|
| 1 | +--- |
| 2 | +title: Troubleshoot Azure Automation managed identity issues (preview) |
| 3 | +description: This article tells how to troubleshoot and resolve issues when using a managed identity with an Automation account. |
| 4 | +services: automation |
| 5 | +ms.subservice: |
| 6 | +ms.date: 04/28/2021 |
| 7 | +ms.author: v-dturcaso |
| 8 | +ms.topic: troubleshooting |
| 9 | +--- |
| 10 | + |
| 11 | +# Troubleshoot Azure Automation managed identity issues (preview) |
| 12 | + |
| 13 | +This article discusses solutions to problems that you might encounter when you use a managed identity with your Automation account. For general information about using managed identity with Automation accounts, see [Azure Automation account authentication overview](../automation-security-overview.md#managed-identities-preview). |
| 14 | + |
| 15 | +## Scenario: Attempt to use managed identity with Automation account fails |
| 16 | + |
| 17 | +### Issue |
| 18 | + |
| 19 | +When you try to work with managed identities in your Automation account, you encounter an error like this: |
| 20 | + |
| 21 | +```error |
| 22 | +Connect-AzureRMAccount : An error occurred while sending the request. At line:2 char:1 + Connect-AzureRMAccount -Identity + |
| 23 | +CategoryInfo : CloseError: (:) [Connect-AzureRmAccount], HttpRequestException + FullyQualifiedErrorId : Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand |
| 24 | +``` |
| 25 | + |
| 26 | +### Cause |
| 27 | + |
| 28 | +The most common cause for this is that you didn't enable the identity before trying to use it. To verify this, run the following PowerShell runbook in the affected Automation account. |
| 29 | + |
| 30 | +```powershell |
| 31 | +resource= "?resource=https://management.azure.com/" |
| 32 | +$url = $env:IDENTITY_ENDPOINT + $resource |
| 33 | +$Headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]" |
| 34 | +$Headers.Add("X-IDENTITY-HEADER", $env:IDENTITY_HEADER) |
| 35 | +$Headers.Add("Metadata", "True") |
| 36 | +
|
| 37 | +try |
| 38 | +{ |
| 39 | + $Response = Invoke-RestMethod -Uri $url -Method 'GET' -Headers $Headers |
| 40 | +} |
| 41 | +catch |
| 42 | +{ |
| 43 | + $StatusCode = $_.Exception.Response.StatusCode.value__ |
| 44 | + $stream = $_.Exception.Response.GetResponseStream() |
| 45 | + $reader = New-Object System.IO.StreamReader($stream) |
| 46 | + $responseBody = $reader.ReadToEnd() |
| 47 | + |
| 48 | + Write-Output "Request Failed with Status: $StatusCode, Message: $responseBody" |
| 49 | +} |
| 50 | +``` |
| 51 | + |
| 52 | +If the issue is that you didn't enable the identity before trying to use it, you should see a result similar to this: |
| 53 | + |
| 54 | +`Request Failed with Status: 400, Message: {"Message":"No managed identity was found for Automation account xxxxxxxxxxxx"}` |
| 55 | + |
| 56 | +### Resolution |
| 57 | + |
| 58 | +You must enable an identity for your Automation account before you can use the managed identity service. See [Enable a managed identity for your Azure Automation account (preview)](../enable-managed-identity-for-automation.md) |
| 59 | + |
| 60 | +## Next steps |
| 61 | + |
| 62 | +If this article doesn't resolve your issue, try one of the following channels for additional support: |
| 63 | + |
| 64 | +* Get answers from Azure experts through [Azure Forums](https://azure.microsoft.com/support/forums/). |
| 65 | +* Connect with [@AzureSupport](https://twitter.com/azuresupport). This is the official Microsoft Azure account for connecting the Azure community to the right resources: answers, support, and experts. |
| 66 | +* File an Azure support incident. Go to the [Azure support site](https://azure.microsoft.com/support/options/), and select **Get Support**. |
0 commit comments