Learner Authorization Failed

[ahmedelfaleh]

Describe the bug

I am a learner, I am in this exercise - Create an Azure virtual machine.
Of course I need sandbox, but when try to run the command I am being asked to login.
After logging I face the issue.

Related command

azureuser [ ~ ]$ az login
Cloud Shell is automatically authenticated under the initial account signed-in with. Run 'az login' only if you need to use a different account
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code IS9Z96K5T to authenticate.

Retrieving tenants and subscriptions for the selection...

[Tenant and subscription selection]

No Subscription name Subscription ID Tenant

---

[1] * Concierge Subscription 66934742-a2f4-4f94-ad7b-07a47d83d2bc Microsoft Learn Sandbox

The default is marked with an *; the default tenant is 'Microsoft Learn Sandbox' and subscription is 'Concierge Subscription' (66934742-a2f4-4f94-ad7b-07a47d83d2bc).

Select a subscription and tenant (Type a number or Enter for no changes):

Tenant: Microsoft Learn Sandbox
Subscription: Concierge Subscription (66934742-a2f4-4f94-ad7b-07a47d83d2bc)

[Announcements]
With the new Azure CLI login experience, you can select the subscription you want to use more easily. Learn more about it and its configuration at https://go.microsoft.com/fwlink/?linkid=2271236

If you encounter any problem, please open an issue at https://aka.ms/azclibug

[Warning] The login output has been updated. Please be aware that it no longer displays the full list of available subscriptions by default.

az vm create --resource-group "[sandbox resource group
name]" --name my-vm --public-ip-sku Standard --image Ubuntu2204 --admi
n-username azureuser --generate-ssh-keys

Errors

(AuthorizationFailed) The client 'live.com#ahmed.elfleh.1@gmail.com' with object id 'c8d01479-2dd7-42f0-8c1a-b2e57d5ccadd' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/66934742-a2f4-4f94-ad7b-07a47d83d2bc/resourcegroups/[sandbox resource group name]' or the scope is invalid. If access was recently granted, please refresh your credentials.
Code: AuthorizationFailed
Message: The client 'live.com#ahmed.elfleh.1@gmail.com' with object id 'c8d01479-2dd7-42f0-8c1a-b2e57d5ccadd' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/66934742-a2f4-4f94-ad7b-07a47d83d2bc/resourcegroups/[sandbox resource group name]' or the scope is invalid. If access was recently granted, please refresh your credentials.

Issue script & Debug output

az login --debug
cli.knack.cli: Command arguments: ['login', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x7f03d6c9c1f0>, <function OutputProducer.on_global_arguments at 0x7f03d6b5db80>, <function CLIQuery.on_global_arguments at 0x7f03d6af7160>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'login': ['azure.cli.command_modules.profile']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: profile 0.002 2 8
cli.azure.cli.core: Total (1) 0.002 2 8
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name Load Time Groups Commands Directory
cli.azure.cli.core: ai-examples 0.115 1 1 /usr/lib/python3.9/site-packages/azure-cli-extensions/ai-examples
cli.azure.cli.core: Total (1) 0.115 1 1
cli.azure.cli.core: Loaded 3 groups, 9 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : login
cli.azure.cli.core: Command table: login
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x7f03d5f54790>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/home/azureuser/.azure/commands/2024-10-20.05-06-37.login.1751.log'.
az_command_data_logger: command args: login --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x7f03d5f7e4c0>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x7f03d5f244c0>, <function register_cache_arguments..add_cache_arguments at 0x7f03d5f403a0>, <function register_upcoming_breaking_change_info..update_breaking_change_info at 0x7f03d5f40430>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x7f03d6b5dc10>, <function CLIQuery.handle_query_parameter at 0x7f03d6af71f0>, <function register_ids_argument..parse_ids_arguments at 0x7f03d5f40310>]
cli.azure.cli.command_modules.profile.custom: Cloud Shell is automatically authenticated under the initial account signed-in with. Run 'az login' only if you need to use a different account
cli.azure.cli.core._profile: No web browser is available. Fall back to device code.
cli.azure.cli.core.auth.persistence: build_persistence: location='/home/azureuser/.azure/msal_token_cache.json', encrypt=False
cli.azure.cli.core.auth.binary_cache: load: /home/azureuser/.azure/msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/organizations
msal.authority: openid_config("https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/organizations/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/organizations/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/{tenantid}/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/organizations/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/organizations/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/organizations/kerberos', 'tenant_region_scope': None, 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? None
urllib3.connectionpool: Starting new HTTPS connection (1): login.microsoftonline.com:443
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/devicecode HTTP/1.1" 200 473
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code IND76DC73 to authenticate.
msal.telemetry: Generate or reuse correlation_id: cc097ae6-fdb2-4cc4-af9f-24a6c0da6700
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 501
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 501
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 501
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 501
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 501
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 400 501
urllib3.connectionpool: https://login.microsoftonline.com:443 "POST /organizations/oauth2/v2.0/token HTTP/1.1" 200 5147
msal.token_cache: event={
"client_id": "04b07795-8ddb-461a-bbee-02f9e1bf7b46",
"data": {
"claims": "{"access_token": {"xms_cc": {"values": ["CP1"]}}}",
"client_id": "04b07795-8ddb-461a-bbee-02f9e1bf7b46",
"code": "IAQABIQEAAADW6jl31mB3T7ugrWTT8pFe0iCuvgFf9J2pAEv9wHZOBE-peM54BEJ26a0GHF-f2MFl4-TsZd1-LCBS-g6CqTs89XsrBl5LgTJ7i5L31NkncebHswsUymdIrtWtm9omfRZeK0nuCX19iGQpkeafkjc7bbkst8qGGgJM3zZiGYDcDrGtU6xkDwyEKtjHS_9CBCggAA",
"device_code": "IAQABIQEAAADW6jl31mB3T7ugrWTT8pFe0iCuvgFf9J2pAEv9wHZOBE-peM54BEJ26a0GHF-f2MFl4-TsZd1-LCBS-g6CqTs89XsrBl5LgTJ7i5L31NkncebHswsUymdIrtWtm9omfRZeK0nuCX19iGQpkeafkjc7bbkst8qGGgJM3zZiGYDcDrGtU6xkDwyEKtjHS_9CBCggAA"
},
"environment": "login.microsoftonline.com",
"grant_type": "urn:ietf:params:oauth:grant-type:device_code",
"params": null,
"response": {
"access_token": "",
"client_info": "eyJ1aWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtZThhZS0xNDczNGQzMWYyMDYiLCJ1dGlkIjoiOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkIn0",
"expires_in": 5088,
"ext_expires_in": 5088,
"foci": "1",
"id_token": "",
"refresh_token": "********",
"scope": "https://management.core.windows.net//user_impersonation https://management.core.windows.net//.default",
"token_type": "Bearer"
},
"scope": [
"https://management.core.windows.net//user_impersonation",
"https://management.core.windows.net//.default"
],
"token_endpoint": "https://login.microsoftonline.com/organizations/oauth2/v2.0/token"
}

