none
while using corporate proxy contianer microsoft/cognitive-services-read is failing with GSSAPI errors RRS feed

  • Question

  • Question: What is the problem?
    Answer:    Hi, while using corporate proxy contianer microsoft/cognitive-services-read is failing with GSSAPI errors failing        
    Question:    
    Question:Could you please share the error message that you are getting?    
    Answer:    while running    
    docker run --rm -it -p 5000:5000 --memory 4g --cpus 2 containerpreview.azurecr.io/microsoft/cognitive-services-read  Eula=accept Billing=https://eastus.api.cognitive.microsoft.com/vision/v1.0  ApiKey=ourapikey HTTP_PROXY=ourproxy:port HTTP_PROXY_CREDS=user:pass    

        our error is    
        fail: Microsoft.CloudAI.Containers.Http.CloudClient[0] Failed to reach billing endpoint: 'GSSAPI operation failed with error - An invalid name was supplied (Configuration file does not specify default realm).    
        then in order to get rid of the eror    
        I made custom docker file and extended your container    

    and I did RUN yum install -y gssntlmssp    
    that fixed above error    
    but then a new error came up    
    Failed to reach endpoint: 'GSSAPI operation failed with error - Unspecified GSS failure. Minor code may provide more information (SPNEGO cannot find mechanisms to negotiate).'. Trying 7 more times.    

    Question: Are you referring to any document to do this?    
    Answer: documentation is https://docs.microsoft.com/en-us/azure/cognitive-services/computer-vision/computer-vision-resource-container-config    
        

    Question:    Are you using free trial subscription?    
    Answer:    yes, I also tried with paid plan too    
    Answer:    same error    
        
    Answer:    will do    

    Question:    When you create azure free trial account using work email ID which is already in the organization tenant. The free trial is also will be under the same tenant and you will have restricted access for many services.    
    Answer:    I am getting same error with "Pay as you go " apikey too    
    Question:    Please let me know if you are using the API keys that is shown in the below link :    
        https://docs.microsoft.com/en-us/azure/cognitive-services/computer-vision/computer-vision-how-to-install-containers#gathering-required-parameters    
    Answer:    yes    
        I am    
        however the error is saying that    
        the problem is lying in container (when used in proxy condition) - because when tried from Azure Ubuntu VM - without proxy - the container is Perfect.     
        Within proxy Organization environment: in both centos docker as well as windows linux contianer docker    
    because when I tried the same thing    
    outside in azure vm    
    it works    


    Question:    please let me know if you have filled the form for requesting access to the container.    

    I filled it    
    i got login    
    and able to pull container    
    using docker proxy    
    Question:    Alright.    
    Answer:    it is an implementation error    
    Question:    Karan, please try to regenerate the keys and see if that works.    
    Answer:    It works from outside    
        from azure ubuntu vm - it is perfect    
    Question:    Okay.    
        OCR works there    
        only in corporate proxy setting - i am facing this    
        Our proxy may also meddle with certificates    
    Question:    Please let me know if you have checked if there is any blocker in the corporate network as usually in corporate network there will be restrictions.    
        Since it is working outside the corp network, we are sure that there is no issue with the container.    

    Answer:    Request URL: https://socgen-gsc-ino-cognitive-vision.cognitiveservices.azure.com/vision/v1.0    
        {"error":{"code":"404","message": "Resource not found"}}    
    have any other request url to try    
        ?        
    Answer:    things works perfectly outside    
    Answer:    from outside , even if i use company apikey - it is good    

    Question:    The issues seems to be with the corporate network which is blocking.    
    Answer:    https://eastus.api.cognitive.microsoft.com/vision/v1.0    
    Answer:    also gives json    
    Answer:    {"error":{"code":"404","message": "Resource not found"}}    
    Question:    I can see that as well.    
    Answer:    this is an error from ms    
        so corp is allowing that call    
          if billing is calling via non 443 port or non 80 port - it could be an issue    
        is billing using someother non http or non standard port?    
    Question:    Not sure about that.    
    Question:    post here https://social.msdn.microsoft.com/Forums/en-US/home?forum=AzureContainerServices    

    Questions: what else have you tried

    Answer:

    docker run --rm -it -p 5000:5000 --memory 4g --cpus 2 containerpreview.azurecr.io/microsoft/cognitive-services-read  Eula=accept Billing=https://eastus.api.cognitive.microsoft.com/vision/v1.0  ApiKey=ourapikey HTTP_PROXY=http://ourproxy:port HTTP_PROXY_CREDS=user:pass   

    as well as

    docker run --rm -it -p 5000:5000 --memory 4g --cpus 2 containerpreview.azurecr.io/microsoft/cognitive-services-read  Eula=accept Billing=https://eastus.api.cognitive.microsoft.com/vision/v1.0  ApiKey=ourapikey HTTP_PROXY=http://user:pass @ourproxy:port

    also tried

    custom docker image

    With custom docker error

    I am getting two other types of error

    a. Cloud Client[0] failed with status 'Unknown'

    b. GSSAPI operation failed with error . Unspecified GSS failure Minor code.... (SPNEGO cannot find mechanisms to negotiate)

    Question: what does this say

    enddpoint:5000/status

    Answer: api key is fine and container is fine

    Even swagger is coming up

    Question: did you try installing org cert in dockerfile

    Answer: yes

    copied to

    /etc/pki/ca-trust/source/anchors/
    

    then run the following command

    update-ca-trust
    

    within the container.

    Question: did you try console debug logs

    Answer: yes I did

    Application started. Press Ctrl+C to shut down.
    fail: Microsoft.CloudAI.Containers.Http.CloudClient[0]
          Endpoint connection failed with status 'Unknown'.
    	  
    	  similar to https://github.com/MicrosoftDocs/azure-docs/issues/42444
    	  
    	  
    	  More here (when logging enabled)
    	       User profile is available. Using '/root/.aspnet/DataProtection-Keys' as key repository;                                  keys will not be encrypted at rest.
    dbug: Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver[53]
          Repository contains no viable default key. Caller should generate a key with immediate activation.
    dbug: Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider[57]
          Policy resolution states that a new key should be added to the key ring.
    info: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[58]
          Creating key {12c481e7-afea-467c-abe0-ff8a793e71a9} with creation date 2020-06-17 06:31:                                 07Z, activation date 2020-06-17 06:31:07Z, and expiration date 2020-09-15 06:31:07Z.
    dbug: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[32]
          Descriptor deserializer type for key {12c481e7-afea-467c-abe0-ff8a793e71a9} is 'Microsof                                 t.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorD                                 escriptorDeserializer, Microsoft.AspNetCore.DataProtection, Version=2.0.2.0, Culture=neutral,                                  PublicKeyToken=adb9793829ddae60'.
    dbug: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[34]
          No key escrow sink found. Not writing key {12c481e7-afea-467c-abe0-ff8a793e71a9} to escr                                 ow.
    warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35]
          No XML encryptor configured. Key {12c481e7-afea-467c-abe0-ff8a793e71a9} may be persisted                                  to storage in unencrypted form.
    info: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[39]
          Writing data to file '/root/.aspnet/DataProtection-Keys/key-12c481e7-afea-467c-abe0-ff8a                                 793e71a9.xml'.
    dbug: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[23]
          Key cache expiration token triggered by 'CreateNewKey' operation.
    dbug: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[37]
          Reading data from file '/root/.aspnet/DataProtection-Keys/key-12c481e7-afea-467c-abe0-ff                                 8a793e71a9.xml'.
    dbug: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[18]
          Found key {12c481e7-afea-467c-abe0-ff8a793e71a9}.
    dbug: Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver[13]
          Considering key {12c481e7-afea-467c-abe0-ff8a793e71a9} with expiration date 2020-09-15 0                                 6:31:07Z as default key.
    dbug: Microsoft.AspNetCore.DataProtection.TypeForwardingActivator[0]
          Forwarded activator type request from Microsoft.AspNetCore.DataProtection.AuthenticatedE                                 ncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsoft.AspNetCor                                 e.DataProtection, Version=2.0.2.0, Culture=neutral, PublicKeyToken=adb9793829ddae60 to Microso                                 ft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptor                                 DescriptorDeserializer, Microsoft.AspNetCore.DataProtection, Culture=neutral, PublicKeyToken=a                                 db9793829ddae60
    dbug: Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ManagedAuthenticatedEncrypto                                 rFactory[11]
          Using managed symmetric algorithm 'System.Security.Cryptography.Aes'.
    dbug: Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ManagedAuthenticatedEncrypto                                 rFactory[10]
          Using managed keyed hash algorithm 'System.Security.Cryptography.HMACSHA256'.
    dbug: Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider[2]
          Using key {12c481e7-afea-467c-abe0-ff8a793e71a9} as the default key.
    dbug: Microsoft.AspNetCore.DataProtection.Internal.DataProtectionStartupFilter[0]
          Key ring with default key {12c481e7-afea-467c-abe0-ff8a793e71a9} was loaded during appli                                 cation startup.
    dbug: Microsoft.AspNetCore.Hosting.Internal.WebHost[3]
          Hosting starting
    info: Microsoft.CloudAI.Containers.Metering.MeterQueue[0]
          MeterQueue is starting.
    dbug: Microsoft.AspNetCore.Hosting.Internal.WebHost[4]
          Hosting started
    dbug: Microsoft.AspNetCore.Hosting.Internal.WebHost[0]
          Loaded hosting startup assembly Microsoft.CloudAI.Containers.OneOcr.2.0
    
    

    Question: have you tried older versions

    Answer: yes tried

    1.1.009910003-amd64-preview

    1.1.012200001-amd64-preview

       

    Wednesday, June 17, 2020 2:32 PM