The call to New-AzureKeyVault in the tutorial fails
I'm following this tutorial:
http://azure.microsoft.com/en-us/documentation/articles/key-vault-get-started/
When running the following statement:
New-AzureKeyVault -VaultName 'MyTestKeyVault2' -ResourceGroupName 'MyTestResourceGroup2' -Location 'North Europe'
I get the following output (I've redacted our subscription/email/resource groups/vault name details):
The user account that is used for this operation is: [email protected]
The subscription that is used for this operation is: MySubscription
Resource Group MyTestResourceGroup2 is created/selected
VERBOSE: 17:25:23 - Resource group "MyTestResourceGroup2" is found.
VERBOSE: 17:25:23 - Creating resource "MyTestKeyVault2" started.
VERBOSE: 17:25:26 - Creating resource "MyTestKeyVault2" complete.
The user account that is used for this operation is: [email protected]
The subscription that is used for this operation is: MySubscription
The user account that is used for this operation is: [email protected]
No object ID is selected. The current user's object ID will be used by default
Get-AzureADUser : {"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient pri
vileges to complete the operation."}}}
At C:\Dev\Azure Key Vault Powershell scripts\KeyVaultManager\Common.ps1:144 char:22
+ $userByUpn = Get-AzureADUser | where {$_.Mail -eq $UserPrincipalName}
+ ~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzureADUser], CloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ActiveDirectory.GetAzureADUserCommand
No object ID for the input principal was not found
At C:\Dev\Azure Key Vault Powershell scripts\KeyVaultManager\Common.ps1:129 char:9
+ Throw 'No object ID for the input principal was not found'
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (No object ID fo...l was not found:String) [], RuntimeException
+ FullyQualifiedErrorId : No object ID for the input principal was not found
It seems like New-AzureKeyVault calls Get-AzureADUser but that call fails. If I just execute Get-AzureADUser then
Get-AzureADUser : {"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient pri
vileges to complete the operation."}}}
At line:1 char:1
+ Get-AzureADUser
+ ~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzureADUser], CloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ActiveDirectory.GetAzureADUserCommand
I'm following the tutorial from top to bottom. We have an Azure AD set up, but there's no mentioning of Active Directory up until this point in the tutorial.
Is there something which I need to configure within Azure AD prior to running New-AzureKeyVault which is not mentioned in the tutorial?
Nitramafve
Hi All,
Thank You for taking the interest in Key Vault, I am sorry to hear that you have run in to this particular incident and hopefully we can get you unblocked.
If you currently have 'Limit Guest Access' on the directory set to 'YES' then you will need to read the statement below in order to move forward as in this scenario GUEST do not have the ability to enumerate Directory Objects when access has been limited
which is what causes this to fail.
If your administrator doesn't want to limit guest access, then they can toggle the setting on the Directory to state 'Limit Guest Access' to NO which will then allow User Accounts of User Type Guest to enumerate objects.
If you are using a Microsoft Account that is over user type GUEST and the administrator has chosen to limit guest access then you need to ask an administrator of the directory to run the following command:
Set-MsolUser -UserPrincipalName someone_outlook.com#EXT#@tenant.onmicrosoft.com -UserType Member
Furthermore, If your a customer that has multiple Azure Subscriptions ensure that the subscription in question is the current subscription in-use when using the PowerShell Session
Get-AzureSubscription
This will give you a list of all your subscriptions, there is an attribute on each subscription called 'IsCurrent' you need to ensure that the relevant subscription your attempting to use has a value of True.
If this is not the case, then you need to run the command
Select-AzureSubscription -SubscriptionId GUID -Current
I imagine most of you here will have multiple subscriptions & directories, and even more so as it is recommended to run this in production it probable that you have a different Azure Subscription you would want to use, and in-turn a different directory
also. {please take care when checking this info}
NOTE: If you login to manage.windowsazure.com with your account and go to Settings > Subscriptions from here you will be able to see the GUID translation in to the Directory Name and furthermore there is a last column called 'Default Directory'
that is the directory your account needs to be a GA off.
