Merge pull request #7493 from mosbahmajed/workitem-80388

AmandaAZ · web-flow · commit 4ce5dc3450ed · 2024-10-23T11:00:25.000+08:00
AB#1859: Update error-code-serviceprincipalvalidationclienterror.md
diff --git a/support/azure/azure-kubernetes/create-upgrade-delete/error-code-serviceprincipalvalidationclienterror.md b/support/azure/azure-kubernetes/create-upgrade-delete/error-code-serviceprincipalvalidationclienterror.md
@@ -1,9 +1,8 @@
 ---
 title: Troubleshoot the ServicePrincipalValidationClientError error code
 description: Learn how to troubleshoot the ServicePrincipalValidationClientError error when you try to create and deploy an Azure Kubernetes Service (AKS) cluster.
-ms.date: 03/22/2022
-editor: v-jsitser
-ms.reviewer: rissing, chiragpa, erbookbi, v-leedennis
+ms.date: 10/23/2024
+ms.reviewer: rissing, chiragpa, erbookbi, momajed, v-leedennis, v-weizhu
 ms.service: azure-kubernetes-service
 #Customer intent: As an Azure Kubernetes user, I want to troubleshoot the ServicePrincipalValidationClientError error code so that I can successfully create and deploy an Azure Kubernetes Service (AKS) cluster.
 ms.custom: sap:Create, Upgrade, Scale and Delete operations (cluster or nodepool)
@@ -52,14 +51,28 @@ The secret that's provided for the highlighted service principal isn't valid.
 
 ## Solution 1: Reset the service principal secret
 
-Reset the secret that's used for the service principal by running the [az ad sp credential reset](/cli/azure/ad/sp/credential#az-ad-sp-credential-reset) command:
+To resolve this issue, reset the service principal secret by using one of the following methods:
+
+- Reset the service principal's credential by running the [az ad sp credential reset](/cli/azure/ad/sp/credential#az-ad-sp-credential-reset) command:
+
+  ```azurecli-interactive
+  az ad sp credential reset --name "01234567-89ab-cdef-0123-456789abcdef" --query password --output tsv
+  ```
+
+- Specify the expiration date by running the following command: 
+
+  ```azurecli-interactive
+  az ad sp credential reset --name <service-principal-name> --credential-description "New secret for AKS" --years 1
+  ```
+
+The preceding command resets the secret and displays it as output. Then, you can specify the new secret when you try to create the new cluster again.
+
+For failed operations in an existing cluster, ensure that you update your AKS cluster with the new secret:
 
 ```azurecli-interactive
-az ad sp credential reset --name "01234567-89ab-cdef-0123-456789abcdef" --query password --output tsv
+az aks update-credentials --resource-group <resource-group> --name <aks-cluster> --reset-service-principal --client-secret <new-client-secret>
 ```
 
-This command resets the secret, and displays it as output. Then, you can specify the new secret when you try again to create the new cluster.
-
 ## Solution 2: Create a new service principal
 
 You can create a new service principal and get the secret that's associated with it by running the [az ad sp create-for-rbac](/cli/azure/ad/sp#az-ad-sp-create-for-rbac) command:
@@ -81,6 +94,12 @@ The output of the command should resemble the following JSON string:
 
 Note the `appId` and `password` values that are generated. After you get these values, you can rerun the cluster creation command for the new service principal and secret.
 
+To update your AKS cluster with the new service principal's credential, run the following command:
+
+```azurecli-interactive
+az aks update-credentials --resource-group <resource-group> --name <aks-cluster> --service-principal <new-client-id> --client-secret <new-client-secret>
+```
+
 ## More information
 
 - [General troubleshooting of AKS cluster creation issues](troubleshoot-aks-cluster-creation-issues.md)
