7

I'm creating a Service principal to be used as an Azure Runas Account for Azure Automation, using a Powershell script. The script works, however I get the following warning when it's completed
WARNING: Unable to acquire token for tenant 'tenantID'.

The tenantID from the warning message is another tenant that my account has access to, which has multiple subscriptions within it. However it's unrelated to the tenantid and subscription I'm logging in to.

I've tried logging in via the Powershell window, then running the script without having the login inside the script, but get the same error. When I run get-AzContext in the Powershell window after the script runs, it lists the correct tenantID

Function being used to login is below. the tenant ID is not the same as the one I get the Warning for

function Login {
    # Log in
    $tenantid = "tenantID"
    $subscriptionId = "subscriptionID"
    $subscriptionName = "subscriptionname"
    Clear-AzContext -Force
    Message("Logging In")
    $account = $(Get-AzContext).Account
    if ([string]::IsNullOrEmpty($account)) {
        Login-AzAccount -Tenant $tenantid -Subscription $subscriptionId
    }
    # Select the subscription

    Message("Selecting the '$subscriptionName' Subscription")
    Set-AzContext $subscriptionId | Out-Null
}


I have no other references to tenantID.  The only other reference I have is for the subscriptionID, in a script which is called by the original script.
$Subscription = $(Get-AzContext).Subscription

I'd like to understand why it's trying to access the different TenantID for a token, and not to have the error when running the script
Wayno
  • 351
  • 2
  • 3
  • 10
  • 2
    And as soon as I posted this question I worked it out! For anyone that wants to know, I had this command $SubscriptionInfo = Get-AzSubscription -SubscriptionId $SubscriptionId in one of the scripts, that was causing the error! – Wayno Nov 08 '19 at 08:33
  • 1
    If your issue has been resolved, could you please post your answer? It may help more people. – Jim Xu Nov 08 '19 at 08:36

6 Answers6

5

Login

Connect-AzAccount

Check your current available subscriptions

Get-AzContext -ListAvailable

Select the subscription you want to work on

Select-AzContext -Name ''
Mark Rotteveel
  • 100,966
  • 191
  • 140
  • 197
shaonm
  • 81
  • 1
  • 1
5

You are trying to logon to an MFA enabled tenant. Try this and then MFA accept on your phone

# Connect to your Subscription
# Ex: Connect-AzAccount -Credential $credentials -Subscription 0000-4566-bcb4-000 -TenantId 00-f750-00-91d3-00  
Connect-AzAccount -Subscription 00-9f21-4566-bcb4-00 -TenantId 00-f750-4013-91d3-00
Community
  • 1
  • 1
Mr Allen Visser
  • 61
  • 1
  • 1
4

I posted the answer already. The Get-AzSubscription command is the issue, it tries to access all the subscriptions you have access to. You need another command to get the subscription id, I used get-azcontext to get the current subscription id

Wayno
  • 351
  • 2
  • 3
  • 10
1

I was having the exact same error, and I fixed it by specifying the tenant when setting the context to a specific subscription. I did by updating the following line of code:

Set-AzContext $subscriptionId | Out-Null

to this one:

Set-AzContext -Subscription $subscription -Tenant $tenantId | Out-null
ccoutinho
  • 3,308
  • 5
  • 39
  • 47
1

None of the above helped me but this did! Logout of all your contexts. These persist and accumulate and eventually nothing works.

Clear-AzContext

Kraig Rury
  • 11
  • 1
-5

One of the ways to get rid of this issue is to use Azure CLI.

Safiqur Rhaman
  • 38
  • 4