If you have any further questions please be sure to reach out.
If your currently using Microsoft Accounts in Azure. if your a Microsoft Online Service customers (such as Office 365) and have not linked the Azure Subscription to this directory and want to, check out
this article to help you out in doing that as Work Accounts are recommended when using Azure in most scenarios and saves you having to login with different creds across portals.
also, if you want further information on how Azure AD Administrators and Subscription Administrators differ you should check out
the following article also.
Regards,
James.
Similar Messages
-
When making a call, sometimes, my iPhone 5 , gets stuck on 'Calling' than I have to press END..but still nothing happens, than when I press HOME button, the call app keeps running in the background and it keeps saying CALLING... than I have to wait 2 - 3 minutes and call again.
please helpHas nothing to do with the SIM or master reset. This has been done to my phone. The SIM once and the factory reset many times over. You all just sold us a bad piece of equipment and have us by the tail with our contracts so none of us can get a new phone without paying full price or re-upping our contract. I just got off the phone last night with your high up tech people (you know, the hidden number we get once we tear into your support people enough), they went into my phone again and still didn't find anything wrong. I about got fired from my job for not getting my calls and texts. The BBB has now been contacted, and I feel your end should shore this up for all of us!
-
Hi,
I created a simple plugin and since i wanted to use Early Binding i added Xrm.cs file to my solution.After i tried registering the plugin (using the Plugin Registration Tool) the plugin does not gets registered and i get the below mentioned Exception.
Unhandled Exception: System.TimeoutException: The request channel timed out while waiting for a reply after 00:01:59.9139778. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding. The time allotted to this
operation may have been a portion of a longer timeout.
Server stack trace:
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.Xrm.Sdk.IOrganizationService.Update(Entity entity)
at Microsoft.Xrm.Sdk.Client.OrganizationServiceProxy.UpdateCore(Entity entity)
at Microsoft.Crm.Tools.PluginRegistration.RegistrationHelper.UpdateAssembly(CrmOrganization org, String pathToAssembly, CrmPluginAssembly assembly, PluginType[] type)
at Microsoft.Crm.Tools.PluginRegistration.PluginRegistrationForm.btnRegister_Click(Object sender, EventArgs e)
Inner Exception: System.TimeoutException: The HTTP request to 'https://demoorg172.api.crm.dynamics.com/XRMServices/2011/Organization.svc' has exceeded the allotted timeout of 00:01:59.9430000. The time allotted to this operation may have been a portion of a
longer timeout.
at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
Inner Exception: System.Net.WebException: The operation has timed out
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
And to my Surprise after i remove the Xrm.cs file from my solution the Plugin got registered!
Not understanding what exactly is the issue.
Any Suggestions are highly appreciated.
Thanks,
Shradha
Hello Shardha,
I really appreciate that you have faced this issue.This is really very strange issue and basically it occurs because of big size of your early bound class and slow internet
connection.
I would strictly recommend you to reduce the file size of your early bound class and then register.By default early bound class is created for all the entities which are
present in CRM(System entities as well custom entities).Such kind of early bound classes takes lots of time to register on server and hence timeout exception comes.
There is some standard define to reduce the size of early bound class.Please follow the link to get rid from big size of early bound class.
Create a new C# class library project in Visual Studio called SvcUtilFilter.
In the project, add references to the following:
CrmSvcUtil.exe(from sdk) This exe has the interface we will implement.
Microsoft.Xrm.Sdk.dll (found in the CRM SDK).
System.Runtime.Serialization.
Add the following class to the project:
using System;
using System.Collections.Generic;
using System.Xml.Linq;
using Microsoft.Crm.Services.Utility;
using Microsoft.Xrm.Sdk.Metadata;
namespace SvcUtilFilter
/// <summary>
/// CodeWriterFilter for CrmSvcUtil that reads list of entities from an xml file to
/// determine whether or not the entity class should be generated.
