Trying to link azure log analytics with AKS

Karthick G 101 Reputation points
2020-12-07T11:36:43.957+00:00

am trying to enable log analytics for aks instance through portal it throws an error saying try to enable using Azure CLI. I am trying to enable using below command

az aks enable-addons -a monitoring -n ExistingManagedCluster -g ExistingManagedClusterRG --workspace-resource-id "/subscriptions/<SubscriptionId>/resourceGroups/<ResourceGroupName>/providers/Microsoft.OperationalInsights/workspaces/<WorkspaceName>"

it throws below error

BadRequestError: Operation failed with status: 'Bad Request'. Details: The credentials in ServicePrincipalProfile were invalid. Please see https://aka.ms/aks-sp-help for more details. (Details: adal: Refresh request failed. Status Code = '401'. Response body: {"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret is provided.\r\nTrace ID: 857b8676-01c5-44f6-9c72-71db9409b200\r\nCorrelation ID: 878c230a-ba07-4265-891f-ecd8299583cd\r\nTimestamp: 2020-12-07 11:15:02Z","error_codes":[7000215],"timestamp":"2020-12-07 11:15:02Z","trace_id":"857b8676-01c5-44f6-9c72-71db9409b200","correlation_id":"878c230a-ba07-4265-891f-ecd8299583cd","error_uri":"https://login.microsoftonline.com/error?code=7000215"})

Azure Data Explorer
Azure Data Explorer
An Azure data analytics service for real-time analysis on large volumes of data streaming from sources including applications, websites, and internet of things devices.
502 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,961 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. shiva patpi 13,161 Reputation points Microsoft Employee
    2020-12-07T18:25:04.777+00:00

    Hello @Karthick G ,
    It seems this is due to Invalid Service Principle Credentials.
    As per the error code

    • Error Code 7000215
    • Message Invalid client secret is provided.
    • i.e. Attempting to sign in without the necessary or correct authentication parameters.

    Normally SP creds will be valid for 1 year , try to check the age of the SP creds using below command:
    ls -la $HOME/.azure/aksServicePrincipal.json (you can use portal az cli to run that command)

    You can also update/reset the existing SP creds
    https://video2.skills-academy.com/en-us/azure/aks/update-credentials
    https://video2.skills-academy.com/en-us/azure/aks/kubernetes-service-principal

    Hope that helps!

  2. aravindan 1 Reputation point
    2020-12-16T09:29:37.307+00:00

    Hi Team,
    I'm getting same issue while try to enable log analytics with AKS.

    BadRequestError: Operation failed with status: 'Bad Request'. Details: The credentials in ServicePrincipalProfile were invalid. Please see https://aka.ms/aks-sp-help for more details. (Details: adal: Refresh request failed. Status Code = '401'. Response body: {"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret is provided.\r\nTrace ID: e3a68bd1-420f-406b-a86f-98471e252f00\r\nCorrelation ID: 37ec14bf-ed67-4687-8f42-5fc4c86bcbce\r\nTimestamp: 2020-12-16 09:12:29Z","error_codes":[7000215],"timestamp":"2020-12-16 09:12:29Z","trace_id":"e3a68bd1-420f-406b-a86f-98471e252f00","correlation_id":"37ec14bf-ed67-4687-8f42-5fc4c86bcbce","error_uri":"https://login.microsoftonline.com/error?code=7000215"})

    SP have validity upto 9999
    48732-image.png

    Any Clue?

    Thanks
    ARavindan

    0 comments