I created a new storage account and provisioned an HDInsight cluster on Windows Azure. However, when I try to run any command on Windows Azure Powershell related to the cluster, I get the following error:
PS C:\> Get-AzureHDInsightCluster -Name $clusterName
Get-AzureHDInsightCluster : Request failed with code:Unauthorized
Content:<Error xmlns="http://schemas.microsoft.com/windowsazure"
xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><Code>AuthenticationFailed</Code><Message>A security token
validation error occured for the received JWT token.</Message></Error>
At line:1 char:1
+ Get-AzureHDInsightCluster -Name $clusterName
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-AzureHDInsightCluster], HttpLayerException
+ FullyQualifiedErrorId : Microsoft.Hadoop.Client.HttpLayerException,Microsoft.WindowsAzure.Management.HDInsight.C
mdlet.PSCmdlets.GetAzureHDInsightClusterCmdlet
I'm completely new to HDInsight, but I ran a script before this command to add the Azure account, create variables for the subscription name, storage account name, and container name from this page.
Do you know what this error means? And how to fix it? I'm trying to run a script with Pig commands after following this website.
It looks like the PowerShell environment is not properly setup. You should add your Azure subscription first with GetAzureSubscription. See: http://www.windowsazure.com/en-us/documentation/articles/install-configure-powershell/#Connect
Related
In my Jenkins build job I'm using this command to assume an AWS role:
$Creds = (Use-STSRole -Region us-east-1 -RoleArn arn:aws:iam::$IAM_ACCOUNT_ID`:role/$IAM_ROLE -RoleSessionName jenkins).Credentials
I'm getting the following error:
Use-STSRole : The security token included in the request is invalid.
Changing the AWS Role to an invalid role does not change the error message.
It works fine when logging into the server and using the command in Powershell directly.
It also works if I use a AWS CLI command:
aws sts assume-role --role-arn arn:aws:iam::%IAM_ACCOUNT_ID%:role/%IAM_ROLE% --role-session-name jenkins-deploy
Full error message:
Use-STSRole : The security token included in the request is invalid.
At C:\Users\svc-jenkins.WIN-KLBFC355P8D\AppData\Local\Temp\jenkins4822311255190032778.ps1:5 char:11
+ $Creds = (Use-STSRole -Region us-east-1 -RoleArn arn:aws:iam::$e ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Amazon.PowerShe...seSTSRoleCmdlet:UseSTSRoleCmdlet) [Use-STSRole], InvalidOperationException
+ FullyQualifiedErrorId : Amazon.SecurityToken.AmazonSecurityTokenServiceException,Amazon.PowerShell.Cmdlets.STS.UseSTSRoleCmdlet
It seems profiles with incorrect credentials where stored in AWS.
These where listed using Get-AWSCredentials:
Get-AWSCredentials -ListStoredCredentials
Then cleared using Remove-AWSCredentialProfile:
Remove-AWSCredentialProfile -ProfileName {MyProfileName}
If using an old version of AWS Powershell Tools you can use Clear-AWSCredentials instead:
Clear-AWSCredentials -ProfileName <String>
I am trying to install and configure Azure Powershell and surprisingly I am facing issue with setting up of StorageAccountName parameter.
I have my vm setup on my enterprise account with resource group name as "RG-1" and storage account names as rg13675 and rg16461. I found these storage account names after drilling down to my resource group.
On running command,
Set-AzureRmCurrentStorageAccount –ResourceGroupName “RG-1” –StorageAccountName “rg16461"
My powershell throws up error:
Set-AzureRmCurrentStorageAccount : The Resource 'Microsoft.Storage/storageAccounts/rg16461' under resource group 'RG-1' was not found.
At line:1 char:1
+ Set-AzureRmCurrentStorageAccount –ResourceGroupName “RG-1” –StorageAc ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Set-AzureRmCurrentStorageAccount], CloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Management.Storage.SetAzureRmCurrentStorageAccount
The reason you're getting this error is because your storage account is a classic storage account (from the screenshot you shared) while the cmdlet expects a resource manager (ARM) storage account.
Please create a new storage account using Resource Manager deployment option and try to use that account's name in your cmdlet. That should fix the error.
Short story: I get the following error when trying to create a namespace on Azure Service Bus using Azure Powershell (Run as Administrator):
PS C:> New-AzureSBNamespace -Name mynewnamespace2 -Location "East US"
-CreateACSNamespace $true -Namespac New-AzureSBNamespace : Object reference not set to an instance of an object. At line:1 char:1
+ New-AzureSBNamespace -Name mynewnamespace2 -Location "East US" -CreateACSNamespace $ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [New-AzureSBNamespace], NullReferenceException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.ServiceBus.NewAzureSBNamespaceCommand
Long story: I created a first namespace in Azure Service Bus to use Relay in buffered mode (namespace=mynewnamespace). It works great except when you want to transfer a larger set of data. For this there is the streamed mode and I found this handy example (https://code.msdn.microsoft.com/How-to-send-a-large-c36ab70e), changed appropriate settings for namespace and credentials and ran the server part from the project and I get the error
{"The remote name could not be resolved:
'mynewnamespace-sb.accesscontrol.windows.net'"}
because, of course, this ACS namespace does not exist. So I found out that I need to create the namespace the old fashioned way using PS, installed Azure CLI and run the commands below with the following result:
For a list of all Azure cmdlets type 'get-help azure'.
For a list of Windows Azure Pack cmdlets type 'Get-Command wapack'.
PS C:> azure login
info: Executing command login
|info: To sign in, use a web
browser to open the page https://aka.ms/devicelogin. Enter the code EE226448L to
authenticate. If you're signing in as an Azure AD application, use the
--username and --password parameters.
/info: Added subscription Visual Studio Enterprise with MSDN info: Setting subscription
"Visual Studio Enterprise with MSDN" as default
info: login command OK
PS C:> New-AzureSBNamespace -Name mynewnamespace2 -Location "East US" -CreateACSNamespace $true -NamespaceType Messaging
WARNING: Microsoft Azure PowerShell collects data about how users use
PowerShell cmdlets and some pro encounter. Microsoft uses this
information to improve our PowerShell cmdlets. Participation is volu
choose to participate your device automatically sends information to
Microsoft about how you use Azure Powershell.
If you choose to participate, you can stop at any time by using Azure
PowerShell as follows:
1. Use the Disable-AzureDataCollection cmdlet to turn the feature Off. The cmdlet can be found in the AzureResourceManager module To disable
data collection: PS > Disable-AzureDataCollection
If you choose to not participate, you can enable at any time by using
Azure PowerShell as follows:
1. Use the Enable-AzureDataCollection cmdlet to turn the feature On. The cmdlet can be found in the AzureResourceManager module To enable
data collection: PS > Enable-AzureDataCollection
Select Y to enable data collection [Y/N]: WARNING: You choose not to
participate in Microsoft Azure PowerShell data collection. WARNING:
The setting profile has been saved to the following path
'C:\Users\PDube\AppData\Roaming\Windows Azure Powershell\AzureDataCollectionProfile.json'.
New-AzureSBNamespace :
Object reference not set to an instance of an object. At line:1 char:1
+ New-AzureSBNamespace -Name mynewnamespace2 -Location "East US" -CreateACSNamespace $ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [New-AzureSBNamespace], NullReferenceException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.ServiceBus.NewAzureSBNamespaceCommand
I tried to create the new namespace using Azure CLI on 2 different computers, thinking the first install was corrupted, but I get the exact same error.
How can I fix this error?
I'm trying to manage some of my Azure Services via Powershell, using http://windowsazurewebsitescheatsheet.info/#powershell as a starting point. I was able to download and import my subscription settings just fine (Import-AzurePublishSettingsFile and Select-AzureSubscription)
After choosing my subscription, I'm attempting to run the Get-AzureWebsite command to view all of my websites, and continue onward from there. When I run that command, however, I get the following:
Import-AzurePublishSettingsFile "C:\AzureCredentials.publishsettings"
Select-AzureSubscription "My Azure Subscription"
Get-AzureWebsite
Get-AzureWebsite : String was not recognized as a valid Boolean.
At line:1 char:1
+ Get-AzureWebsite
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzureWebsite], FormatException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.Websites.GetAzureWebsiteCommand
Anyone have similar issues? I get this error if I run the command as stated above, or if I specify the name of my website. TIA for any help!
This might be related to a known issue enumerating a sites with SSL bindings
There was new release of Windows Azure Powershell released on 02/12. Please try with the new version.
Please run the command again with -Debug turned on, this will display request and response messages and make it easier to pinpoint the issue.
I want to deploy my application to azure with powershell. So far I have created a certificate in the localmachine store, I'm not going to run the deploy script as me, uploaded the script to azure. The next step is to get access to the service on azure in powershell but there it fails. The script I have so far is:
$cert = Get-Item Cert:\LocalMachine\deploy\xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Set-AzureSubscription -SubscriptionName $subscriptionName -SubscriptionId $subscriptionId -Certificate $cert
Select-AzureSubscription $subscriptionName
$service = Get-AzureService $azureId
It fails on the last row with the following message:
Get-AzureService : Communication could not be established. This could be due to an invalid subscription ID. Note that subscription IDs are case sensitive.
At F:\DeployTest\deploy.ps1:9 char:12
+ $service = Get-AzureService $azureId
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Get-AzureService], Exception
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Management.ServiceManagement.HostedServices.GetAzureServiceCommand
Get-AzureService : HTTP Status Code: AuthenticationFailed - HTTP Error Message: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.
Operation ID:
At F:\DeployTest\deploy.ps1:9 char:12
+ $service = Get-AzureService $azureId
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzureService], CommunicationException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Management.ServiceManagement.HostedServices.GetAzureServiceCommand
I really don't know what the problem is, the certificate I'm trying to use is uploaded so it feels like there is something fundamental I've missed.
Update: I did get it to work after downloading the .publishsettings-file and importing that instead of trying to use Set-AzureSubscription. I'm still a little bit confused though, shouldn't it be possible to use the method I tried above?
I finally found the problem, and of course it was a user problem. First when I was in the azure portal I didn't find where to upload the certificate, so I uploaded it to first place I found mentioning certificates. What I did found out was that this area was the wrong one, I uploaded the certificate to the certificate area under the cloud service I wanted to administrate, which is the wrong place.
The correct place to upload the certificate to is under settings in the admin portal of azure. So the code above works if the certificate is uploaded to the correct location.