Update iot-operations-faq.yml

Author: SoniaLopezBravo

articles/iot-operations/troubleshoot/iot-operations-faq.yml

@@ -6,7 +6,7 @@ metadata:
   ms.author: patricka
   ms.topic: faq
   ms.custom: references_regions
-  ms.date: 01/16/2025
+  ms.date: 03/06/2025
 
 title: Azure IoT Operations frequently asked questions
 summary: |
@@ -51,9 +51,17 @@ sections:
     - question: |
          Does Azure IoT Operations support Azure Private Link and private endpoints? 
       answer: Azure IoT Operations currently does not support Azure Private Link and private endpoints. 
-
-
+    - question: |
+         Why am I seeing the UnauthorizedNamespaceError error message? 
+      answer: "Message: "Microsoft.ExtendedLocation" resource provider does not have the required permissions to create a namespace on the cluster." This error is commonly caused by either not enabling the required azure-arc custom locations feature, or enabling the custom locations feature with an incorrect custom locations RP OID. To resolve, follow [this guidance](/azure-arc/kubernetes/custom-locations#enable-custom-locations-on-your-cluster) for enabling the custom locations feature with the correct OID. 
+    - question: |
+         Why am I seeing the MissingResourceVersionOnHost error message? 
+      answer: "Message: The resource {resource Id} extended location {custom location resource Id} does not support the resource type {IoT Operations resource type} or api version {IoT Operations ARM API}. Please check with the owner of the extended location to ensure the host has the CRD {custom resource name} with group {api group name}.iotoperations.azure.com, plural {custom resource plural name}, and versions [{api group version}] installed." This error happens when the custom location resource associated with the deployment isn't properly configured with the API version(s) of resources attempting to be projected to the cluster. To resolve, delete any provisioned resources associated with prior deployment(s) including custom locations. You can use `az iot ops delete` or alternative mechanism. Due to a potential caching issue, waiting a few minutes after deletion before re-deploying AIO or choosing a custom location name via `az iot ops create --custom-location` is recommended.
+    - question: |
+         Why am I seeing the LinkedAuthorizationFailed error message?
+      answer: "Message: The client {principal Id} with object id {principal object Id} has permission to perform action Microsoft.ExtendedLocation/customLocations/resourceSyncRules/write on scope {resource sync resource Id}; however, it does not have permission to perform action(s) `Microsoft.Authorization/roleAssignments/write` on the linked scope(s) {resource sync resource group} (respectively) or the linked scope(s) are invalid." Deployment of resource sync rules require the logged-in principal to have the `Microsoft.Authorization/roleAssignments/write` permission against the resource group that resources are being deployed to. This is a necessary security constraint as edge to cloud resource hydration will create new resources in the target resource group. To resolve, either elevate principal permissions, or don't deploy resource sync rules. Current AIO CLI has an opt-in mechanism to deploy resource sync rules via `--enable-rsync`. Simply omit this flag. Legacy AIO CLIs had an opt-out mechanism via `--disable-rsync-rules`.
+      
 additionalContent: |
     ## Related content
 
-    To learn more, see [IoT Operations overview](../overview-iot-operations.md) and [documentation](/azure/iot-operations/).
+    To learn more, see [IoT Operations overview](../overview-iot-operations.md) and [documentation](/azure/iot-operations/).