Symptoms:
The Azure connector doesn't run successfully after upgrading to 2019 R2 if the service principal has Read permission at tenant top level and has access to all subscriptions.
Diagnosis:
getting the below error in importer log since upgrade to 2019 R2.
Inventory gathering failed.
Error: The current subscription type is not permitted to perform operations on any provider namespace. Please use a different subscription.
ErrorCode: DisallowedOperation
ErrorMessage: The current subscription type is not permitted to perform operations on any provider namespace. Please use a different subscription.
ErrorTarget:
StatusCode: 400 ReasonPhrase:
Bad Request OperationID : 3279bc87-a4aa-4c99-9fb7-0ea48a8c9e74
Solution:
A bug ticket FNMS-67846 has been raised. The Azure connector should run successfully if the service principal has Read permission at tenant top level and has access to all subscriptions.
Workaround:
Grant service principal read access on a lower management group which has active subscriptions only.