InternalEvent::None, Context 'User cancelled the Accounts Control Operation.'
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:393 Printing Telemetry for Correlation ID: 300327ba-3c69-4ec6-8a57-2dc2b648e5cb
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:401 Key: start_time, Value: 2024-06-13T21:56:48.000Z
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:401 Key: api_name, Value: SignInInteractively
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:401 Key: was_request_throttled, Value: false
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:401 Key: authority_type, Value: Unknown
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:401 Key: msal_version, Value: 1.1.0+local
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:401 Key: api_status_code, Value: StatusInternal::UserCanceled
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:401 Key: client_id, Value: 1950a258-227b-4e31-a9cf-717495945fc2
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:401 Key: correlation_id, Value: 300327ba-3c69-4ec6-8a57-2dc2b648e5cb
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:401 Key: broker_app_used, Value: true
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:401 Key: stop_time, Value: 2024-06-13T21:57:02.000Z
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:401 Key: all_error_tags, Value: 55xnk
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:401 Key: msalruntime_version, Value: 0.16.0
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:401 Key: original_authority, Value: https://login.microsoftonline.com/organizations
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:401 Key: additional_query_parameters_count, Value: 1
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:401 Key: read_token_last_error, Value: missing required parameter
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:401 Key: request_eligible_for_broker, Value: true
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:401 Key: auth_flow, Value: Broker
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:401 Key: ui_event_count, Value: 1
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:401 Key: authorization_type, Value: Interactive
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:401 Key: api_error_code, Value: 0
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:401 Key: api_error_tag, Value: 55xnk
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:401 Key: api_error_context, Value: User cancelled the Accounts Control Operation.
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:401 Key: is_successful, Value: false
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:401 Key: request_duration, Value: 14648
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:406 Printing Execution Flow:
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [MSAL:0004] INFO LogTelemetryData:414 {"t":"646u1","tid":2,"ts":0,"l":2},{"t":"4s7ub","tid":2,"ts":1,"l":2},{"t":"4sufd","tid":2,"ts":1,"s":2,"l":2},{"t":"4swgg","tid":2,"ts":1,"s":1,"l":2},{"t":"4swgf","tid":2,"ts":1,"s":1,"l":2},{"t":"4swgi","tid":3,"ts":3,"s":1,"l":2},{"t":"8dqim","tid":3,"ts":3,"l":2},{"t":"8dqkl","tid":3,"ts":3,"l":2,"a":9,"ie":0},{"t":"54uxe","tid":2,"ts":3,"l":2},{"t":"8dqkn","tid":4,"ts":14646,"l":2,"a":5,"ie":1},{"t":"8dqko","tid":4,"ts":14646,"l":2,"a":9,"ie":1},{"t":"646u1","tid":4,"ts":14646,"l":2}
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [RuntimeBroker] Could not sign in interactively. Status: UserCanceled
Context: User cancelled the Accounts Control Operation.
Tag: 0x1f7d734a
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [RuntimeBroker] Processing WAM exception
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z] [RuntimeBroker] authentication_canceled User canceled authentication.
DEBUG: False MSAL 4.60.3.0 MSAL.CoreCLR .NET 8.0.4 Microsoft Windows 10.0.22631 [2024-06-13 21:57:02Z - 300327ba-3c69-4ec6-8a57-2dc2b648e5cb] Exception type: Microsoft.Identity.Client.MsalClientException
, ErrorCode: authentication_canceled
To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging
at Microsoft.Identity.Client.Platforms.Features.RuntimeBroker.WamAdapters.HandleResponse(AuthResult authResult, AuthenticationRequestParameters authenticationRequestParameters, ILoggerAdapter logger, String errorMessage)
at Microsoft.Identity.Client.Platforms.Features.RuntimeBroker.RuntimeBroker.SignInInteractivelyAsync(AuthenticationRequestParameters authenticationRequestParameters)
at Microsoft.Identity.Client.Platforms.Features.RuntimeBroker.RuntimeBroker.AcquireTokenInteractiveAsync(AuthenticationRequestParameters authenticationRequestParameters, AcquireTokenInteractiveParameters acquireTokenInteractiveParameters)
at Microsoft.Identity.Client.Internal.Broker.BrokerInteractiveRequestComponent.FetchTokensAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.FetchTokensFromBrokerAsync(String brokerInstallUrl, CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.GetTokenResponseAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.ExecuteAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
DEBUG: InteractiveBrowserCredential.Authenticate was unable to retrieve an access token. Scopes: [ https://management.core.windows.net//.default ] ParentRequestId: Exception: Azure.Identity.AuthenticationFailedException (0x80131500): InteractiveBrowserCredential authentication failed: User canceled authentication.
---> Microsoft.Identity.Client.MsalClientException (0x80131500): User canceled authentication.
WARNING: Unable to acquire token for tenant 'organizations' with error 'InteractiveBrowserCredential authentication failed: User canceled authentication. '
Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"):
DEBUG: 23:57:08 - Unable to acquire token for tenant 'organizations' with error 'Azure.Identity.AuthenticationFailedException: InteractiveBrowserCredential authentication failed: User canceled authentication.
