SCCM: CMG installation failed when granting permissions to a resource group
August 1, 2020
Posted by on
I reinstalled a Cloud Management Gateway (CMG) in my Lab and the installation failed with: “Error occurred when granting Contributor permission to the Azure AD app for resource group RG-SCCM-CMG. For more information, see SmsAdminUI.log”
I checked the log and found a weird error containing the following (tenant are sanitized):
“InvalidAuthenticationTokenTenant: The access token is from the wrong issuer ‘https://sts.windows.net/TENANT1/’. It must match the tenant ‘https://sts.windows.net/TENANT2′ associated with this subscription. Please use the authority (URL) ‘https://login.windows.net/TENANT1′ to get the token. Note, if the subscription is transferred to another tenant there is no impact to the services, but information about new tenant could take time to propagate (up to an hour). If you just transferred your subscription and see this error message, please try back later”
Strange, taking in consideration the account I used to sign in has only one directory associated.
Resolution: I closed SCCM console and completely deleted cache including cookies in my Edge Browser. After that I restarted the installation from SCCM console and this time it passed smoothly.