Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Intermittent ManagedIdentityCredential authentication failure

See original GitHub issue

Package Name: @azure/identity
Package Version: 1.2.3
Package Name: @azure/service-bus
Package Version: 7.0.3
Operating system: Ubuntu 20.04.2. LTS
nodejs
- version: v12.18.2
typescript
- version: 4.1.5

Describe the bug (I do not know that this is an actual bug.) I frequently see ‘ManagedIdentityCredential authentication failures’ when using DefaultAzureCredential on my laptop. This behavior is highly intermittent and I don’t know how to debug it.

To Reproduce Steps to reproduce the behavior:

Login with az login.
Use DefaultAzureCredential to try to establish an Azure auth identity.
Use this identity credential to establish a ServiceBusClient and a ServiceBusReceiver. Then do a subscribe on this receiver.
Then, maybe half of the time, I get the following error:

ManagedIdentityCredential authentication failed.(status code undefined).
More details:
request to http://169.254.169.254/metadata/identity/oauth2/token?resource=https%3A%2F%2Fvault.azure.net&api-version=2018-02-01 failed, reason: connect EHOSTUNREACH 169.254.169.254:80

Comments

I don’t know why it’s trying to connect to http://169.254.169.254 from my laptop!
I don’t know why this is intermittent. If I run the same code multiple times, I can’t determine a pattern or factor why it fails or succeeds.
I don’t know how to get any more debugging information than the error message from above.

Issue Analytics

State:
Created 3 years ago
Comments:11 (7 by maintainers)

Top GitHub Comments

1reaction

ewhcommented, Mar 16, 2021

Hi @sadasant. I finally got around to testing this issue today (testing with the alpha release package you mentioned earlier). It appeared to completely address the issue! Thanks so much for your help with this!

I’ll upgrade to 1.2.4 now!

1reaction

ewhcommented, Feb 23, 2021

Hi @sadasant. Your reply responsiveness is AMAZING!

AzureCliCredential will try to run a command with the Azure CLI and if the command fails it will assume this credential is unavailable… I’m hoping that calling out to Azure CLI and failing would hopefully not be much more expensive than a couple seconds maybe? If it’s less than a couple seconds to fail the call to the CLI (and it only happens once per process instance), that should be totally fine.

I am definitely willing to try the alpha package tomorrow. However, I’m not sure I can confirm if the alpha package fixes anything because my underlying issue with DefaultAzureCredential (ManagedIdentityCredential network failure) is intermittent – because I don’t really know what’s causing it, I don’t really know if the alpha package fixes it. The problem goes from happening almost every time I try to use DefaultAzureCredential to not appearing for a couple of days.

Yes, I think I have only hit this problem locally on my dev machine. DefaultAzureCredential seems to be working fine in our Azure App Services.

Top Results From Across the Web

AAD Pod-identity intermittent issues with applications #1287

error in obtaining secret: ManagedIdentityCredential authentication failed. Status code: 500. More details: unknown_error Status code: 500

ManagedIdentityCredential authentication unavailable. No ...

This is a problem with the Azure VM, or an issue with Microsoft.Data.SqlClient. ManagedIdentityCredential authentication unavailable.

ManagedIdentityCredential authentication unavailable, no ...

Trying to connect Azure key vault using batch pool . It was successful using service principle , but when using managed identity its...

Target Credential Issues by Authentication Protocol - Reddit

I keep receiving: Target Credential Issues by Authentication Protocol - Intermittent Authentication Failure.

spring boot security login error 400, using Guava Optional ...

Azure - Accessing Key Vault using User Managed Identity in Java Spring Boot : Error Details: ManagedIdentityCredential authentication unavailable? Error ...