I’m having trouble setting up our Azure account in Octopus. I’ve tried running through the tutorial here https://octopus.com/docs/infrastructure/azure/creating-an-azure-account/creating-an-azure-service-principal-account to setup the Service Principle (both the Powershell and portal methods) and everything goes well. However, when I put all of the credentials into Octopus and press Save and Test I get an error stating: “Failed: Unable to verify account: authority_not_in_valid_list: ‘authority’ is not in the list of valid addresses Inner Exception: The remote server returned an error: (400) Bad Request.”
I have tried running the Powershell script I found in another support request on the Octopus server and everything appears to work:
$SubscriptionId = ""
$ClientId = ""
$Password = ""
$TenantId = ""
$securePassword = ConvertTo-SecureString $Password -AsPlainText -Force
$creds = New-Object System.Management.Automation.PSCredential ($ClientId, $securePassword)
Login-AzureRmAccount -Credential $creds -TenantId $TenantId -ServicePrincipal
Set-AzureRmContext -SubscriptionId $SubscriptionId -TenantId $TenantId
Octopus Version 2018.5.7
Any help would be greatly appreciated!
Thanks for getting in touch.
We believe you may run into this error if the wrong value is posted for the
Tenant ID field (which is easy to do because they’re all GUIDs).
Could you please double check the value for
TenantId you used in the PowerShell corresponds with your tenant you see in the Azure portal (this should match the GUID found in your
Azure App Directory > Properties > Directory ID) (as shows in [this image from the docs]https://octopus.com/docs/infrastructure/azure/creating-an-azure-account/creating-an-azure-service-principal-account#azure-ad-tenant-id)), and that it corresponds with the version you’re entering for the Octopus account
Tenant ID field?
Let me know how you go.
Thank you for the quick response!
I have double checked all of the GUIDs and they are correct.
Is it possible it’s something to do with the AD Base Uri, which I currently have set as
https://octopus.com/ or the Resource Management Base Uri which I’ve left blank?
Thanks for the additional information.
Yes, it’d be that base Uri causing the problem. You only need to override those values if you’re using an isolated Azure Environment (such as Azure China/Germany etc).
If you’re just using the standard Azure Global Cloud, you can untick the “Configure Isolated Azure Environment connection” checkbox and leave the
Base Uri fields blank and Octopus will automatically find and use the correct values that you need.
If you ARE using an isolated Azure Environment (China/Germany/US Gov), you can use the command shown in the Azure Environment Options section of this documentation to determine what values you need.
But if you’re just using the standard Azure Cloud, we’d recommend leaving all those Base Uri fields blank and you should be good to go.
It’s working now! I think I know what happened. I originally setup the Azure account on an older version of Octopus which is where I entered that url and I updated in the hope that it’d let me connect. I couldn’t actually see there was a value in Base Uri with the new version and “Configure Isolated Azure Environment connection” was unchecked, I had to check it then remove the url, uncheck it and it started working. It seems it still uses the “AD Endpoint Base Uri” even when “Configure Isolated Azure Environment connection” is unchecked.
Thank you very much for your help!
Thanks for clarifying. You’ve just highlighted a bug in the UI for people who had upgraded from older versions We’ll make sure this is fixed so no one else will walk into this trap.
Glad you got it sorted.