Creating service principal failed - When using this permission, the backing application of the service principal being created must in the local tenant

[gischethans]

When creating a service principal in the Azure US Government Cloud (I did not face the issue with Azure Public Cloud) with Azure CLI, I see the error "When using this permission, the backing application of the service principal being created must in the local tenant". This appears intermittently and the operation succeeds in the next one or two attempts.

Command Name
az ad sp create-for-rbac

Errors:

Creating service principal failed for appid 'http://chethan1-sp'. Trace followed:
{'Cache-Control': 'no-cache', 'Pragma': 'no-cache', 'Content-Type': 'application/json; odata=minimalmetadata; streaming=true; charset=utf-8', 'Expires': '-1', 'ocp-aad-diagnostics-server-name': 'AX01WP8UrUZ+t1UfXh+CNVWXjkMVa+MRGWdcQJOSriA=', 'request-id': '8aa1f2d0-6f89-4c2c-81b8-aa9549229b9d', 'client-request-id': 'ce0ca1c0-dd44-11ea-80e4-00155d105809', 'x-ms-dirapi-data-contract-version': '1.6', 'ocp-aad-session-key': 'nOb19qb35xGesfB0mYy06u-CrMjhmNw8HNHKMTHy7icX2x2Rmiba_l-1z0xhZsPFTtnlkWTMpsRKrKUB7QDvx_GPr8A2SCrchMZsAJ3x6SXu7Mv_6E37q79Tb8WMCJOeiuGDMae6XqSqalb57jtujSnuOYnfkW-t6bHQQbGmK3v0oCK3gnHf3YmAAToCQ3EqYoqDYJb2hE0SbtPUOvKog.zODOfl-Y-xOarA46pFF-7YnuA3J-dCaM3TCle03YWAE', 'DataServiceVersion': '3.0;', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains', 'Access-Control-Allow-Origin': '*', 'Duration': '1374142, 13351672', 'X-AspNet-Version': '4.0.30319', 'X-Powered-By': 'ASP.NET', 'Date': 'Thu, 13 Aug 2020 09:10:23 GMT', 'Content-Length': '284'}
When using this permission, the backing application of the service principal being created must in the local tenant

To Reproduce:

Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.
Run this command -
az ad sp create-for-rbac --name http://chethan1-sp --role Contributor --scopes /subscriptions/<subscription id>

The first attempt often resulted in the error shown above. The next attempt was mostly successful like below -

az ad sp create-for-rbac --name http://chethan1-sp --role Contributor --scopes /subscriptions/<subscription id>
Found an existing application instance of "1bb1c184-b9bc-4ecf-a96c-07f1637xxxxx". We will patch it
Creating a role assignment under the scope of "/subscriptions/<subscription id>"
{
  "appId": "<value>",
  "displayName": "chethan1-sp",
  "name": "http://chethan1-sp",
  "password": "<value>",
  "tenant": "<value>"
}

Expected Behavior

The service principal is created successfully.

Environment Summary

Linux-4.4.0-18362-Microsoft-x86_64-with-debian-bullseye-sid
Python 3.6.10
Installer: DEB

azure-cli 2.10.1

Additional Context

[yonzhan]

add to S175

[tejado]

I'm facing this in Azure Public Cloud (North Europe). This appears intermittently and the operation succeeds in the next one or two attempts.