Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: None
Affects Version/s: 4.21
Labels:
- trt-incident

Activity Type:
Incidents & Support
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
None

Target Version:
None
Release Blocker:
None
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Starting with 4.21.0-0.ci-2025-11-27-155308 and occurring as of 4.21.0-0.ci-2025-11-28-095313, the hypershift-e2e-aks job is failing with errors like:

        POST https://login.microsoftonline.com/520cf09d-78ff-44ed-a731-abd623e73b09/oauth2/v2.0/token
        --------------------------------------------------------------------------------
        RESPONSE 401: 401 Unauthorized
        --------------------------------------------------------------------------------
        {
          "error": "invalid_client",
          "error_description": "AADSTS700027: The certificate with identifier used to sign the client assertion is expired on application. [Reason - The key used is expired., Found key 'Start=11/27/2024 17:30:53, End=11/27/2025 17:30:53', Please visit the Azure Portal, Graph Explorer or directly use MS Graph to see configured keys for app Id 'ad276877-160e-403d-afaf-e5970977885f'. Review the documentation at https://docs.microsoft.com/en-us/graph/deployments to determine the corresponding service endpoint and https://docs.microsoft.com/en-us/graph/api/application-get?view=graph-rest-1.0&tabs=http to build a query request URL, such as 'https://graph.microsoft.com/beta/applications/ad276877-160e-403d-afaf-e5970977885f']. Trace ID: a4352850-0dae-4120-9365-8fa5c3f13100 Correlation ID: 1196a259-3fb2-4579-b79c-77668aa50f9f Timestamp: 2025-11-28 13:22:58Z",
          "error_codes": [
            700027
          ],
          "timestamp": "2025-11-28 13:22:58Z",
          "trace_id": "a4352850-0dae-4120-9365-8fa5c3f13100",
          "correlation_id": "1196a259-3fb2-4579-b79c-77668aa50f9f",
          "error_uri": "https://login.microsoftonline.com/error?code=700027"
        }
        --------------------------------------------------------------------------------
        To troubleshoot, visit https://aka.ms/azsdk/go/identity/troubleshoot#client-cert)

Example failure: https://prow.ci.openshift.org/view/gs/test-platform-results/logs/periodic-ci-openshift-hypershift-release-4.21-periodics-e2e-aks/1994388378233081856

Pinged HyperShift IC: https://redhat-internal.slack.com/archives/C01CQA76KMX/p1764273035073279

Assignee:: Unassigned

Reporter:: Petr Muller

Need Info From:: None

Contributors:: None

Architect:: None

QA Contact:: None

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2025/11/28 2:18 PM

Updated:: 2025/12/29 1:20 PM

Resolved:: 2025/12/01 2:02 PM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates