Im trying to invite guest users to my AAD without success. I get the message "Unable to invite user" and when I check the error details I get the following
{"errorCode":"B2BError","localizedErrorDetails":null,"operationResults":null,"timeStampUtc":"2017-05-12T23:48:31.5694549Z","clientRequestId":"xxxxxxxxxxx","internalTransactionId":"xxxxxxxxxxx","upn":"xxxxxxxxxxx","tenantId":"xxxxxxxxxxx","userObjectId":"xxxxxxxxxxx"}
I was able to invite users without problems a few weeks ago. But today Im receiving this error. I tried with a different tenant and it's working fine.
I also tried via powershell, using the New-AzureADMSInvitation cmdlet from Azure Active Directory V2 Preview Module. The same happens: one tenant works and the other doesnt. The error that I get on powershell is
New-AzureADMSInvitation : Error occurred while executing NewAzureADMSInvitation
Code: Forbidden
Message: Generic authorization exception.
InnerError:
RequestId: xxxxxxxxxxx
DateTimeStamp: Fri, 12 May 2017 20:43:52 GMT
HttpStatusCode: Forbidden
HttpStatusDescription: Forbidden
HttpResponseStatus: Completed
At line:1 char:15
+ ... nvitation = New-AzureADMSInvitation -InvitedUserEmailAddress teste2#p ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureADMSInvitation], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.NewAzureADMSInvitation
I even enabled the Premium trial to check if it had something to do with the free plan, but the problem persists
Does anybody know whats going on?
According to your error message, maybe we should check your Azure AD configure settings, like the screenshot:
Also we can use admin account of Azure AD to invite user.
Related
I am getting the following error when running this command:
Get-dbaDatabase -sqlinstance server01 -NoFullBackup
Error:
Compare-DbaCollationSensitiveObject : Cannot bind argument to parameter 'Value' because it is null.
At C:\Program Files\WindowsPowerShell\Modules\dbatools\1.1.76\allcommands.ps1:22322 char:109
+ ... bject -Property Name -In -Value $lastCopyOnlyBackups.Database -Collat ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Compare-DbaCollationSensitiveObject], ParameterBindingValidationExcept
ion
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Compare-DbaCollationSensitiveObject
This happens on multiple versions of dbatools, I don't think it is related to dbatools at all. When I run this on another account that has a profile created long ago I get no errors. New account profiles seem to have this error show up. I am thinking it may be related to a setting in PowerShell but I am not sure what it could be.
On an older account profile the command just returns nothing, basically a blank line. The newer accounts all return this error. I have run this command on machines ranging from Windows Server 2012 through Windows Server 2019.
I did try to use an account that worked on an older server on a new server and in that case I do get the error above. It seems to be related to when the profile was created, which makes me think there is some default setting or behavior that is being set at the group policy or machine policy level.
PowerShell version is 5.1.
I am hoping there are some PowerShell experts out there that can point me in the right direction.
Thanks!
This has been acknowledged as a bug in the function by the dbatools team. This is fairly new functionality that was implemented in late 2021. This should get fixed in a future update to dbatools.
I have made a few pipelines in Azure Data Factory, which transfer and modify data from Blob Storage (Excel Files) to Azure SQL. They were off for like 2 month and the company has implemented MFA on whole Azure Active Directory.
