Getting error when using User Assigned MSI
See original GitHub issueTrying to use managed identity to access Azure resources and getting error below during profile script run. How is it supposed to work in a first place when sandbox code runs in is not supposed to have access to 127.0.0.1 IP address in a first place? (https://github.com/projectkudu/kudu/wiki/Azure-Web-App-sandbox#local-address-requests)
2019-05-25T01:32:19.320 [Error] ERROR: An attempt was made to access a socket in a way forbidden by its access permissions
Microsoft.Azure.WebJobs.Script.Rpc.RpcException : Result: ERROR: An attempt was made to access a socket in a way forbidden by its access permissions
Exception: An attempt was made to access a socket in a way forbidden by its access permissions
Stack: at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
at System.Threading.Tasks.ValueTask`1.get_Result()
Issue Analytics
- State:
- Created 4 years ago
- Reactions:1
- Comments:11 (3 by maintainers)
Top Results From Across the Web
Troubleshoot Azure Automation managed identity issues
This article tells how to troubleshoot and resolve issues when using a managed identity with an Automation account.
Read more >Unable to use 'User-managed identity' with Azure Function ...
you need to assign the managed user identity to the function. Go the function and selection the "Idenity" menu under the "Settings" section....
Read more >Using Managed Identities to access Azure SQL
Using managed identities to access SQL in Azure is a great way to up the security of your solution. Unfortunately, it is a...
Read more >Replace Service Principles with Managed Identities
ERROR: Failed to connect to MSI. Please make sure MSI is configured correctly. Get Token request returned http error: 400, reason: Bad Request....
Read more >Managed Identity in Azure DevOps Service Connections
A user-assigned managed identity is created as a standalone Azure resource. Through a create process, Azure creates an identity in the Azure ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I am also experiencing this issue. I did detailed analysis - in my case the root cause is the User Assigned MSI. When I switch to System Managed MSI, I am not getting the error.
Steps to reproduce the issue:
get-azcontext -verbose
in run.ps1 or profile.ps1You should see the error above in the logs.
Yes - I validated this on the latest Az module in Azure Functions. You can see an example on https://docs.microsoft.com/en-us/powershell/module/az.accounts/connect-azaccount?view=azps-2.7.0#examples (Example 7).