[BUG]Azure.Identity 1.13.2 breaks ManagedIdentityCredential in AzureML

[eugencutic]

Library name and version

Azure.Identity 1.13.2

Describe the bug

We have a dotnet 9 console app project used as a Component in AzureML.

It was using Azure.Identity 1.11.4 to authenticate with ManagedIdentityCredential(clientId) and retrieve a secret from a KeyVault.

Code snippet:

 TokenCredential tokenCredential = new DefaultAzureCredential();
 if (!string.IsNullOrEmpty(clientId))
 {
     tokenCredential = new ManagedIdentityCredential(clientId);
 }

 var secretClient = new SecretClient(new Uri(config.GetValue<string>("KeyVaultUrl")!), tokenCredential);

[...]

_secretClient.GetSecret(<some-secret-name-as-string>);

This was running on an AzureML compute cluster which has a managed identity assigned.
After updating to Azure.Identity 1.13.2, the same code, same compute cluster and identity cannot obtain a token anymore.

Error:

Unhandled exception: Azure.Identity.AuthenticationFailedException: ManagedIdentityCredential authentication failed: [Managed Identity] The error response was either empty or could not be parsed.. Error response received from the server: InternalError - :{
Info: Request failure status code: 404

}.
See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/managedidentitycredential/troubleshoot
 ---> MSAL.NetCore.4.69.1.0.MsalServiceException:
	ErrorCode: managed_identity_request_failed
Microsoft.Identity.Client.MsalServiceException: [Managed Identity] The error response was either empty or could not be parsed.. Error response received from the server: InternalError - :{
Info: Request failure status code: 404

}.
   at Microsoft.Identity.Client.ManagedIdentity.AbstractManagedIdentity.HandleResponseAsync(AcquireTokenForManagedIdentityParameters parameters, HttpResponse response, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.ManagedIdentity.AbstractManagedIdentity.AuthenticateAsync(AcquireTokenForManagedIdentityParameters parameters, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.SendTokenRequestForManagedIdentityAsync(ILoggerAdapter logger, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.GetAccessTokenAsync(CancellationToken cancellationToken, ILoggerAdapter logger)
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.ExecuteAsync(CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
   at Microsoft.Identity.Client.ApiConfig.Executors.ManagedIdentityExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenForManagedIdentityParameters managedIdentityParameters, CancellationToken cancellationToken)
   at Azure.Identity.MsalManagedIdentityClient.AcquireTokenForManagedIdentityAsyncCore(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](ValueTask`1 task)
   at Azure.Identity.MsalManagedIdentityClient.AcquireTokenForManagedIdentity(TokenRequestContext requestContext, CancellationToken cancellationToken)
   at Azure.Identity.ManagedIdentityClient.AuthenticateAsync(Boolean async, TokenRequestContext context, CancellationToken cancellationToken)
   at Azure.Identity.ManagedIdentityCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
	StatusCode: 400 
	ResponseBody:  
	Headers: 
   --- End of inner exception stack trace ---
   at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex, String additionalMessage, Boolean isCredentialUnavailable)
   at Azure.Identity.ManagedIdentityCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](ValueTask`1 task)
   at Azure.Identity.ManagedIdentityCredential.GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.SetResultOnTcsFromCredentialAsync(TokenRequestContext context, TaskCompletionSource`1 targetTcs, Boolean async, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.GetAuthHeaderValueAsync(HttpMessage message, TokenRequestContext context, Boolean async)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](Task`1 task)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.TokenRequestState.GetCurrentHeaderValue(Boolean async, Boolean checkForCompletion, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.GetAuthHeaderValueAsync(HttpMessage message, TokenRequestContext context, Boolean async)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](ValueTask`1 task)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AuthenticateAndAuthorizeRequest(HttpMessage message, TokenRequestContext context)
   at Azure.Security.KeyVault.ChallengeBasedAuthenticationPolicy.AuthorizeRequestOnChallengeAsyncInternal(HttpMessage message, Boolean async)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](ValueTask`1 task)
   at Azure.Security.KeyVault.ChallengeBasedAuthenticationPolicy.AuthorizeRequestOnChallenge(HttpMessage message)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted(ValueTask task)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.Process(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.RedirectPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted(ValueTask task)
   at Azure.Core.Pipeline.RedirectPolicy.Process(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted(ValueTask task)
   at Azure.Core.Pipeline.RetryPolicy.Process(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.Process(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.Process(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.Process(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipeline.Send(HttpMessage message, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.HttpPipeline.SendRequest(Request request, CancellationToken cancellationToken)
   at Azure.Security.KeyVault.KeyVaultPipeline.SendRequest(Request request, CancellationToken cancellationToken)
   at Azure.Security.KeyVault.KeyVaultPipeline.SendRequest[TResult](RequestMethod method, Func`1 resultFactory, CancellationToken cancellationToken, String[] path)
   at Azure.Security.KeyVault.Secrets.SecretClient.GetSecret(String name, String version, CancellationToken cancellationToken)
   at ScrapingComponent.Service.SecretService.GetSecret(String name) in C:\repos\local-tools-aegis\QuerySetCreation\AMLPipelines\src\AMLComponents\ScrapingComponent\Service\SecretService.cs:line 20
   at ScrapingComponent.ServiceProviderConfiguration.GetSecret(SecretService secretService, String secretName) in C:\repos\local-tools-aegis\QuerySetCreation\AMLPipelines\src\AMLComponents\ScrapingComponent\ServiceProviderConfiguration.cs:line 117
   at ScrapingComponent.ServiceProviderConfiguration.CreateServiceProvider(Boolean useMetropolisScraping, String clientId) in C:\repos\local-tools-aegis\QuerySetCreation\AMLPipelines\src\AMLComponents\ScrapingComponent\ServiceProviderConfiguration.cs:line 87
   at Program.<>c__DisplayClass0_0.<<<Main>$>b__11>d.MoveNext() in C:\repos\local-tools-aegis\QuerySetCreation\AMLPipelines\src\AMLComponents\ScrapingComponent\Program.cs:line 142
--- End of stack trace from previous location ---
   at System.CommandLine.Invocation.AnonymousCommandHandler.InvokeAsync(InvocationContext context)
   at System.CommandLine.Invocation.InvocationPipeline.<>c__DisplayClass4_0.<<BuildInvocationChain>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass17_0.<<UseParseErrorReporting>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass12_0.<<UseHelp>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass22_0.<<UseVersionOption>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass19_0.<<UseTypoCorrections>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<UseSuggestDirective>b__18_0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass16_0.<<UseParseDirective>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c.<<RegisterWithDotnetSuggest>b__5_0>d.MoveNext()
--- End of stack trace from previous location ---
   at System.CommandLine.Builder.CommandLineBuilderExtensions.<>c__DisplayClass8_0.<<UseExceptionHandler>b__0>d.MoveNext()

