az login returns "Response_Status.Status_Unexpected": Error code: 2147500037

[yooakim]

Describe the bug

When trying to login with the az login command I receive:

az login
(pii). Status: Response_Status.Status_Unexpected, Error code: 2147500037, Tag: 557973639
Please explicitly log in with:
az login

If I disable the web account manager and login again it works:

az config set core.enable_broker_on_windows=false
az account clear
az login

Not sure if this is related but for some reason this causes issues in VS Code with the Azure extensions, I am not able to switch accounts...

Related command

az login

Errors

(pii). Status: Response_Status.Status_Unexpected, Error code: 2147500037, Tag: 557973639

Issue script & Debug output

az login --debug
cli.knack.cli: Command arguments: ['login', '--debug']
cli.knack.cli: __init__ debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x00000234F572FD80>, <function OutputProducer.on_global_arguments at 0x00000234F58D40E0>, <function CLIQuery.on_global_arguments at 0x00000234F58FDC60>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'login': ['azure.cli.command_modules.profile']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name                  Load Time    Groups  Commands
cli.azure.cli.core: profile                   0.002         2         8
cli.azure.cli.core: Total (1)                 0.002         2         8
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name                  Load Time    Groups  Commands  Directory
cli.azure.cli.core: Total (0)                 0.000         0         0
cli.azure.cli.core: Loaded 2 groups, 8 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command  : login
cli.azure.cli.core: Command table: login
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x00000234F7B880E0>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\yooak\.azure\commands\2024-10-20.13-37-38.login.23124.log'.
az_command_data_logger: command args: login --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.<locals>.add_subscription_parameter at 0x00000234F7BF4AE0>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument.<locals>.add_ids_arguments at 0x00000234F7BF4B80>, <function register_cache_arguments.<locals>.add_cache_arguments at 0x00000234F7BF4CC0>, <function register_upcoming_breaking_change_info.<locals>.update_breaking_change_info at 0x00000234F7BF4D60>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x00000234F58D4180>, <function CLIQuery.handle_query_parameter at 0x00000234F58FDD00>, <function register_ids_argument.<locals>.parse_ids_arguments at 0x00000234F7BF4C20>]
cli.azure.cli.core.auth.persistence: build_persistence: location='C:\\Users\\yooak\\.azure\\msal_token_cache.bin', encrypt=True
cli.azure.cli.core.auth.binary_cache: load: C:\Users\yooak\.azure\msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/organizations
msal.authority: openid_config("https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/organizations/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/organizations/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/{tenantid}/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/organizations/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/organizations/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/organizations/kerberos', 'tenant_region_scope': None, 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? True
msal.application: Falls back to broker._signin_interactively()
cli.azure.cli.core.auth.identity: Select the account you want to log in with. For more information on login with Azure CLI, see https://go.microsoft.com/fwlink/?linkid=2271136
msal.broker: [MSAL:0001]        WARNING SetAuthorityUri:78      Initializing authority from URI 'https://login.microsoftonline.com/organizations' without authority type, defaulting to MsSts
msal.broker: [MSAL:0002]        INFO    SetCorrelationId:258    Set correlation ID: 0ba8f3f9-3f07-4204-a259-c97667170b57
msal.broker: [MSAL:0002]        INFO    ExecuteInteractiveRequest:1159  The original authority is 'https://login.microsoftonline.com/organizations'
msal.broker: [MSAL:0002]        WARNING TryNormalizeRealm:2420  No HomeAccountId provided to normalize the realm
msal.broker: [MSAL:0002]        INFO    ExecuteInteractiveRequest:1170  The normalized realm is ''
msal.broker: [MSAL:0002]        INFO    ModifyAndValidateAuthParameters:219     Additional query parameter added successfully. Key: '(pii)' Value: '(pii)'
msal.broker: [MSAL:0002]        INFO    ModifyAndValidateAuthParameters:219     Additional query parameter added successfully. Key: '(pii)' Value: '(pii)'
msal.broker: [MSAL:0002]        INFO    ModifyAndValidateAuthParameters:243     Authority Realm: organizations
msal.broker: [MSAL:0002]        WARNING TryEnqueueMsaDeviceCredentialAcquisitionAndContinue:1052        MsaDeviceOperationProvider is not available. Not attempting to register the device.
msal.broker: [MSAL:0003]        WARNING ReturnResponseDueToMissingParameter:693 Attempted to read cache with a non-normalized realm, access token and ID token reads will fail
msal.broker: [MSAL:0003]        WARNING ReadAccountById:227     Account id is empty - account not found
msal.broker: [MSAL:0004]        ERROR   ErrorInternalImpl:134   Created an error: 7q6ch, StatusInternal::Unexpected, InternalEvent::None, Error Code 2147500037, Context '(pii)'
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:422    Printing Telemetry for Correlation ID: 0ba8f3f9-3f07-4204-a259-c97667170b57
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: start_time, Value: 2024-10-20T11:37:38.000Z
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: api_name, Value: SignInInteractively
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: was_request_throttled, Value: false
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: authority_type, Value: Unknown
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: msal_version, Value: 1.1.0+local
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: api_status_code, Value: StatusInternal::Unexpected
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: client_id, Value: 04b07795-8ddb-461a-bbee-02f9e1bf7b46
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: correlation_id, Value: 0ba8f3f9-3f07-4204-a259-c97667170b57
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: broker_app_used, Value: true
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: stop_time, Value: 2024-10-20T11:37:42.000Z
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: all_error_tags, Value: 7q6ch
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: msalruntime_version, Value: 0.16.2
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: original_authority, Value: https://login.microsoftonline.com/organizations
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: request_eligible_for_broker, Value: true
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: additional_query_parameters_count, Value: 2
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: read_token_last_error, Value: missing required parameter
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: auth_flow, Value: Broker
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: ui_event_count, Value: 1
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: wam_telemetry, Value: {"ui_visible":false,"scope":"https://management.core.windows.net//.default offline_access openid profile","redirect_uri":"ms-appx-web://Microsoft.AAD.BrokerPlugin/04b07795-8ddb-461a-bbee-02f9e1bf7b46","provider_id":"https://login.windows.net","oauth_error_code":"authentication_failed","device_join":"not_joined","correlation_id":"{0ba8f3f9-3f07-4204-a259-c97667170b57}","client_id":"04b07795-8ddb-461a-bbee-02f9e1bf7b46","cache_event_count":0,"broker_version":"10.0.22621.4249","authority":"https://login.microsoftonline.com/organizations","api_error_code":-2147467259,"silent_code":2147500037,"silent_bi_sub_code":0,"silent_message":"Unspecified error\r\n\r\nThe specified property name (System.ItemNameDisplay) is invalid. The property may not be registered on the system.","silent_mats":{"ui_visible":false,"scope":"https://management.core.windows.net//.default offline_access openid profile","redirect_uri":"ms-appx-web://Microsoft.AAD.BrokerPlugin/04b07795-8ddb-461a-bbee-02f9e1bf7b46","provider_id":"https://login.windows.net","oauth_error_code":"authentication_failed","device_join":"not_joined","correlation_id":"{0ba8f3f9-3f07-4204-a259-c97667170b57}","client_id":"04b07795-8ddb-461a-bbee-02f9e1bf7b46","cache_event_count":0,"broker_version":"10.0.22621.4249","authority":"https://login.microsoftonline.com/organizations","api_error_code":-2147467259},"silent_status":5,"is_cached":0}
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: authorization_type, Value: Interactive
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: api_error_code, Value: 2147500037
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: api_error_tag, Value: 7q6ch
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: api_error_context, Value: (pii)
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: is_successful, Value: false
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:430    Key: request_duration, Value: 3520
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:435    Printing Execution Flow:
msal.broker: [MSAL:0004]        INFO    LogTelemetryData:443    {"t":"646u1","tid":2,"ts":0,"l":2},{"t":"4s7ub","tid":2,"ts":0,"l":2},{"t":"4sufd","tid":2,"ts":0,"s":2,"l":2},{"t":"4swgg","tid":2,"ts":0,"s":1,"l":2},{"t":"4swgf","tid":2,"ts":0,"s":1,"l":2},{"t":"4swgi","tid":3,"ts":0,"s":1,"l":2},{"t":"8dqim","tid":3,"ts":0,"l":2},{"t":"8dqkl","tid":3,"ts":1,"l":2,"a":9,"ie":0},{"t":"54uxe","tid":2,"ts":1,"l":2},{"t":"4wqm9","tid":4,"ts":3264,"l":2},{"t":"4o9ak","tid":4,"ts":3264,"l":2},{"t":"4o9ai","tid":4,"ts":3266,"l":2},{"t":"8dqkn","tid":4,"ts":3518,"l":2,"a":5,"ie":1},{"t":"8dqko","tid":4,"ts":3518,"l":2,"a":9,"ie":1},{"t":"646u1","tid":4,"ts":3518,"l":2}
cli.azure.cli.core.azclierror: Traceback (most recent call last):
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 233, in invoke
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 666, in execute
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 733, in _run_jobs_serially
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 703, in _run_job
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 336, in __call__
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/profile/custom.py", line 165, in login
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/_profile.py", line 176, in login
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/auth/identity.py", line 174, in login_with_auth_code
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/auth/util.py", line 139, in check_result
  File "D:\a\_work\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/auth/util.py", line 43, in aad_error_handler
azure.cli.core.azclierror.AuthenticationError: (pii). Status: Response_Status.Status_Unexpected, Error code: 2147500037, Tag: 557973639