After that when I try to run the pipelines I have only "Failed status". For every pipeline the error is the same. They are look like this:
Operation on target Data flow1 failed: {"StatusCode":"DFExecutorUserError","Message":"Job failed due to reason: java.lang.Exception: fail to reach https://we.frontend.clouddatahub.net/subscriptions/aa2d32bf-f0d0-4656-807b-7e929da73853/entities/99264214-3071-4faa-87c2-32d9dec7e5a4/identities/00000000-0000-0000-0000-000000000000/token?api-version=2.0 with status code:403, payload:{"error":{"code":"ManagedIdentityInvalidCredential","message":"Acquire MI token from AAD failed. ErrorCode: invalid_client, Message: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS700027: Client assertion failed signature validation.\r\nTrace ID: 4eef805e-a0ca-494e-bcc2-c01cd755f400\r\nCorrelation ID: f313ba30-9455-4065-90ab-a0fe28dadc99\r\nTimestamp: 2022-02-21 13:11:56Z","details":[],"additionalInfo":[]}}, CorrelationId:171b73ff-5721-45e5-bf95-2b29dc4dd1b4, RunId:887b22ec-6cae-42d3-9580-b93a98800b3c","Details":"java.lang.Exception: fail to reach https://we.frontend.clouddatahub.net/subscriptions/aa2d32bf-f0d0-4656-807b-7e929da73853/entities/99264214-3071-4faa-87c2-32d9dec7e5a4/identities/00000000-0000-0000-0000-000000000000/token?api-version=2.0 with status code:403, payload:{"error":{"code":"ManagedIdentityInvalidCredential","message":"Acquire MI token from AAD failed. ErrorCode: invalid_client, Message: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS700027: Client assertion failed signature validation.\r\nTrace ID: 4eef805e-a0ca-494e-bcc2-c01cd755f400\r\nCorrelation ID: f313ba30-9455-4065-90ab-a0fe28dadc99\r\nTimestamp: 2022-02-21 13:11:56Z","details":[],"additionalInfo":[]}}, CorrelationId:171b73ff-5721-45e5-bf95-2b29dc4dd1b4, RunId:887b22ec-6cae-42d3-9580-b93a98800b3c\n\tat com.microsoft.datafactory.dat"}
Is there any way I can evade this error without deactivating MFA?
Thank you David Browne - Microsoft for your valuable suggestion. Posting your suggestion as answer to help other community members.
Use either of Managed identity or Provision a Service principle
for authentication. Switch the Authentication to SQL Auth for SQL Server and SAS/Account Key auth for Azure Storage.
Currently following the instruction for loading the data from Azure. Option no 1.
https://docs.snowflake.com/en/user-guide/data-load-azure-config.html
The storage integration with a service principal.
I'm keep getting the error :
Failure using stage area. Cause: [Server failed to authenticate the request. Please refer to the
information in the www-authenticate header. (Status Code: 401; Error Code: NoAuthenticationInformation)]
I Azure I can see that there are AuthorizationErrors. Snowflake is reaching Azure but Azure thinks that it can't give access.
Anyone an idea?
Hennie
I agree that it looks like an access issue. Couple ideas:
Perhaps the token expired? Try regenerating the SAS token and then recreate the Azure external stage with it.
Do you have a firewall on your Azure storage?
If so, follow these steps: https://docs.snowflake.com/en/user-guide/data-load-azure-allow.html#allowing-the-vnet-subnet-ids
There are many threads about this error but I did not find the answer yet.
We have Azure SQL database and the employees use 1 login to connect.
One colleague has problem with aonnectivity as recently her Azure account was deleted and then restored.
The account deletion may have triggered the issue.
Error Number: 18456
Severity: 14
State: 1
Line Number: 65536
Do you have any ideas what causes this error?
Any hints where I should dig to get an answer?
I have found Error 18456 with State 1 only during Microsoft Azure outages as shown here. To make sure visit #AzureSupport on Twitter or visit Azure Status. Sometimes Azure Support and Azure Status do not show any issues because issues may not be affecting a good number of customers, but you can still find out what is happening by going to Help + Support, choose Service Health, then examine "Health History" and "Resource Health" as shown on this article.
Another possible cause of this error is the status of your Azure Subscription. Maybe your subscription requires your attention.
I am trying to login in Azure SQL active password authentication using cloudhsell
below is the error I am facing mentioned in the screen shot.I am not able to understand is this the authentication issue or syntax issue in my script.
$cxn.open will open the connection but before that only I am facing issue.
After that I need to exectue the below commands
$cmd = New-Object System.Data.SqlClient.SqlCommand($query, $cxn)
$cmd.CommandTimeout = 120
$cmd.ExecuteNonQuery()
$cxn.Close()
Objective is to login to Azure SQL using active password auth and write some SQL query and close the connection.This thing I need to do in devops inline script task but it is falling in cloudshell itself.
Error - detail mentioned in the below diagram, please let me know how to correct it.
Kindly let me know is there any other script is there.
I'm not sure if this will fix all your issues, but there is a syntax error there.
In your connection string you put authentication="Azure Active Directory""
that is a syntax error because your double quote actually ends the string...
get rid of the "" around the azure active directory. like. authentication=Azure Active Directory";
that would at least get rid of the syntax error.
try to use Microsoft.Data.SqlClient