Retrieving tenants and subscriptions for the selection...
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/organizations
msal.authority: openid_config("https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/organizations/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/organizations/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/{tenantid}/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/organizations/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/organizations/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/organizations/kerberos', 'tenant_region_scope': None, 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? None
cli.azure.cli.core.auth.msal_credentials: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 1a7f9483-cc3c-4214-93ab-a9ee079b36f5
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/tenants?api-version=2022-12-01'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '15856ab6-8ea1-11ef-a32f-00155dda70d2'
cli.azure.cli.core.sdk.policies: 'CommandName': 'login'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.65.0 (RPM) azsdk-python-core/1.28.0 Python/3.9.19 (Linux-5.10.102.2-microsoft-standard-x86_64-with-glibc2.35) cloud-shell/1.0'
cli.azure.cli.core.sdk.policies: 'Authorization': ''
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /tenants?api-version=2022-12-01 HTTP/1.1" 200 334
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '334'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-tenant-reads': '2199'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': 'ed1c5515-8c2e-48d9-b15c-061110009401'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': 'ed1c5515-8c2e-48d9-b15c-061110009401'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'WESTINDIA:20241020T050709Z:ed1c5515-8c2e-48d9-b15c-061110009401'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 8EB2263F16BA488E8C6283D1A6C4FC83 Ref B: MAA201060516045 Ref C: 2024-10-20T05:07:09Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Sun, 20 Oct 2024 05:07:09 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"value":[{"id":"/tenants/604c1504-c6a3-4080-81aa-b33091104187","tenantId":"604c1504-c6a3-4080-81aa-b33091104187","countryCode":"US","displayName":"Microsoft Learn Sandbox","domains":["triplecrownlabs.onmicrosoft.com","learn.docs.microsoft.com"],"tenantCategory":"Home","defaultDomain":"learn.docs.microsoft.com","tenantType":"AAD"}]}
cli.azure.cli.core._profile: Finding subscriptions under tenant 604c1504-c6a3-4080-81aa-b33091104187 'Microsoft Learn Sandbox'
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187
msal.authority: openid_config("https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/kerberos', 'tenant_region_scope': 'NA', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? None
cli.azure.cli.core.auth.msal_credentials: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 245964f9-a3e6-4993-bdf0-c44b5a1af4d4
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions?api-version=2022-12-01'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '15856ab6-8ea1-11ef-a32f-00155dda70d2'
cli.azure.cli.core.sdk.policies: 'CommandName': 'login'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.65.0 (RPM) azsdk-python-core/1.28.0 Python/3.9.19 (Linux-5.10.102.2-microsoft-standard-x86_64-with-glibc2.35) cloud-shell/1.0'
cli.azure.cli.core.sdk.policies: 'Authorization': ''
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions?api-version=2022-12-01 HTTP/1.1" 200 448
cli.azure.cli.core.sdk.policies: Response status: 200
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '448'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-tenant-reads': '249'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': 'e7182464-51a3-4695-a2fe-83939372b9d0'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': 'e7182464-51a3-4695-a2fe-83939372b9d0'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'WESTINDIA:20241020T050709Z:e7182464-51a3-4695-a2fe-83939372b9d0'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 1AEB5270782742A2A1396D703F405861 Ref B: MAA201060514027 Ref C: 2024-10-20T05:07:09Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Sun, 20 Oct 2024 05:07:09 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"value":[{"id":"/subscriptions/66934742-a2f4-4f94-ad7b-07a47d83d2bc","authorizationSource":"RoleBased","managedByTenants":[],"subscriptionId":"66934742-a2f4-4f94-ad7b-07a47d83d2bc","tenantId":"604c1504-c6a3-4080-81aa-b33091104187","displayName":"Concierge Subscription","state":"Enabled","subscriptionPolicies":{"locationPlacementId":"Public_2014-09-01","quotaId":"Sponsored_2016-01-01","spendingLimit":"Off"}}],"count":{"type":"Total","value":1}}

[Tenant and subscription selection]

No Subscription name Subscription ID Tenant

---

[1] * Concierge Subscription 66934742-a2f4-4f94-ad7b-07a47d83d2bc Microsoft Learn Sandbox

The default is marked with an *; the default tenant is 'Microsoft Learn Sandbox' and subscription is 'Concierge Subscription' (66934742-a2f4-4f94-ad7b-07a47d83d2bc).

Select a subscription and tenant (Type a number or Enter for no changes):

Tenant: Microsoft Learn Sandbox
Subscription: Concierge Subscription (66934742-a2f4-4f94-ad7b-07a47d83d2bc)

[Announcements]
With the new Azure CLI login experience, you can select the subscription you want to use more easily. Learn more about it and its configuration at https://go.microsoft.com/fwlink/?linkid=2271236

If you encounter any problem, please open an issue at https://aka.ms/azclibug

cli.azure.cli.command_modules.profile.custom: [Warning] The login output has been updated. Please be aware that it no longer displays the full list of available subscriptions by default.