Had already tried to update to Azure.Identity 1.14.0-beta, and we are seeing the same error.

Expected behavior

Expected that Azure.Identity 1.13.2 to be able to obtain tokens using ManagedIdentityCredential with a client id.

Actual behavior

After updating to Azure.Identity 1.13.2, ManagedIdentityCredential authentication fails.

Reproduction Steps

Tried to strip down the project and test just the identity part individually, so I created a separate dotnet 9 console app project with just Program.cs and the code below:

using Azure.Core;
using Azure.Identity;
using Azure.Security.KeyVault.Secrets;

TokenCredential tokenCredential = new ManagedIdentityCredential("b29183f9-a548-4062-a211-7bc1c4c825d4");

var secretClient = new SecretClient(new Uri("https://local-tools-kv.vault.azure.net/"), tokenCredential);

var secret = secretClient.GetSecret("app-insights-connection-string");

Console.WriteLine($"Got secret");

Running it against the same compute cluster and identity results in the same error as described above.

Environment

The problem appeared on an AzureML component running in an environment that uses the following Docker context:

FROM mcr.microsoft.com/azureml/openmpi4.1.0-ubuntu20.04:20250202.v1

# Install .NET
RUN wget https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
RUN dpkg -i packages-microsoft-prod.deb
RUN rm packages-microsoft-prod.deb
RUN apt-get update && apt-get install -y dotnet-sdk-9.0

# Install ODBC driver
RUN curl https://packages.microsoft.com/keys/microsoft.asc | tee /etc/apt/trusted.gpg.d/microsoft.asc

RUN apt-get update && apt-get install -y lsb-release && apt-get clean all

RUN LSB=$(lsb_release -rs) && curl https://packages.microsoft.com/config/ubuntu/$LSB/prod.list | tee /etc/apt/sources.list.d/mssql-release.list

RUN apt-get update
RUN ACCEPT_EULA=Y apt-get install -y msodbcsql18

# Fix duplicate entries
RUN sed -i '/microsoft-prod.list/d' /etc/apt/sources.list.d/mssql-release.list

# Update and upgrade packages
RUN apt-get update && apt-get upgrade -y && apt-get clean && rm -rf /var/lib/apt/lists/*

RUN pip install --upgrade pip
RUN pip list --outdated --format=columns | tail -n +3 | awk '{print $1}' | xargs -n1 pip install -U

The stripped-down project we used to replicate and debugged was run on the context above, and then we also tried to run it on a fresh environment with the following context:

FROM ubuntu:24.04

# Update package list and install dependencies
RUN apt-get update && \
    apt-get install -y wget apt-transport-https

# Install .NET
RUN wget https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
RUN dpkg -i packages-microsoft-prod.deb
RUN rm packages-microsoft-prod.deb
RUN apt-get update && apt-get install -y dotnet-sdk-9.0

# Install ODBC driver
RUN curl https://packages.microsoft.com/keys/microsoft.asc | tee /etc/apt/trusted.gpg.d/microsoft.asc

RUN apt-get update && apt-get install -y lsb-release && apt-get clean all

RUN LSB=$(lsb_release -rs) && curl https://packages.microsoft.com/config/ubuntu/$LSB/prod.list | tee /etc/apt/sources.list.d/mssql-release.list

RUN apt-get update
RUN ACCEPT_EULA=Y apt-get install -y msodbcsql18

# Fix duplicate entries
RUN sed -i '/microsoft-prod.list/d' /etc/apt/sources.list.d/mssql-release.list

# Update and upgrade packages
RUN apt-get update && apt-get upgrade -y && apt-get clean && rm -rf /var/lib/apt/lists/*

On the new environment we still saw the same error.

[github-actions]

Hello @eugencutic. I'm an AI assistant for the azure-sdk-for-net repository. I have some suggestions that you can try out while the team gets back to you.

• The error appears to indicate that the Managed Identity endpoint is not returning the expected token payload (status code 404) in the AzureML environment.
• As a workaround, consider reverting to the previous version (e.g. Azure.Identity 1.11.4) until the breaking change is resolved.
• Verify that the managed identity endpoint, client ID, and compute environment configuration remain unchanged. Check that the compute cluster has proper access and that no network or endpoint modifications occurred.
• Enable additional logging (for example, via AzureEventSourceListener) to capture more diagnostic data from MSAL and the ManagedIdentityCredential.
• For more troubleshooting tips, refer to the official guide: ManagedIdentityCredential Troubleshooting.

The team will get back to you shortly, hopefully this helps in the meantime.

[christothes]

Hi @eugencutic
Could you please reproduce this with logging enabled and share the log output?

For console output, you would just need to add the following line to your program.

using AzureEventSourceListener listener = AzureEventSourceListener.CreateTraceLogger();

If you need to log the output somewhere other than the console, this can be done as described in these docs.

