Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: Debug-AzStorageAccountAuth could check the MFA exception requirement to be more thorough #232

Open
beachseeker opened this issue Aug 27, 2024 · 0 comments
Open

Feature request: Debug-AzStorageAccountAuth could check the MFA exception requirement to be more thorough #232

beachseeker opened this issue Aug 27, 2024 · 0 comments

Comments

@beachseeker
Copy link

I had an issue with configuring SMB for Entra Id Kerberos, and was using Debug-AzStorageAccountAuth to help identify issues. I was getting this error

New-PSDrive : The system cannot contact a domain controller to service the authentication request. Please try again later

when trying to map a drive to the share that was setup correctly as per documentation with one exception: the sub had a Conditional Access Policy that overrode the exception I had placed per documentation to except MFA for this storage account.

Perhaps this is a known loophole where no check is possible through powershell, but if not, I think it fits in the processing this command does, and there is at least one person who has been tripped up by the red herring error message - ME. Regardless, it would make the set of checks more thorough, I think.
@github-staff github-staff deleted a comment Aug 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@beachseeker