cli.azure.cli.core.azclierror: (pii). Status: Response_Status.Status_Unexpected, Error code: 2147500037, Tag: 557973639
az_command_data_logger: (pii). Status: Response_Status.Status_Unexpected, Error code: 2147500037, Tag: 557973639
Please explicitly log in with:
az login
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x00000234F7B88360>]
az_command_data_logger: exit code: 1
cli.__main__: Command ran in 4.085 seconds (init: 0.164, invoke: 3.921)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 4179 in cache file under C:\Users\yooak\.azure\telemetry\20241020133742434
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe C:\Program Files\Microsoft SDKs\Azure\CLI2\Lib\site-packages\azure\cli\telemetry\__init__.pyc C:\Users\yooak\.azure C:\Users\yooak\.azure\telemetry\20241020133742434"
telemetry.process: Return from creating process 15052
telemetry.main: Finish creating telemetry upload process.

Expected behavior

I expect to be able to login

Environment Summary

azure-cli                         2.65.0

core                              2.65.0
telemetry                          1.1.0

Extensions:
azure-devops                       1.0.0
containerapp                      0.3.50

Dependencies:
msal                              1.31.0
azure-mgmt-resource               23.1.1

Python location 'C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe'
Extensions directory 'C:\Users\yooak\.azure\cliextensions'

Python (Windows) 3.11.8 (tags/v3.11.8:db85d51, Feb  6 2024, 22:03:32) [MSC v.1937 64 bit (AMD64)]

Additional context

No response

[yonzhan]

Thank you for opening this issue, we will look into it.

[github-actions]

Here are some similar issues that might help you. Please check if they can solve your problem.

• Certain az commands not working in PowerShell #27087

[jiasli]

I have involved MSAL team to take a look: AzureAD/microsoft-authentication-library-for-python#758