For example:

using AzureEventSourceListener listener = new AzureEventSourceListener(
    (args, message) => myLogger.Log("[{0:HH:mm:ss:fff}][{1}] {2}", DateTimeOffset.Now, args.Level, message),
    level: EventLevel.Verbose);

[github-actions]

Hi @eugencutic. Thank you for opening this issue and giving us the opportunity to assist. To help our team better understand your issue and the details of your scenario please provide a response to the question asked above or the information requested above. This will help us more accurately address your issue.

[eugencutic]

Ran it with the line mentioned but the output seems to be the same:

Unhandled exception. Azure.Identity.AuthenticationFailedException: ManagedIdentityCredential authentication failed: [Managed Identity] The error response was either empty or could not be parsed.. Error response received from the server: InternalError - :{
Info: Request failure status code: 404

}.
See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/managedidentitycredential/troubleshoot
 ---> MSAL.NetCore.4.69.1.0.MsalServiceException:
	ErrorCode: managed_identity_request_failed
Microsoft.Identity.Client.MsalServiceException: [Managed Identity] The error response was either empty or could not be parsed.. Error response received from the server: InternalError - :{
Info: Request failure status code: 404

}.
   at Microsoft.Identity.Client.ManagedIdentity.AbstractManagedIdentity.HandleResponseAsync(AcquireTokenForManagedIdentityParameters parameters, HttpResponse response, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.ManagedIdentity.AbstractManagedIdentity.AuthenticateAsync(AcquireTokenForManagedIdentityParameters parameters, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.SendTokenRequestForManagedIdentityAsync(ILoggerAdapter logger, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.GetAccessTokenAsync(CancellationToken cancellationToken, ILoggerAdapter logger)
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.ExecuteAsync(CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
   at Microsoft.Identity.Client.ApiConfig.Executors.ManagedIdentityExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenForManagedIdentityParameters managedIdentityParameters, CancellationToken cancellationToken)
   at Azure.Identity.MsalManagedIdentityClient.AcquireTokenForManagedIdentityAsyncCore(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](ValueTask`1 task)
   at Azure.Identity.MsalManagedIdentityClient.AcquireTokenForManagedIdentity(TokenRequestContext requestContext, CancellationToken cancellationToken)
   at Azure.Identity.ManagedIdentityClient.AuthenticateAsync(Boolean async, TokenRequestContext context, CancellationToken cancellationToken)
   at Azure.Identity.ManagedIdentityCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
	StatusCode: 400 
	ResponseBody:  
	Headers: 
   --- End of inner exception stack trace ---
   at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex, String additionalMessage, Boolean isCredentialUnavailable)
   at Azure.Identity.ManagedIdentityCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](ValueTask`1 task)
   at Azure.Identity.ManagedIdentityCredential.GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.SetResultOnTcsFromCredentialAsync(TokenRequestContext context, TaskCompletionSource`1 targetTcs, Boolean async, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.GetAuthHeaderValueAsync(HttpMessage message, TokenRequestContext context, Boolean async)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](Task`1 task)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.TokenRequestState.GetCurrentHeaderValue(Boolean async, Boolean checkForCompletion, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.GetAuthHeaderValueAsync(HttpMessage message, TokenRequestContext context, Boolean async)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](ValueTask`1 task)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AuthenticateAndAuthorizeRequest(HttpMessage message, TokenRequestContext context)
   at Azure.Security.KeyVault.ChallengeBasedAuthenticationPolicy.AuthorizeRequestOnChallengeAsyncInternal(HttpMessage message, Boolean async)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](ValueTask`1 task)
   at Azure.Security.KeyVault.ChallengeBasedAuthenticationPolicy.AuthorizeRequestOnChallenge(HttpMessage message)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted(ValueTask task)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.Process(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.RedirectPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted(ValueTask task)
   at Azure.Core.Pipeline.RedirectPolicy.Process(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted(ValueTask task)
   at Azure.Core.Pipeline.RetryPolicy.Process(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.Process(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.Process(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.Process(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipeline.Send(HttpMessage message, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.HttpPipeline.SendRequest(Request request, CancellationToken cancellationToken)
   at Azure.Security.KeyVault.KeyVaultPipeline.SendRequest(Request request, CancellationToken cancellationToken)
   at Azure.Security.KeyVault.KeyVaultPipeline.SendRequest[TResult](RequestMethod method, Func`1 resultFactory, CancellationToken cancellationToken, String[] path)
   at Azure.Security.KeyVault.Secrets.SecretClient.GetSecret(String name, String version, CancellationToken cancellationToken)
   at Program.<Main>$(String[] args) in C:\repos\local-tools-aegis\QuerySetCreation\AMLPipelines\src\AMLComponents\dummy\Program.cs:line 15

Just for reference, the exact code that generated this output is:

using Azure.Core;
using Azure.Core.Diagnostics;
using Azure.Identity;
using Azure.Security.KeyVault.Secrets;

using AzureEventSourceListener listener = AzureEventSourceListener.CreateTraceLogger();

TokenCredential tokenCredential = new ManagedIdentityCredential("b29183f9-a548-4062-a211-7bc1c4c825d4");

var secretClient = new SecretClient(new Uri("https://local-tools-kv.vault.azure.net/"), tokenCredential);

var secret = secretClient.GetSecret("app-insights-connection-string");

Console.WriteLine($"Got secret");

[christothes]

Hi @eugencutic -
That appears to be the exception output. The logging output would be either directly in the console or, if using the custom logging listener in the second example, to your log provider of choice. One thing to keep in mind is that if you are enabling it with a using statement like in the example, you must ensure that the listener variable does not go out of scope. You could remove the using statement, or store it somewhere that will not go out of scope.

[github-actions]

Hi @eugencutic. Thank you for opening this issue and giving us the opportunity to assist. To help our team better understand your issue and the details of your scenario please provide a response to the question asked above or the information requested above. This will help us more accurately address your issue.

