Server failed to authenticate the request. Please refer to the information in the www-authenticate header. Oid is missing

Alexander_Sanchez · April 10, 2025, 10:55pm

What is the problem you are having with rclone?

Failed to authenticate with Azure Blob Storage

Run the command 'rclone version' and share the full output of the command.

rclone version
rclone v1.69.1
- os/version: amazon 2023.6.20250317 (64 bit)
- os/kernel: 6.1.130-139.222.amzn2023.x86_64 (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.24.0
- go/linking: static
- go/tags: none

Which cloud storage system are you using? (eg Google Drive)

Microsoft Azure

The command you were trying to run (eg `rclone copy /tmp remote:tmp`)

rclone ls rclonedevsa:rclonedevsc

Please run 'rclone config redacted' and share the full output. If you get command not found, please make sure to update rclone.

[rclonedevsa]
type = azureblob
account = XXX
service_principal_file = /tmp/azure-principal.json
msi_object_id = XXX

[s3]
type = s3
provider = AWS
env_auth = true
region = us-east-1
### Double check the config for sensitive info before posting publicly

A log from the command that you were trying to run with the `-vv` flag

2025/04/10 22:54:07 DEBUG : rclone: Version "v1.69.1" starting with parameters ["rclone" "ls" "rclonedevsa:rclonedevsc" "-vv"]
2025/04/10 22:54:07 DEBUG : Creating backend with remote "rclonedevsa:rclonedevsc"
2025/04/10 22:54:07 DEBUG : Using config file from "/home/ec2-user/.config/rclone/rclone.conf"
2025/04/10 22:54:08 DEBUG : pacer: low level retry 1/10 (error GET https://rclonedevsa.blob.core.windows.net/rclonedevsc
--------------------------------------------------------------------------------
RESPONSE 401: 401 Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
ERROR CODE: InvalidAuthenticationInfo
--------------------------------------------------------------------------------
<?xml version="1.0" encoding="utf-8"?><Error><Code>InvalidAuthenticationInfo</Code><Message>Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
RequestId:b0c4e845-d01e-0027-316b-aa35a1000000
Time:2025-04-10T22:54:08.0487711Z</Message><AuthenticationErrorDetail>OId is missing.</AuthenticationErrorDetail></Error>
--------------------------------------------------------------------------------
)
2025/04/10 22:54:08 DEBUG : pacer: Rate limited, increasing sleep to 10ms
2025/04/10 22:54:08 DEBUG : pacer: low level retry 2/10 (error GET https://rclonedevsa.blob.core.windows.net/rclonedevsc
--------------------------------------------------------------------------------
RESPONSE 401: 401 Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
ERROR CODE: InvalidAuthenticationInfo
--------------------------------------------------------------------------------
<?xml version="1.0" encoding="utf-8"?><Error><Code>InvalidAuthenticationInfo</Code><Message>Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
RequestId:b0c4e853-d01e-0027-3d6b-aa35a1000000
Time:2025-04-10T22:54:08.0624882Z</Message><AuthenticationErrorDetail>OId is missing.</AuthenticationErrorDetail></Error>
--------------------------------------------------------------------------------
)
2025/04/10 22:54:08 DEBUG : pacer: Rate limited, increasing sleep to 20ms
2025/04/10 22:54:08 DEBUG : pacer: low level retry 3/10 (error GET https://rclonedevsa.blob.core.windows.net/rclonedevsc
--------------------------------------------------------------------------------
RESPONSE 401: 401 Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
ERROR CODE: InvalidAuthenticationInfo
--------------------------------------------------------------------------------
<?xml version="1.0" encoding="utf-8"?><Error><Code>InvalidAuthenticationInfo</Code><Message>Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
RequestId:b0c4e861-d01e-0027-466b-aa35a1000000
Time:2025-04-10T22:54:08.0749800Z</Message><AuthenticationErrorDetail>OId is missing.</AuthenticationErrorDetail></Error>
--------------------------------------------------------------------------------
)
2025/04/10 22:54:08 DEBUG : pacer: Rate limited, increasing sleep to 40ms
2025/04/10 22:54:08 DEBUG : pacer: low level retry 4/10 (error GET https://rclonedevsa.blob.core.windows.net/rclonedevsc
--------------------------------------------------------------------------------
RESPONSE 401: 401 Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
ERROR CODE: InvalidAuthenticationInfo
--------------------------------------------------------------------------------
<?xml version="1.0" encoding="utf-8"?><Error><Code>InvalidAuthenticationInfo</Code><Message>Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
RequestId:b0c4e891-d01e-0027-716b-aa35a1000000
Time:2025-04-10T22:54:08.1047240Z</Message><AuthenticationErrorDetail>OId is missing.</AuthenticationErrorDetail></Error>
--------------------------------------------------------------------------------
)
2025/04/10 22:54:08 DEBUG : pacer: Rate limited, increasing sleep to 80ms
2025/04/10 22:54:08 DEBUG : pacer: low level retry 5/10 (error GET https://rclonedevsa.blob.core.windows.net/rclonedevsc
--------------------------------------------------------------------------------
RESPONSE 401: 401 Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
ERROR CODE: InvalidAuthenticationInfo
--------------------------------------------------------------------------------
<?xml version="1.0" encoding="utf-8"?><Error><Code>InvalidAuthenticationInfo</Code><Message>Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
