Windows Azure: Authentication error when trying to create credentials

ozz picture ozz · Dec 19, 2011 · Viewed 7.4k times · Source

UPDATE at bottom:

I am trying to upload a test app to Windows Azure for the first time and having problems when creating credentials.

These are the steps I'm following:

I create the credentials and certificate in Visual Studio, and upload the certificate to Azure as follows:

  1. right click Windows Azure Compute in server explorer
  2. Select Add deployment environment
  3. right click "Windows Azure Subscriptions"
  4. Select Manage
  5. Select New
  6. In "Windows Azure Project Management Authentication"
  7. In "Create or select an existing certificate for authentication", select "Create"
  8. Enter friendly name for cert "Test1", click OK
  9. Click "Copy the full path" and browse to "Management Certificates" on the Azure Management Portal
  10. Click "Add Certificate", click browse, paste the the copied path in, click Open, then Ok to create the cert
  11. Back in Visual Studio, copy in the subscription ID
  12. Name the credentials "Test creds"
  13. Click Ok

phew....

and here is where I have the issue..... when I click OK I get an error pop up:

"Windows Azure Connection Error" "Authentication failed. Verify that your credentials are valid or download them again. Debug information: n error (The request was aborted: The request was canceled.) occurred while transmitting data over the HTTP channel. The request was aborted: The request was canceled.

If I try to publish from my Visual Studio solution and create my credentials in a similar fashion to above, the "Windows Azure Publish Sign In" screen also launches the "Windows Azure Project Management Authentication" screen. Following the same steps above 7-13, and I get the following connection error:

"Windows Azure Connection Error" "Authentication failed. Verify that your credentials are valid or download them again. The remote server returned an unexpected response: (502) Proxy Error ( The Web site requires a client certificate, but a client certificate cannot be supplied when HTTPS inspection is applied to the request. ). The remote server returned an error: (502) Bad Gateway.

Long post, apologies for that.... any Azure experts out that can help?

Thanks in advance!

Update After more digging and starting to fully understand the error messages, it turns out that Forefront TMG is getting in the way and the tunneling out to Azure is failing. It doesn't forward on the certificate that is on my machine. Just waitint for IT to resolve this for me (hopefully!)

Update 2 Once IT sorted that out for me (they had to bypass the proxy for various Azure domain/IPs, I had a a further issue: There was no endpoint listening at https://management.core.windows.net/<Subscription_ID>/services/hostedservices that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. Unable to connect to the remote server No connection could be made because the target machine actively refused it 70.37.71.239:443

The IP address at the end there is a US datacenter I believe and IT had to unblock that in our firewall. Once that was done I could deploy from Visual Studio. Hurrah!!

Answer

Mike Potts picture Mike Potts · Dec 19, 2011

Well, I'll start by saying, hang in there! The certs management component is definitely not the most intuitive part of Azure:)

I'm going to recommend that you try doing this manually. My gut is telling me that your certs aren't aligning properly, and while it may look daunting to do it manually, it often ends up being simpler.

I would read this brief overview before you do anything further, then, do the following...

  1. The .cer file created in the first part of the article is the one added to the 'Management Certificates'. Make sure you give it an easily identifiable name (more on this later).

  2. Then, upload the .pfx created next, to that role/instance you're trying to work with.

At this point, you may also want to manually install the certificate in your local machine (just right click the .cer file and select 'Install Certificate'). The key challenge we've dealt with, is making sure it ends up in a personal store that can be read by visual studio, so you may need to try a few before it works. Usually, the 'My' or 'Perosonal' stores work best. I say usually though:)

Once you do this, you should be able to walk back through and simply select the certificate you just created. And here is where the easily identifiable name comes into play:)

Hope this helps!