Archives: December 12, 2023

Schedule start-up and shutdown of Azure VMs and the InvalidAuthenticationTokenTenant error

Azure like AWS can get pretty expensive, especially if you are using a big virtual machine with lots of RAM and CPUs. If you can’t go for a lower spec machine or a reserved instance, your next best bet is to turn the virtual machine off when you are not using it.

Note: If you are just looking to solve the “The access token is from the wrong issuer” error scroll down to “Correcting the InvalidAuthenticationTokenTenant error”

Turning Virtual Machine’s off on a schedule is quite easy, you’ve been able to do this for years with Auto-shutdown.

The auto shutdown blade on an Azure Virtual Machine

The problem is remembering to start the machine up the next morning when you need to use it.

This is where Automation Tasks comes in. They can be used to turn off your machine and turn it back on again. You can also use them to do a lot more.

They are available from your virtual machine in the Azure Portal. Select them and then click on Add task.

There are 4 templates to choose from here

We’re going to choose the Power Off VM task (its identical in layout to the Start VM task)

Here you will need to create a connection which is basically a login to your Azure environment. Clicking on create will ask you to connect to your Azure account, this part may produce an error when you run your task (more about this later). The same will happen when you click on Create for Office 365. This is so you can connect to your 365 account for sending emails for when the task is complete. After you have done this you can click on the next step.

Configuring your task

Configuring the task. I have set

  • Task Name – This is self explanatory (the name does not allow spaces)
  • Stop Time – I have set the task to run at 7pm
  • Timezone – This is the time zone you are in in my case this is GST
  • Interval – This is how often you want to run the task in my case I have selected 1
  • Frequency – I have selected daily
  • Notify Me – This will notify me with the email address below when the task is complete.

So basically I have set my task to reoccur once a day at 7pm.

Click next and you can review the task before clicking create

After your task has been created it will appear in a list

The next step is to repeat the same process again for a start-up task by clicking on “Add a task” and selecting “Start Virtual Machine” as your template. All you need to do now is enter the time you wish your virtual machine to start-up in the morning. In this case I have selected the next day and 8am in the morning.

But… we’re not done yet!

Correcting the InvalidAuthenticationTokenTenant error

Depending on your setup, if you don’t carry out this step you might get the following error when your task tries to run.

  "error": {
    "code": "InvalidAuthenticationTokenTenant",
    "message": "The access token is from the wrong issuer ''. It must match the tenant '' associated with this subscription. Please use the authority (URL) '' to get the token. Note, if the subscription is transferred to another tenant there is no impact to the services, but information about new tenant could take time to propagate (up to an hour). If you just transferred your subscription and see this error message, please try back later."

I believe this usually happens when the account you use with Azure is used in more than one Tenant and the wizard in the previous tutorial just selects the default or first tenant it finds.

Took me a while to figure this one out. To correct it go back to the Tasks blade of your Virtual Machine

Next to one of your scheduled tasks select the 3 dot menu option and from the drop down menu select “Open in Logic Apps”.

This will open the Logic Apps Designer. Expand the “Start virtual machine” operation, depending on which one you are editing this may be called “Power off virtual machine”. Click on the “Change connection” link at the bottom (see image).

Click on “Add new” in the dialogue box that appears.

Now select the Tenant you wish to use and select “Sign in”. In my case I selected the tenant the user account and my VM was in. This will provide a login box for you to sign in with an account. In this instance it was the account I used to sign into the Azure Portal with. This will ensure the correct tenant and user account is used together and hopefully avoid the above error. After you are done hit the Save button in the logic app designer window (top left hand corner of your screen).

You can also test if your task will run correctly by running it directly from the Logic App Designer by clicking the “Run Trigger” button and then selecting “Run”.

Mural and Azure DevOps whiteboarding

I’ve always been a big fan of helping teams visualise work better. In the old days one method I loved to use was to print out product backlog items or tasks and place them next to the bits architecture diagrams or wireframes we were currently working on, on the team white board. It helped us visualise our work and sometimes it would help us ask more questions and realise we may have missed tasks we needed to get work done.

Much later when working remotely with teams I would employ the same mechanism again. We would use tools such as Lucid charts for virtual whiteboarding and I would copy and paste in the tasks/product backlog items and place them around the various parts we were working on. It was only when our company started using Mural a while back and they added integrations with Azure DevOps and Jira that I realised we could now import elements of our product backlog into Mural diagrams we were working on. If you haven’t tried Mural yet I highly recommend it, its a great tool for whiteboarding with remote teams.

We initially started by importing the backlog items that were associated with the work we were doing. Mural make’s this very easy by just right clicking on the background of your Mural board and selecting the Import Azure DevOps feature that appears in the context menu (you can do the same with Jira). In the dialogue box that appears you can select the Bugs, Tasks or Product Backlog Items you wish to import. You can search for them or use existing queries you may have created in Azure DevOps.

After you have imported your backlog items, you can then drag them around the screen like other Mural objects and they contain a link back to your backlog item in Azure DevOps along with its current status.

Below is part of our roadmap for some new features we are looking to launch for Lean Coffee Table. You can see the product backlog items we imported onto the board and placed them around our launch notes.

It also works both ways. If you are drawing a diagram of your solution and want to create tasks around that diagram as you go (made up example below).

You can create your tasks/backlog items and publish them back into Azure DevOps, Jira or GitHub by right clicking on the sticky note we made in the example below and selecting where we want to export our item.

You can see below we can now choose where in ADO we want to create our item. In this case we have chosen a User Story type.

And now it is connected to ADO with its current status

NOTE: Azure DevOps and Jira appear to work both ways. However you only appear to be able to export items to GitHub Issues but not import them.

So many teams are now hybrid or work fully remotely, tools like Mural can help facilitate those teams. What tools do you use to help facilitate working with remote or hybrid teams? I’d love to hear from you.