question

SnehaSalunke-2171 avatar image
0 Votes"
SnehaSalunke-2171 asked JamesTran-MSFT edited

Getting error Error Message '{"error":"invalid_request","error_description":"Identity not found"}'.

HI,

I was resolving the "Windows web servers should be configured to use Secure communication protocols".
I have resolved this by enabling the protocols in registry settings. But the compliance status is not reflecting in the Azure policy services.

When I checked the GClog (Guest Configuration log files) I see the below error.


Failed to get the base agent service url with message:- Failed to get the msi_information from meta_data url : http://169.254.xxx.xxx/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fmanagement.core.windows.net%2F. Status Code '400'. Error Message '{"error":"invalid_request","error_description":"Identity not found"}'.. Retrying with old agent service endpoint. endpoint: https://agentserviceapi.azure-automation.net</GCLOG>
<GCLOG>[2021-03-04 05:46:38.785] [PID 12908] [TID 9164] [TELEMETRY Pull Client] [ERROR] [164bb63f-59b7-4628-b28b-c3b5e0973ee9] Failed to update assignments Error : Failed to get the msi_information from meta_data url : http://169.254.xxx.xxx/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fmanagement.core.windows.net%2F. Status Code '400'. Error Message '{"error":"invalid_request","error_description":"Identity not found"}'.</GCLOG>
<GCLOG>[2021-03-04 05:46:38.785] [PID 12908] [TID 9164] [TELEMETRY Timer Manager] [ERROR] [164bb63f-59b7-4628-b28b-c3b5e0973ee9] Failed to Run Pull Refresh for 'dsc_refresh_timer' Error : Failed to get the msi_information from meta_data url : http://169.254.xxx.xxx/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fmanagement.core.windows.net%2F. Status Code '400'. Error Message '{"error":"invalid_request","error_description":"Identity not found"}'.</GCLOG>
<GCLOG>[2021-03-04 05:47:38.276] [PID 12908] [TID 10236] [TELEMETRY Timer Manager] [INFO] [c5cc9d69-6b79-485e-b317-d45b0d7c27bd] Run gc check_worker_process timer Worker_Status</GCLOG>


I have Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity

Please help me resolve this error.

Thank you

azure-virtual-machinesazure-policyazure-managed-identity
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@SnehaSalunke-2171
Thank you for your post and I apologize for the delayed response!

  • For the "Windows web servers...", you resolved it by enabling protocols in the registry settings. Was your environment working prior to enabling those protocols?

  • Can you "disable" those protocols to see if you're still receiving the 400 error - "invalid_request","error_description":"Identity not found"?

  • What protocol was it that you disabled? And was this on an Azure VM?

  • Where were you seeing the "Windows web servers... Secure communication protocols" message?


Any additional details would be greatly appreciated!

If you have any other questions or would like to work with our support team to resolve this issue, please let me know.
Thank you for your time and patience throughout this issue.

0 Votes 0 ·

@SnehaSalunke-2171
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

0 Votes 0 ·

@SnehaSalunke-2171 just following up to make sure the error has been resolved. Thank you!

0 Votes 0 ·

0 Answers