[eugencutic]

Hi @christothes
I tried the following:

using Azure.Core;
using Azure.Core.Diagnostics;
using Azure.Identity;
using Azure.Security.KeyVault.Secrets;

AzureEventSourceListener listener = AzureEventSourceListener.CreateTraceLogger();

try
{
    TokenCredential tokenCredential = new ManagedIdentityCredential("b29183f9-a548-4062-a211-7bc1c4c825d4");

    var secretClient = new SecretClient(new Uri("https://local-tools-kv.vault.azure.net/"), tokenCredential);

    var secret = secretClient.GetSecret("app-insights-connection-string");

    Console.WriteLine($"Got secret");
}
finally
{
    System.Diagnostics.Trace.Flush();
}

But it is still showing the exact same output as above.
What I have been sharing until now is the full console output.
Are you sure that adding that line there is enough to expose logs to the console?

[christothes]

@eugencutic -
I realized that I had the wrong command in my instructions! 😕

It should be:

AzureEventSourceListener listener = AzureEventSourceListener.CreateConsoleLogger();

So sorry for the confusion!

[eugencutic]

@christothes
Yup, now it seems to have logged more info:

[Informational] Azure-Core: Request [a5930e73-4302-4ec0-af0f-10812238abaf] GET https://local-tools-kv.vault.azure.net/secrets/app-insights-connection-string/?api-version=7.5
Content-Type:application/json
Accept:application/json
x-ms-client-request-id:a5930e73-4302-4ec0-af0f-10812238abaf
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Security.KeyVault.Secrets/4.6.0 (.NET 9.0.3; Ubuntu 24.04.2 LTS)
client assembly: Azure.Security.KeyVault.Secrets
[Warning] Azure-Core: Error response [a5930e73-4302-4ec0-af0f-10812238abaf] 401 Unauthorized (00.5s)
Cache-Control:no-cache
Pragma:no-cache
x-ms-keyvault-region:westus
x-ms-client-request-id:a5930e73-4302-4ec0-af0f-10812238abaf
x-ms-request-id:5fadc5b1-f0ee-4ab5-a3da-b82bd0ec15b3
x-ms-keyvault-service-version:1.9.2228.1
x-ms-keyvault-network-info:conn_type=Ipv4;addr=128.203.81.212;act_addr_fam=InterNetwork;
X-Content-Type-Options:REDACTED
Strict-Transport-Security:REDACTED
WWW-Authenticate:Bearer authorization="https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47", resource="https://vault.azure.net"
Date:Thu, 03 Apr 2025 11:59:03 GMT
Content-Type:application/json; charset=utf-8
Expires:-1
Content-Length:97

[Informational] Azure-Identity: ManagedIdentityCredential.GetToken invoked. Scopes: [ https://vault.azure.net/.default ] ParentRequestId: a5930e73-4302-4ec0-af0f-10812238abaf
[Informational] Azure-Identity: Managed Identity source selected: MachineLearning with ID: ClientId b29183f9-a548-4062-a211-7bc1c4c825d4
[Informational] Azure-Identity: ManagedIdentitySource TokenExchangeManagedIdentitySource was attempted. IsSelected=False.
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-03 11:59:03Z - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e] MSAL MSAL.NetCore with assembly version '4.69.1.0'. CorrelationId(3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e)
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-03 11:59:03Z - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e] === AcquireTokenForManagedIdentityParameters ===
ForceRefresh: False
Resource: https://vault.azure.net
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-03 11:59:03Z - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e] 
=== Request Data ===
Authority Provided? - True
Scopes - https://vault.azure.net
Extra Query Params Keys (space separated) - 
ApiId - AcquireTokenForUserAssignedManagedIdentity
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured: 

[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-03 11:59:03Z - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e] === Token Acquisition (ManagedIdentityAuthRequest) started:
	 Scopes: https://vault.azure.net
	Authority Host: login.microsoftonline.com
[LogAlways] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-03 11:59:03Z - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e] [Internal cache] Total number of cache partitions found while getting access tokens: 0
[LogAlways] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-03 11:59:03Z - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e] [FindAccessTokenAsync] Discovered 0 access tokens in cache using partition key: b29183f9-a548-4062-a211-7bc1c4c825d4_managed_identity_AppTokenCache
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-03 11:59:03Z - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e] [ManagedIdentityRequest] No cached access token. Getting a token from the managed identity endpoint.
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-03 11:59:03Z - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e] [ManagedIdentityRequest] Checking for a cached access token.
[LogAlways] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-03 11:59:03Z - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e] [Internal cache] Total number of cache partitions found while getting access tokens: 0
[LogAlways] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-03 11:59:03Z - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e] [FindAccessTokenAsync] Discovered 0 access tokens in cache using partition key: b29183f9-a548-4062-a211-7bc1c4c825d4_managed_identity_AppTokenCache
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-03 11:59:03Z - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e] [ManagedIdentityRequest] Acquiring a token from the managed identity endpoint.
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-03 11:59:03Z - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e] [Region discovery] Not using a regional authority. 
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-03 11:59:03Z - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e] [Instance Discovery] Skipping Instance discovery because it is disabled. 
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-03 11:59:03Z - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e] [Managed Identity] Detecting managed identity source...
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-03 11:59:03Z - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e] [Managed Identity] Machine Learning detected.
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-03 11:59:03Z - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e] [Managed Identity] Machine learning managed identity is available.
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-03 11:59:03Z - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e] [Managed Identity] Environment variables validation passed for machine learning managed identity. Endpoint URI: http://localhost:46809/MSI/token. Creating machine learning managed identity.
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-03 11:59:03Z - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e] [Managed Identity] Adding user assigned client id to the request.
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-03 11:59:03Z - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e] [Managed Identity] Sending request to managed identity endpoints.
[Informational] Azure-Core: Request [ebe0d5b7-4993-4d80-b9c1-f7dd77bf2c68] GET http://localhost:46809/MSI/token?api-version=2017-09-01&resource=REDACTED&client_id=REDACTED
Metadata:REDACTED
secret:REDACTED
x-ms-client-request-id:ebe0d5b7-4993-4d80-b9c1-f7dd77bf2c68
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.14.0-beta.2 (.NET 9.0.3; Ubuntu 24.04.2 LTS)
client assembly: Azure.Identity
[Warning] Azure-Core: Error response [ebe0d5b7-4993-4d80-b9c1-f7dd77bf2c68] 400 Bad Request (00.1s)
Date:Thu, 03 Apr 2025 11:59:04 GMT
Content-Type:text/plain; charset=utf-8
Content-Length:60

