Universal Print Connector registration failed

Brass Contributor

No luck so far!

  • Got promo code added to O365/AAD tenant.
  • Installed UPC on home Win 10 Pro 1909 machine.
  • Logged in with corp AAD non-GA user which has UP license provisioned.
  • Attempting to register printer fails each time, Event Viewer shows I get a 403 Forbidden event.
  • Home printer is a Brother MFC-J825DW.

Did I miss a provisioning step?

13 Replies

Hi, Carlos!

 

The user that registers printers must have the Printer Administrator or Global Administrator role in AzureAD. You say you used a non-GA user, please try again with one of the above roles and let us know.

If you haven't added the Printer Administrator role in your tenant yet, you can find steps here.

Hi @Rani_Abdellatif, added the Printer Administrator role to my account per the Powershell commands you sent along, waited about 2 hours so I'm positive the role is applied to my account, and still getting the exact same 403 Forbidden response when I try to register the printer in UPC.

 

Anything to try next?

Hi @Carlos Capellan I work in Universal Print team (developer owning the Print Connector). Can you share the full error message (that contained the 403 error) with me offline (via private message)I specifically need a trace id from the request we made. Hopefully that might get us closer to finding out the underlying issue.

 

Keeron

Thanks @keeron, PM sent!

Thanks Carlos, we are following up with you offline.

 

I'll update the thread here with the root cause and potential ways to identify/fix them (so hopefully others blocked similarly can review that)

Hi all,

i also experience the same issue.

Added my user to relevant AD roles (print administrator and global administrator) already a few days ago, but cant access the ressource: error 403.

 

any news about this topic so far?

@dnienhaus hi there, for me the issue was that the machine I was trying to use it on was not AAD joined or AAD registered with our AAD tenant (it was just my personal home PC). When I tried on a different machine that was AAD joined (work laptop) I was able to register the printer with no issues.

 

I did not see anything about the registration failures in the Sign-In logs for the AAD user I was using, so I can't say it was our Conditional Access policies that were blocking it (arguably, the CA policies were *not* blocking because I was able to sign in and get the register printers step).

 

So, if you have the bandwidth, I'd say open a case and see if you can figure out what policy in the AAD tenant is blocking registering printers on non-AAD joined/registered machines. (Although to be fair, I'm only assuming AAD registered works, as it worked for me with an AAD joined machine)

 

Hopefully we can figure this out!

 

Carlos

@dnienhaus, is your AzureAD user account with which you sign in to the connector app assigned a UP license?

 

@Carlos Capellan, thanks for chiming in! I'd be interested to know if what worked for you also works for @dnienhaus so we could document it as a prerequisite. @dnienhaus, please let me know.
 

The official connector machines prerequisites don't require the machine to be AzureAD-joined. The test machine I use for a connector is not joined to AD or AzureAD, and I'm signed in to the machine using a local user. For printer registration, the identity that matters on the connector is the one used to sign in to the app. It must be Global Admin or/and Printer Admin.

@Rani_Abdellatif and @Carlos Capellan  thank you for the quick responses !

i double checked all the settings and group assignments and still couldn´t see any issue.

 

however, now - after one week - it seems to work.

No clue why, i dont think that the changes to our tenant should take that long ?

anyway, thank you for your advices !

I tried the newest Connector yesterday and now registering the printer worked for me on a non AD joined/registered PC (my home PC).

@Carlos Capellan 

 

I am having the same issue. Account has the GA and PA roles. Machine is a Windows 10 Ent PC and is AAD joined:

AzureAdJoined : YES
EnterpriseJoined : NO
DomainJoined : YES
DomainName : ***
Device Name : ***.gmd.local

 

When trying to register the connector I get:


"You don't have access to perform this operation"

@MattStanding 

If you're sure you meet the prerequisites described here, please create a support ticket.

Thanks @Rani_Abdellatif , I think the issue is that the Universal Print license component is not showing up in our E3 service plan.