应用此线程中提供的解决方案(基本上是将用户管理员角色添加到我正在使用的托管身份中)后,在连接到托管身份时出现以下错误,这在以前没有发生过:
无法获取租户“组织”的令牌,并出现错误“ManagedIdentityCredential 身份验证失败:身份传递时发生内部服务器错误!”
Status: 500 (Internal Server Error)
Content:
Headers:
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Date: Tue, 14 Nov 2023 12:34:53 GMT
Server: Microsoft-HTTPAPI/2.0
See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/managedidentitycredential/troubleshoot'
ManagedIdentityCredential authentication failed: Internal Server Error occured with identity passed!
Status: 500 (Internal Server Error)
Content:
Headers:
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Date: Tue, 14 Nov 2023 12:34:53 GMT
Server: Microsoft-HTTPAPI/2.0
See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/managedidentitycredential/troubleshoot
Run Connect-AzAccount to login.
如果您我在订阅下拥有一个具有错过添加该用户分配的托管,则可能会发生错误 您在自动化帐户中的身份,您在
参数中指定。AccountId
Contributor
现在,我将
User Administrator 目录角色添加到用户分配的托管标识中,如下所示:
最初,我
未添加在自动化帐户中分配托管身份的任何用户,如下所示:
当我运行下面的脚本通过用户分配的托管标识连接来创建 SQL Server 时,我得到了
相同的错误,如下所示:
Disable-AzContextAutosave -Scope Process
$context = (Connect-AzAccount -Identity -AccountId "<account-client-id>").context
$subscriptionId = "subId"
Select-AzSubscription -SubscriptionId $subscriptionId
$context = Set-AzContext -SubscriptionName $context.Subscription -DefaultProfile $context
$rgName = "Sri"
$newServerName = "sqlserver151123"
$location = "Central US"
$adminAccount = "Testuser"
New-AzSqlServer -ResourceGroupName $rgName -ServerName $newServerName -ServerVersion "12.0" -Location $location -AssignIdentity -EnableActiveDirectoryOnlyAuthentication -ExternalAdminName $adminAccount
回复:
要
解决错误,请确保添加您在自动化帐户下的AccountId
当我现在再次运行相同的脚本时,我成功地得到了
response,如下所示:
Disable-AzContextAutosave -Scope Process
$context = (Connect-AzAccount -Identity -AccountId "<account-client-id>").context
$subscriptionId = "subId"
Select-AzSubscription -SubscriptionId $subscriptionId
$context = Set-AzContext -SubscriptionName $context.Subscription -DefaultProfile $context
$rgName = "Sri"
$newServerName = "sqlserver151123"
$location = "Central US"
$adminAccount = "Testuser"
New-AzSqlServer -ResourceGroupName $rgName -ServerName $newServerName -ServerVersion "12.0" -Location $location -AssignIdentity -EnableActiveDirectoryOnlyAuthentication -ExternalAdminName $adminAccount
回复:
为了
确认,我在 Portal 中检查了相同的内容,其中 SQL Server 使用以下属性成功创建: