Test Azure Deployment fails at service principal login stage

matthew_short · 19 May 2016 15:42

Can’t get this past this and have managed to login manually with the same command too.

Set the Account up, that is unable to login at all when hitting the Test button.
Create a super basic deployment to get a better view of the log files and run that, it fails at the login stage.

16:21:31   Verbose  |     Authenticating with Service Principal
16:21:35   Error    |     Login-AzureRmAccount : Service returned error. Check InnerException for more
16:21:35   Error    |     details
16:21:35   Error    |     At C:\ANCHOR\OctopusServer\Work\20160519152118-4\Octopus.AzureContext.ps1:70
16:21:35   Error    |     char:2
16:21:35   Error    |     +     Login-AzureRmAccount -Credential $creds -TenantId
16:21:35   Error    |     $OctopusAzureADTenantId -Serv ...
16:21:35   Error    |     +    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
16:21:35   Error    |     ~~~~~~
16:21:35   Error    |     + CategoryInfo          : NotSpecified: (:) [Add-AzureRmAccount], AdalServ
16:21:35   Error    |     iceException
16:21:35   Error    |     + FullyQualifiedErrorId : Microsoft.IdentityModel.Clients.ActiveDirectory.
16:21:35   Error    |     AdalServiceException,Microsoft.Azure.Commands.Profile.AddAzureRMAccountCom
16:21:35   Error    |     mand

has anyone seen this and got past it? running v3.3.12
I can definitely login with the same details, manually from a powershell prompt.

Damian_Brady · 20 May 2016 05:19

Hi Matthew,

Thanks for getting in touch!

This looks very much like the credentials you’ve provided to Octopus aren’t correct - maybe a typo?

Can you run the following in a Powershell prompt, copying the appropriate values in from your Octopus connection? This is essentially exactly what we do. It would also help if you ran this from the same machine as Octopus, and using the same account the Octopus Server uses

$SubscriptionId = "<Your subscription id>"
$ClientId = "<Your client Id>"
$Password = "<your password>"
$TenantId = "<Your tenant id>"
$securePassword = ConvertTo-SecureString $Password -AsPlainText -Force
$creds = New-Object System.Management.Automation.PSCredential ($ClientId, $securePassword)
Login-AzureRmAccount -Credential $creds -TenantId $TenantId -ServicePrincipal
Set-AzureRmContext -SubscriptionId $SubscriptionId -TenantId $TenantId

If the Service account just isn’t working, have a look at the script in our documentation. We’ve found it’s the most reliable way to create a Service account.

Let me know if that doesn’t work for you.

Hope that helps!

Damo

matthew_short · 20 May 2016 21:08

I’ll try your script, but its very similar to mine and that works. I know i didn’t state it explicitly, but i did try this on the octopus server.
I dont know why you request using the Octopus account, this error comes from the azure endpoint, so it does look like the credentials are at fault.

only thing that concerns me is because i can never see the value that octopus is saving into the password field, there is no way to check the paste is working.