locked
Error : New-AzureRmADServicePrincipal -ApplicationId 205478c0-bd83-4e1b-a9d6-db63a3e1e1c8 RRS feed

  • Question

  • I would like to configure HTTPS on azure CDN custom domain with my own certificat. For this i use this tutorial : https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/cdn/cdn-custom-ssl.md …
    But, when i execute this command line :  New-AzureRmADServicePrincipal -ApplicationId "205478c0-bd83-4e1b-a9d6-db63a3e1e1c8", i have this error :
    New-AzureRmADServicePrincipal : Authenticating principal does not havepermission to instantiate
    multi-tenantapplications and there is not matching Applicationin the request tenant.
    Au caractère Ligne:1 : 1
    + New-AzureRmADServicePrincipal -ApplicationId "205478c0-bd83-4e1b-a9d6 ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation : (:) [New-AzureRmADServicePrincipal], Exception
        + FullyQualifiedErrorId : http://Microsoft.Azure .Commands.ActiveDirectory.NewAzureADServicePrincipalCommand

    Can you help me ?


    Friday, October 19, 2018 3:32 PM

All replies

  • Hi Philippe,

    Can I ask, have you tried running this command in Azure Cloud Shell as opposed to running it in Azure PowerShell on your local machine? It's possible that this error could be happening due to an outdated version of Azure PowerShell. Cloud Shell will always be up to date, so testing this command there should rule out any version issues.

    Wednesday, October 24, 2018 7:14 AM
  • Hi robrien,

    I have the same issue :

    New-AzureRmADServicePrincipal : Authenticating principal does not havepermission to instantiate multi-tenantapplications and there is not matching Applicationin the request tenant.
    At line:1 char:1
    + New-AzureRmADServicePrincipal -ApplicationId 205478c0-bd83-4e1b-a9d6- ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [New-AzADServicePrincipal], Exception
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.ActiveDirectory.NewAzureADServicePrincipalCommand

    Thursday, October 25, 2018 2:45 PM
  • Hi Philippe,

    Apologies for the delayed response while investigating this issue.

    In order to create the service principal for Azure CDN, you need to make sure you are a Global Administrator of the subscription.

    In order to check what user role you have, you can do so from the Azure Portal using the steps mentioned in the following guide: https://docs.microsoft.com/en-ie/azure/active-directory/develop/howto-create-service-principal-portal#required-permissions

    If you are a Global Administrator and still getting an error, can you please run the same command with debug and verbose options to see what output you get?:
    New-AzureRmADServicePrincipal -ApplicationId "205478c0-bd83-4e1b-a9d6-db63a3e1e1c8" -Debug -Verbose

    If this answer was helpful, click “Mark as Answer” or Up-Vote. To provide additional feedback on your forum experience, click Here

     
    • Proposed as answer by DHarrison-MSFT Thursday, November 1, 2018 7:17 AM
    Monday, October 29, 2018 7:10 AM
  • I got same error today, I am wondering where this 205478c0-bd83-4e1b-a9d6-db63a3e1e1c8 application come from? I can't find it in my Azure AD.

    Does this mean 205478c0-bd83-4e1b-a9d6-db63a3e1e1c8 is a cross tenant application, so only AAD global administrator can grant the access ? I have subscription owner role, but not AAD global admin.

    Monday, May 20, 2019 11:35 AM