![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 40%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,081 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 98%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Hello @sakuraime ,
Thanks for your query. I was able to repro your issue locally but with different error message:
Initially for the below command in the client_id parameter, I was trying to pass the ObjectID instead of ApplicationID
PS C:\windows\system32> $response = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&client_id=OBJECTIDRETRIEVEDFROMAZUREPORTALVM&resource=https://management.azure.com/' -Method GET -Headers @{Metadata="true"}
Invoke-WebRequest : {"error":"invalid_request","error_description":"Identity not found"}
At line:1 char:13
- $response = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/i ...
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
- FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
This will be the complete working command:
PS C:\windows\system32> $response = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&client_id=PASSTHEAPPLICATIONID&resource=https://management.azure.com/' -Method GET -Headers @{Metadata="true"}
PS C:\windows\system32> $response
StatusCode : 200
StatusDescription : OK
Content : {"access_token":"TOKENVALU}
RawContent : HTTP/1.1 200 OK
Content-Length: 1715
Content-Type: application/json; charset=utf-8
Date: Fri, 26 Feb 2021 18:49:16 GMT
Server: IMDS/150.870.65.489
Forms : {}
Headers : {[Content-Length, 1715], [Content-Type, application/json; charset=utf-8], [Date, Fri, 26 Feb 2021 18:49:16 GMT], [Server, IMDS/150.870.65.489]}
Images : {}
InputFields : {}
Links : {}
ParsedHtml : System.__ComObject
RawContentLength : 1715
How to get the applicationID:
1) Get-AzureRmADServicePrincipal -DisplayName "managedidentity"
Above command will display the list of all IDs.
2) Get the ObjectID of the VM from Azure Portal ( VMName - > Settings -> Identity ) -
3) From the output , search for that ObjectID copied from portal
4) Grab the ApplicationID
5) Try to run the whole command in one single line
Pass that applicationID to the Invoke-WebRequest command . It should work
My Azure VM machine Screen Shots of Successful and Unsuccessful attempts:
Below Additional references should help you out in troubleshooting further:
https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure-powershell-windows-vm
https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-ua-arm
If the above information helps , Kindly "Accept the Answer and Upvote"