尝试使用远程计算机上的Service Principal对AzureRM PS cmdlet进行身份验证时,我们遇到错误。但是,命令在本地工作。我们尝试过Azure PowerShell版本1.4和2.1(最新版本)但没有成功。通过远程PSEXEC调用执行PS命令时,我们也会看到相同的行为,这似乎排除了PowerShell Remoting的问题。
这是我们正在尝试的命令:
Invoke-Command -ComputerName [***REMOTEMACHINENAME***] {$creds = Get-Credential -Credential (New-Object pscredential("[***AccountIdRemoved***]",("[***ClientSecretRemoved***]" | ConvertTo-SecureString -AsPlainText -Force)));Login-AzureRmAccount -Credential $creds -TenantId "[***TenantIdRemoved***]" -ServicePrincipal | Out-String;Get-AzureRmKeyVault | Out-String}
这是错误:
System.ArgumentException: Your Azure credentials have not been set up or have expired, please run Add-AzureAccount to set up your Azure credentials. ---> System.Collections.Generic.KeyNotFoundException: Unable to retrieve service key for ServicePrincipal account [***AccountIdRemoved***]. Please log in again to supply the credentials for this service principal. In PowerShell, execute Login-AzureRMAccount for Azure Resource Manager cmdlets or Add-AzureAccount for service management cmdlets.
at Microsoft.Azure.Commands.Common.Authentication.ServicePrincipalTokenProvider.RenewWithSecret(AdalConfiguration config, String appId)
at Microsoft.Azure.Commands.Common.Authentication.ServicePrincipalTokenProvider.GetAccessToken(AdalConfiguration config, ShowDialog promptBehavior, String u
serId, SecureString password, AccountType credentialType)
at Microsoft.Azure.Commands.Common.Authentication.Factories.AuthenticationFactory.Authenticate(AzureAccount account, AzureEnvironment environment, String te
nant, SecureString password, ShowDialog promptBehavior, TokenCache tokenCache, Endpoint resourceId)
at Microsoft.Azure.Commands.Common.Authentication.Factories.AuthenticationFactory.GetSubscriptionCloudCredentials(AzureContext context, Endpoint targetEndpo
int)
--- End of inner exception stack trace ---
at Microsoft.Azure.Commands.Common.Authentication.Factories.AuthenticationFactory.GetSubscriptionCloudCredentials(AzureContext context, Endpoint targetEndpo
int)
at Microsoft.Azure.Commands.ResourceManager.Cmdlets.Components.ResourceManagerClientHelper.GetResourceManagerClient(AzureContext context, Dictionary`2 cmdle
tHeaderValues)
at Microsoft.Azure.Commands.ResourceManager.Cmdlets.Components.ApiVersionHelper.GetApiVersionsForResourceType(AzureContext context, String providerNamespace
, String resourceType, CancellationToken cancellationToken, Dictionary`2 cmdletHeaderValues)
at Microsoft.Azure.Commands.ResourceManager.Cmdlets.Components.ApiVersionHelper.<>c__DisplayClass7.<DetermineApiVersion>b__0()
at Microsoft.Azure.Commands.ResourceManager.Cmdlets.Components.ApiVersionHelper.ApiVersionCache.AddOrGetExisting(String cacheKey, Func`1 getFreshData)
at Microsoft.Azure.Commands.ResourceManager.Cmdlets.Components.ApiVersionHelper.DetermineApiVersion(AzureContext context, String providerNamespace, String r
esourceType, CancellationToken cancellationToken, Nullable`1 pre, Dictionary`2 cmdletHeaderValues)
at Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.ResourceManagerCmdletBase.DetermineApiVersion(String providerNamespace, String resourceTy
pe, Nullable`1 pre)
at Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.GetAzureResourceCmdlet.<ListResourcesInSubscription>d__2c.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.GetAzureResourceCmdlet.<GetResources>d__c.MoveNext()