Troubleshooting

Before starting any troubleshooting, you need to logout from the Azure management portals (https://manage.windowsazure.com and https://portal.azure.com) and go back to Cloudockit in private mode. Indeed, most of the issues are due to the fact that wrong credentials are used when trying to Sign In into Cloudockit.

The first question being asked is the tenant name. What should I enter in this?

  • Have a look at this post
  • It will give you all the details on how to find which tenant to use

When I try to log in to Cloudockit, I get the error AADTSTS900093 : Does not have access to consent

  • This means that the Azure Active Directory Global Administrator has explicitely prevented users to use 3rd Party Application.
  • You can confirm that by going in the Azure Active Directory Blade (on portal.azure.com), and then select User Settings. If Users can allows apps to access their data is set to No, it means that the Azure Active Directory Global Administrator has explicitely prevented users to use 3rd Party Application.
  • You have the following options :

Change this settings to allow users to use Third Party Application Ask an Azure Active Directory Global Administrator to generate the documentation using Cloudockit Add Cloudockit as a Trusted Application : To do that, Navigate to your Active Directory blade in the Azure Portal and then select Enterprise Applications. Then, click on New Application, select the category All and search for Cloudockit. Click on Cloudockit and then click Add. Follow this procedure https://www.cloudockit.com/cloudockit-admin-consent-non-aad-global-admin-users/

When I Sign In into Cloudockit, the list of subscriptions is emtpy.

  • If you do not see any subscription in the drop down list, it means that you do not have access to any subscription. To ensure that you have access to at least one subscription, you can connect to https://manage.windowsazure.com and https://portal.azure.com. If you do not see any subscription in those 2 portals it means that you have not the required access.

When I click on a generated document, I get a message telling that the token is expired.

  • For security reasons, the secured link that you receive automatically expire after a certain period of time. So you will need to regenerate the document. You can change this amount of time if you want (using the Drop Off Tab)

When I Sign In into Cloudockit, I get an error message saying Calling principal cannot consent due to lack of permissions.

  • You must have checked the checkbox specifying that you are an Azure Active Directory Global Admin. This requires that you are Azure AD Global Admin which is not the case. Restart the process without checking the checkbox.

When I Sign In into Cloudockit, I get an error message AADSTS90002: Requested tenant identifier '00000000-0000-0000-0000-000000000000' is not valid. Tenant identifiers may not be an empty GUID.

  • This is due to an issue with Azure Active Directory and specific Microsoft accounts.
  • Please use an account that is a member of the Azure Active Directory, not a Microsoft Account.

I cannot see the Classic Azure Component (ASM, not ARM) (like Classic Virtual Machine) in the document that is generated but I can see them in the portal.

  • For ARM component, Cloudockit supports the role like reader or contributor but for Classic Deployment model, you need to be Administrator of the subscription (specified in the https://manage.windowsazure.com portal).

The document I get is empty. There may be multiple reasons why the document is empty. Please check the following elements:

  • When you are logged into https://generate.cloudockit.com open a new tab and navigate to https://portal.azure.com. You should see some resources. If you only see the active directory and not other resources, it means that the document will not contain anything.
  • Filters that you have applied may be to restrictive. Please remove them.
  • If you have used a custom template, please use with the built-in template to ensure that the issue is not due to the template.

I have specified a Storage Account to drop the document but I cannot see the document even if the generation is successful.

  • You need to ensure that the account you are using has write permissions to the storage

I have a G2-U or G2-T license but the user that is licensed do not have appropriate permissions on the subscription that I need to document. I need to use another account.

  • Cloudockit supports this scenario.
  • The first step is to Sign In into Cloudockit using the account that is licensed (even if this account has not privileges on the subscription to document).
  • Once Logged In, you will see a button on the top of the windows that allows you to change user. Click on that and then you need to enter the account that you want to use.
  • Once done, click on Log Out.
  • Now, go back to the Cloudockit home page and Sign In with this account.
  • You should now have a valid license.
  • Note that you have 5 minutes to do that Note that it is not legal to use this mechanism to give a license to someone else

The Virtual Machines diagram is empty even so the Word Document contains the Virtual Machines:

  • The Virtual Machines diagram is using Virtual Networks to display the Virtual Machines inside those Virtual Networks. If you use filter, ensure that your filters include the Virtual Networks that contains the Virtual Machines otherwise the diagram will be empty.

My subscription is in Azure Gov or Azure China or Azure Germany. How should I proceed with the authentication ?

  • When you need to authenticate to one of these subscriptions, you need to use an Azure Active Directory Application to authenticate. So, first step, you login to Cloudockit, then, you select Azure and you will be asked how you would like to authenticate. Select AAD Application and follow the instructions

When trying to login to Azure, you get the following exception : Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access

  • This is due to multi factor authentication. In order to solve the issue, you need to open a  separated tab in the same browser, navigate to https://portal.azure.com and connect using your 2FA. Then, you can come back to the generate.cloudockit.com tab and refresh the page and then try to login back to Azure. You should not see the error message this time.

The section with Azure SQL Details is empty even if I have provided the security credentials.

  • This may be due to Firewall Rules that you have on your side. Please add the following IP Address's:

  • 52.237.210.91,52.237.213.62,52.237.215.214,52.237.211.20, 52.228.37.198,52.228.33.208,52.228.33.250,52.228.37.25, 40.76.8.18,40.76.14.229,40.76.3.87,40.76.2.232, 23.101.199.30,23.101.196.70,23.101.201.119,23.101.197.194, 13.69.190.80,13.69.191.239,13.69.186.193,13.69.187.34