[Query]Unable to use Document Intelligence resource when using managedIdentity to obtain token but works using AzureCredentialKey. (UnknownHostException)

[Naines]

Query/Question
Error: java.net : {resource-name}.cognitiveservies.azure.com.
Code: Referred from following azure sample doc: https://github.com/Azure/azure-sdk-for-java/blob/main/sdk/formrecognizer/azure-ai-formrecognizer/src/samples/java/com/azure/ai/formrecognizer/Authentication.java

Logs(notable ones):

2024-12-12 08:28:47.590 DEBUG  [ForkJoinPool.commonPool-worker-1] reactor.netty.resources.PooledConnectionProvider - Creating a new [http] client pool [PoolFactory{evictionInterval=PT0S, leasingStrategy=fifo, maxConnections=500, maxIdleTime=-1, maxLifeTime=-1, metricsEnabled=false, pendingAcquireMaxCount=1000, pendingAcquireTimeout=45000}] for [<resource-name>.cognitiveservies.azure.com/<unresolved>:443]

DEBUG: com.azure.core.http.policy.RetryPolicy - {"az.sdk.message":"Error resume.","exception":"<resource-name>.cognitiveservies.azure.com","tryCount":1}      
java.net.UnknownHostException: <resource-name>.cognitiveservies.azure.com

2024-12-12 08:28:53.671 ERROR  [reactor-http-nio-4] com.azure.core.http.policy.RetryPolicy - {"az.sdk.message":"Retry attempts have been exhausted.","exception":"<resource-name>.cognitiveservies.azure.com","tryCount":3}

    private void test() {
        DocumentAnalysisClient client = null;
        try{
            client = new DocumentAnalysisClientBuilder()
            .credential(new DefaultAzureCredentialBuilder()
                    .managedIdentityClientId("<MI-CLIENT-ID>").build())
            .endpoint("https://<resource-name>.cognitiveservies.azure.com")
            .buildClient();
        }catch(Exception e){
            logger.info(e.getLocalizedMessage());
        }
       
        // sample document
        String documentUrl = "https://raw.githubusercontent.com/Azure-Samples/cognitive-services-REST-api-samples/master/curl/form-recognizer/sample-layout.pdf";
        String modelId = "prebuilt-layout";

        SyncPoller<OperationResult, AnalyzeResult> analyzeLayoutPoller = client.beginAnalyzeDocumentFromUrl(modelId,
                documentUrl);

        AnalyzeResult analyzeLayoutResult = analyzeLayoutPoller.getFinalResult();

        // pages
        analyzeLayoutResult.getPages().forEach(documentPage -> {
            System.out.printf("Page has width: %.2f and height: %.2f, measured with unit: %s%n",
                    documentPage.getWidth(),
                    documentPage.getHeight(),
                    documentPage.getUnit());

            // lines
            documentPage.getLines()
                    .forEach(documentLine -> System.out.printf("Line '%s' is within a bounding polygon %s.%n",
                            documentLine.getContent(),
                            getBoundingCoordinates(documentLine.getBoundingPolygon())));

            // words
            documentPage.getWords()
                    .forEach(documentWord -> System.out.printf("Word '%s' has a confidence score of %.2f.%n",
                            documentWord.getContent(),
                            documentWord.getConfidence()));

            // selection marks
            documentPage.getSelectionMarks()
                    .forEach(documentSelectionMark -> System.out.printf(
                            "Selection mark is '%s' and is within a bounding polygon %s with confidence %.2f.%n",
                            documentSelectionMark.getSelectionMarkState().toString(),
                            getBoundingCoordinates(documentSelectionMark.getBoundingPolygon()),
                            documentSelectionMark.getConfidence()));
        });

        // tables
        List<DocumentTable> tables = analyzeLayoutResult.getTables();
        for (int i = 0; i < tables.size(); i++) {
            DocumentTable documentTable = tables.get(i);
            System.out.printf("Table %d has %d rows and %d columns.%n", i, documentTable.getRowCount(),
                    documentTable.getColumnCount());
            documentTable.getCells().forEach(documentTableCell -> {
                System.out.printf("Cell '%s', has row index %d and column index %d.%n", documentTableCell.getContent(),
                        documentTableCell.getRowIndex(), documentTableCell.getColumnIndex());
            });
            System.out.println();
        }

        // styles
        analyzeLayoutResult.getStyles().forEach(
                documentStyle -> System.out.printf("Document is handwritten %s.%n", documentStyle.isHandwritten()));
        // ------------
        return "OK";
}

 private static String getBoundingCoordinates(List<Point> boundingPolygon) {
        return boundingPolygon.stream().map(point -> String.format("[%.2f, %.2f]", point.getX(),
                point.getY())).collect(Collectors.joining(", "));
    }

Why is this not a Bug or a feature Request?
This possibly, doesn't look like a bug as far as obtaining token is concerned as, token being obtained confirmation is seen in logs.
When using new AzureKeyCredential("key) in place of new DefaultAzureCredentialBuilder() .managedIdentityClientId("client-id").build() for obtaining token, everything works as expected.

logs:

2024-12-12 08:28:47.152 DEBUG  [ForkJoinPool.commonPool-worker-1] com.azure.identity.AzureCliCredential - Azure Identity => getToken() result for scopes [https://cognitiveservices.azure.com/.default]: SUCCESS
2024-12-12 08:28:47.152 INFO   [ForkJoinPool.commonPool-worker-1] com.azure.identity.ChainedTokenCredential - Azure Identity => Attempted credential AzureCliCredential returns a token
2024-12-12 08:28:47.158 INFO   [ForkJoinPool.commonPool-worker-1] com.azure.core.implementation.AccessTokenCache - {"az.sdk.message":"Acquired a new access token."}

Setup (please complete the following information if applicable):

• OS: Linux Redhat ubi9 (from base dockerimage ubi9/ubi:latest) and Windows 11 Desktop
• Environment: Running on Azure Container Apps , (vscode when in development env)
• Library/Libraries: com.azure:azure-ai-formrecognizer:4.0.0, com.azure:azure-identity:1.13.2, com.azure:azure-sdk-bom:1.2.27
• Azure Setup: Using user managed Identity assigned to azure container app with "Cognitive User Role" on Azure Document Intelligence resource. All connections are being made in private network. The same container using the same user-managed-id is able to pull secrets from keyvault and connect successfully with cosmosdb.

Information Checklist
Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report

• Query Added
• Setup information Added
• Code Added