Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[bug] "az iot ops init"under Ubuntu 22.04.04 #151

Open
geebinge opened this issue Feb 29, 2024 · 3 comments
Open

[bug] "az iot ops init"under Ubuntu 22.04.04 #151

geebinge opened this issue Feb 29, 2024 · 3 comments

Comments

@geebinge
Copy link

Describe the bug
Hi,

I try to install AIO on Ubuntu 22.04.04 (02 isn't any more available for download).

When I follow these steps https://learn.microsoft.com/en-us/azure/iot-operations/get-started/quickstart-deploy?tabs=linux

at step 10 in https://learn.microsoft.com/en-us/azure/iot-operations/get-started/quickstart-deploy?tabs=linux#deploy-azure-iot-operations the result is

AADSTS530003: Your device is required to be managed to access this resource. Trace ID: 145abf00-9134-4bd1-b7f6-dbdec79ba400 Correlation ID: aab0bdc3-e1ae-4191-833e-eb9958a026a7 Timestamp: 2024-02-29 18:50:13Z
Interactive authentication is needed. Please run:
az login --scope https://graph.microsoft.com//.default

what is not possible, because in that case, I get the information that the company needs to manage the device, which is not possible for a Ubuntu test device.

@digimaun
Copy link
Member

digimaun commented Mar 5, 2024

Hi @geebinge , that error AADSTS530003 happens when the CLI is making calls in graph to create and configure a new app registration to use for AIO deployment. Your tenant has conditional access policies preventing the call from the environment its running in. There is learning docs about conditional access policies and this part is around troubleshooting https://learn.microsoft.com/en-us/entra/identity/conditional-access/troubleshoot-conditional-access

As a workaround you can pre-create your app registration/SP and use the form of init that includes --sp-app-id , --sp-object-id and --sp-secret. When all those values are provided MS graph calls are avoided. Take care to provide the correct values.

@geebinge
Copy link
Author

geebinge commented Mar 5, 2024

I am the owner of my subscription, but "You don’t have permission to register applications in the ${company} directory. To request access, contact your administrator." 😏

@digimaun
Copy link
Member

digimaun commented Mar 5, 2024

ack, in this case it's not subscription level access that is necessary but tenant/directory level access

https://learn.microsoft.com/en-us/graph/api/application-post-applications?view=graph-rest-1.0&tabs=http#permissions

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants