|
| 1 | +--- |
| 2 | +title: Can't connect to Azure Fleet Manager |
| 3 | +description: This article provides guidance for actions to take when you can't connect to Azure Fleet Manager. |
| 4 | +ms.date: 01/13/2026 |
| 5 | +ms.author: jarrettr |
| 6 | +ms.reviewer: chiragpa, v-ryanberg |
| 7 | +ms.service: azure-kubernetes-fleet-manager |
| 8 | +ms.custom: sap:Other issue or questions related to Fleet manager |
| 9 | +--- |
| 10 | +# Unable to connect to Azure Fleet Manager |
| 11 | + |
| 12 | +This article helps you resolve an issue that prevents you from connecting to Azure Fleet Manager. |
| 13 | + |
| 14 | +## Symptoms |
| 15 | + |
| 16 | +You try to connect to Azure Fleet Manager by retrieving the kubeconfig file for the Fleet Manager hub cluster. You initially run the following command: |
| 17 | + |
| 18 | +```powershell |
| 19 | +az fleet get-credentials --resource-group \${GROUP} --name |
| 20 | +``` |
| 21 | + |
| 22 | +Then, you run the following command: |
| 23 | + |
| 24 | +```powershell |
| 25 | +kubectl get pods |
| 26 | +``` |
| 27 | + |
| 28 | +On the Fleet Manager API server, you're prompted to enter a device code in another browser to authenticate your identity. |
| 29 | + |
| 30 | +If your organization enforces Conditional Access policies that block device code flows, you might receive a message that resembles the following message: |
| 31 | + |
| 32 | +> Your sign-in was successful but does not meet the criteria to access this resource. For example, you might be signing in from a browser, app, location, or an authentication flow that is restricted by your admin. |
| 33 | +
|
| 34 | +The following screenshot shows an example of this kind of message. |
| 35 | + |
| 36 | +:::image type="content" source="../media/unable-connect-azure-fleet-manager/no-access-message.png" alt-text="Example of Conditional Access blocking device code flow." lightbox="../media/unable-connect-azure-fleet-manager/no-access-message.png"::: |
| 37 | + |
| 38 | +## Cause |
| 39 | + |
| 40 | +The kubeconfig file that's generated by the `az fleet get-credentials` command defaults to device code authentication. Conditional Access policies can block this flow and prevent access to the Fleet Manager API server. |
| 41 | + |
| 42 | +## Resolution |
| 43 | + |
| 44 | +To resolve this issue, modify kubeconfig to use Azure CLI authentication instead of device code authentication. To make this change, run the following command: |
| 45 | + |
| 46 | +```powershell |
| 47 | +kubelogin convert-kubeconfig -l azurecli |
| 48 | +``` |
| 49 | + |
| 50 | +This command updates the kubeconfig file so that it authenticates by using your existing Azure CLI sign-in session. This action bypasses the device code prompt. |
0 commit comments