[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-03 11:59:04Z - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e] Response status code does not indicate success: 400 (BadRequest). 
[Warning] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-03 11:59:04Z - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e] Request retry failed.
[Error] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-03 11:59:04Z - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e] [Managed Identity] The error response was either empty or could not be parsed.. Error response received from the server: InternalError - :{
Info: Request failure status code: 404

}.
[Error] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-03 11:59:04Z - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e] [Managed Identity] request failed, HttpStatusCode: BadRequest Error message: [Managed Identity] The error response was either empty or could not be parsed.. Error response received from the server: InternalError - :{
Info: Request failure status code: 404

}.
[Error] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-03 11:59:04Z - 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e] Exception type: Microsoft.Identity.Client.MsalServiceException
, ErrorCode: managed_identity_request_failed
HTTP StatusCode 400
CorrelationId 3b22d4ce-aab9-4b00-a136-f7afbf4b7b4e
To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging
   at Microsoft.Identity.Client.ManagedIdentity.AbstractManagedIdentity.HandleResponseAsync(AcquireTokenForManagedIdentityParameters parameters, HttpResponse response, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.ManagedIdentity.AbstractManagedIdentity.AuthenticateAsync(AcquireTokenForManagedIdentityParameters parameters, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.SendTokenRequestForManagedIdentityAsync(ILoggerAdapter logger, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.GetAccessTokenAsync(CancellationToken cancellationToken, ILoggerAdapter logger)
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.ExecuteAsync(CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)

[Informational] Azure-Identity: ManagedIdentityCredential.GetToken was unable to retrieve an access token. Scopes: [ https://vault.azure.net/.default ] ParentRequestId: a5930e73-4302-4ec0-af0f-10812238abaf Exception: Azure.Identity.AuthenticationFailedException (0x80131500): ManagedIdentityCredential authentication failed: [Managed Identity] The error response was either empty or could not be parsed.. Error response received from the server: InternalError - :{
Info: Request failure status code: 404

}.
See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/managedidentitycredential/troubleshoot
 ---> Microsoft.Identity.Client.MsalServiceException (0x80131500): [Managed Identity] The error response was either empty or could not be parsed.. Error response received from the server: InternalError - :{
Info: Request failure status code: 404

}.
Unhandled exception. Azure.Identity.AuthenticationFailedException: ManagedIdentityCredential authentication failed: [Managed Identity] The error response was either empty or could not be parsed.. Error response received from the server: InternalError - :{
Info: Request failure status code: 404

}.
See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/managedidentitycredential/troubleshoot
 ---> MSAL.NetCore.4.69.1.0.MsalServiceException:
	ErrorCode: managed_identity_request_failed
Microsoft.Identity.Client.MsalServiceException: [Managed Identity] The error response was either empty or could not be parsed.. Error response received from the server: InternalError - :{
Info: Request failure status code: 404

}.
   at Microsoft.Identity.Client.ManagedIdentity.AbstractManagedIdentity.HandleResponseAsync(AcquireTokenForManagedIdentityParameters parameters, HttpResponse response, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.ManagedIdentity.AbstractManagedIdentity.AuthenticateAsync(AcquireTokenForManagedIdentityParameters parameters, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.SendTokenRequestForManagedIdentityAsync(ILoggerAdapter logger, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.GetAccessTokenAsync(CancellationToken cancellationToken, ILoggerAdapter logger)
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.ExecuteAsync(CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
   at Microsoft.Identity.Client.ApiConfig.Executors.ManagedIdentityExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenForManagedIdentityParameters managedIdentityParameters, CancellationToken cancellationToken)
   at Azure.Identity.MsalManagedIdentityClient.AcquireTokenForManagedIdentityAsyncCore(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](ValueTask`1 task)
   at Azure.Identity.MsalManagedIdentityClient.AcquireTokenForManagedIdentity(TokenRequestContext requestContext, CancellationToken cancellationToken)
   at Azure.Identity.ManagedIdentityClient.AuthenticateAsync(Boolean async, TokenRequestContext context, CancellationToken cancellationToken)
   at Azure.Identity.ManagedIdentityCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
	StatusCode: 400 
	ResponseBody:  
	Headers: 
   --- End of inner exception stack trace ---
   at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex, String additionalMessage, Boolean isCredentialUnavailable)
   at Azure.Identity.ManagedIdentityCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](ValueTask`1 task)
   at Azure.Identity.ManagedIdentityCredential.GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.SetResultOnTcsFromCredentialAsync(TokenRequestContext context, TaskCompletionSource`1 targetTcs, Boolean async, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.GetAuthHeaderValueAsync(HttpMessage message, TokenRequestContext context, Boolean async)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](Task`1 task)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.TokenRequestState.GetCurrentHeaderValue(Boolean async, Boolean checkForCompletion, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.GetAuthHeaderValueAsync(HttpMessage message, TokenRequestContext context, Boolean async)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](ValueTask`1 task)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AuthenticateAndAuthorizeRequest(HttpMessage message, TokenRequestContext context)
   at Azure.Security.KeyVault.ChallengeBasedAuthenticationPolicy.AuthorizeRequestOnChallengeAsyncInternal(HttpMessage message, Boolean async)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](ValueTask`1 task)
   at Azure.Security.KeyVault.ChallengeBasedAuthenticationPolicy.AuthorizeRequestOnChallenge(HttpMessage message)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted(ValueTask task)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.Process(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.RedirectPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted(ValueTask task)
   at Azure.Core.Pipeline.RedirectPolicy.Process(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted(ValueTask task)
   at Azure.Core.Pipeline.RetryPolicy.Process(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.Process(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.Process(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.Process(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipeline.Send(HttpMessage message, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.HttpPipeline.SendRequest(Request request, CancellationToken cancellationToken)
   at Azure.Security.KeyVault.KeyVaultPipeline.SendRequest(Request request, CancellationToken cancellationToken)
   at Azure.Security.KeyVault.KeyVaultPipeline.SendRequest[TResult](RequestMethod method, Func`1 resultFactory, CancellationToken cancellationToken, String[] path)
   at Azure.Security.KeyVault.Secrets.SecretClient.GetSecret(String name, String version, CancellationToken cancellationToken)
   at Program.<Main>$(String[] args) in C:\repos\local-tools-aegis\QuerySetCreation\AMLPipelines\src\AMLComponents\dummy\Program.cs:line 15

