question

RyanTheuma-9441 avatar image
0 Votes"
RyanTheuma-9441 asked ·

Publishing Cloud Printer asking for MFA

I have set up a server as a Print Server which I connected to Azure using a connector to set up a cloud printing system for users on intune. I followed the below guide and it seems that the setup went smoothly until I got to the part to publish a printer:

https://www.scconfigmgr.com/2018/01/22/deploy-hybrid-cloud-print/

When I try to run the below command to publish the printer:

Publish-CloudPrinter -Printer "EcpPrintTest" -Manufacturer "Microsoft" -Model "FilePrintEcp" -OrgLocation '{"attrs": [{"category":"country", "vs":"USA", "depth":0}, {"category":"organization", "vs":"MyCompany", "depth":1}, {"category":"site", "vs":"MyCity, State", "depth":2}, {"category":"building", "vs":"Building 1", "depth":3}, {"category":"floor_name", "vs":1, "depth":4}, {"category":"room_name", "vs":"1111", "depth":5}]}' -Sddl "G:SYD:(A;;LCSWSDRCWDWO;;;S-1-5-21-1851353556-2084108129-372898645-25425)(A;OIIO;RPWPSDRCWDWO;;;S-1-5-21-1851353556-2084108129-372898645-25425)(A;OIIO;GA;;;CO)(A;OIIO;GA;;;AC)(A;;SWRC;;;WD)(A;CIIO;GX;;;WD)(A;;SWRC;;;AC)(A;CIIO;GX;;;AC)(A;;LCSWDTSDRCWDWO;;;BA)(A;OICIIO;GA;;;BA)(A;OIIO;GA;;;S-1-15-3-1024-4044835139-2658482041-3127973164-329287231-3865880861-1938685643-461067658-1087000422)(A;;SWRC;;;S-1-15-3-1024-4044835139-2658482041-3127973164-329287231-3865880861-1938685643-461067658-1087000422)(A;CIIO;GX;;;S-1-15-3-1024-4044835139-2658482041-3127973164-329287231-3865880861-1938685643-461067658-1087000422)" -DiscoveryEndpoint "https://mopriadiscoveryproxy-xxxxx.msappproxy.net/mcs/" -PrintServerEndpoint "https://enterprisecloudprint-xxxx.msappproxy.net/ecp/" -AzureClientId "xxxxxxxxxxxxxxxxxxx" -AzureTenantGuid "xxxxxxxxxxxxxxx"

I get the below error:

Publish-CloudPrinter : Exception calling "RetrieveOAuthToken" with "3" argument(s): "System.AggregateException: One or
more errors occurred. ---> System.Exception: Error requesting OAuth token. WebTokenRequestStatus:
UserInteractionRequired, error: 3399614476, message: AADSTS50076: Due to a configuration change made by your
administrator, or because you moved to a new location, you must use multi-factor authentication to access
'http://MopriaDiscoveryService/CloudPrint'.
Trace ID: f9b031b1-2bae-45d0-bb28-d967ebe44700
Correlation ID: f9e6a2b2-20a6-454d-b031-543bb5379bc4
Timestamp: 2020-01-31 08:03:00Z
at CloudPublishHelpers.d_0.MoveNext()
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at System.Threading.Tasks.Task`1.get_Result()
at CloudPublishHelpers.RetrieveOAuthToken(String resourceId, String clientId, String azureTenantGuid)
---> (Inner Exception #0) System.Exception: Error requesting OAuth token. WebTokenRequestStatus:
UserInteractionRequired, error: 3399614476, message: AADSTS50076: Due to a configuration change made by your
administrator, or because you moved to a new location, you must use multi-factor authentication to access
'http://MopriaDiscoveryService/CloudPrint'.
Trace ID: f9b031b1-2bae-45d0-bb28-d967ebe44700
Correlation ID: f9e6a2b2-20a6-454d-b031-543bb5379bc4
Timestamp: 2020-01-31 08:03:00Z
at CloudPublishHelpers.d
_0.MoveNext()<---
"
At line:1 char:1
+ Publish-CloudPrinter -Printer "EcpPrintTest" -Manufacturer "Microsoft ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Publish-CloudPrinter], MethodInvocationException
+ FullyQualifiedErrorId : Exception,Publish-CloudPrinter

I have MFA enabled so I tried to connect to Azure through the powershell so I can login with mfa but still I keep getting the same error. If MFA supported for this feature or can it give issues? Is there a work around this?

azure-ad-multi-factor-authenticationazure-ad-authentication
· 2
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I have same issue. Haven't found work around yet. Still searching....

0 Votes 0 · ·

By any chance did you try to disable MFA? I am waiting for my senior to see if its possible to disable MFA to test it out.

0 Votes 0 · ·

1 Answer

FrankHuMSFT-3200 avatar image
0 Votes"
FrankHuMSFT-3200 answered ·

@RyanTheuma-9441

For these features as you've found out, you have to disable MFA for a machine to gain access. Unfortunately there is no workaround for these kinds of scenarios yet, except for disabling MFA for the specific machine.

If you're interested in adding this as a feature please submit your request here : https://feedback.azure.com/forums/169401-azure-active-directory and if there's enough community support the product team will look into implementing this accordingly.

Thanks,
- Frank Hu

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.