The client ‘{0}’ with object id ‘{1}’ does not have authorization to perform action ‘Microsoft.ServiceFabric/register/action’ over scope ‘/subscriptions/{2}’

Nov 12, 2017 ALM

The client ‘{0}’ with object id ‘{1}’ does not have authorization to perform action ‘Microsoft.ServiceFabric/register/action’ over scope ‘/subscriptions/{2}’

[Reading Time: 2 minutes]

For an enterprise customer, I hat do develop a solution, that is build in the Cloud (Microsoft’s Cloud Azure). In that project I had the following setup:

For Build & Release, VSTS (Visual Studio Team Services) is used. For deploying bits to Azure I built up a release, that should setup a basic architecture in Azure.
For accessing Azure from VSTS, an IT responsible of that company, created a Service Principal (SP), that can access Azure resources and added that guy as VSTS Endpoint Service.

Now, one of those architecture components is Service Fabric. After creating the Release definition and the scripts in Azure CLI 2.0 I tried to get things working. But unfortunately, the release stopped with following error message:

az sf cluster create --resource-group ******* …
"error": {
   "code": "MissingSubscriptionRegistration",
   "message": "The subscription is not registered to use namespace 'Microsoft.ServiceFabric'. See https://aka.ms/rps-not-found for how to register subscriptions.",
   "details": [
     {
       "code": "MissingSubscriptionRegistration",
       "target": "Microsoft.ServiceFabric",
       "message": "The subscription is not registered to use namespace 'Microsoft.ServiceFabric'. See https://aka.ms/rps-not-found for how to register subscriptions."
     }
   ]
 }

… ok, maybe I have to register the namespace manually (usually not, but how really knows 😉 ), so I used the following command, before creating service fabric cluster:

az provider register --namespace Microsoft.ServiceFabric –wait

and this led to following error:

The client ‘{0}’ with object id ‘{1}’ does not have authorization to perform action ‘Microsoft.ServiceFabric/register/action’ over scope ‘/subscriptions/{2}’

Hm…, was not, what I hoped to get, but expected K ! Are there any account problems? Using a foreign subscription with limited access could be the cause! So I did some investigation on how the SP was created, set up and assigned to VSTS.

And, yeah, this was the right track. It became apparent that the SP was created only in AAD with sufficient rights, but it was not assigned as subscription-user, with contribute rights. After proper configuration, everything worked like a charm.

Hope this is also a solution for you?!

By Thomas Tomow

As a Managing Consultant, I am working at Alegri in Stuttgart/Germany. There I keep focusing with a team specialized in IoT, UX/Design and DevOps on preparing customers for the next digital future. I have been working as IT Consultant, IT Architect and lead developer with skills in .NetFramework, agile methodologies like Scrum and much more for nearly 2 decades. In the last few years I started focusing in IoT & Digitalization strategies in enterprise scenarios. Manly I used Microsofts Azure Cloud, to support customers in letting their visions become true. Sharing knowledge and practicing principles is something, that I like very much. Therefore I am also Co-Administrator of Azure-Meetup group in Stuttgart, where I'd also like to share my experiences. With this I was awarded in november by Microsoft as a MVP (Most Valuable Professional).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.