8

Azure Functions bug. I get the error in the portal

Error:

We are not able to retrieve the runtime master key. Please try again later.
Session Id: d13fceebd4ea4cb1b7fb3d3829dd1406

Timestamp: 2017-08-24T20:04:23.555Z

I've tried all of the suggestions here: https://blogs.msdn.microsoft.com/jpsanders/2017/05/09/function-app-error-we-are-not-able-to-retrieve-the-runtime-master-key/

I'm using the runtime version 1.0.10917 but I've tried ~1 and get the same result.

This seems to occur when I delete the function from the portal and then recreate it. It consistently happens after that for every function we have. The first time the function is created, it seems to work.

Jeff
  • 35,755
  • 15
  • 108
  • 220
  • share your session id and time stamp. Also github or the forums might be more appropriate for this question https://github.com/Azure/Azure-Functions/issues – ahmelsayed Aug 24 '17 at 18:06
  • How do I get that? This is a programming question of course, so the downvote is pretty silly – Jeff Aug 24 '17 at 19:36
  • the session id is part of the error message that showed up saying `"We are not able to retrieve the runtime master key"` – ahmelsayed Aug 24 '17 at 19:38
  • i have updated the question – Jeff Aug 24 '17 at 20:05
  • this is really odd. I can't find any logs for that session id in the past week... I tried yesterday, and just thought it was a log delay, but I still can't see them. Can you either try getting another session id or sharing the app name either directly or [indirectly](https://github.com/Azure/azure-webjobs-sdk-script/wiki/Sharing-Your-Function-App-name-privately) – ahmelsayed Aug 25 '17 at 17:54
  • It's call functionsbtests2-dev and here is another id/timestamp - Session Id: 8c1fc5a0207b45e191185e605f7cfc51 Timestamp: 2017-08-31T02:50:23.504Z – Jeff Aug 31 '17 at 02:51
  • yep, I found it. I'm guessing you're using an adblocker of some sort :) I use Application Insights to track exceptions, and adblockers usually block that, which could explain why I can't find any trace of your sessions. anyway, I'm writing an answer, give me a minute – ahmelsayed Sep 01 '17 at 18:46

3 Answers3

2

This is the exception you're hitting 

System.Security.Cryptography.CryptographicException : The payload was invalid.
   at Microsoft.AspNetCore.DataProtection.Cng.CbcAuthenticatedEncryptor.DecryptImpl(Byte* pbCiphertext,UInt32 cbCiphertext,Byte* pbAdditionalAuthenticatedData,UInt32 cbAdditionalAuthenticatedData)
   at Microsoft.AspNetCore.DataProtection.Cng.Internal.CngAuthenticatedEncryptorBase.Decrypt(ArraySegment`1 ciphertext,ArraySegment`1 additionalAuthenticatedData)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData,Boolean allowOperationsOnRevokedKeys,UnprotectStatus& status)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData,Boolean ignoreRevocationErrors,Boolean& requiresMigration,Boolean& wasRevoked)
   at Microsoft.Azure.WebJobs.Script.WebHost.DataProtectionKeyValueConverter.Unprotect(Key key) at C:\azure-webjobs-sdk-script\src\WebJobs.Script.WebHost\Security\DataProtectionKeyValueConverter.cs : 43
   at Microsoft.Azure.WebJobs.Script.WebHost.SecretManager.ReadHostSecrets(HostSecrets hostSecrets) at C:\azure-webjobs-sdk-script\src\WebJobs.Script.WebHost\Security\SecretManager.cs : 383
   at async Microsoft.Azure.WebJobs.Script.WebHost.SecretManager.GetHostSecretsAsync() at C:\azure-webjobs-sdk-script\src\WebJobs.Script.WebHost\Security\SecretManager.cs : 83
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at async Microsoft.Azure.WebJobs.Script.WebHost.WebJobsSdkExtensionHookProvider.GetOrCreateExtensionKey(String extensionName) at C:\azure-webjobs-sdk-script\src\WebJobs.Script.WebHost\WebHooks\WebJobsSdkExtensionHookProvider.cs : 71
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Microsoft.Azure.WebJobs.Script.WebHost.WebJobsSdkExtensionHookProvider.GetExtensionWebHookRoute(String extensionName) at C:\azure-webjobs-sdk-script\src\WebJobs.Script.WebHost\WebHooks\WebJobsSdkExtensionHookProvider.cs : 64
   at Microsoft.Azure.WebJobs.Extensions.EventGrid.EventGridExtensionConfig.Initialize(ExtensionConfigContext context)
   at Microsoft.Azure.WebJobs.Host.Executors.JobHostConfigurationExtensions.InvokeExtensionConfigProviders(ExtensionConfigContext context)
   at Microsoft.Azure.WebJobs.Host.Executors.JobHostConfigurationExtensions.CreateStaticServices(JobHostConfiguration config)
   at Microsoft.Azure.WebJobs.JobHost.PopulateStaticServices()
   at Microsoft.Azure.WebJobs.Script.Utility.CreateMetadataProvider(JobHost host) at C:\azure-webjobs-sdk-script\src\WebJobs.Script\Utility.cs : 362
   at Microsoft.Azure.WebJobs.Script.ScriptHost.LoadCustomExtensions() at C:\azure-webjobs-sdk-script\src\WebJobs.Script\Host\ScriptHost.cs : 670
   at Microsoft.Azure.WebJobs.Script.ScriptHost.Initialize() at C:\azure-webjobs-sdk-script\src\WebJobs.Script\Host\ScriptHost.cs : 510
   at Microsoft.Azure.WebJobs.Script.ScriptHost.Create(IScriptHostEnvironment environment,IScriptEventManager eventManager,ScriptHostConfiguration scriptConfig,ScriptSettingsManager settingsManager) at C:\azure-webjobs-sdk-script\src\WebJobs.Script\Host\ScriptHost.cs : 937

It's very hard for users to discover these errors for their app because the runtime doesn't log them anywhere the UX can query.

This issue is tracking the exception: https://github.com/Azure/azure-webjobs-sdk-script/issues/1832

We are still not entirely sure why this is happening. Did you republish your keys from another application by any chance? (edit: or delete and recreate the app with the same name) these keys are encrypted by a function app specific key, and won't work outside that context.

fix: copied from Fabio Cavalcante

can you delete (or rename) the host.json file in d:\home\data\Functions\secrets\ and retry? This will force the runtime to re-create those secrets for that environment. Keep in mind that this would also change your master and default keys.

ahmelsayed
  • 7,125
  • 3
  • 28
  • 40
  • 2
    Because of bugs in the azure function deployment mechanism (random errors about locked files and race conditions), it is sometimes necessary to drop and recreate a function app instead of just updating it. – Jeff Sep 02 '17 at 03:19
1

Switching the Azure Function storage account to a new storage account can trigger a similar issue.

Error: We are not able to get the key swaggerdocumentationkey.
Please check the runtime logs for any errors or try again later.

This is likely related to the storage account being uninitialized with the new site. I can't confirm the behavior, but it seems that when switching storage accounts the new account doesn't initialize a new site and will cause similar issues.

nelak
  • 380
  • 3
  • 10
0

i deleted the azure functions and renamed it. After that it started working fine. Looks like even when you delete the azure functions, traces are there in azure logs and screwing up something.

Also make sure you keep separate azure blob storage for every functions, if you use it in more than one azure function, then it is giving some weird errors. I think they are using it for logging and authentication purposes.

Karthikeyan VK
  • 5,310
  • 3
  • 37
  • 50