yes it does..
I imagine the customer followed this process to create a service principal;
Workflow for Setting Up a High Availability Cluster in Azure (checkpoint.com)
"The Check Point Cluster template automatically deploys the Virtual Machine with a system-assigned managed identity and assigns a Contributor role to the Cluster resource group. Therefore, you do not have to create your own service principal. For more information, see What is managed identities for Azure resources?
After you deploy a Check Point Cluster, the automatic credentials can be found in Azure Portal > Resource groups > cluster_resource_group > Access control (IAM). There are two service principals for each Cluster Member, each with a Contributor role."
I created a service principle in my dev tenant and this does create a registered app - also in my lab its failing in the same way as the customer's environment.
[Expert@exampleclus2:0]# $FWDIR/scripts/azure_ha_test.py
Setting api versions for "ha" solution
ARM versions are: {
"resources": "?api-version=2019-07-01"
}
Testing if DNS is configured...
- Primary DNS server is: 168.63.129.16
Testing if DNS is working...
- DNS resolving test was successful
Testing connectivity to login.microsoftonline.com:443...
Testing ClusterXL parameters...
Testing cluster interface configuration...
Testing credentials...
Error:
HTTP/1.1 401 Unauthorized
b'{"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app \'05c984e8-bff8-48c6-a761-b1ff7cb75f62\'. Trace ID: fecc30d7-326c-4f36-8d7b-4a9adab17100 Correlation ID: f5692817-2085-4f73-b84b-03e6f4237e55 Timestamp: 2024-07 -19 08:55:03Z","error_codes":[7000215],"timestamp":"2024-07-19 08:55:03Z","trace_id":"fecc30d7-326c-4f36-8d7b-4a9adab17100","correlation_id":"f5692817-2085-4f73-b84b-03e6f4237e55","error_uri ":"https://login.microsoftonline.com/error?code=7000215"}'
05c984e8-bff8-48c6-a761-b1ff7cb75f62 is the application/client-ID in azure.
So this wouldn't show in smartconsole and explains why I couldn't find it.
As its an optional step I take it this is no longer needed? I guess we should follow the process to revert(?);
seemed to work in my dev tenant;
[Expert@exampleclus2:0]# $FWDIR/scripts/azure_ha_test.py
Setting api versions for "ha" solution
ARM versions are: {
"resources": "?api-version=2019-07-01"
}
Testing if DNS is configured...
- Primary DNS server is: 168.63.129.16
Testing if DNS is working...
- DNS resolving test was successful
Testing connectivity to login.microsoftonline.com:443...
Testing ClusterXL parameters...
Testing cluster interface configuration...
Testing credentials...
Error:
HTTP/1.1 401 Unauthorized
b'{"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app \'05c984e8-bff8-48c6-a761-b1ff7cb75f62\'. Trace ID: fecc30d7-326c-4f36-8d7b-4a9adab17100 Correlation ID: f5692817-2085-4f73-b84b-03e6f4237e55 Timestamp: 2024-07 -19 08:55:03Z","error_codes":[7000215],"timestamp":"2024-07-19 08:55:03Z","trace_id":"fecc30d7-326c-4f36-8d7b-4a9adab17100","correlation_id":"f5692817-2085-4f73-b84b-03e6f4237e55","error_uri ":"https://login.microsoftonline.com/error?code=7000215"}'
[Expert@exampleclus2:0]# azure-ha-conf --system-assigned --force
[Expert@exampleclus2:0]# $FWDIR/scripts/azure_ha_test.py
Setting api versions for "ha" solution
ARM versions are: {
"resources": "?api-version=2019-07-01"
}
Testing if DNS is configured...
- Primary DNS server is: 168.63.129.16
Testing if DNS is working...
- DNS resolving test was successful
Testing connectivity to login.microsoftonline.com:443...
Testing ClusterXL parameters...
Testing cluster interface configuration...
Testing credentials...
Getting information about the environment...
Getting information about the VM exampleclus2...
Id : /subscriptions/9ec20cba-d227-45c9-a6d4-b72690a15358/resourceGroups/examplerg/providers/Microsoft.Network/networkInterfaces/exampleclus2-eth0
Subscription : 9ec20cba-d227-45c9-a6d4-b72690a15358
Resource group: examplerg
Type : Microsoft.Network/networkInterfaces
Name : exampleclus2-eth0
Attempting to read - [OK]
Attempting to write - [OK]
Getting information about the VM exampleclus1...
Id : /subscriptions/9ec20cba-d227-45c9-a6d4-b72690a15358/resourceGroups/examplerg/providers/Microsoft.Network/networkInterfaces/exampleclus1-eth0
Subscription : 9ec20cba-d227-45c9-a6d4-b72690a15358
Resource group: examplerg
Type : Microsoft.Network/networkInterfaces
Name : exampleclus1-eth0
Attempting to read - [OK]
Attempting to write - [OK]
Testing cluster public IP address...
Id : /subscriptions/9ec20cba-d227-45c9-a6d4-b72690a15358/resourcegroups/examplerg/providers/Microsoft.Network/publicIPAddresses/exampleclus
Subscription : 9ec20cba-d227-45c9-a6d4-b72690a15358
Resource group: examplerg
Type : Microsoft.Network/publicIPAddresses
Name : exampleclus
Attempting to read - [OK]
Verifying Azure interface configuration...
- Interface eth1: local IP address = 172.16.1.6, peer IP address = 172.16.1.5
- Interface eth0: local IP address = 172.16.0.5, peer IP address = 172.16.0.4
All tests were successful!