I see the inner message actually shows a BadRequest response.

[christothes]

This could be related to AzureAD/microsoft-authentication-library-for-dotnet#5167

I will investigate a bit further.

[bgavrilMS]

I am not sure if this is the same issue. @Robbie-Microsoft - can you pls have investigate?

[eugencutic]

Hi @christothes @bgavrilMS
Any update on this?

[Robbie-Microsoft]

@eugencutic Can you tell us the API-version that your ML environment uses? Is it 2017-09-01? Or is it 2019?

[eugencutic]

Can you guide me for finding that out? It's not clear where I could check it.

[Robbie-Microsoft]

Sorry, I'm still waiting to chat with @gladjohn about this issue. Are you able to use the Azure CLI? If so, could you try the command az version?

[eugencutic]

Tried to run az version in the same environment, but seems like the Azure CLI is not installed. Let me know if you need me to install it and run other commands. I can install latest to the docker image if needed.
The code which was using Azure.Identity 1.11.4 was working on the same environment, without the Azure CLI installed.

[Robbie-Microsoft]

@eugencutic I've just spoken with @gladjohn. We already published a fix for this bug, in our most recent release. Azure Identity for .NET may have not yet integrated the latest MSAL.NET version.

You should be able to reference MSAL.NET's latest version directly and that should fix your issue. This is a temporary workaround. We'll work with Azure Identity for .NET to get a new release out as soon as possible.

Please try this and let us know if it works.

[eugencutic]

Tried to explicitly install MSAL.NET at 4.70.1:

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <OutputType>Exe</OutputType>
    <TargetFramework>net9.0</TargetFramework>
    <ImplicitUsings>enable</ImplicitUsings>
    <Nullable>enable</Nullable>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="Azure.Identity" Version="1.14.0-beta.2" />
    <PackageReference Include="Azure.Security.KeyVault.Secrets" Version="4.6.0" />
    <PackageReference Include="Microsoft.Identity.Client" Version="4.70.1" />
  </ItemGroup>

</Project>

But still not working. This is the latest console output:

[Informational] Azure-Core: Request [759ca3fb-cd7f-44f2-867c-3ab110958761] GET https://local-tools-kv.vault.azure.net/secrets/app-insights-connection-string/?api-version=7.5
Content-Type:application/json
Accept:application/json
x-ms-client-request-id:759ca3fb-cd7f-44f2-867c-3ab110958761
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Security.KeyVault.Secrets/4.6.0 (.NET 9.0.3; Ubuntu 24.04.2 LTS)
client assembly: Azure.Security.KeyVault.Secrets
[Warning] Azure-Core: Error response [759ca3fb-cd7f-44f2-867c-3ab110958761] 401 Unauthorized (00.6s)
Cache-Control:no-cache
Pragma:no-cache
x-ms-keyvault-region:westus
x-ms-client-request-id:759ca3fb-cd7f-44f2-867c-3ab110958761
x-ms-request-id:dbf5802d-8dc7-45c8-890b-e1206f7ae5a1
x-ms-keyvault-service-version:1.9.2256.1
x-ms-keyvault-network-info:conn_type=Ipv4;addr=128.203.75.108;act_addr_fam=InterNetwork;
X-Content-Type-Options:REDACTED
Strict-Transport-Security:REDACTED
WWW-Authenticate:Bearer authorization="https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47", resource="https://vault.azure.net"
Date:Wed, 09 Apr 2025 16:14:53 GMT
Content-Type:application/json; charset=utf-8
Expires:-1
Content-Length:97

[Informational] Azure-Identity: ManagedIdentityCredential.GetToken invoked. Scopes: [ https://vault.azure.net/.default ] ParentRequestId: 759ca3fb-cd7f-44f2-867c-3ab110958761
[Informational] Azure-Identity: Managed Identity source selected: MachineLearning with ID: ClientId b29183f9-a548-4062-a211-7bc1c4c825d4
[Informational] Azure-Identity: ManagedIdentitySource TokenExchangeManagedIdentitySource was attempted. IsSelected=False.
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-09 16:14:53Z - 655748c2-25cc-434a-8576-28ebc4939357] MSAL MSAL.NetCore with assembly version '4.69.1.0'. CorrelationId(655748c2-25cc-434a-8576-28ebc4939357)
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-09 16:14:53Z - 655748c2-25cc-434a-8576-28ebc4939357] === AcquireTokenForManagedIdentityParameters ===
ForceRefresh: False
Resource: https://vault.azure.net
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-09 16:14:53Z - 655748c2-25cc-434a-8576-28ebc4939357] 
=== Request Data ===
Authority Provided? - True
Scopes - https://vault.azure.net
Extra Query Params Keys (space separated) - 
ApiId - AcquireTokenForUserAssignedManagedIdentity
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 655748c2-25cc-434a-8576-28ebc4939357
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured: 

[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-09 16:14:53Z - 655748c2-25cc-434a-8576-28ebc4939357] === Token Acquisition (ManagedIdentityAuthRequest) started:
	 Scopes: https://vault.azure.net
	Authority Host: login.microsoftonline.com
[LogAlways] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-09 16:14:53Z - 655748c2-25cc-434a-8576-28ebc4939357] [Internal cache] Total number of cache partitions found while getting access tokens: 0
[LogAlways] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-09 16:14:53Z - 655748c2-25cc-434a-8576-28ebc4939357] [FindAccessTokenAsync] Discovered 0 access tokens in cache using partition key: b29183f9-a548-4062-a211-7bc1c4c825d4_managed_identity_AppTokenCache
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-09 16:14:53Z - 655748c2-25cc-434a-8576-28ebc4939357] [ManagedIdentityRequest] No cached access token. Getting a token from the managed identity endpoint.
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-09 16:14:53Z - 655748c2-25cc-434a-8576-28ebc4939357] [ManagedIdentityRequest] Checking for a cached access token.
[LogAlways] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-09 16:14:53Z - 655748c2-25cc-434a-8576-28ebc4939357] [Internal cache] Total number of cache partitions found while getting access tokens: 0
[LogAlways] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-09 16:14:53Z - 655748c2-25cc-434a-8576-28ebc4939357] [FindAccessTokenAsync] Discovered 0 access tokens in cache using partition key: b29183f9-a548-4062-a211-7bc1c4c825d4_managed_identity_AppTokenCache
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-09 16:14:53Z - 655748c2-25cc-434a-8576-28ebc4939357] [ManagedIdentityRequest] Acquiring a token from the managed identity endpoint.
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-09 16:14:53Z - 655748c2-25cc-434a-8576-28ebc4939357] [Region discovery] Not using a regional authority. 
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-09 16:14:53Z - 655748c2-25cc-434a-8576-28ebc4939357] [Instance Discovery] Skipping Instance discovery because it is disabled. 
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-09 16:14:53Z - 655748c2-25cc-434a-8576-28ebc4939357] [Managed Identity] Detecting managed identity source...
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-09 16:14:53Z - 655748c2-25cc-434a-8576-28ebc4939357] [Managed Identity] Machine Learning detected.
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-09 16:14:53Z - 655748c2-25cc-434a-8576-28ebc4939357] [Managed Identity] Machine learning managed identity is available.
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-09 16:14:53Z - 655748c2-25cc-434a-8576-28ebc4939357] [Managed Identity] Environment variables validation passed for machine learning managed identity. Endpoint URI: http://localhost:46809/MSI/token. Creating machine learning managed identity.
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-09 16:14:53Z - 655748c2-25cc-434a-8576-28ebc4939357] [Managed Identity] Adding user assigned client id to the request.
[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-09 16:14:53Z - 655748c2-25cc-434a-8576-28ebc4939357] [Managed Identity] Sending request to managed identity endpoints.
[Informational] Azure-Core: Request [02d803f2-aaa1-4d21-82fb-a940dd986923] GET http://localhost:46809/MSI/token?api-version=2017-09-01&resource=REDACTED&client_id=REDACTED
Metadata:REDACTED
secret:REDACTED
x-ms-client-request-id:02d803f2-aaa1-4d21-82fb-a940dd986923
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.14.0-beta.2 (.NET 9.0.3; Ubuntu 24.04.2 LTS)
client assembly: Azure.Identity
[Warning] Azure-Core: Error response [02d803f2-aaa1-4d21-82fb-a940dd986923] 400 Bad Request (00.1s)
Date:Wed, 09 Apr 2025 16:14:53 GMT
Content-Type:text/plain; charset=utf-8
Content-Length:60

[Informational] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-09 16:14:53Z - 655748c2-25cc-434a-8576-28ebc4939357] Response status code does not indicate success: 400 (BadRequest). 
[Warning] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-09 16:14:53Z - 655748c2-25cc-434a-8576-28ebc4939357] Request retry failed.
[Error] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-09 16:14:53Z - 655748c2-25cc-434a-8576-28ebc4939357] [Managed Identity] The error response was either empty or could not be parsed.. Error response received from the server: InternalError - :{
Info: Request failure status code: 404

}.
[Error] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-09 16:14:53Z - 655748c2-25cc-434a-8576-28ebc4939357] [Managed Identity] request failed, HttpStatusCode: BadRequest Error message: [Managed Identity] The error response was either empty or could not be parsed.. Error response received from the server: InternalError - :{
Info: Request failure status code: 404

}.
[Error] Azure-Identity: False MSAL 4.69.1.0 MSAL.NetCore .NET 9.0.3 Linux [2025-04-09 16:14:53Z - 655748c2-25cc-434a-8576-28ebc4939357] Exception type: Microsoft.Identity.Client.MsalServiceException
, ErrorCode: managed_identity_request_failed
HTTP StatusCode 400
CorrelationId 655748c2-25cc-434a-8576-28ebc4939357
To see full exception details, enable PII Logging. See https://aka.ms/msal-net-logging
   at Microsoft.Identity.Client.ManagedIdentity.AbstractManagedIdentity.HandleResponseAsync(AcquireTokenForManagedIdentityParameters parameters, HttpResponse response, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.ManagedIdentity.AbstractManagedIdentity.AuthenticateAsync(AcquireTokenForManagedIdentityParameters parameters, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.SendTokenRequestForManagedIdentityAsync(ILoggerAdapter logger, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.GetAccessTokenAsync(CancellationToken cancellationToken, ILoggerAdapter logger)
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.ExecuteAsync(CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)

