Trying workaround with include files

SoniaLopezBravo · SoniaLopezBravo · commit b384fb3fde8c · 2025-03-07T15:32:12.000+01:00
diff --git a/articles/iot-operations/troubleshoot/includes/LinkedAuthorizationFailed-error-message.md b/articles/iot-operations/troubleshoot/includes/LinkedAuthorizationFailed-error-message.md
@@ -0,0 +1,7 @@
+```
+Message: The client {principal Id} with object id {principal object Id} has permission to perform action Microsoft.ExtendedLocation/customLocations/resourceSyncRules/write on scope {resource sync resource Id}; however, it does not have permission to perform action(s) Microsoft.Authorization/roleAssignments/write on the linked scope(s) {resource sync resource group} (respectively) or the linked scope(s) are invalid.
+```
+
+Deployment of resource sync rules require the logged-in principal to have the `Microsoft.Authorization/roleAssignments/write` permission against the resource group that resources are being deployed to. This is a necessary security constraint as edge to cloud resource hydration will create new resources in the target resource group. 
+
+To resolve, either elevate principal permissions, or don't deploy resource sync rules. Current AIO CLI has an opt-in mechanism to deploy resource sync rules via `--enable-rsync`. Simply omit this flag. Legacy AIO CLIs had an opt-out mechanism via `--disable-rsync-rules`.
diff --git a/articles/iot-operations/troubleshoot/includes/MissingResourceVersionOnHost-error-message.md b/articles/iot-operations/troubleshoot/includes/MissingResourceVersionOnHost-error-message.md
@@ -0,0 +1,7 @@
+```
+Message: The resource {resource Id} extended location {custom location resource Id} does not support the resource type {IoT Operations resource type} or api version {IoT Operations ARM API}. Please check with the owner of the extended location to ensure the host has the CRD {custom resource name} with group {api group name}.iotoperations.azure.com, plural {custom resource plural name}, and versions [{api group version}] installed.
+```
+
+This error happens when the custom location resource associated with the deployment isn't properly configured with the API version(s) of resources attempting to be projected to the cluster. To resolve, delete any provisioned resources associated with prior deployment(s) including custom locations. 
+
+You can use `az iot ops delete` or alternative mechanism. Due to a potential caching issue, waiting a few minutes after deletion before re-deploying AIO or choosing a custom location name via `az iot ops create --custom-location` is recommended.
diff --git a/articles/iot-operations/troubleshoot/includes/UnauthorizedNamespaceError-error-message.md b/articles/iot-operations/troubleshoot/includes/UnauthorizedNamespaceError-error-message.md
@@ -0,0 +1,6 @@
+
+```
+Message: Microsoft.ExtendedLocation resource provider does not have the required permissions to create a namespace on the cluster.
+```
+
+This error is commonly caused by either not enabling the required azure-arc custom locations feature, or enabling the custom locations feature with an incorrect custom locations RP OID. To resolve, follow [this guidance](/azure-arc/kubernetes/custom-locations#enable-custom-locations-on-your-cluster) for enabling the custom locations feature with the correct OID.
diff --git a/articles/iot-operations/troubleshoot/iot-operations-faq.yml b/articles/iot-operations/troubleshoot/iot-operations-faq.yml
@@ -53,13 +53,16 @@ sections:
       answer: Azure IoT Operations currently does not support Azure Private Link and private endpoints. 
     - question: |
          Why am I seeing the UnauthorizedNamespaceError error message? 
-      answer: " `Message: Microsoft.ExtendedLocation resource provider does not have the required permissions to create a namespace on the cluster.` This error is commonly caused by either not enabling the required azure-arc custom locations feature, or enabling the custom locations feature with an incorrect custom locations RP OID. To resolve, follow [this guidance](/azure-arc/kubernetes/custom-locations#enable-custom-locations-on-your-cluster) for enabling the custom locations feature with the correct OID."
+      answer:   |
+        [!INCLUDE [UnauthorizedNamespaceError error](../includes/UnauthorizedNamespaceError-error-message.md)]
     - question: |
          Why am I seeing the MissingResourceVersionOnHost error message? 
-      answer: " `Message: The resource {resource Id} extended location {custom location resource Id} does not support the resource type {IoT Operations resource type} or api version {IoT Operations ARM API}. Please check with the owner of the extended location to ensure the host has the CRD {custom resource name} with group {api group name}.iotoperations.azure.com, plural {custom resource plural name}, and versions [{api group version}] installed.` This error happens when the custom location resource associated with the deployment isn't properly configured with the API version(s) of resources attempting to be projected to the cluster. To resolve, delete any provisioned resources associated with prior deployment(s) including custom locations. You can use `az iot ops delete` or alternative mechanism. Due to a potential caching issue, waiting a few minutes after deletion before re-deploying AIO or choosing a custom location name via `az iot ops create --custom-location` is recommended."
+      answer:   |
+        [!INCLUDE [MissingResourceVersionOnHost error](../includes/MissingResourceVersionOnHost-error-message.md)]
     - question: |
          Why am I seeing the LinkedAuthorizationFailed error message?
-      answer: " `Message: The client {principal Id} with object id {principal object Id} has permission to perform action Microsoft.ExtendedLocation/customLocations/resourceSyncRules/write on scope {resource sync resource Id}; however, it does not have permission to perform action(s) Microsoft.Authorization/roleAssignments/write on the linked scope(s) {resource sync resource group} (respectively) or the linked scope(s) are invalid.` Deployment of resource sync rules require the logged-in principal to have the `Microsoft.Authorization/roleAssignments/write` permission against the resource group that resources are being deployed to. This is a necessary security constraint as edge to cloud resource hydration will create new resources in the target resource group. To resolve, either elevate principal permissions, or don't deploy resource sync rules. Current AIO CLI has an opt-in mechanism to deploy resource sync rules via `--enable-rsync`. Simply omit this flag. Legacy AIO CLIs had an opt-out mechanism via `--disable-rsync-rules`."
+      answer:   |
+        [!INCLUDE [LinkedAuthorizationFailed error](../includes/LinkedAuthorizationFailed-error-message.md)]
       
 additionalContent: |
     ## Related content

-Original file line number
+Diff line change
@@ @@ -0,0 +1,6 @@ @@
++
 +```
 +Message: Microsoft.ExtendedLocation resource provider does not have the required permissions to create a namespace on the cluster.
 +```
++
 +This error is commonly caused by either not enabling the required azure-arc custom locations feature, or enabling the custom locations feature with an incorrect custom locations RP OID. To resolve, follow [this guidance](/azure-arc/kubernetes/custom-locations#enable-custom-locations-on-your-cluster) for enabling the custom locations feature with the correct OID.