cli.knack.cli: Event: CommandInvoker.OnTransformResult [<function _resource_group_transform at 0x7f03d5f1e790>, <function _x509_from_base64_to_hex_transform at 0x7f03d5f1e820>]
cli.knack.cli: Event: CommandInvoker.OnFilterResult []
cli.knack.cli: Event: Cli.SuccessfulExecute []
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x7f03d5f549d0>]
az_command_data_logger: exit code: 0
cli.main: Command ran in 35.532 seconds (init: 0.115, invoke: 35.416)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 3887 in cache file under /home/azureuser/.azure/telemetry/20241020050712811
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "/usr/bin/python3.9 /usr/lib/az/lib/python3.9/site-packages/azure/cli/telemetry/init.py /home/azureuser/.azure /home/azureuser/.azure/telemetry/20241020050712811"
telemetry.process: Return from creating process 1773
telemetry.main: Finish creating telemetry upload process.
===========++++++++++++++===============+++++++++++++++++++
az vm create --resource-group "[sandbox resource group name]" --name my-vm --public-ip-sku Standard --image Ubuntu2204 --admin-username azureuser --generate-ssh-keys --debug
cli.knack.cli: Command arguments: ['vm', 'create', '--resource-group', '[sandbox resource group name]', '--name', 'my-vm', '--public-ip-sku', 'Standard', '--image', 'Ubuntu2204', '--admin-username', 'azureuser', '--generate-ssh-keys', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x7f29d2e391f0>, <function OutputProducer.on_global_arguments at 0x7f29d2cfab80>, <function CLIQuery.on_global_arguments at 0x7f29d2c94160>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'vm': ['azure.cli.command_modules.vm']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: vm 0.198 58 247
cli.azure.cli.core: Total (1) 0.198 58 247
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name Load Time Groups Commands Directory
cli.azure.cli.core: ai-examples 0.054 1 1 /usr/lib/python3.9/site-packages/azure-cli-extensions/ai-examples
cli.azure.cli.core: Total (1) 0.054 1 1
cli.azure.cli.core: Loaded 59 groups, 248 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : vm create
cli.azure.cli.core: Command table: vm create
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x7f29d20f1790>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/home/azureuser/.azure/commands/2024-10-20.05-04-37.vm_create.1681.log'.
az_command_data_logger: command args: vm create --resource-group {} --name {} --public-ip-sku {} --image {} --admin-username {} --generate-ssh-keys --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x7f29d211b4c0>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x7f29d20c04c0>, <function register_cache_arguments..add_cache_arguments at 0x7f29d20de3a0>, <function register_upcoming_breaking_change_info..update_breaking_change_info at 0x7f29d20de430>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x7f29d2cfac10>, <function CLIQuery.handle_query_parameter at 0x7f29d2c941f0>, <function register_ids_argument..parse_ids_arguments at 0x7f29d20de310>]
cli.azure.cli.core.commands.client_factory: Getting management service client client_type=ResourceManagementClient
cli.azure.cli.core.auth.persistence: build_persistence: location='/home/azureuser/.azure/msal_token_cache.json', encrypt=False
cli.azure.cli.core.auth.binary_cache: load: /home/azureuser/.azure/msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187
msal.authority: openid_config("https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/604c1504-c6a3-4080-81aa-b33091104187/kerberos', 'tenant_region_scope': 'NA', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? None
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
cli.azure.cli.core.auth.msal_credentials: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 73832af0-48c7-4b2c-8216-f7d1f7adb808
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/66934742-a2f4-4f94-ad7b-07a47d83d2bc/resourcegroups/%5Bsandbox%20resource%20group%20name%5D?api-version=2022-09-01'
cli.azure.cli.core.sdk.policies: Request method: 'GET'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': 'cdca527c-8ea0-11ef-9496-00155dda70d2'
cli.azure.cli.core.sdk.policies: 'CommandName': 'vm create'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--resource-group --name --public-ip-sku --image --admin-username --generate-ssh-keys --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.65.0 (RPM) azsdk-python-core/1.28.0 Python/3.9.19 (Linux-5.10.102.2-microsoft-standard-x86_64-with-glibc2.35) cloud-shell/1.0'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: This request has no body
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/66934742-a2f4-4f94-ad7b-07a47d83d2bc/resourcegroups/%5Bsandbox%20resource%20group%20name%5D?api-version=2022-09-01 HTTP/1.1" 403 455
cli.azure.cli.core.sdk.policies: Response status: 403
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '455'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'x-ms-failure-cause': 'gateway'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '8f6ff0ba-4342-4487-8e95-1cb1e64c835e'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': '8f6ff0ba-4342-4487-8e95-1cb1e64c835e'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'CENTRALINDIA:20241020T050437Z:8f6ff0ba-4342-4487-8e95-1cb1e64c835e'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE'
cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 7B30900C5B7A449EBC04B44C3C4A5523 Ref B: MAA201060514027 Ref C: 2024-10-20T05:04:37Z'
cli.azure.cli.core.sdk.policies: 'Date': 'Sun, 20 Oct 2024 05:04:37 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"error":{"code":"AuthorizationFailed","message":"The client 'live.com#ahmed.elfleh.1@gmail.com' with object id 'c8d01479-2dd7-42f0-8c1a-b2e57d5ccadd' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/66934742-a2f4-4f94-ad7b-07a47d83d2bc/resourcegroups/[sandbox resource group name]' or the scope is invalid. If access was recently granted, please refresh your credentials."}}
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "/usr/lib64/az/lib/python3.9/site-packages/knack/invocation.py", line 111, in _validation
self._validate_cmd_level(parsed_ns, cmd_validator)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/init.py", line 911, in _validate_cmd_level
cmd_validator(**self._build_kwargs(cmd_validator, ns))
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/command_modules/vm/_validators.py", line 1519, in process_vm_create_namespace
_validate_location(cmd, namespace, namespace.zone, namespace.size)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/command_modules/vm/_validators.py", line 362, in _validate_location
get_default_location_from_resource_group(cmd, namespace)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/validators.py", line 81, in get_default_location_from_resource_group
rg = resource_client.resource_groups.get(namespace.resource_group_name)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/core/tracing/decorator.py", line 76, in wrapper_use_tracer
return func(*args, **kwargs)
File "/usr/lib64/az/lib/python3.9/site-packages/azure/mgmt/resource/resources/v2022_09_01/operations/_operations.py", line 10756, in get
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
azure.core.exceptions.HttpResponseError: (AuthorizationFailed) The client 'live.com#ahmed.elfleh.1@gmail.com' with object id 'c8d01479-2dd7-42f0-8c1a-b2e57d5ccadd' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/66934742-a2f4-4f94-ad7b-07a47d83d2bc/resourcegroups/[sandbox resource group name]' or the scope is invalid. If access was recently granted, please refresh your credentials.
Code: AuthorizationFailed
Message: The client 'live.com#ahmed.elfleh.1@gmail.com' with object id 'c8d01479-2dd7-42f0-8c1a-b2e57d5ccadd' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/66934742-a2f4-4f94-ad7b-07a47d83d2bc/resourcegroups/[sandbox resource group name]' or the scope is invalid. If access was recently granted, please refresh your credentials.

cli.azure.cli.core.azclierror: (AuthorizationFailed) The client 'live.com#ahmed.elfleh.1@gmail.com' with object id 'c8d01479-2dd7-42f0-8c1a-b2e57d5ccadd' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/66934742-a2f4-4f94-ad7b-07a47d83d2bc/resourcegroups/[sandbox resource group name]' or the scope is invalid. If access was recently granted, please refresh your credentials.
Code: AuthorizationFailed
Message: The client 'live.com#ahmed.elfleh.1@gmail.com' with object id 'c8d01479-2dd7-42f0-8c1a-b2e57d5ccadd' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/66934742-a2f4-4f94-ad7b-07a47d83d2bc/resourcegroups/[sandbox resource group name]' or the scope is invalid. If access was recently granted, please refresh your credentials.
az_command_data_logger: (AuthorizationFailed) The client 'live.com#ahmed.elfleh.1@gmail.com' with object id 'c8d01479-2dd7-42f0-8c1a-b2e57d5ccadd' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/66934742-a2f4-4f94-ad7b-07a47d83d2bc/resourcegroups/[sandbox resource group name]' or the scope is invalid. If access was recently granted, please refresh your credentials.
Code: AuthorizationFailed
Message: The client 'live.com#ahmed.elfleh.1@gmail.com' with object id 'c8d01479-2dd7-42f0-8c1a-b2e57d5ccadd' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/66934742-a2f4-4f94-ad7b-07a47d83d2bc/resourcegroups/[sandbox resource group name]' or the scope is invalid. If access was recently granted, please refresh your credentials.
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x7f29d20f19d0>]
az_command_data_logger: exit code: 2
cli.main: Command ran in 0.849 seconds (init: 0.115, invoke: 0.734)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 4900 in cache file under /home/azureuser/.azure/telemetry/20241020050437826
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "/usr/bin/python3.9 /usr/lib/az/lib/python3.9/site-packages/azure/cli/telemetry/init.py /home/azureuser/.azure /home/azureuser/.azure/telemetry/20241020050437826"
telemetry.process: Return from creating process 1690
telemetry.main: Finish creating telemetry upload process.

Expected behavior

The VM should be created to complete the exercise.

Environment Summary

azure-cli 2.65.0

core 2.65.0
telemetry 1.1.0

Extensions:
ai-examples 0.2.5
ml 2.30.1
ssh 2.0.5

Dependencies:
msal 1.31.0
azure-mgmt-resource 23.1.1

Python location '/usr/bin/python3.9'
Extensions directory '/home/azureuser/.azure/cliextensions'
Extensions system directory '/usr/lib/python3.9/site-packages/azure-cli-extensions'

Python (Linux) 3.9.19 (main, Aug 23 2024, 00:07:48)
[GCC 11.2.0]

Legal docs and information: aka.ms/AzureCliLegal

Your CLI is up-to-date.

Additional context

No response

[yonzhan]

Thank you for opening this issue, we will look into it.

[github-actions]

Here are some similar issues that might help you. Please check if they can solve your problem.

• Azure Cli - Issue with creating resource #29802