Search code examples

Azure Java SDK: ServiceException: ForbiddenError:

Tried the basic location retriever code (shown below)

String uri = "";
        String subscriptionId = "XXXXXXXX-5fad-XXXXXX-9dfa-XXXXXX";
         String keyStoreLocation = "D:\\test.jks";
         String keyStorePassword = "123456";

        Configuration config = ManagementConfiguration.configure(
                  new URI(uri), 
                  keyStoreLocation, // the file path to the JKS
                  keyStorePassword, // the password for the JKS
                  KeyStoreType.jks // flags that I'm using a JKS keystore

        ManagementClient client = ManagementService.create(config);
        // get the list of regions
        LocationsListResponse response = client.getLocationsOperations().list();
        ArrayList<Location> locations = response.getLocations();
        // write them out
        for( int i=0; i<locations.size(); i++){


and It works fine. But when I try to create the ComputeManagementClient and try to restart a VM

ComputeManagementClient computeManagementClient = ComputeManagementService.create(config);
        VirtualMachineOperations virtualMachinesOperations= computeManagementClient.getVirtualMachinesOperations();
virtualMachinesOperations.restart("SQLVM", "");

I'm getting the certificate error.

Exception in thread "main" java.util.concurrent.ExecutionException: ForbiddenError: The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.
    at java.util.concurrent.FutureTask.get(

PS: I created a the .cer from Java Keystore and uploaded into Azure with no issues.

Any clues what is happening?


  • The issue is caused by using the incorrect Azure Java SDK libraries. When I used the maven dependencies in the file pom.xml below, I reproduced the same exception.


    The library supply the VM restart function need two arguments: resource group name and vm name. But the API of library azure-mgmt-compute is used for Azure Resource Management.

    To restart VM, you need to use the API of library azure-svc-mgmt-compute for Azure Service Management if you used JKS certificates. The Class VirtualMachineOperations supply the same name function restart need three arguments: service name, deployment name and vm name. You can find these names from Cloud Service dashboard on Azure Portal. In your issue code, the vm name should be "sqlvm".

    The right maven pom.xml for dependencies as below:


    And the code as below

    virtualMachinesOperations.restart("<service name: sqlvm>", "<deployment name: sqlvm>", "<vm name: sqlvm>");

    The steps below for genkeypair by using Java Keytool in the path JAVA_HOME/bin:

    keytool -genkeypair -alias keyfile -keyalg RSA -keystore <KeyStore.jks> 
    -keysize 2048 -storepass "<password>"
    keytool -v -export -file <KeyStore.cer> -keystore KeyStore.jks -alias keyfile

    My code:

    String uri = "";
    String subscriptionId = "<subscription_id>";
    String keyStoreLocation = "KeyStore.jks";
    String keyStorePassword = "<password>";
    Configuration config = ManagementConfiguration.configure(
           new URI(uri), 
           keyStoreLocation, // the file path to the JKS
           keyStorePassword, // the password for the JKS
           KeyStoreType.jks // flags that I'm using a JKS keystore
    ComputeManagementClient computeManagementClient = ComputeManagementService.create(config);
    VirtualMachineOperations virtualMachinesOperations = computeManagementClient.getVirtualMachinesOperations();
    virtualMachinesOperations.restart("petercore", "petercore", "petercore");