尝试使用 PowerShell 连接到 Azure 时出现以下错误。该帐户以前可以使用,但不确定发生了什么变化。已为组织启用多重身份验证,但应排除此帐户。这是一个组织帐户;不是微软帐户。我在网上发现了类似的错误,但不是这个特定的问题......
Connect-AzureRmAccount –Credential $Credential -Verbose
VERBOSE: Performing the operation "log in" on target "User account in environment 'AzureCloud'".
Connect-AzureRmAccount : accessing_ws_metadata_exchange_failed: Accessing WS metadata exchange failed: The underlying connection was closed: An unexpected error
occurred on a send.
At line:1 char:1
+ Connect-AzureRmAccount –Credential $Credential -Verbose
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Connect-AzureRmAccount], AadAuthenticationFailedException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand
我启用了调试输出以获取更多信息...
DEBUG: AzureQoSEvent: CommandName - Connect-AzureRmAccount; IsSuccess - False; Duration - 00:00:19.9521148; Exception - Microsoft.Azure.Commands.Common.Authentica
tion.AadAuthenticationFailedException: accessing_ws_metadata_exchange_failed: Accessing WS metadata exchange failed: The underlying connection was closed: An unex
pected error occurred on a send. ---> Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: accessing_ws_metadata_exchange_failed: Accessing WS me
tadata exchange failed ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Una
ble to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existin
g connection was forcibly closed by the remote host
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
--- End of inner exception stack trace ---
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpWebRequestWrapper.<GetResponseSyncOrAsync>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Clients.ActiveDirectory.MexParser.<FetchMexAsync>d__4.MoveNext()
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask[T](Task`1 task)
at Microsoft.Azure.Commands.Common.Authentication.UserTokenProvider.DoAcquireToken(AdalConfiguration config, PromptBehavior promptBehavior, Action`1 promptActi
on, String userId, SecureString password)
at Microsoft.Azure.Commands.Common.Authentication.UserTokenProvider.SafeAquireToken(AdalConfiguration config, String showDialog, Action`1 promptAction, String
userId, SecureString password, Exception& ex)
--- End of inner exception stack trace ---
at Microsoft.Azure.Commands.Common.Authentication.UserTokenProvider.AcquireToken(AdalConfiguration config, String promptBehavior, Action`1 promptAction, String
userId, SecureString password)
at Microsoft.Azure.Commands.Common.Authentication.UserTokenProvider.GetAccessToken(AdalConfiguration config, String promptBehavior, Action`1 promptAction, Stri
ng userId, SecureString password, String credentialType)
at Microsoft.Azure.Commands.Common.Authentication.Factories.AuthenticationFactory.Authenticate(IAzureAccount account, IAzureEnvironment environment, String ten
ant, SecureString password, String promptBehavior, Action`1 promptAction, IAzureTokenCache tokenCache, String resourceId)
at Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient.AcquireAccessToken(IAzureAccount account, IAzureEnvironment environment, String tenantId, Se
cureString password, String promptBehavior, Action`1 promptAction)
at Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient.ListAccountTenants(IAzureAccount account, IAzureEnvironment environment, SecureString passwo
rd, String promptBehavior, Action`1 promptAction)
at Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient.Login(IAzureAccount account, IAzureEnvironment environment, String tenantId, String subscrip
tionId, String subscriptionName, SecureString password, Boolean skipValidation, Action`1 promptAction, String name)
at Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand.<>c__DisplayClass83_0.<ExecuteCmdlet>b__0(AzureRmProfile localProfile, RMProfileClient profile
Client, String name)
at Microsoft.Azure.Commands.Profile.Common.AzureContextModificationCmdlet.ModifyContext(Action`2 contextAction)
at Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand.SetContextWithOverwritePrompt(Action`3 setContextAction)
at Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand.ExecuteCmdlet()
at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord();
DEBUG: Finish sending metric.
DEBUG: 11:22:02 AM - ConnectAzureRmAccountCommand end processing.
DEBUG: 11:22:02 AM - ConnectAzureRmAccountCommand end processing.
最佳答案
问题是 Connect-AzureRMAccount cmdlet 默认使用 TLS 1.0。 Centrify 禁用了 TLS 1.0 支持,这导致身份验证尝试关闭连接。通过将以下内容添加到 PowerShell 脚本以强制使用 TLS 1.2 安全协议(protocol),该问题得到解决:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
关于powershell - 连接-AzureRmAccount : accessing_ws_metadata_exchange_failed,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/51331071/