Comments (19)
So the issue with the renew action failing has been fixed in #3647 - merged to main and will be in the next release.
And the nexus issues are being tracked here - #3642
I'm going to close this so we can keep conversation consolidated.
from azuretre.
The error:
The user or administrator has not consented to use the application with ID '*********************************' named 'tre-ws-f4eb'. Send an interactive authorization request for this user and resource.
Suggest the user has not accessed the TRE workspace portal or the application registration has been incorrectly provisioned.
Can you confirm the user in question can access the workspace portal, and no pop ups appear or are blocked to request consent?
If that seems ok, post a screen shot of the API permissions for the tre-ws-f4eb
application registration.
from azuretre.
Hi Marcus. It's all users including me as the Admin.
I have spun up Linux and WIndows fine and can still connect to the ones i've already created
I can connect to new windows too but not new linux
We have rerun the build pipeline too trying to see if anything has changed but it had no effect on the symptoms
from azuretre.
Thats users in the Enterprise App, can you get API permissions in the app registration. Thanks.
from azuretre.
from azuretre.
Can you confirm you see the error ` The user or administrator has not consented to use the application with ID '*********************************' named 'tre-ws-f4eb'. each time?
There is no reason it would work for some VMs and not others, are you 100% sure that is the case. Can you provide the logs before that error?
from azuretre.
ok i will connect to a working VM in the WS and then a failing WS, then capture the logs. bear with me
from azuretre.
Logs sent over privately
from azuretre.
Can you check the cloud init logs on the failing VM? The logs show:
RDP server closed/refused connection: Server refused connection (wrong security type?)
Which makes me think RDP hasn't configured correctly. Recommend using a prebaked image with everything configured to remove the risk of these transient issues.
from azuretre.
these VM's where built using the out of the box images.
Looks like it there are failures around nexus in the logs
Could not connect to nexus-tre.uksouth.cloudapp.azure.com:443 (10.67.160.24). - connect (111: Connection refused)
I've checked and nexus is running on that IP too
from azuretre.
So from a working VM i can browser to the Nexus server and telnet on port 80
From a failing server, i have logged in via bastion and can connect with telnet on port 80 too
from azuretre.
from looking at the logs of both servers it seems to go wrong here
Cloud-init v. 22.2-0ubuntu1~18.04.2 running 'modules:config' at Fri, 28 Jul 2023 14:02:26 +0000. Up 570.95 seconds.
2023-07-28 14:02:26,223 - modules.py[WARNING]: Could not find module named cc_emit_upstart (searched ['cc_emit_upstart', 'cloudinit.config.cc_emit_upstart'])
curl: (7) Failed to connect to nexus-tre.uksouth.cloudapp.azure.com port 443: Connection refused
gpg: no valid OpenPGP data found.
Err:1 https://nexus-tre.uksouth.cloudapp.azure.com/repository/ubuntu bionic InRelease
Could not connect to nexus-tre.uksouth.cloudapp.azure.com:443 (10.67.160.24). - connect (111: Connection refused)
i wonder if this is an issue with the nexus ssl certs ?
from azuretre.
Looks like could be SSL cert issue. Strange that previous Linux VMs worked though.
What do you get at https://nexus-tre.uksouth.cloudapp.azure.com ? Is the certificate valid?
from azuretre.
no the certificate is not valid. However, its been like this since day one of this environment?
from azuretre.
I doubt it will have ever worked if always been like this.
Can you confirm the certs service is installed and the certificate name, along with the certificate name specified in the nexus deployment, and that the two match? Again worth checking the nexus cloud init logs.
Full details can be found here - https://microsoft.github.io/AzureTRE/v0.12.0/tre-templates/shared-services/nexus/
from azuretre.
we have 2 environments currently. both with the same cert message but only this one has started failing. I am still deploying successfully into the other environment fine this morning.
I will look deeper into the nexus service and get back to you.
from azuretre.
from azuretre.
looks like the certificate expired
from azuretre.
There is a renew action in the UI for Cert Service - https://microsoft.github.io/AzureTRE/v0.12.0/tre-templates/shared-services/nexus/#renewing-certificates-for-nexus
from azuretre.
Related Issues (20)
- Release v0.16.0 HOT 9
- MySQL: There is no (longer a?) 6 GB memory option HOT 4
- Delete of in-progress container is triggered twice HOT 1
- Security updates November 2023
- bundle-build target doesn't work without setting DOCKER_CONTEXT=default for porter HOT 3
- building Docker images which require pip to install psutils fails unless gcc is installed HOT 7
- Inconsistent versions of AZ CLI installed in porter.yaml within templates. HOT 1
- File ownership error building TRE CLI in devcontainer HOT 5
- Show TRE version & deployment time in UI status bar HOT 16
- Azure Open AI deployability as a workspace service within Azure TRE HOT 7
- Unable to connect to Linux VM through Guacamole HOT 9
- Getting Airlock SAS URL into workspace VM HOT 2
- If Guacamole fails on install, upgrade does not recreate firewall rules.
- module.airlock_resources.azurerm_service_plan.airlock_plan can take over 30 minutes to deploy HOT 2
- Workspace service link s not working in left nav
- Connect button shows when no connection uri
- guac linuxvm status: "deployment failed" on install in workspace after upgrading bundle w/ make user_resource_bundle locally HOT 23
- Cannot upgrade user reources
- Granular Role Permissions HOT 9
- Error when creating an Airlock Workspace HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from azuretre.