实施 MFA 后管道失败
Pipeline failed after implementing MFA
我在 Azure 数据工厂中创建了一些管道,它们将数据从 Blob 存储(Excel 文件)传输和修改到 Azure SQL。他们休息了大约 2 个月,公司已经在整个 Azure Active Directory 上实施了 MFA。
之后,当我尝试 运行 管道时,我只有“失败状态”。对于每个管道,错误都是相同的。它们看起来像这样:
对目标数据流 1 的操作失败:{"StatusCode":"DFExecutorUserError","Message":"Job failed due to reason: java.lang.Exception: fail to reach https://we.frontend.clouddatahub.net/subscriptions/aa2d32bf-f0d0-4656-807b-7e929da73853/entities/99264214-3071-4faa-87c2-32d9dec7e5a4/identities/00000000-0000-0000-0000-000000000000/token?api-version=2.0 with status code:403, payload:{"error":{"code":"ManagedIdentityInvalidCredential","message":"Acquire MI token from AAD failed. ErrorCode: invalid_client, Message: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS700027: Client assertion failed signature validation.\r\nTrace ID: 4eef805e-a0ca-494e-bcc2-c01cd755f400\r\nCorrelation ID: f313ba30-9455-4065-90ab-a0fe28dadc99\r\nTimestamp: 2022-02-21 13:11:56Z","details":[],"additionalInfo":[]}}, CorrelationId:171b73ff-5721-45e5-bf95-2b29dc4dd1b4, RunId:887b22ec-6cae-42d3-9580-b93a98800b3c","Details":"java.lang.Exception: fail to reach https://we.frontend.clouddatahub.net/subscriptions/aa2d32bf-f0d0-4656-807b-7e929da73853/entities/99264214-3071-4faa-87c2-32d9dec7e5a4/identities/00000000-0000-0000-0000-000000000000/token?api-version=2.0 with status code:403, payload:{"error":{"code":"ManagedIdentityInvalidCredential","message":"Acquire MI token from AAD failed. ErrorCode: invalid_client, Message: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client 了解详情。原始异常:AADSTS700027:客户端断言签名验证失败。\r\nTrace ID:4eef805e-a0ca-494e-bcc2-c01cd755f400\r\nCorrelation ID:f313ba30-9455-4065-90ab-a0fe28dadc99\r\nTimestamp:2022-02-21 13:11:56Z","详细信息" :[],"additionalInfo":[]}}, CorrelationId:171b73ff-5721-45e5-bf95-2b29dc4dd1b4, RunId:887b22ec-6cae-42d3-9580-b93a98800b3c\n\tat com.microsoft.datafactory.dat"}
有什么方法可以在不停用 MFA 的情况下避免此错误?
感谢David Browne - Microsoft提出的宝贵建议。将您的建议作为答案发布以帮助其他社区成员。
Use either of Managed identity
or Provision a Service principle
for authentication. Switch the Authentication to SQL Auth for SQL Server
and SAS/Account Key auth for Azure Storage
.
我在 Azure 数据工厂中创建了一些管道,它们将数据从 Blob 存储(Excel 文件)传输和修改到 Azure SQL。他们休息了大约 2 个月,公司已经在整个 Azure Active Directory 上实施了 MFA。
之后,当我尝试 运行 管道时,我只有“失败状态”。对于每个管道,错误都是相同的。它们看起来像这样:
对目标数据流 1 的操作失败:{"StatusCode":"DFExecutorUserError","Message":"Job failed due to reason: java.lang.Exception: fail to reach https://we.frontend.clouddatahub.net/subscriptions/aa2d32bf-f0d0-4656-807b-7e929da73853/entities/99264214-3071-4faa-87c2-32d9dec7e5a4/identities/00000000-0000-0000-0000-000000000000/token?api-version=2.0 with status code:403, payload:{"error":{"code":"ManagedIdentityInvalidCredential","message":"Acquire MI token from AAD failed. ErrorCode: invalid_client, Message: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS700027: Client assertion failed signature validation.\r\nTrace ID: 4eef805e-a0ca-494e-bcc2-c01cd755f400\r\nCorrelation ID: f313ba30-9455-4065-90ab-a0fe28dadc99\r\nTimestamp: 2022-02-21 13:11:56Z","details":[],"additionalInfo":[]}}, CorrelationId:171b73ff-5721-45e5-bf95-2b29dc4dd1b4, RunId:887b22ec-6cae-42d3-9580-b93a98800b3c","Details":"java.lang.Exception: fail to reach https://we.frontend.clouddatahub.net/subscriptions/aa2d32bf-f0d0-4656-807b-7e929da73853/entities/99264214-3071-4faa-87c2-32d9dec7e5a4/identities/00000000-0000-0000-0000-000000000000/token?api-version=2.0 with status code:403, payload:{"error":{"code":"ManagedIdentityInvalidCredential","message":"Acquire MI token from AAD failed. ErrorCode: invalid_client, Message: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client 了解详情。原始异常:AADSTS700027:客户端断言签名验证失败。\r\nTrace ID:4eef805e-a0ca-494e-bcc2-c01cd755f400\r\nCorrelation ID:f313ba30-9455-4065-90ab-a0fe28dadc99\r\nTimestamp:2022-02-21 13:11:56Z","详细信息" :[],"additionalInfo":[]}}, CorrelationId:171b73ff-5721-45e5-bf95-2b29dc4dd1b4, RunId:887b22ec-6cae-42d3-9580-b93a98800b3c\n\tat com.microsoft.datafactory.dat"}
有什么方法可以在不停用 MFA 的情况下避免此错误?
感谢David Browne - Microsoft提出的宝贵建议。将您的建议作为答案发布以帮助其他社区成员。
Use either of
Managed identity
orProvision a Service principle
for authentication. Switch the Authentication toSQL Auth for SQL Server
andSAS/Account Key auth for Azure Storage
.