RequestId:b0c4e8b3-d01e-0027-136b-aa35a1000000
Time:2025-04-10T22:54:08.1356985Z</Message><AuthenticationErrorDetail>OId is missing.</AuthenticationErrorDetail></Error>
--------------------------------------------------------------------------------
)
2025/04/10 22:54:08 DEBUG : pacer: Rate limited, increasing sleep to 160ms
2025/04/10 22:54:08 DEBUG : pacer: low level retry 6/10 (error GET https://rclonedevsa.blob.core.windows.net/rclonedevsc
--------------------------------------------------------------------------------
RESPONSE 401: 401 Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
ERROR CODE: InvalidAuthenticationInfo
--------------------------------------------------------------------------------
<?xml version="1.0" encoding="utf-8"?><Error><Code>InvalidAuthenticationInfo</Code><Message>Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
RequestId:b0c4e8e9-d01e-0027-446b-aa35a1000000
Time:2025-04-10T22:54:08.2162055Z</Message><AuthenticationErrorDetail>OId is missing.</AuthenticationErrorDetail></Error>
--------------------------------------------------------------------------------
)
2025/04/10 22:54:08 DEBUG : pacer: Rate limited, increasing sleep to 320ms
2025/04/10 22:54:08 DEBUG : pacer: low level retry 7/10 (error GET https://rclonedevsa.blob.core.windows.net/rclonedevsc
--------------------------------------------------------------------------------
RESPONSE 401: 401 Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
ERROR CODE: InvalidAuthenticationInfo
--------------------------------------------------------------------------------
<?xml version="1.0" encoding="utf-8"?><Error><Code>InvalidAuthenticationInfo</Code><Message>Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
RequestId:b0c4e97d-d01e-0027-4d6b-aa35a1000000
Time:2025-04-10T22:54:08.3818147Z</Message><AuthenticationErrorDetail>OId is missing.</AuthenticationErrorDetail></Error>
--------------------------------------------------------------------------------
)
2025/04/10 22:54:08 DEBUG : pacer: Rate limited, increasing sleep to 640ms
2025/04/10 22:54:08 DEBUG : pacer: low level retry 8/10 (error GET https://rclonedevsa.blob.core.windows.net/rclonedevsc
--------------------------------------------------------------------------------
RESPONSE 401: 401 Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
ERROR CODE: InvalidAuthenticationInfo
--------------------------------------------------------------------------------
<?xml version="1.0" encoding="utf-8"?><Error><Code>InvalidAuthenticationInfo</Code><Message>Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
RequestId:b0c4eaab-d01e-0027-4a6b-aa35a1000000
Time:2025-04-10T22:54:08.7000227Z</Message><AuthenticationErrorDetail>OId is missing.</AuthenticationErrorDetail></Error>
--------------------------------------------------------------------------------
)
2025/04/10 22:54:08 DEBUG : pacer: Rate limited, increasing sleep to 1.28s
2025/04/10 22:54:09 DEBUG : pacer: low level retry 9/10 (error GET https://rclonedevsa.blob.core.windows.net/rclonedevsc
--------------------------------------------------------------------------------
RESPONSE 401: 401 Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
ERROR CODE: InvalidAuthenticationInfo
--------------------------------------------------------------------------------
<?xml version="1.0" encoding="utf-8"?><Error><Code>InvalidAuthenticationInfo</Code><Message>Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
RequestId:b0c4ed16-d01e-0027-6f6b-aa35a1000000
Time:2025-04-10T22:54:09.3392586Z</Message><AuthenticationErrorDetail>OId is missing.</AuthenticationErrorDetail></Error>
--------------------------------------------------------------------------------
)
2025/04/10 22:54:09 DEBUG : pacer: Rate limited, increasing sleep to 2.56s
2025/04/10 22:54:10 DEBUG : pacer: low level retry 10/10 (error GET https://rclonedevsa.blob.core.windows.net/rclonedevsc
--------------------------------------------------------------------------------
RESPONSE 401: 401 Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
ERROR CODE: InvalidAuthenticationInfo
--------------------------------------------------------------------------------
<?xml version="1.0" encoding="utf-8"?><Error><Code>InvalidAuthenticationInfo</Code><Message>Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
RequestId:b0c4f19b-d01e-0027-076b-aa35a1000000
Time:2025-04-10T22:54:10.6194774Z</Message><AuthenticationErrorDetail>OId is missing.</AuthenticationErrorDetail></Error>
--------------------------------------------------------------------------------
)
2025/04/10 22:54:10 DEBUG : pacer: Rate limited, increasing sleep to 5.12s
2025/04/10 22:54:10 DEBUG : 7 go routines active
2025/04/10 22:54:10 NOTICE: Failed to ls: GET https://rclonedevsa.blob.core.windows.net/rclonedevsc
--------------------------------------------------------------------------------
RESPONSE 401: 401 Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
ERROR CODE: InvalidAuthenticationInfo
--------------------------------------------------------------------------------
<?xml version="1.0" encoding="utf-8"?><Error><Code>InvalidAuthenticationInfo</Code><Message>Server failed to authenticate the request. Please refer to the information in the www-authenticate header.
RequestId:b0c4f19b-d01e-0027-076b-aa35a1000000
Time:2025-04-10T22:54:10.6194774Z</Message><AuthenticationErrorDetail>OId is missing.</AuthenticationErrorDetail></Error>
--------------------------------------------------------------------------------

