Forum Discussion

Carlos_Capellan's avatar
Carlos_Capellan
Brass Contributor
Apr 07, 2020

Universal Print Connector registration failed

No luck so far!

  • Got promo code added to O365/AAD tenant.
  • Installed UPC on home Win 10 Pro 1909 machine.
  • Logged in with corp AAD non-GA user which has UP license provisioned.
  • Attempting to register printer fails each time, Event Viewer shows I get a 403 Forbidden event.
  • Home printer is a Brother MFC-J825DW.

Did I miss a provisioning step?

  • I tried the newest Connector yesterday and now registering the printer worked for me on a non AD joined/registered PC (my home PC).
    • MattStanding's avatar
      MattStanding
      Copper Contributor

      Carlos_Capellan 

       

      I am having the same issue. Account has the GA and PA roles. Machine is a Windows 10 Ent PC and is AAD joined:

      AzureAdJoined : YES
      EnterpriseJoined : NO
      DomainJoined : YES
      DomainName : ***
      Device Name : ***.gmd.local

       

      When trying to register the connector I get:


      "You don't have access to perform this operation"

  • Hi, Carlos!

     

    The user that registers printers must have the Printer Administrator or Global Administrator role in AzureAD. You say you used a non-GA user, please try again with one of the above roles and let us know.

    If you haven't added the Printer Administrator role in your tenant yet, you can find steps here.

    • Carlos_Capellan's avatar
      Carlos_Capellan
      Brass Contributor

      Hi Rani_Abdellatif, added the Printer Administrator role to my account per the Powershell commands you sent along, waited about 2 hours so I'm positive the role is applied to my account, and still getting the exact same 403 Forbidden response when I try to register the printer in UPC.

       

      Anything to try next?

      • keeron's avatar
        keeron
        Icon for Microsoft rankMicrosoft

        Hi Carlos_Capellan I work in Universal Print team (developer owning the Print Connector). Can you share the full error message (that contained the 403 error) with me offline (via private message)I specifically need a trace id from the request we made. Hopefully that might get us closer to finding out the underlying issue.

         

        Keeron

  • dnienhaus's avatar
    dnienhaus
    Copper Contributor

    Hi all,

    i also experience the same issue.

    Added my user to relevant AD roles (print administrator and global administrator) already a few days ago, but cant access the ressource: error 403.

     

    any news about this topic so far?

    • Carlos_Capellan's avatar
      Carlos_Capellan
      Brass Contributor

      dnienhaus hi there, for me the issue was that the machine I was trying to use it on was not AAD joined or AAD registered with our AAD tenant (it was just my personal home PC). When I tried on a different machine that was AAD joined (work laptop) I was able to register the printer with no issues.

       

      I did not see anything about the registration failures in the Sign-In logs for the AAD user I was using, so I can't say it was our Conditional Access policies that were blocking it (arguably, the CA policies were *not* blocking because I was able to sign in and get the register printers step).

       

      So, if you have the bandwidth, I'd say open a case and see if you can figure out what policy in the AAD tenant is blocking registering printers on non-AAD joined/registered machines. (Although to be fair, I'm only assuming AAD registered works, as it worked for me with an AAD joined machine)

       

      Hopefully we can figure this out!

       

      Carlos

      • Rani_Abdellatif's avatar
        Rani_Abdellatif
        Icon for Microsoft rankMicrosoft

        dnienhaus, is your AzureAD user account with which you sign in to the connector app assigned a UP license?

         

        Carlos_Capellan, thanks for chiming in! I'd be interested to know if what worked for you also works for dnienhaus so we could document it as a prerequisite. dnienhaus, please let me know.
         

        The official connector machines prerequisites don't require the machine to be AzureAD-joined. The test machine I use for a connector is not joined to AD or AzureAD, and I'm signed in to the machine using a local user. For printer registration, the identity that matters on the connector is the one used to sign in to the app. It must be Global Admin or/and Printer Admin.

Resources