Run an Azure Script is failing: CloseError: ClientSecretCredential authentication failed
This project deployed successfully earlier today, and then I updated to V2023.2 (Build 13175). Now deployments are failing with the ClientSecretCredential auth error.
The underlying azure account was refreshed June 19th, so it didn’t just expire.
If you head to Infrastructure > Accounts and test the relevant Azure account, is that successful?
Assuming that works, could be worth creating a test project and just running a basic Azure script step to see if that runs successfully.
May help narrow down if it is a problem with the account auth as a whole or a specific resource within the account.
But attempt 1 of 5 failed- perhaps there was code that first tries Connect-AzAccount, then falls back to Az Login on attempt 2, but that fallback was removed?
I believe the previous version I had installed was Octopus.2023.1.9749 based on downloads in my temporary files. What version can I safely roll back from Octopus.2023.2.13175 without database issues?
Further testing shows it’s a problem with “Run on the Octopus Server on behalf of each deployment target” when the deployment target is an Azure App Service.
When I select “Run on the Octopus Server” with a powershell script, this successfully connects:
Added the SecurityProtocol line to the top of the powershell script, and it still fails.
TLS 1.2 is the only active security protocol on the Octopus server.
This appears to be a problem with “Run on the Octopus Server on behalf of each deployment target”, as I can change to “Run on the Octopus Server” and Az Login completes successfully.
The engineers suggested that as the Connect-AzAccount is the command that is failing and that it looks to fail at least once on the previously successful job, it would be worth testing that out directly on the machine.
Can you test running that command on the Octopus Server (but outside of Octopus) with the same Azure credentials? It may generate a clearer error when running it in this way.
Running Connect-AzAccount with -debug showed the classic TLS error “System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm”
I did not have the .NETFramework\v4.0.30319 registry entries listed in the article. After adding the entries and rebooting, Connect-AzAccount completes successfully.