0

My objective is to check if files exist in a folder in blob container. Access to Storage from portal is closed, so here is what I have:

  1. VM with PowerShell and Azure Storage Explorer
  2. Path to files: mycontainer/in/data/documents/
  3. Connection string (amended): BlobEndpoint=https://storagecont01.blob.core.windows.net/;QueueEndpoint=https://storageacont01.queue.core.windows.net/;FileEndpoint=https://storageacont01.file.core.windows.net/;TableEndpoint=https://storageacont01.table.core.windows.net/;SharedAccessSignature=sv=2019-06-00&ss=bxqt&srt=sco&sp=xwlacux&se=2019-06-00T00:00:05Z&st=2019-06-00T01:30:00Z&spr=https&sig=Sz%2zxdadzca1e137zzdzdq131D%21366bpafOrAAdac%3D

My AD Account does not have access to these files but I successfully connected via Azure Storage Account with connection string above and I successfully copied files with Azcopy

Following the thread How to list Azure Storage Containers and Blobs here is what I tried (unsuccessfully, get-azstorageblob is not working too):

$ctx = New-AzStorageContext -StorageAccountName "storageacont01"  -sastoken "sv=2019-06-00&ss=bxqt&srt=sco&sp=xwlacux&se=2019-06-00T00:00:05Z&st=2019-06-00T01:30:00Z&spr=https&sig=Sz%2zxdadzca1e137zzdzdq131D%21366bpafOrAAdac%3D"

get-azstoragecontainer -container "mycontainer" -Context $ctx -Debug

My questions are:

  1. am I doing something wrong?
  2. is it possible, connection string I was given restricts access from PowerShell?

UPD: Account Kind StorageV2 (general purpose v2)

Here is the debug output:

DEBUG: 2:27:30 PM - GetAzureStorageContainerCommand begin processing with ParameterSet 'ContainerName'.
DEBUG: 2:27:30 PM - Use storage account 'storagecont1' from storage context.
DEBUG: Request [9888e1b0-b7f1-47ba-b9bb-116263ead7dd] GET https://storagecont1.blob.core.windows.net/mycontainer?sv=2000-00-00&ss=bfqt&srt=sco&sp=rwlacup&se=2000-00-00T08:37:05Z&st=2000-00-00
T00:30:005Z&spr=https&sig=REDACTED&restype=container
x-ms-version:2020-04-08
User-Agent:AzurePowershell/v1.0.0,azsdk-net-Storage.Blobs/12.8.0 (.NET Framework 4.7.3850.0; Microsoft Windows 10.0.14393 )
x-ms-client-request-id:9888e1b0-b7f1-47ba-b9bb-116263ead7dd
x-ms-return-client-request-id:true
client assembly: Azure.Storage.Blobs
DEBUG: Error response [9888e1b0-b7f1-47ba-b9bb-116263ead7dd] 503 Service Unavailable (00.2s)
Mime-Version:REDACTED
X-Squid-Error:REDACTED
Vary:Accept-Language
Content-Language:en
Content-Length:3888
Content-Type:text/html;charset=utf-8
Date:Sun, 03 Oct 2021 03:27:27 GMT
Server:squid/4.10

...... 4 more retries ......

get-azstoragecontainer : The 'meta' start tag on line 4 position 2 does not match the end tag of 'head'. Line 117, position 3.
At line:2 char:2
+  get-azstoragecontainer -container "mycontainer" -Context $ctx -Debug
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [Get-AzStorageContainer], XmlException
    + FullyQualifiedErrorId : XmlException,Microsoft.WindowsAzure.Commands.Storage.Blob.Cmdlet.GetAzureStorageContainerCommand
 
DEBUG: 2:27:59 PM - GetAzureStorageContainerCommand end processing, Start 24 remote calls. Finish 0 remote calls. Elapsed time 3044243.02 ms. Client operation id: Azure-Storage-PowerShell-d39
4497f-0e4f-4e13-bc40-079df6bf143c.
DEBUG: AzureQoSEvent: Module: Az.Storage:3.11.0; CommandName: Get-AzStorageContainer; PSVersion: 5.1.14393.4583; IsSuccess: False; Duration: 00:00:28.2957856; Exception: The 'meta' start tag 
on line 4 position 2 does not match the end tag of 'head'. Line 117, position 3.;
DEBUG: Finish sending metric.
DEBUG: 2:28:00 PM - GetAzureStorageContainerCommand end processing.
Improve this question
5
  • One thing I noticed is that your SAS token has expired. Commented Oct 3, 2021 at 4:36
  • I randomly changed the token for security considerations. Its fake in the post. It’s not expired Commented Oct 3, 2021 at 6:09
  • Can you share an actual SAS token? Just obfuscate the sig part of it before sharing. I’m guessing there’s an issue with REST API version mismatch. Commented Oct 3, 2021 at 7:43
  • @GauravMantri sv=2020-08-04&ss=bfqt&srt=sco&sp=rwlacup&se=2021-10-23T08:37:05Z&st=2021-09-23T01:37:05Z&spr=https&sig={signature} Commented Oct 3, 2021 at 11:09
  • @GauravMantri not sure how important this is. Account kind :StorageV2 (general purpose v2) Commented Oct 3, 2021 at 11:42

1 Answer 1

Reset to default
1

Apparently the issue was min TLS requirement was not met on the client (VM) side. The below code changes TLS for current PowerShell session:

$TLS12Protocol = [System.Net.SecurityProtocolType] 'Ssl3 , Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $TLS12Protocol

As per doc from Microsoft: https://learn.microsoft.com/en-us/azure/databox-online/azure-stack-edge-gpu-configure-tls-settings

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.