Apr 07 2020 12:33 PM - edited Apr 07 2020 06:04 PM
No luck so far!
Did I miss a provisioning step?
Apr 07 2020 08:06 PM
Hi, Carlos!
The user that registers printers must have the Printer Administrator or Global Administrator role in AzureAD. You say you used a non-GA user, please try again with one of the above roles and let us know.
If you haven't added the Printer Administrator role in your tenant yet, you can find steps here.
Apr 08 2020 12:56 PM
Hi @Rani_Abdellatif, added the Printer Administrator role to my account per the Powershell commands you sent along, waited about 2 hours so I'm positive the role is applied to my account, and still getting the exact same 403 Forbidden response when I try to register the printer in UPC.
Anything to try next?
Apr 08 2020 04:02 PM
Hi @Carlos Capellan I work in Universal Print team (developer owning the Print Connector). Can you share the full error message (that contained the 403 error) with me offline (via private message). I specifically need a trace id from the request we made. Hopefully that might get us closer to finding out the underlying issue.
Keeron
Apr 09 2020 01:14 PM
Thanks Carlos, we are following up with you offline.
I'll update the thread here with the root cause and potential ways to identify/fix them (so hopefully others blocked similarly can review that)
Jul 15 2020 02:47 AM
Hi all,
i also experience the same issue.
Added my user to relevant AD roles (print administrator and global administrator) already a few days ago, but cant access the ressource: error 403.
any news about this topic so far?
Jul 15 2020 06:55 AM
@dnienhaus hi there, for me the issue was that the machine I was trying to use it on was not AAD joined or AAD registered with our AAD tenant (it was just my personal home PC). When I tried on a different machine that was AAD joined (work laptop) I was able to register the printer with no issues.
I did not see anything about the registration failures in the Sign-In logs for the AAD user I was using, so I can't say it was our Conditional Access policies that were blocking it (arguably, the CA policies were *not* blocking because I was able to sign in and get the register printers step).
So, if you have the bandwidth, I'd say open a case and see if you can figure out what policy in the AAD tenant is blocking registering printers on non-AAD joined/registered machines. (Although to be fair, I'm only assuming AAD registered works, as it worked for me with an AAD joined machine)
Hopefully we can figure this out!
Carlos
Jul 15 2020 12:43 PM
@dnienhaus, is your AzureAD user account with which you sign in to the connector app assigned a UP license?
@Carlos Capellan, thanks for chiming in! I'd be interested to know if what worked for you also works for @dnienhaus so we could document it as a prerequisite. @dnienhaus, please let me know.
The official connector machines prerequisites don't require the machine to be AzureAD-joined. The test machine I use for a connector is not joined to AD or AzureAD, and I'm signed in to the machine using a local user. For printer registration, the identity that matters on the connector is the one used to sign in to the app. It must be Global Admin or/and Printer Admin.
Jul 16 2020 03:59 AM
@Rani_Abdellatif and @Carlos Capellan thank you for the quick responses !
i double checked all the settings and group assignments and still couldn´t see any issue.
however, now - after one week - it seems to work.
No clue why, i dont think that the changes to our tenant should take that long ?
anyway, thank you for your advices !
Jul 29 2020 08:44 AM
Aug 20 2021 06:44 AM
I am having the same issue. Account has the GA and PA roles. Machine is a Windows 10 Ent PC and is AAD joined:
AzureAdJoined : YES
EnterpriseJoined : NO
DomainJoined : YES
DomainName : ***
Device Name : ***.gmd.local
When trying to register the connector I get:
"You don't have access to perform this operation"
Aug 23 2021 09:05 AM
If you're sure you meet the prerequisites described here, please create a support ticket.
Sep 06 2021 02:56 AM
Thanks @Rani_Abdellatif , I think the issue is that the Universal Print license component is not showing up in our E3 service plan.