You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/iot-operations/troubleshoot/troubleshoot.md
+28-2Lines changed: 28 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,12 +1,12 @@
1
1
---
2
2
title: Troubleshoot Azure IoT Operations
3
-
description: Troubleshoot your Azure IoT Operations deployment
3
+
description: Troubleshoot your Azure IoT Operations deployment and configuration
4
4
author: SoniaLopezBravo
5
5
ms.author: sonialopez
6
6
ms.topic: troubleshooting-general
7
7
ms.custom:
8
8
- ignite-2023
9
-
ms.date: 11/01/2024
9
+
ms.date: 03/07/2025
10
10
---
11
11
12
12
# Troubleshoot Azure IoT Operations
@@ -23,6 +23,32 @@ For general deployment and configuration troubleshooting, you can use the Azure
23
23
24
24
- Use [az iot ops support create-bundle](/cli/azure/iot/ops/support#az-iot-ops-support-create-bundle) to collect logs and traces to help you diagnose problems. The *support create-bundle* command creates a standard support bundle zip archive you can review or provide to Microsoft Support.
Message: Microsoft.ExtendedLocation resource provider does not have the required permissions to create a namespace on the cluster.
30
+
```
31
+
32
+
This error is commonly caused by either not enabling the required azure-arc custom locations feature, or enabling the custom locations feature with an incorrect custom locations RP OID. To resolve, follow [this guidance](/azure-arc/kubernetes/custom-locations#enable-custom-locations-on-your-cluster) for enabling the custom locations feature with the correct OID.
Message: The resource {resource Id} extended location {custom location resource Id} does not support the resource type {IoT Operations resource type} or api version {IoT Operations ARM API}. Please check with the owner of the extended location to ensure the host has the CRD {custom resource name} with group {api group name}.iotoperations.azure.com, plural {custom resource plural name}, and versions [{api group version}] installed.
38
+
```
39
+
40
+
This error happens when the custom location resource associated with the deployment isn't properly configured with the API version(s) of resources attempting to be projected to the cluster. To resolve, delete any provisioned resources associated with prior deployment(s) including custom locations. You can use `az iot ops delete` or alternative mechanism. Due to a potential caching issue, waiting a few minutes after deletion before re-deploying AIO or choosing a custom location name via `az iot ops create --custom-location` is recommended.
Message: The client {principal Id} with object id {principal object Id} has permission to perform action Microsoft.ExtendedLocation/customLocations/resourceSyncRules/write on scope {resource sync resource Id}; however, it does not have permission to perform action(s) Microsoft.Authorization/roleAssignments/write on the linked scope(s) {resource sync resource group} (respectively) or the linked scope(s) are invalid.
46
+
```
47
+
48
+
Deployment of resource sync rules require the logged-in principal to have the `Microsoft.Authorization/roleAssignments/write` permission against the resource group that resources are being deployed to. This is a necessary security constraint as edge to cloud resource hydration will create new resources in the target resource group.
49
+
50
+
To resolve, either elevate principal permissions, or don't deploy resource sync rules. Current AIO CLI has an opt-in mechanism to deploy resource sync rules via `--enable-rsync`. Simply omit this flag. Legacy AIO CLIs had an opt-out mechanism via `--disable-rsync-rules`.
51
+
26
52
## Secret management
27
53
28
54
If you see the following error message related to secret management, you need to update your Azure Key Vault contents:
0 commit comments