You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/iot-operations/troubleshoot/troubleshoot.md
+10-10Lines changed: 10 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -23,16 +23,11 @@ For general deployment and configuration troubleshooting, you can use the Azure
23
23
24
24
- Use [az iot ops support create-bundle](/cli/azure/iot/ops/support#az-iot-ops-support-create-bundle) to collect logs and traces to help you diagnose problems. The `support create-bundle` command creates a standard support bundle zip archive you can review or provide to Microsoft Support.
25
25
26
-
### You see a `"code":"LinkedAuthorizationFailed"` error message
27
-
If your deployment fails with the `"code":"LinkedAuthorizationFailed"` error, the messages indicates that you don't have the required permissions on the resource group containing the cluster.
28
-
29
-
To resolve this issue, ensure that you have **Microsoft.Authorization/roleAssignments/write** permissions at the resource group level.
30
-
31
26
### You see an UnauthorizedNamespaceError error message
32
27
33
28
If you see the following error message, you either didn't enable the required Azure-arc custom locations feature, or you enabled the custom locations feature with an incorrect custom locations RP OID.
34
29
35
-
```ouput
30
+
```output
36
31
Message: Microsoft.ExtendedLocation resource provider does not have the required permissions to create a namespace on the cluster.
37
32
```
38
33
@@ -44,21 +39,26 @@ If you see the following error message, your custom location resource associated
44
39
45
40
```output
46
41
Message: The resource {resource Id} extended location {custom location resource Id} does not support the resource type {IoT Operations resource type} or api version {IoT Operations ARM API}. Please check with the owner of the extended location to ensure the host has the CRD {custom resource name} with group {api group name}.iotoperations.azure.com, plural {custom resource plural name}, and versions [{api group version}] installed.
47
-
```
42
+
```
48
43
49
44
To resolve, delete any provisioned resources associated with prior deployment(s) including custom locations. You can use `az iot ops delete` or alternative mechanism. Due to a potential caching issue, waiting a few minutes after deletion before re-deploying AIO or choosing a custom location name via `az iot ops create --custom-location` is recommended.
50
45
51
46
### You see a LinkedAuthorizationFailed error message
52
47
53
-
If you see the following error message, the logged-in principal doesn't have the required permissions to deploy resources to the resource group specified in the resource sync resource ID.
48
+
If your deployment fails with the `"code":"LinkedAuthorizationFailed"` error, the messages indicates that you don't have the required permissions on the resource group containing the cluster.
49
+
50
+
The following message indicates that the logged-in principal doesn't have the required permissions to deploy resources to the resource group specified in the resource sync resource ID.
54
51
55
52
```output
56
53
Message: The client {principal Id} with object id {principal object Id} has permission to perform action Microsoft.ExtendedLocation/customLocations/resourceSyncRules/write on scope {resource sync resource Id}; however, it does not have permission to perform action(s) Microsoft.Authorization/roleAssignments/write on the linked scope(s) {resource sync resource group} (respectively) or the linked scope(s) are invalid.
57
54
```
58
55
59
-
Deployment of resource sync rules requires the logged-in principal to have the `Microsoft.Authorization/roleAssignments/write` permission against the resource group that resources are being deployed to. This is a necessary security constraint as edge to cloud resource hydration will create new resources in the target resource group.
56
+
To deploy resource sync rules, the logged-in principal must have the `Microsoft.Authorization/roleAssignments/write` permission against the resource group that resources are being deployed to. This is a necessary security constraint as edge to cloud resource hydration creates new resources in the target resource group.
57
+
58
+
To resolve the issue, either elevate principal permissions, or don't deploy resource sync rules. The current AIO CLI has an opt-in mechanism to deploy resource sync rules by using the `--enable-rsync` flag. To stop the resource sync rules being deployed, omit the flag.
60
59
61
-
To resolve, either elevate principal permissions, or don't deploy resource sync rules. Current AIO CLI has an opt-in mechanism to deploy resource sync rules via `--enable-rsync`. Simply omit this flag. Legacy AIO CLIs had an opt-out mechanism via `--disable-rsync-rules`.
60
+
> [!NOTE]
61
+
> Legacy AIO CLIs had an opt-out mechanism by using the `--disable-rsync-rules`.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments