Symptoms


Sales order for Azure subscription fails with the following error:


Task "Provisioning "Tenant" for APS application Azure Cloud Solution Provider(https://azure.hosting.local:10443/azure/aps/)" (id = 59154192) is failed with error: "'500 Internal Server Error' received from 'POST https://azure.hosting.local:10443/azure/aps/tenants': AADSTS900439: Confidential Client requests are not supported on the public endpoint (login.microsoftonline.com) for tenants in the Azure Government cloud. Send your login requests to https://login.microsoftonline.us instead. Please see https://devblogs.microsoft.com/azuregov/azure-government-aad-authority-endpoint-update/ for more details Trace ID: *** Correlation ID: *** Timestamp: 2020-06-04 15:49:01Z " 



Cause


Azure CSP endpoint is misconfigured. The endpoint in Odin Automation should have special configuration for CSP Partner from US Government cloud (see https://docs.microsoft.com/en-us/partner-center/partner-center-for-microsoft-us-govt-cloud for details).


Resolution


1. Resolve the misconfiguration by setting the following value in /usr/local/azure/site/config/config.json configuration file on Azure endpoint:


[root@azure ~]# grep 'activeEnvironment' /usr/local/azure/site/config/config.json
    "activeEnvironment": "AzureUSGovernment",

2. Restart Azure CSP endpoint:


service azure-app-server restart


3. Resubmit failed order and verify that endpoint authenticates through correct Microsoft cloud (host in URL should be "login.microsoftonline.us" instead of "login.microsoftonline.com"):


2020-06-11 07:42:42,439 INFO  [com.odin.azure.api.base.AzureApi] (azure task-33) <API-GATE> Login to 'https://login.microsoftonline.us/98bf***007/' as the confidential client '02***9c' by refresh token


4. In case if the issue still persist, contact Microsoft Support to clarify the behavior.