/// </summary>
public class CodeWriterFilter : ICodeWriterFilterService
//list of entity names to generate classes for.
private HashSet<string> _validEntities = new HashSet<string>();
//reference to the default service.
private ICodeWriterFilterService _defaultService = null;
/// <summary>
/// constructor
/// </summary>
/// <param name="defaultService">default
implementation</param>
public CodeWriterFilter( ICodeWriterFilterService defaultService )
this._defaultService = defaultService;
LoadFilterData();
/// <summary>
/// loads the entity filter data from the filter.xml file
/// </summary>
private void LoadFilterData()
XElement xml = XElement.Load("filter.xml");
XElement entitiesElement = xml.Element("entities");
foreach (XElement entityElement in entitiesElement.Elements("entity"))
_validEntities.Add(entityElement.Value.ToLowerInvariant());
/// <summary>
/// /Use filter entity list to determine if the entity class should be generated.
/// </summary>
public bool GenerateEntity(EntityMetadata entityMetadata, IServiceProvider services)
return (_validEntities.Contains(entityMetadata.LogicalName.ToLowerInvariant()));
//All other methods just use default implementation:
public bool GenerateAttribute(AttributeMetadata attributeMetadata, IServiceProvider services)
return _defaultService.GenerateAttribute(attributeMetadata, services);
public bool GenerateOption(OptionMetadata optionMetadata, IServiceProvider services)
return _defaultService.GenerateOption(optionMetadata, services);
public bool GenerateOptionSet(OptionSetMetadataBase optionSetMetadata, IServiceProvider services)
return _defaultService.GenerateOptionSet(optionSetMetadata, services);
public bool GenerateRelationship(RelationshipMetadataBase relationshipMetadata, EntityMetadata otherEntityMetadata, IServiceProviderservices)
return _defaultService.GenerateRelationship(relationshipMetadata, otherEntityMetadata, services);
public bool GenerateServiceContext(IServiceProvider services)
return _defaultService.GenerateServiceContext(services);
This class implements the ICodeWriterFilterService interface. This interface is used by the class generation
utility to determine which entities, attrributes, etc. should actually be generated. The interface is very simple and just has seven methods that are passed metadata info and return a boolean indicating whether or not the metadata should be included
in the generated code file.
For now I just want to be able to determine which entities are generated, so in the constructor I read from an XML
file (filter.xml) that holds the list of entities to generate and put the list in a Hashset. The format of the xml is this:
<filter>
<entities>
<entity>systemuser</entity>
<entity>team</entity>
<entity>role</entity>
<entity>businessunit</entity>
</entities>
</filter>
Take a look at the methods in the class. In the GenerateEntity method, we can simply check the EntityMetadata parameter
against our list of valid entities and return true if it's an entity that we want to generate.
For all of the other methods we want to just do whatever the default implementation of the utility is. Notice
how the constructor of the class accepts a defaultService parameter. We can just save a reference to this default service and use it whenever we want to stick with the default behavior. All of the other methods in the class just call the default
service.
To use our extension when running the utility, we just have to make sure the compiled DLL and the filter.xml file
are in the same folder as CrmSvcUtil.exe, and set the /codewriterfilter command-line argument when running the utility (as described in the SDK):
crmsvcutil.exe /url:http://<server>/<org>/XrmServices/2011/Organization.svc /out:sdk.cs /namespace:<namespace> /codewriterfilter:SvcUtilFilter.CodeWriterFilter,SvcUtilFilter
/username:[email protected] /password:xxxx
That's it! You now have a generated sdk.cs file that is only a few hundred kilobytes instead of 5MB.
One final note: There is actually a lot more you can do with extensions to the code generation utility.
For example: if you return true in the GenerateOptionSet method, it will actually generated Enums for each CRM picklist (which it doesn't normally do by default).
Also, the source code for this SvcUtilFilter example can be found here.
Use at your own risk, no warranties, etc. etc.
Please mark as a answer if this post is useful to you. -
i am deleting files through my trash in my macbook pro (2010) and then emptying the trash can, but my hard disk space is not increasing! i recently upgraded to lion and the problem is new, wasn't the same with snow leopard! HELP!!!!!