---> MSAL.CoreCLR.4.60.3.0.MsalClientException:
ErrorCode: authentication_canceled
Microsoft.Identity.Client.MsalClientException: User canceled authentication.
at Microsoft.Identity.Client.Platforms.Features.RuntimeBroker.WamAdapters.HandleResponse(AuthResult authResult, AuthenticationRequestParameters authenticationRequestParameters, ILoggerAdapter logger, String errorMessage)
at Microsoft.Identity.Client.Platforms.Features.RuntimeBroker.RuntimeBroker.SignInInteractivelyAsync(AuthenticationRequestParameters authenticationRequestParameters)
at Microsoft.Identity.Client.Platforms.Features.RuntimeBroker.RuntimeBroker.AcquireTokenInteractiveAsync(AuthenticationRequestParameters authenticationRequestParameters, AcquireTokenInteractiveParameters acquireTokenInteractiveParameters)
at Microsoft.Identity.Client.Internal.Broker.BrokerInteractiveRequestComponent.FetchTokensAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.FetchTokensFromBrokerAsync(String brokerInstallUrl, CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.GetTokenResponseAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.ExecuteAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.ApiConfig.Executors.PublicClientExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenInteractiveParameters interactiveParameters, CancellationToken cancellationToken)
at Azure.Identity.AbstractAcquireTokenParameterBuilderExtensions.ExecuteAsync[T](AbstractAcquireTokenParameterBuilder`1 builder, Boolean async, CancellationToken cancellationToken)
at Azure.Identity.MsalPublicClient.AcquireTokenInteractiveCoreAsync(String[] scopes, String claims, Prompt prompt, String loginHint, String tenantId, Boolean enableCae, BrowserCustomizationOptions browserOptions, Boolean async, CancellationToken cancellationToken)
at Azure.Identity.MsalPublicClient.AcquireTokenInteractiveAsync(String[] scopes, String claims, Prompt prompt, String loginHint, String tenantId, Boolean enableCae, BrowserCustomizationOptions browserOptions, Boolean async, CancellationToken cancellationToken)
at Azure.Identity.InteractiveBrowserCredential.GetTokenViaBrowserLoginAsync(TokenRequestContext context, Boolean async, CancellationToken cancellationToken)
at Azure.Identity.InteractiveBrowserCredential.AuthenticateImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex, String additionalMessage, Boolean isCredentialUnavailable)
at Azure.Identity.InteractiveBrowserCredential.AuthenticateImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
at Azure.Identity.InteractiveBrowserCredential.AuthenticateAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
at Microsoft.Azure.PowerShell.Authenticators.MsalAccessToken.GetAccessTokenAsync(Task`1 authTask, TokenCredential tokenCredential, TokenRequestContext requestContext, CancellationToken cancellationToken)
at Microsoft.Azure.Commands.Common.Authentication.Factories.AuthenticationFactory.Authenticate(IAzureAccount account, IAzureEnvironment environment, String tenant, SecureString password, String promptBehavior, Action`1 promptAction, IAzureTokenCache tokenCache, String resourceId)
at Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient.AcquireAccessToken(IAzureAccount account, IAzureEnvironment environment, String tenantId, SecureString password, String promptBehavior, Action`1 promptAction, String resourceId)
at Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient.ListAccountTenants(IAzureAccount account, IAzureEnvironment environment, SecureString password, String promptBehavior, Action`1 promptAction)'
WARNING: Please run 'Connect-AzAccount -DeviceCode' if browser is not supported in this session.
Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"):
DEBUG: Azure.Identity.AuthenticationFailedException: InteractiveBrowserCredential authentication failed: User canceled authentication.
---> MSAL.CoreCLR.4.60.3.0.MsalClientException:
ErrorCode: authentication_canceled
Microsoft.Identity.Client.MsalClientException: User canceled authentication.
at Microsoft.Identity.Client.Platforms.Features.RuntimeBroker.WamAdapters.HandleResponse(AuthResult authResult, AuthenticationRequestParameters authenticationRequestParameters, ILoggerAdapter logger, String errorMessage)
at Microsoft.Identity.Client.Platforms.Features.RuntimeBroker.RuntimeBroker.SignInInteractivelyAsync(AuthenticationRequestParameters authenticationRequestParameters)
at Microsoft.Identity.Client.Platforms.Features.RuntimeBroker.RuntimeBroker.AcquireTokenInteractiveAsync(AuthenticationRequestParameters authenticationRequestParameters, AcquireTokenInteractiveParameters acquireTokenInteractiveParameters)
at Microsoft.Identity.Client.Internal.Broker.BrokerInteractiveRequestComponent.FetchTokensAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.FetchTokensFromBrokerAsync(String brokerInstallUrl, CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.GetTokenResponseAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.ExecuteAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.ApiConfig.Executors.PublicClientExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenInteractiveParameters interactiveParameters, CancellationToken cancellationToken)
at Azure.Identity.AbstractAcquireTokenParameterBuilderExtensions.ExecuteAsync[T](AbstractAcquireTokenParameterBuilder`1 builder, Boolean async, CancellationToken cancellationToken)
at Azure.Identity.MsalPublicClient.AcquireTokenInteractiveCoreAsync(String[] scopes, String claims, Prompt prompt, String loginHint, String tenantId, Boolean enableCae, BrowserCustomizationOptions browserOptions, Boolean async, CancellationToken cancellationToken)
at Azure.Identity.MsalPublicClient.AcquireTokenInteractiveAsync(String[] scopes, String claims, Prompt prompt, String loginHint, String tenantId, Boolean enableCae, BrowserCustomizationOptions browserOptions, Boolean async, CancellationToken cancellationToken)
at Azure.Identity.InteractiveBrowserCredential.GetTokenViaBrowserLoginAsync(TokenRequestContext context, Boolean async, CancellationToken cancellationToken)
at Azure.Identity.InteractiveBrowserCredential.AuthenticateImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex, String additionalMessage, Boolean isCredentialUnavailable)
at Azure.Identity.InteractiveBrowserCredential.AuthenticateImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
at Azure.Identity.InteractiveBrowserCredential.AuthenticateAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
at Microsoft.Azure.PowerShell.Authenticators.MsalAccessToken.GetAccessTokenAsync(Task`1 authTask, TokenCredential tokenCredential, TokenRequestContext requestContext, CancellationToken cancellationToken)
at Microsoft.Azure.Commands.Common.Authentication.Factories.AuthenticationFactory.Authenticate(IAzureAccount account, IAzureEnvironment environment, String tenant, SecureString password, String promptBehavior, Action`1 promptAction, IAzureTokenCache tokenCache, String resourceId)
at Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient.AcquireAccessToken(IAzureAccount account, IAzureEnvironment environment, String tenantId, SecureString password, String promptBehavior, Action`1 promptAction, String resourceId)
at Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient.ListAccountTenants(IAzureAccount account, IAzureEnvironment environment, SecureString password, String promptBehavior, Action`1 promptAction)
at Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient.Login(IAzureAccount account, IAzureEnvironment environment, String tenantIdOrName, String subscriptionId, String subscriptionName, SecureString password, Boolean skipValidation, IOpenIDConfiguration openIDConfigDoc, Action`1 promptAction, String name, Boolean shouldPopulateContextList, Int32 maxContextPopulation, String authScope, Boolean isInteractiveAuthenticationFlow, Boolean IsInteractiveContextSelectionEnabled)
at Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand.<>c__DisplayClass134_2.<ExecuteCmdlet>b__7()
at System.Threading.Tasks.Task`1.InnerInvoke()
at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object state)
--- End of stack trace from previous location ---
at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread threadPoolThread)
--- End of stack trace from previous location ---
at Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand.<>c__DisplayClass134_1.<ExecuteCmdlet>b__1(AzureRmProfile localProfile, RMProfileClient profileClient, String name)
DEBUG: 23:57:10 - [ConfigManager] Got nothing from [EnableErrorRecordsPersistence], Module = [], Cmdlet = []. Returning default value [False].
Connect-AzAccount: InteractiveBrowserCredential authentication failed: User canceled authentication.
DEBUG: 23:57:10 - [ConfigManager] Got nothing from [DisplayBreakingChangeWarning], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 23:57:10 - [ConfigManager] Got nothing from [DisplayRegionIdentified], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 23:57:10 - [ConfigManager] Got nothing from [CheckForUpgrade], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: AzureQoSEvent: Module: Az.Accounts:3.0.0; CommandName: Connect-AzAccount; PSVersion: 7.4.2; IsSuccess: False; Duration: 00:00:31.8227958; SanitizeDuration: 00:00:00; Exception: InteractiveBrowserCredential authentication failed: User canceled authentication. ;
DEBUG: 23:57:10 - [ConfigManager] Got nothing from [EnableDataCollection], Module = [], Cmdlet = []. Returning default value [True].
DEBUG: 23:57:10 - ConnectAzureRmAccountCommand end processing.
PS C:\Users\username>
@AlyaKoni - Are you running the PS as administrator? The logs point to an issue that we fixed recently when running as admin. Not sure if it fully explains why there are no Work or School accounts. It might but I am not really sure. So you can first try the fix that was done recently for admin mode issue.
Meanwhile can you try running without admin elevation and see if you still see the issue? If it still happens, please share the logs just like you did above.
@msJinLei - Please keep this issue updated with the release date for the admin mode fix from PowerShell
No. Not as administrator. As normal user without admin rights on the local client.
@AlyaKoni We include the fix for WAM running in elevated mode. Could you update Az.Accounts to the latest version (3.0.2) to see whether your issue is fixed or not?
get-module Az.Accounts ModuleType Version PreRelease Name ExportedCommands
Script 3.0.2 Az.Accounts {Add-AzEnvironment, Clear-AzConfig, Clear-AzConte…
Still the same issue.
@AlyaKoni - can you please confirm whether you can scroll in the account picker, and that the item is not hidden behind a scrollable area? Thanks
