Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, September 23, 2019 4:30 PM
I receive an error when trying the final step on the Azure Migrate Assessment virtual appliance, the "Save and start discovery" button:
"Could not initiate discovery.Discovery and performance data collection could not be started successfully due to the following error.
Details: Azure Active Directory (AAD) operation failed with status 'Forbidden'. The error occurred while creating/updating AAD Application 'App...' in tenant 2e5...
Recommendation: The currently logged in Azure user account does not have access to the AAD application specified in the error message. Please check whether you are the owner of the AAD Application. Learn more about AAD application permissions."
When I look at the Application, I appear to be the owner. For my Azure account, I was a guest invited to this tenant and assigned Global Administrator rights. I also have permission to create apps from this account. The account used to connect to the HyperV hosts from the appliance is a domain administrator. I have tried completely removing the project and appliance and starting from scratch, and each step in the appliance completes successfully until the final step of starting discovery.
Confirmed I am assigned the "Owner" role for both the Resource Group and Key Vault associated with this project.
Please advise on resolutions or log file locations for this error.
Thanks,
S
All replies (1)
Wednesday, September 25, 2019 8:50 AM
You need Contributor or Owner permissions in the subscription to create an Azure Migrate project. Global Admin rights would be good enough at the directory but you need subscription level permissions as well. These permissions applies to VMware as well as Hyper-V assessment.
Reference: /en-us/azure/migrate/tutorial-prepare-vmware