Before starting any troubleshooting, you need to logout from the Azure management portals ( and and go back to Cloudockit in private mode. Indeed, most of the issues are due to the fact that wrong credentials are used when trying to Sign In into Cloudockit.

The first question being asked is the tenant name. What should I enter in this?

  • Have a look at this post
  • It will give you all the details on how to find which tenant to use

When I try to log in to Cloudockit, I get the error AADTSTS900093 : Does not have access to consent

  • This means that the Azure Active Directory Global Administrator has explicitely prevented users to use 3rd Party Application.
  • You can confirm that by going in the Azure Active Directory Blade (on, and then select User Settings. If Users can allows apps to access their data is set to No, it means that the Azure Active Directory Global Administrator has explicitely prevented users to use 3rd Party Application. You have the following options :

  • Change this settings to allow users to use Third Party Application
  • Ask an Azure Active Directory Global Administrator to generate the documentation using Cloudockit
  • Add Cloudockit as a Trusted Application : To do that, follow the 3 steps bellow:
    1. Navigate to your Active Directory blade in the Azure Portal and then select Enterprise Applications.
    2. Then, click on New Application, select the category All and search for Cloudockit. Click on Cloudockit and then click Add.
    3. Follow this procedure

When I Sign In into Cloudockit, the list of subscriptions is emtpy.

  • If you do not see any subscription in the drop down list, it means that you do not have access to any subscription. To ensure that you have access to at least one subscription, you can connect to and If you do not see any subscription in those 2 portals it means that you have not the required access.

When I click on a generated document, I get a message telling that the token is expired.

  • For security reasons, the secured link that you receive automatically expire after a certain period of time. So you will need to regenerate the document. You can change this amount of time if you want (using the Drop Off Tab)

When I Sign In into Cloudockit, I get an error message saying Calling principal cannot consent due to lack of permissions.

  • You must have checked the checkbox specifying that you are an Azure Active Directory Global Admin. This requires that you are Azure AD Global Admin which is not the case. Restart the process without checking the checkbox.

When I Sign In into Cloudockit, I get an error message AADSTS90002: Requested tenant identifier '00000000-0000-0000-0000-000000000000' is not valid. Tenant identifiers may not be an empty GUID.

  • This is due to an issue with Azure Active Directory and specific Microsoft accounts.
  • Please use an account that is a member of the Azure Active Directory, not a Microsoft Account.

I cannot see the Classic Azure Component (ASM, not ARM) (like Classic Virtual Machine) in the document that is generated but I can see them in the portal.

  • For ARM component, Cloudockit supports the role like reader or contributor but for Classic Deployment model, you need to be Administrator of the subscription (specified in the portal).

The document I get is empty. There may be multiple reasons why the document is empty. Please check the following elements:

  • When you are logged into open a new tab and navigate to You should see some resources. If you only see the active directory and not other resources, it means that the document will not contain anything.
  • Filters that you have applied may be to restrictive. Please remove them.
  • If you have used a custom template, please use with the built-in template to ensure that the issue is not due to the template.

I have specified a Storage Account to drop the document but I cannot see the document even if the generation is successful.

  • You need to ensure that the account you are using has write permissions to the storage

The user that is licensed do not have appropriate permissions on the subscription that I need to document. I need to use another account.

  • Cloudockit supports this scenario.
  • The first step is to Sign In into Cloudockit using the account that is licensed (even if this account has not privileges on the subscription to document).
  • Once Logged In, you will see a button on the top of the windows that allows you to change user. Click on that and then you need to enter the account that you want to use.
  • Once done, click on Log Out.
  • Now, go back to the Cloudockit home page and Sign In with this account.
  • You should now have a valid license.
  • Note that you have 5 minutes to do that Note that it is not legal to use this mechanism to give a license to someone else

The Virtual Machines diagram is empty even so the Word Document contains the Virtual Machines:

  • The Virtual Machines diagram is using Virtual Networks to display the Virtual Machines inside those Virtual Networks. If you use filter, ensure that your filters include the Virtual Networks that contains the Virtual Machines otherwise the diagram will be empty.

My subscription is in Azure Gov or Azure China or Azure Germany. How should I proceed with the authentication ?

  • When you need to authenticate to one of these subscriptions, you need to use an Azure Active Directory Application to authenticate. So, first step, you login to Cloudockit, then, you select Azure and you will be asked how you would like to authenticate. Select AAD Application and follow the instructions

When trying to login to Azure, you get the following exception AADSTS50012: No client secret is provisioned in the store * This happens if you connect to Cloudockit using a GOV Azure Active Directory Tenant. This is not supported so please use a Public Tenant or any other Authentication Provider offered by Cloudockit. Once connected, you will be able to authenticate to Azure GOV using an AAD App.

When trying to login to Azure, you get the following exception : Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access

  • This is due to multi factor authentication. In order to solve the issue, you need to open a  separated tab in the same browser, navigate to and connect using your 2FA. Then, you can come back to the tab and refresh the page and then try to login back to Azure. You should not see the error message this time.

The section with Azure SQL Details is empty even if I have provided the security credentials.

  • This may be due to Firewall Rules that you have on your side. Please add the following IP Address's:


Once logded in to Cloudockit, if I select Azure and click on Use Another Account, it signed me out and leave me on the Sign-Out page.

I never received the document I have asked for. The wheell is spinning at Generate Documents.

  • First, it can take hours to generate your documents if you have big environments so you need to be patient on that.

  • If after one day you don't have the document, it could be because the generated document is too big and Word cannot take it (thousands of pages). If that is the case, we recommend to use one of the following two options:

  • Option 1 - Navigate to the filter tab and select the option 'Split Generated Document' to create multiple word files instead of a big one (that anyway would probably have been not humanly readable)

  • Option 2 - Navigate to the filter tab and select the option 'Filters' to explicitely exclude/include some specific resources groups. This will make the document smaller