Publishing Cloud Printer asking for MFA

asked 2020-01-31T08:27:57.15+00:00
Ryan Theuma 1 Reputation point

I have set up a server as a Print Server which I connected to Azure using a connector to set up a cloud printing system for users on intune. I followed the below guide and it seems that the setup went smoothly until I got to the part to publish a printer:

https://www.scconfigmgr.com/2018/01/22/deploy-hybrid-cloud-print/

When I try to run the below command to publish the printer:

Publish-CloudPrinter -Printer "EcpPrintTest" -Manufacturer "Microsoft" -Model "FilePrintEcp" -OrgLocation '{"attrs": [{"category":"country", "vs":"USA", "depth":0}, {"category":"organization", "vs":"MyCompany", "depth":1}, {"category":"site", "vs":"MyCity, State", "depth":2}, {"category":"building", "vs":"Building 1", "depth":3}, {"category":"floor_name", "vs":1, "depth":4}, {"category":"room_name", "vs":"1111", "depth":5}]}' -Sddl "G:SYD:(A;;LCSWSDRCWDWO;;;S-1-5-21-1851353556-2084108129-372898645-25425)(A;OIIO;RPWPSDRCWDWO;;;S-1-5-21-1851353556-2084108129-372898645-25425)(A;OIIO;GA;;;CO)(A;OIIO;GA;;;AC)(A;;SWRC;;;WD)(A;CIIO;GX;;;WD)(A;;SWRC;;;AC)(A;CIIO;GX;;;AC)(A;;LCSWDTSDRCWDWO;;;BA)(A;OICIIO;GA;;;BA)(A;OIIO;GA;;;S-1-15-3-1024-4044835139-2658482041-3127973164-329287231-3865880861-1938685643-461067658-1087000422)(A;;SWRC;;;S-1-15-3-1024-4044835139-2658482041-3127973164-329287231-3865880861-1938685643-461067658-1087000422)(A;CIIO;GX;;;S-1-15-3-1024-4044835139-2658482041-3127973164-329287231-3865880861-1938685643-461067658-1087000422)" -DiscoveryEndpoint "https://mopriadiscoveryproxy-xxxxx.msappproxy.net/mcs/" -PrintServerEndpoint "https://enterprisecloudprint-xxxx.msappproxy.net/ecp/" -AzureClientId "xxxxxxxxxxxxxxxxxxx" -AzureTenantGuid "xxxxxxxxxxxxxxx"

I get the below error:

Publish-CloudPrinter : Exception calling "RetrieveOAuthToken" with "3" argument(s): "System.AggregateException: One or
more errors occurred. ---> System.Exception: Error requesting OAuth token. WebTokenRequestStatus:
UserInteractionRequired, error: 3399614476, message: AADSTS50076: Due to a configuration change made by your
administrator, or because you moved to a new location, you must use multi-factor authentication to access
'http://MopriaDiscoveryService/CloudPrint'.
Trace ID: f9b031b1-2bae-45d0-bb28-d967ebe44700
Correlation ID: f9e6a2b2-20a6-454d-b031-543bb5379bc4
Timestamp: 2020-01-31 08:03:00Z
at CloudPublishHelpers.d__0.MoveNext()
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task1.GetResultCore(Boolean waitCompletionNotification) at System.Threading.Tasks.Task1.get_Result()
at CloudPublishHelpers.RetrieveOAuthToken(String resourceId, String clientId, String azureTenantGuid)
---> (Inner Exception #0) System.Exception: Error requesting OAuth token. WebTokenRequestStatus:
UserInteractionRequired, error: 3399614476, message: AADSTS50076: Due to a configuration change made by your
administrator, or because you moved to a new location, you must use multi-factor authentication to access
'http://MopriaDiscoveryService/CloudPrint'.
Trace ID: f9b031b1-2bae-45d0-bb28-d967ebe44700
Correlation ID: f9e6a2b2-20a6-454d-b031-543bb5379bc4
Timestamp: 2020-01-31 08:03:00Z
at CloudPublishHelpers.d__0.MoveNext()<---
"
At line:1 char:1

  • Publish-CloudPrinter -Printer "EcpPrintTest" -Manufacturer "Microsoft ...
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • CategoryInfo : NotSpecified: (:) [Publish-CloudPrinter], MethodInvocationException
  • FullyQualifiedErrorId : Exception,Publish-CloudPrinter

I have MFA enabled so I tried to connect to Azure through the powershell so I can login with mfa but still I keep getting the same error. If MFA supported for this feature or can it give issues? Is there a work around this?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,559 questions
{count} votes

1 answer

Sort by: Most helpful
  1. answered 2020-02-07T04:24:31.307+00:00
    FrankHu-MSFT 971 Reputation points

    @Ryan Theuma

    For these features as you've found out, you have to disable MFA for a machine to gain access. Unfortunately there is no workaround for these kinds of scenarios yet, except for disabling MFA for the specific machine.

    If you're interested in adding this as a feature please submit your request here : https://feedback.azure.com/forums/169401-azure-active-directory and if there's enough community support the product team will look into implementing this accordingly.

    Thanks,

    • Frank Hu
    No comments