(Unauthorized) Received token issued for incorrect tenant. Received tenant ID=XXXX, but expected tenant ID=YYYY when issuing Azure powershell commands

Chris 21 Reputation points
2024-09-12T00:56:06.49+00:00

Hello, I'm trying to train for Azure HSM hardware implementation job and going through some of the Azure training. Specifically, I'm going through this part of some training and trying to create various keys mentioned using the Azure PS with the latest update.

https://zcusa.951200.xyz/en-us/azure/key-vault/managed-hsm/key-management#code-try-3

I'm getting the error mentioned in my Title but I redacted my Tenant information. Nevertheless, they are different tenant ID's. The Tenant ID I get for my free trial subscription shows it as the Received tenant ID in the output in my title.

It's not exactly clear to me where it's getting the "expected tenant ID" information from because I don't see the "expected tenant" ID anywhere in my account when I issue az account show.

I don't know if this is tied to a resource group I create or something else. I'm pretty new to Azure and just trying to learn the ropes and become proficient.

Appreciate any help with trying to get this working. I was able to create a few keys in the GUI but I'd like to try to get them created with azure CLI.

Also, this is the command I ran and some redacted error output.

C:\Users\Johnny> az keyvault key show --hsm-name DemoHSM --name myec256key (Unauthorized) Received token issued for incorrect tenant. Received tenant ID=XXXX, but expected tenant ID=YYYY (Activity ID:) Code: Unauthorized Message: Received token issued for incorrect tenant. Received tenant ID=XXXX, but expected tenant ID=YYYY (Activity ID: )

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,343 questions
Azure Dedicated HSM
Azure Dedicated HSM
An Azure service that provides hardware security module management.
31 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Givary-MSFT 34,521 Reputation points Microsoft Employee
    2024-09-18T05:07:45.63+00:00

    @Chris Apologies for the delayed response, the error message you are seeing indicates that the token you are using to authenticate with Azure is issued for a different tenant than the one you are trying to access. This can happen if you have multiple Azure subscriptions or if you are using a different tenant than the one you used to create the key vault.

    Would suggest reviewing the following info:

    Check the tenant ID: Make sure you check the tenant ID associated with your Azure account for which token is issued.

    Check the subscription. make sure that the subscription ID matches the one associated with the key vault.

    Verify the access policy and authentication token from the Key vault standpoint.

    Let me know if the above information helps to isolate the issue, feel free to post back.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.