[Informational] Azure-Identity: ManagedIdentityCredential.GetToken was unable to retrieve an access token. Scopes: [ https://vault.azure.net/.default ] ParentRequestId: 759ca3fb-cd7f-44f2-867c-3ab110958761 Exception: Azure.Identity.AuthenticationFailedException (0x80131500): ManagedIdentityCredential authentication failed: [Managed Identity] The error response was either empty or could not be parsed.. Error response received from the server: InternalError - :{
Info: Request failure status code: 404

}.
See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/managedidentitycredential/troubleshoot
 ---> Microsoft.Identity.Client.MsalServiceException (0x80131500): [Managed Identity] The error response was either empty or could not be parsed.. Error response received from the server: InternalError - :{
Info: Request failure status code: 404

}.
Unhandled exception. Azure.Identity.AuthenticationFailedException: ManagedIdentityCredential authentication failed: [Managed Identity] The error response was either empty or could not be parsed.. Error response received from the server: InternalError - :{
Info: Request failure status code: 404

}.
See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/managedidentitycredential/troubleshoot
 ---> MSAL.NetCore.4.69.1.0.MsalServiceException:
	ErrorCode: managed_identity_request_failed
Microsoft.Identity.Client.MsalServiceException: [Managed Identity] The error response was either empty or could not be parsed.. Error response received from the server: InternalError - :{
Info: Request failure status code: 404

}.
   at Microsoft.Identity.Client.ManagedIdentity.AbstractManagedIdentity.HandleResponseAsync(AcquireTokenForManagedIdentityParameters parameters, HttpResponse response, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.ManagedIdentity.AbstractManagedIdentity.AuthenticateAsync(AcquireTokenForManagedIdentityParameters parameters, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.SendTokenRequestForManagedIdentityAsync(ILoggerAdapter logger, CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.GetAccessTokenAsync(CancellationToken cancellationToken, ILoggerAdapter logger)
   at Microsoft.Identity.Client.Internal.Requests.ManagedIdentityAuthRequest.ExecuteAsync(CancellationToken cancellationToken)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext()
--- End of stack trace from previous location ---
   at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
   at Microsoft.Identity.Client.ApiConfig.Executors.ManagedIdentityExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenForManagedIdentityParameters managedIdentityParameters, CancellationToken cancellationToken)
   at Azure.Identity.MsalManagedIdentityClient.AcquireTokenForManagedIdentityAsyncCore(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](ValueTask`1 task)
   at Azure.Identity.MsalManagedIdentityClient.AcquireTokenForManagedIdentity(TokenRequestContext requestContext, CancellationToken cancellationToken)
   at Azure.Identity.ManagedIdentityClient.AuthenticateAsync(Boolean async, TokenRequestContext context, CancellationToken cancellationToken)
   at Azure.Identity.ManagedIdentityCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
	StatusCode: 400 
	ResponseBody:  
	Headers: 
   --- End of inner exception stack trace ---
   at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex, String additionalMessage, Boolean isCredentialUnavailable)
   at Azure.Identity.ManagedIdentityCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](ValueTask`1 task)
   at Azure.Identity.ManagedIdentityCredential.GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.SetResultOnTcsFromCredentialAsync(TokenRequestContext context, TaskCompletionSource`1 targetTcs, Boolean async, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.GetAuthHeaderValueAsync(HttpMessage message, TokenRequestContext context, Boolean async)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](Task`1 task)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.TokenRequestState.GetCurrentHeaderValue(Boolean async, Boolean checkForCompletion, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AccessTokenCache.GetAuthHeaderValueAsync(HttpMessage message, TokenRequestContext context, Boolean async)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](ValueTask`1 task)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.AuthenticateAndAuthorizeRequest(HttpMessage message, TokenRequestContext context)
   at Azure.Security.KeyVault.ChallengeBasedAuthenticationPolicy.AuthorizeRequestOnChallengeAsyncInternal(HttpMessage message, Boolean async)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted[T](ValueTask`1 task)
   at Azure.Security.KeyVault.ChallengeBasedAuthenticationPolicy.AuthorizeRequestOnChallenge(HttpMessage message)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted(ValueTask task)
   at Azure.Core.Pipeline.BearerTokenAuthenticationPolicy.Process(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.RedirectPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted(ValueTask task)
   at Azure.Core.Pipeline.RedirectPolicy.Process(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.TaskExtensions.EnsureCompleted(ValueTask task)
   at Azure.Core.Pipeline.RetryPolicy.Process(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.Process(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.Process(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelinePolicy.ProcessNext(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipelineSynchronousPolicy.Process(HttpMessage message, ReadOnlyMemory`1 pipeline)
   at Azure.Core.Pipeline.HttpPipeline.Send(HttpMessage message, CancellationToken cancellationToken)
   at Azure.Core.Pipeline.HttpPipeline.SendRequest(Request request, CancellationToken cancellationToken)
   at Azure.Security.KeyVault.KeyVaultPipeline.SendRequest(Request request, CancellationToken cancellationToken)
   at Azure.Security.KeyVault.KeyVaultPipeline.SendRequest[TResult](RequestMethod method, Func`1 resultFactory, CancellationToken cancellationToken, String[] path)
   at Azure.Security.KeyVault.Secrets.SecretClient.GetSecret(String name, String version, CancellationToken cancellationToken)
   at Program.<Main>$(String[] args) in C:\repos\local-tools-aegis\QuerySetCreation\AMLPipelines\src\AMLComponents\dummy\Program.cs:line 15

Looks to me like it is still trying to use MSAL at 4.69.1 anyway.

[Robbie-Microsoft]

According to the logs, you're still on the old version. Are you on .net classic? If so, you'll need to update bindingRedirect.

[eugencutic]

I am on dotnet9, a clean rebuild did the trick 😄
MASL.NET (Microsoft.Identity.Client) at 4.70.1 fixed the problem!
Thank you for your support!

[Robbie-Microsoft]

@christothes, do you have an ETA for when you can publish a new version of Azure-Identity-for-net that includes the latest version of MSAL.NET?

[christothes]

It will be early May.