When i press command+I (Get Info) i see that there is 140 GB "Available Space" on my hard disk but when i click on my hard disk icon on the desktop, and then press "space" i only see 102 GB free!! What the f*???
Please HELP!!!!!! Getting second thoughts on Lion!!!!Hi b,
Have you restarted yet? -
Using Dogpile, I search and a list of URLs comes up. I select and click on one and Firefox opens a new tab. It responds promptly with a blank screen. The Tab says "New Tab" and the URL says "about:blank". The last one came up slowly in IE and turned out to be nothing more than a large pdf. Can you help me figure out what is happening and how to fix it, please? It is happening far too often. Running the virus, etc. software has not stopped this problem. Thank you very much for your help! Hutchy
Using Dogpile, I search and a list of URLs comes up. I select and click on one and Firefox opens a new tab. It responds promptly with a blank screen. The Tab says "New Tab" and the URL says "about:blank". The last one came up slowly in IE and turned out to be nothing more than a large pdf. Can you help me figure out what is happening and how to fix it, please? It is happening far too often. Running the virus, etc. software has not stopped this problem. Thank you very much for your help! Hutchy
-
This is not a question. I believe I've found a new issue and the fix for it.
The situation:
A brand new iMac 27" running Yosemite 10.10.1
MacMini server running 10.8.5 server.
The issue:
Client on iMac trying to work on MS Word documents stored on server was requiring him to save the documents to his desktop and then copy them back to the folder on the server. The exact error message was, "This file is read-only. To save a copy, click OK, and give the document a new name in the save dialog box."
The issue is unique to this computer in an office of 10 client computers and three servers.
Attempted fixes:
Verified that the ".Temporaryitems" folder existed and the permissions were set properly.
Repaired permissions on the client and the network share.
Definitive fix:
By default, Yosemite 10.10.1 uses SMB for connecting file shares. When I overrode the default and switched to AFP protocol, the issue went away.
I hope this helps someone else.
RobThat was it. What an operating system. It is very helpful to view files you are looking for. But if you have preview on you cannot save files.
-
whenever i click on word or powerpoint it always brings up a recent document. I want to have the option like when i had first opened the app that gives the options of new document and the variety of different documents. how do i get it back to that?
tbreezy wrote:
THANK U!! K ONE MORE QUICK QUESTION. HOW DO I GET RID OF THAT POP UP BOX?
Not sure, try googling "the global template normal.dotm is already open as an add-in program" -
Dear Team,
In iSO 6 while talking to some one I could lock the screen in the middle of the call and I could continue the call, this helps me in may ways
1. I dont press the key board accidentally so that key presses wont be sent to IVR if Iam talking to a customer care or bank ect..
2. once I lock the screen while talking to the other person, accidentally I could avoid pressing End button, as it is touch screen and an accidental skin touch ends the call?
3. How could I reject the call if I dont want to receive the call using touch screen in iSO7 if possible?
could you please answer these queries if am on right forum, if not let me know?
thank you.
KulHello Csound1
The feature exists (and is clearly described in Numbers User Guide) in Numbers '09 but the thread is about the behavior of Numbers '08.
Yvan KOENIG (VALLAURIS, France) mercredi 21 septembre 2011 21:59:50
iMac 21”5, i7, 2.8 GHz, 4 Gbytes, 1 Tbytes, mac OS X 10.6.8 and 10.7.0
My iDisk is : <http://public.me.com/koenigyvan>
Please : Search for questions similar to your own before submitting them to the community -
Hi,
When someone modify the coding in the notification, a new notification with the same task is created (QM02).
How to stop this duplicate notification?
Regards,
ShivaHello Shivasharanappa,
This is due to your Inspection type configuration. I guess "One Q-Notification per Insp. Lot" Indicator is not set for the inspection type you are using.