kapitainsky · April 11, 2025, 4:06am

Test your service_principal_file first.

Does it work with az?

Also if you intend to use managed service identity credentials then you have to provide both msi_object_id and msi_client_id, or msi_mi_res_id I think.

Otherwise maybe create rclone config using client_id, tenant and client_secret instead of a principle file.

Check rclone docs on what (and how) authentication options you can use.

Alexander_Sanchez · April 11, 2025, 1:12pm

So, if I use a service principal file it is like I am using a managed service identity? So, what is the purpose of a service principal file?

kapitainsky · April 11, 2025, 1:21pm

It simplifies config by putting credentials into file and can be approached in many different ways. Please read rclone docs.

Also I think this article covers it very well:

From practical perspective before you start playing with rclone config make sure that your credentials work with az CLI.

Alexander_Sanchez · April 11, 2025, 1:33pm

Yeah, I have already read those docs but still I think it is not clear about these cases, because the command that is mentioned in there just output the service principal file in the format:

{
  "appId": "myAppId",
  "displayName": "myServicePrincipalName",
  "password": "myServicePrincipalPassword",
  "tenant": "myTentantId"
}

So, what I do not understand is why is requeting an Oid (object id I think) if the appId is the objectId, isn't it?

Also, the docs does not mention anything about the use of the service principal file with another configuration, it can be used alone without anything else. Even in the AWS tutorial to use rclone between AWS and Azure just mention the use of a service principal file alone