skip to Main Content

I am trying to run a PowerShell script that calls Get-AzKeyVaultSecret using examples provided per Microsoft and keep getting an error stating No such host is known.

Generically, the error is simple enough but the fact that I’m not specifying a host address or IP during the call makes the error seem very abstract from the actual issue.

Line |
14 |  Get-AzKeyVaultSecret -VaultName $KeyVaultName -Name $SecretName
   |   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   | No such host is known.

I have tried just about everything I can think of to get this working and this is the error I receive everytime. I’ve checked that I have the appropriate privileges in Azure Access Policies and also check that I have the Access Control roles and etc. So I don’t understand the error message.

I was previously attempting this using the AzureRM Powershell module but since realizing it is soon due for deprecation within a couple of years; I opted to go this route but it doesn’t seem to be working.

What exactly does no such host mean and how do I resolve the problem? I am running under PowerShell 7

Because of the 1st comment regarding posting the remainder of the Script; I’ll add that I receive the same error when calling the method directly in the PowerShell window.

PS C:SQL ScriptsPowerShell> Get-AzKeyVaultSecret -VaultName 'myKeyVaultName' -Name 'myKeyVaultSecretName'
Get-AzKeyVaultSecret: No such host is known.

3

Answers


  1. Chosen as BEST ANSWER

    SHORT VERSION ANSWER: The environment needs to be specified when working within private sectors such as Government, Education and etc.

    LONG ANSWER/EXPLANATION: The comment by @Ked Mardemootoo led me to view the issue from a different perspective. In a manner of sorts, the issue was determined to be somewhat network related and perhaps arguably a "DNS" issue but not a DNS issue as it were to relate to the system from where the call is being made.

    The Get-AzKeyVaultSecret module performs some work underneath the hood which includes resolving the FQDN of the requested resource among other things using the Credentials provided to connect via the Connect-AzAccount module

    In most common scenarios these requests are routed to Azure on the public networks but on a comparatively smaller scale where Azure is on a private sector/network e.g. Educational, Government and etc. there is an additional parameter switch where the Environment needs to be specified.

    Connect-AzAccount

    Connects User within public domain

    Connect-AzAccount -Environment

    Connects User within the private domain/sector specified with the Environment switch

    If you have an Azure account, both methods will log you onto the Azure platform but if you're on a private sector and attempt to subsequently use modules to acquire information or resources without having designated the environment; you will receive the no such host is known

    The error is somewhat cryptic and abstract and in my opinion should have been more specific to better clue the user as to the actual problem. Such as Resource not found or something similar.

    Once I specified the Environment (something that isn't front and center in the documentation that I accessed); the module functioned as expected.

    Hopefully this information helps others from falling into this pit of obscurity.


  2. It appears there’s something wrong with the DNS resolution on your machine.

    I’d suggest running the command from a different device or from the Azure CloudShell to narrow it down further.

    I’ve tried to replicate it on my end (within my context/subscription) to see what kind of error message shows up in different scenarios.

    Wrong KV name shows clear error message:

    PS /Users/kedmardemootoo> Get-AzKeyVaultSecret -VaultName 'kv-wrong-name' -Name 'correct-secret-name'
    Get-AzKeyVaultSecret: nodename nor servname provided, or not known
    

    Correct KV name but wrong Secret doesn’t show any error/output:

    PS /Users/kedmardemootoo> Get-AzKeyVaultSecret -VaultName 'kv-correct-name' -Name 'wrong-secret-name'
    

    Correct KV and secret name but no access via access policies:

    PS /Users/kedmardemootoo> Get-AzKeyVaultSecret -VaultName 'kv-correct-name' -Name 'wrong-secret-name'
    Get-AzKeyVaultSecret: Operation returned an invalid status code 'Forbidden'
    

    Correct KV and secret name with the right access policies:

    PS /Users/kedmardemootoo> Get-AzKeyVaultSecret -VaultName 'kv-correct-name' -Name 'correct-secret-name'
    Vault Name   : kv-correct-name
    Name         : correct-secret-name
    Version      : 0abbb10de45a1235f5544
    Id           : https://kv-correct-name.vault.azure.net:443/secrets/correct-secret-name/0abbb10de45a1235f5544
    Enabled      : True
    Expires      : 06/03/2022 05:20:05
    Not Before   :
    Created      : 06/03/2022 05:29:07
    Updated      : 06/03/2022 05:34:09
    Content Type : 
    Tags         :
    
    
    Login or Signup to reply.
  3. Get-AzKeyVaultSecret -VaultName 'myKeyVaultName' -Name 'myKeyVaultSecretName' -Debug

    You can toggle -Debug switch to see the "Absolute Uri". You will see something like:
    https://myKeyVaultName.vault.azure.net/secrets/myKeyVaultSecretName

    You will get an error (no such host is known) if there is a typo in the VaultName or the VaultName does not exist.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search