How Can We Help?

Azure Troubleshooting

Before starting any troubleshooting, you need to logout from the Azure Portal (https://portal.azure.com) and go back to Cloudockit in private mode. Indeed, most of the issues are due to the fact that wrong credentials are used when trying to sign into Cloudockit.

The first question being asked is the tenant name. What should I enter in this field?

  • Have a look at this post, it will give you all the details on how to find which tenant to use

When I try to log into Cloudockit, I get the error AADTSTS900093 : Does not have access to consent

  • This means the Azure Active Directory Global Administrator has explicitly prevented users to use 3rd party applications
  • You can confirm that by going the Azure Active Directory Blade (on portal.azure.com), and then select User Settings. If “users can allow apps to access their data” is set to No, it means the Azure Active Directory Global Administrator has explicitly prevented users to use 3rd party applications
  • You have the following options:
    • Change this setting to allow users to use third party applications
    • Ask an Azure Active Directory Global Administrator to generate the documentation using Cloudockit
    • Add Cloudockit as a trusted application : To do that, follow the 3 steps bellow:
  1. Navigate to your Active Directory blade in the Azure Portal and then select Enterprise Applications
  2. Then, click on New Application, select the category All and search for Cloudockit. Click on Cloudockit and then click Add
  3. Follow this procedure https://www.cloudockit.com/cloudockit-admin-consent-non-aad-global-admin-users/

When I sign into Cloudockit, the list of subscriptions is emtpy.

  • If you do not see subscriptions in the drop down list, it means that you do not have access to any subscriptions. To ensure you have access to at least one subscription, you can connect to https://portal.azure.com. If you do not see any subscriptions it means you do not have the required access

When I click on a generated document, I get a message saying the token is expired.

  • For security reasons, the secured link you receive automatically expires after a certain period of time. So you will need to regenerate the document. You can change the amount of time the secured link expires using the Drop Off Tab

When I sign into Cloudockit, I get an error message saying: Calling principal cannot consent due to lack of permissions.

  • If you are not an Azure AD Global Admin, ensure you uncheck the Azure Active Directory Global Admin box. Restart the process with the box unchecked

When I sign into Cloudockit, I get the error message AADSTS90002: Requested tenant identifier ‘00000000-0000-0000-0000-000000000000’ is not valid. Tenant identifiers may not be an empty GUID.

  • This is due to an issue with Azure Active Directory and specific Microsoft accounts.
  • Please use an account that is a member of the Azure Active Directory, not a Microsoft Account.

I cannot see the Classic Azure Component (ASM, not ARM) (like Classic Virtual Machine) in the document that is generated but I can see them in the portal.

  • For ARM component, Cloudockit supports the role like a reader or contributor but for Classic Deployment model, you need to be Administrator of the subscription (specified in the https://manage.windowsazure.com portal).

The document I get is empty. There may be multiple reasons why the document is empty. Please check the following elements:

  • When you are logged into https://generate.cloudockit.com open a new tab and navigate to https://portal.azure.com. You should see some resources. If you only see the active directory and not other resources, this means the document will be empty
  • Filters that you have applied may be too restrictive. Please remove them
  • If you used a custom template, please use test with the built-in template to ensure the issue is not due to the template

I have specified a Storage Account to drop the document but I cannot see the document even if the generation is successful.

  • You need to ensure the account you are using has write permissions to the storage

The user that is licensed do not have appropriate permissions on the subscription that I need to document. I need to use another account.

  • Cloudockit supports this scenario
  • The first step is to sign into Cloudockit using the account that is licensed (even if this account has no privileges on the subscription to document)
  • Once logged in, you will see a button on the top of the window that allows you to change users. Click on it and then enter the account you want to use
  • Once done, click on Log Out
  • Now, go back to the Cloudockit home page and Sign In with this account
  • You should now have a valid license
  • Note: you have 5 minutes to do this procedure
  • Note: It is illegal to use this procedure to give a license to someone else

The Virtual Machine diagrams are empty even if the Word Document contains the Virtual Machines:

  • The Virtual Machines diagram is using Virtual Networks to display the Virtual Machines inside those Virtual Networks. If you use filters, ensure your filters include the Virtual Networks that contain the Virtual Machines otherwise the diagram will be empty.

My subscription is in Azure Government or Azure China or Azure Germany. How should I proceed with the authentication ?

  • When you need to authenticate to one of these subscriptions, you need to use an Azure Active Directory Application for authentification.
  • Step 1: You log in to Cloudockit, then, you select Azure and you will be asked how you would like to authenticate.
  • Step 2: Select AAD Application and follow the instructions

When trying to log into Azure, you get the following exception AADSTS50012: No client secret is provisioned in the store

  • This happens if you connect to Cloudockit using a GOV Azure Active Directory Tenant. This is not supported so please use a Public Tenant or any other Authentication Provider offered by Cloudockit. Once connected, you will be able to authenticate to Azure GOV using an AAD App

When trying to log into Azure, you get the following exception: Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access

  • This is due to multi factor authentication. In order to solve this issue, you need to open a  separate tab in the same browser, navigate to https://portal.azure.com and connect using your 2FA. Then, you can come back to the generate.cloudockit.com tab and refresh the page. Try to log into Azure. You should not see the error message anymore

The section with Azure SQL Details is empty even if I provided the security credentials.

This could be due to firewall set on your Azure SQL. Please see the Cloudockit Outbound IP Addresses and add them to your firewall rules.

I Cannot connect to my Storage Account for Drop Off even my credentials are good.

This could be due to firewall set on your Storage Account. Please see the Cloudockit Outbound IP Addresses and add them to your firewall rules.

Cloudockit Outbound IP Addresses

The following IP Addresses are the Outbound IP Addresses used by Cloudockit.


These adresseses could change so you need to monitor this page.

If you do not want to manage those IP Adresses, you can use Cloudockit Desktop or Cloudockit Container as you manage outbound adresses for those type of Hosting.

Once logged into Cloudockit, if I select Azure and click on Use Another Account, it signed me out and left me on the Sign-Out page.

  • This could be due to specific configuration you have in your Authentication Flow (like 3rd Party SSO)
  • If that’s the case, when you are on the Sign-Out Page, please replace the URL by https://generate.cloudockit.com/LogIntoCDKWithAAD/SwitchToOtherUser
  • This will redirect you to the AAD Authentication for the other user you want to use

I never received the document I have asked for. The wheel is spinning at Generate Documents.

  • First, it can take hours to generate your documents if you have big environments, therefore you need to be patient
  • If after one day you do not have the document, it could be because the generated document is too big and Word cannot generate it (thousands of pages). If that is the case, we recommend to use one of the following two options:
    • Option 1 – Navigate to the filter tab and select the option ‘Split Generated Document’ to create multiple word files instead of a big one which would not have been humanly readable
    • Option 2 – Navigate to the filter tab and select the option ‘Filters’ to explicitly exclude/include some specific resources groups. This will make the document smaller

Table of Contents