I am trying to run a PowerShell script that calls Get-AzKeyVaultSecret using examples provided per Microsoft and keep getting an error stating No such host is known.
Generically, the error is simple enough but the fact that I’m not specifying a host address or IP during the call makes the error seem very abstract from the actual issue.
Line |
14 | Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name $SecretName
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| No such host is known.
I have tried just about everything I can think of to get this working and this is the error I receive everytime. I’ve checked that I have the appropriate privileges in Azure Access Policies and also check that I have the Access Control roles and etc. So I don’t understand the error message.
I was previously attempting this using the AzureRM Powershell module but since realizing it is soon due for deprecation within a couple of years; I opted to go this route but it doesn’t seem to be working.
What exactly does no such host mean and how do I resolve the problem? I am running under PowerShell 7
Because of the 1st comment regarding posting the remainder of the Script; I’ll add that I receive the same error when calling the method directly in the PowerShell window.
PS C:SQL ScriptsPowerShell> Get-AzKeyVaultSecret -VaultName 'myKeyVaultName' -Name 'myKeyVaultSecretName'
Get-AzKeyVaultSecret: No such host is known.
3
Answers
SHORT VERSION ANSWER: The environment needs to be specified when working within private sectors such as Government, Education and etc.
LONG ANSWER/EXPLANATION: The comment by @Ked Mardemootoo led me to view the issue from a different perspective. In a manner of sorts, the issue was determined to be somewhat network related and perhaps arguably a "DNS" issue but not a DNS issue as it were to relate to the system from where the call is being made.
The Get-AzKeyVaultSecret module performs some work underneath the hood which includes resolving the FQDN of the requested resource among other things using the Credentials provided to connect via the Connect-AzAccount module
In most common scenarios these requests are routed to Azure on the public networks but on a comparatively smaller scale where Azure is on a private sector/network e.g. Educational, Government and etc. there is an additional parameter switch where the Environment needs to be specified.
Connect-AzAccount
Connects User within public domain
Connect-AzAccount -Environment
Connects User within the private domain/sector specified with the Environment switch
If you have an Azure account, both methods will log you onto the Azure platform but if you're on a private sector and attempt to subsequently use modules to acquire information or resources without having designated the environment; you will receive the no such host is known
The error is somewhat cryptic and abstract and in my opinion should have been more specific to better clue the user as to the actual problem. Such as Resource not found or something similar.
Once I specified the Environment (something that isn't front and center in the documentation that I accessed); the module functioned as expected.
Hopefully this information helps others from falling into this pit of obscurity.
It appears there’s something wrong with the DNS resolution on your machine.
I’d suggest running the command from a different device or from the Azure CloudShell to narrow it down further.
I’ve tried to replicate it on my end (within my context/subscription) to see what kind of error message shows up in different scenarios.
Wrong KV name shows clear error message:
Correct KV name but wrong Secret doesn’t show any error/output:
Correct KV and secret name but no access via access policies:
Correct KV and secret name with the right access policies:
Get-AzKeyVaultSecret -VaultName 'myKeyVaultName' -Name 'myKeyVaultSecretName' -Debug
You can toggle -Debug switch to see the "Absolute Uri". You will see something like:
https://myKeyVaultName.vault.azure.net/secrets/myKeyVaultSecretName
You will get an error (no such host is known) if there is a typo in the VaultName or the VaultName does not exist.