From within a VM with a System Assigned Identity (Not a User Assigned Managed Identity).
I am able to authenticate via the az cli by typing az login -identity and can perform operations based on the RoleAssignments to the VM's Service Principal.
However when I try to do the same using pwsh:
Connect-AzAccount -Identity I get an error:
WARNING: Unable to acquire token for tenant 'organizations' with error 'ManagedIdentityCredential authentication unavailable. No Managed Identity endpoint found.'
Connect-AzAccount: ManagedIdentityCredential authentication unavailable. No Managed Identity endpoint found.
However if I run Connect-AzAccount -Identity a second time immediately after it seems to work:
PS /root> Connect-AzAccount -Identity
Account SubscriptionName TenantId Environment
------- ---------------- -------- -----------
MSI#XXXXX <subscriptionName> <tenantId> AzureCloud
Is there something I can do to avoid having this warning displayed?
I tried to repro in my local within VM using Connect-AzAccount -Identity and it works fine for me in first time.
> WARNING: Unable to acquire token for tenant 'organizations' with error
> 'ManagedIdentityCredential authentication unavailable. No Managed
> Identity endpoint found.' Connect-AzAccount: ManagedIdentityCredential
> authentication unavailable. No Managed Identity endpoint found. ```
For the above error , If MFA is enabled for that tenant or identity, then such prompts occurs.
It could be the reason that the id through which you have logged on to the device is enabled with MFA and until they point the token in the device for user gets verified, it gives out this error.
Or , it could be a network connection lag or delay due to which the first time you might be encountering this warning.
For more information please refer the below links:
. Unable to acquire token for tenant 'organizations'|GitHub.
. Powershell Connect-AzAccount error| MS Q&A
Related
I have created an RDS on AWS which initially shows the status of 'available' but when I use my sql client to connect to it I receive the error:
Status : Failure -Test failed: IO Error: Connection reset by peer, Authentication lapse 0 ms
Then when I check the status of the RDS online (AWS dashboard) it says 'stopping'.
When I try to start the RDS again it's status will go from 'starting' to 'stopping' after a couple of minutes and then eventually 'stopped'. I can't find anything online referring to an RDS automatically stopping and I am somewhat a novice to AWS.
Based on the comments.
The solution was found by checking CloudTrial Event history. Based on the search it was identified that StopDBInstance was issued by HIPComplianceWorker user.
This probably means that there is an automation that checks the db instances launched and verifies if they comply with your companies policies. Your instance could be violating such policies, and it was automatically stopped.
You would have to contact your admins to check with them what kind of RDS you can use.
"Internal 500 server error" after VM runs for a day or two.
This is the second time it has happened, I start the instance, install littlest Jupyterhub
(see details below). I can login to the external ip, for a day, but then it stops
with internal 500 error. I cannot ssh or get into the instance, only alternate is to
create a new instance and re-do. What is the problem?
I have installed littlest jupyterhub using on this instance, using
#!/bin/bash
curl https://raw.githubusercontent.com/jupyterhub/the-littlest-jupyterhub/master/bootstrap/bootstrap.py | sudo python3 - --admin master
I would recommend you enable access on your instance to the serial console [1].
You will also need to setup a password for your user following this documentation [2].
With these two steps done, you should be able to reconnect to your instance once you are locked out like you mentioned by following this [3].
You should then be able to investigate what is going on in the instance.
Then try to verify if your application is still running, if the SSH server is still running etc.
Frederic
[1] https://cloud.google.com/compute/docs/instances/interacting-with-serial-console#enable_instance_access
[2] https://cloud.google.com/compute/docs/instances/interacting-with-serial-console#setting_up_a_local_password
[3] https://cloud.google.com/compute/docs/instances/interacting-with-serial-console#connectserialconsole
running below command
cbc n1ql 'SELECT * FROM `travel-sample`'
Throws exception below
Failed to bootstrap instance. libcouchbase error: Authentication failed. You may have provided an invalid username/password combination (0x2)
I am referring to documentation located at
https://docs.couchbase.com/server/5.5/sdk/development-intro.html
You need to supply a username/password to get access to use the travel-sample bucket. Try using your admin user to get started. Later, you can create a user with specific permissions on travel-sample.
If you just enter "cbc" it should dump the set of valid options, letting you find the options to use to supply the username and password.
When trying to connect to mysql using the docker cloud proxy like so:
mysql -u <USERNAME> -p -S /cloudsql/<YOUR-PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>
I received this error
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading initial communication packet', system error: 95
According to the documentation, this is how I'm suppose to setup the proxy
docker run -d -v /cloudsql:/cloudsql \
-v /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt \
b.gcr.io/cloudsql-docker/gce-proxy /cloud_sql_proxy -dir=/cloudsql \
-instances=<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>
Here is the documentation for setting it up.
For those who may ask this question, I did set up these params properly
<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>
The output from the proxy:
2016/03/20 19:49:15 listenInstance: "<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>"
2016/03/20 19:49:15 Remove("/cloudsql/<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>") error: remove /cloudsql/<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>: no such file or directory
2016/03/20 19:49:15 Open socket for "<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>" at "/cloudsql/<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>"
2016/03/20 19:49:15 Socket prefix: /cloudsql
2016/03/20 19:51:29 Got a connection for "<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>"
2016/03/20 19:51:30 couldn't connect to "<PROJECT-ID>:<REGION-NAME>:<SQL-INSTANCE-NAME>": googleapi: Error 403: Insufficient Permission, insufficientPermissions
And so I looked at my compute instance and my Api access scopes for cloud sql is disabled and I had checked the prerequisites before and they say that if I'm creating my cloud sql and compute instances in the same project then I my compute should have editor permissions. Either way, I can't figure out how to give my compute instance editor privileges for my cloud sql instance.
Please let me know how I can give my compute instance editor privileges for cloud sql.
insufficientPermissions indicates that the Compute Engine VM is using the default Compute Engine service account and the Cloud SQL Admin scope was not enabled when the VM was created. In the first step of the guide, you are asked to verify whether the right scopes are present.
There are two options to fix this:
Option a) Create a new VM with the Cloud SQL Admin scope enabled.
When creating a new VM, select Set access for each API in the Identity and API access and switch Cloud SQL to Enabled.
If you are using Instance Templates, make the change described above on the instance template and use it to create the new instance(s).
Alternatively, you may select Allow full access to all Cloud APIs but be aware that this will allow any application on the VM to access any of the Cloud APIs using the service account credentials, which has editor privileges on the project by default.
Option b) Use credentials for a different service account
If creating a new VM is not an option, you can create a new service account, download the credentials file to the VM and use the -credential_file parameter to make the proxy use it. The new service account must be granted at least editor access to the project.
There's an open issue to provide a better error message:
https://github.com/GoogleCloudPlatform/cloudsql-proxy/issues/6
I have created a bucket in my local system and I am trying to connect another node which is located in a remote server. I am able to work with the nodes separately. But I need to join these two nodes to form a cluster. Is there a way to add the remote server node into my local server by using the web UI?
When I tried to add the remote server's IP address by clicking "Add Server", I am getting the following error.
"Attention - Prepare join failed. Authentication failed. Verify username and password. Got HTTP status 401 from REST call post to http://XXX.XXX.XXX.XXX:8091/engageCluster2. Body was: []"
I used my local server's username and password. If I give that server's username and password, I get this error.
Attention - This node cannot add another node ('ns_1#XXX.XXX.XXX.XXX') because of cluster version compatibility mismatch. Cluster works in [4, 1] mode and node only supports [2, 0].
Is there a way to link them using Java API? Can someone please help me with this?