Go to QCC0>Quality inspection>Inspection Lot Creation>Maintain Inspection Types>Select Inspection type
Here, Set indicator for "One Q-Notification per Insp. Lot". If this indicator is set system will combine all newly added defects into previously created notification.
Amol. -
Is there such a setting that in entire site opens the edit,display,new form in the modal windows?
Hi all!
I know about setting for lists, but
Is there such a setting that in entire site opens the edit,display,new form in the modal windows?No, just per list, as you already knew
Kind regards,
Margriet Bruggeman
Lois & Clark IT Services
web site: http://www.loisandclark.eu
blog: http://www.sharepointdragons.com -
how can i reanable the notification of new mails on the homescreen. The numbers of new mails disappeared
I found it in the options - no more need to help...
-
[svn:fx-4.0.0] 13665: remove the call to clean-temp before the package staging starts.
Revision: 13665
Revision: 13665
Author: [email protected]
Date: 2010-01-20 10:17:54 -0800 (Wed, 20 Jan 2010)
Log Message:
remove the call to clean-temp before the package staging starts. Removing the temp directory before the copy was removing the config updates that happen before this target is called.
QE notes: make sure the flex and air configs have been updated.
Doc notes:
Bugs: https://bugs.adobe.com/jira/browse/SDK-25160
Reviewer: gaurav
Tests run:
Is noteworthy for integration:
Ticket Links:
http://bugs.adobe.com/jira/browse/SDK-25160
Modified Paths:
flex/sdk/branches/4.0.0/build.xmlBefore compiling the architecture must be adjusted in the FFdecsa/Makefile (defaults to athlon-xp).
The readme file in the src directory provides more details. -
How come 64 GB storage can hold only 100 entries in the call list. can anybody explain the reason?
how come 64 GB storage can hold only 100 entries in the call list. can anybody explain the reason?
Because the "Recents" is limited to exactly 100 calls, by design...nothing to do with the size of your phone. Tell Apple if you liked to see it increased:
http://www.apple.com/feedback/iphone.html -
How can I purchase items for app when the app was loaded on another ID before? I has to Chang my AppleID and also transferred an app to new phone. I can't purchase items for app because it wants me to buy the app through new ID. The app was free.
All apps (and other content from the store) are tied to the account that downloaded them, whether or not they are free. To do in-app purchases in that app you will either need to log in with the account that downloaded it, or delete it (which will delete its content) and download it with your currently logged in account if you want to do IAPs on that account.
-
Most of the calls are ended suddenly and the phone turhes off
most of the calls are ended suddenly and the phone turnes off
Are you using any accessories with the iPhone, like a protective case or bluetooth headset? If you ar try testing the iPhone without the accessories.
If that doesn't take care of it, try restoring the iPhone.
Maybe you are looking for
-
Okay, so I try to sync the songs on my ipod with itunes and this message pops up: "Songs on the iPod cannot be synced because all of the playlists selecting for syncing no longer exist." It says this yet all of my playlists are still on that blue sid
-
Officejet Pro L7580 appears as a network drive in Win7
I have a new Dell desktop with 64-bit Win7. I have installed the printer with HP's latest 64-bit full software program downloaded from HP's website. My L7580 all-in-one loads on my network as a disk drive. When I click on the link it reports: "LOC
-
SAP MDM Vendor email addresses are not in order when sent to SAP R/3
Hi Experts, We were trying to maintain vendor email addresses in this order in SAP MDM: E-mail address: massupa@nexus Sequence Number: 001 E-mail address: win@nexus Sequence Number: 002 E-mail address: satita@nexus Sequence Number: 003 But when savin
-
IPad Air to projector cord choice-sound airport Express?
Ok so I'm looking to use my ipad to play movies in the back yard for the kiddos. The projector I am going to order has VGA and HDMI ports. I am looking to project the movie to the screen/projector through one of these ports and then stream the sound
-
My iPad does not connect to my TV via the VGA Adapter. The TV recognizes a signal but does not display anything. The Mini Display Adapter to VGA from my MacBook fills the TV screen and is brilliant. Both of the iPad video settings - Widescreen & NTSC