Unable to login azure resource with managed identity

Sakit Atakishiyev 25 Reputation points Microsoft Employee
2024-03-21T13:21:33.0533333+00:00

Hello,

 

I follow this page to create azure cloud instance and test system managed identity. https://learn.microsoft.com/en-us/azure/container-instances/container-instances-managed-identity#example-2-use-a-system-assigned-identity-to-access-azure-key-vault

 

My container created successfully. I connect the instance and try to execute following command inside the container

az login --identity

and got the following error

Failed to connect to MSI. Please make sure MSI is configured correctly and check the network connection.
Error detail: HTTPConnectionPool(host='169.254.169.254', port=80): Max retries exceeded with url: /metadata/identity/oauth2/token?resource=https%3A
%2F%2Fmanagement.core.windows.net%2F&api-version=2018-02-01 (Caused by NewConnectionError('
Azure Container Instances
Azure Container Instances
An Azure service that provides customers with a serverless container experience.
636 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. vipullag-MSFT 24,111 Reputation points Microsoft Employee
    2024-04-01T05:41:51.9066667+00:00

    Hello Sakit Atakishiyev

    Welcome to Microsoft Q&A Platform, thanks for posting your query here.

    Based on the error message you provided, it seems that there is an issue connecting to the Managed Service Identity (MSI) endpoint. Here are a few steps you can try to troubleshoot and resolve the issue: 

    1. Check if the MSI is correctly configured for your Azure container instance. Ensure that the system-assigned identity is enabled for the instance. 
    2. Verify the network connectivity of your container instance. The error message suggests that there may be an issue with the network connection. Make sure that your container instance has access to the internet and can reach the MSI endpoint at [http://169.254.169.254](http://169.254.169.254"http://169.254.169.254/").
    3. If you are running your container inside a virtual network, check if there are any network security group rules or firewalls blocking the outbound connection from your container to the MSI endpoint. You may need to allow outbound traffic to the MSI endpoint IP address and port 80.
    4. Ensure that the Azure PowerShell module is up to date. You can try updating the module to the latest version to see if it resolves the issue.
    5. If none of the above steps resolve the issue, you can try restarting the container instance to see if it clears any temporary network or connectivity issues.

     

    Hope this helps.