Azure Account Extension ( Sign in ) You appear to be offline Please Check your network.

[ChennaiTechie]

[ChennaiTechie]

Device: MacOS
Vscode: Version: 1.76.1

During Azure Sign in Process am getting an error you appear to be offline Please Check your network.

[jonasohrn]

I have the same issue.
Also latest vscode (arm64).

Looking at logs (see #147), I see this this error in the Extension host log "1-Azure Account.log":

Attempting to reach URL "https://login.microsoftonline.com/"...
certificate has expired

and this in "exthost.log":
2023-03-14 10:37:57.456 [debug] ProxyResolver#resolveProxy cached https://login.microsoftonline.com/ DIRECT
Both of them adds one line of this content every 5 seconds.

The SSL certificate on login.microsoftonline.com is NOT invalid but issued three weeks ago (Feb 24th), so quite new.
Is there some bundled certificates in Electron? - this was suggested in the discussions in #147

Details:
Version: 1.76.1
Commit: 5e805b79fcb6ba4c2d23712967df89a089da575b
Date: 2023-03-08T16:48:08.231Z
Electron: 19.1.11
Chromium: 102.0.5005.196
Node.js: 16.14.2
V8: 10.2.154.26-electron.0
OS: Darwin arm64 22.3.0
Sandboxed: No

[jonasohrn]

It works from another Macbook from same network (also running Ventura but not enrolled)
Both nslookup and dig results in same records for login.microsoftonline.com for both MAcbooks:

;; ANSWER SECTION:
login.microsoftonline.com. 8244	IN	CNAME	login.mso.msidentity.com.
login.mso.msidentity.com. 50	IN	CNAME	ak.privatelink.msidentity.com.
ak.privatelink.msidentity.com. 120 IN	CNAME	www.tm.ak.prd.aadg.akadns.net.
www.tm.ak.prd.aadg.akadns.net. 300 IN	A	20.190.160.15
www.tm.ak.prd.aadg.akadns.net. 300 IN	A	40.126.32.132

curl reports certificate is ok:

curl -v "https://login.microsoftonline.com"
*   Trying 20.190.160.12:443...
* Connected to login.microsoftonline.com (20.190.160.12) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
*  subject: C=US; ST=Washington; L=Redmond; O=Microsoft Corporation; CN=stamp2.login.microsoftonline.com
*  start date: Feb 24 00:00:00 2023 GMT
*  expire date: Feb 24 23:59:59 2024 GMT
*  subjectAltName: host "login.microsoftonline.com" matched cert's "login.microsoftonline.com"
*  issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
*  SSL certificate verify ok.
> GET / HTTP/1.1
> Host: login.microsoftonline.com
> User-Agent: curl/7.86.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 302 Found
< Cache-Control: no-store, no-cache
< Pragma: no-cache
< Content-Type: text/html; charset=utf-8
< Expires: -1
< Location: https://www.office.com/login#

[jonasohrn]

SOLVED for me: Works when updating vscode settings (reload required): "http.systemCertificates": false

[kcaswick]

Same issue here, logs show this repeated endlessly:

Attempting to reach URL "https://login.microsoftonline.com/"...
certificate has expired

My token should be expired and it should have asked me to sign in, but it never did.
Going into Settings (UI) and unchecking http.systemCertificates it appeared to stop immediately and give me the option to sign in. Once signed in, it appears I can re-enable system certificates.

[alexweininger]

Same issue here, logs show this repeated endlessly:

Attempting to reach URL "https://login.microsoftonline.com/"...
certificate has expired
My token should be expired and it should have asked me to sign in, but it never did.
Going into Settings (UI) and unchecking http.systemCertificates it appeared to stop immediately and give me the option to sign in. Once signed in, it appears I can re-enable system certificates.

@kcaswick, just to clarify, were you able to fix the issue?

[kevinblumenfeld]

I too have this issue. See my comment here: #745 (comment)

[ChenghaoMou]

Having the same issue. The workaround only works if I disable all Copilot extensions.

[kcaswick]

Same issue here, logs show this repeated endlessly:

Attempting to reach URL "https://login.microsoftonline.com/"...
certificate has expired
My token should be expired and it should have asked me to sign in, but it never did.
Going into Settings (UI) and unchecking http.systemCertificates it appeared to stop immediately and give me the option to sign in. Once signed in, it appears I can re-enable system certificates.

@kcaswick, just to clarify, were you able to fix the issue?

Sorry, I missed the question earlier. The workaround with disabling security certificates and then re-enabling them after it was signed in did work for me. I wouldn't call that a fix though, given the security risk it adds.

I've updated the original comment with a blank line after the log entries, so the block quote formatting ends where it should have.

[ChenghaoMou]

Having the same issue. The workaround only works if I disable all Copilot extensions.

I found a solution, at least for me: remove all expired system certificates in the keychain (macOS). After that, I can use both copilot and azure account without any issues.

[Broderick-Westrope]

@ChenghaoMou I've got this issue when I have the Copillot extension enabled, but cannot see any expired certificates in my Keychain Access. Any other ideas for why this may be?

[ChenghaoMou]

@Broderick-Westrope If you haven't tried this: There is a setting under "View" to show expired certificates. Check certificates under both System and System Roots.

Unfortunately, I am not aware of any other solutions.

[oviliz]

For me worked by uninstalling the Azure Account extension in favour of Azure Resources alone.
Usual Micro$oft mess...

[aka0]

For me worked by uninstalling the Azure Account extension in favour of Azure Resources alone. Usual Micro$oft mess...

This solution worked for me.