Errors when adding a MQTT custom domain to an Event Grid Namespace

Question

Errors when adding a MQTT custom domain to an Event Grid Namespace

Andy 0

An error is always received when using the Azure Management Portal to add a custom MQTT domain to an Event Grid Namespace using a Key Vault certificate with access granted through a System Managed Identity. I have set the System identity access for Event Grid Namespace to access the Key Vault. It happens even with new instances of an Event Grid Namespace and a new Key Vault. The first namespace the error references a previously deleted user assigned identity even though that is not selected in the add domain name request (System identity is chosen). In the second instance with a new Event Grid Namespace and new Key Vault the error is more generic:

Custom domain addition failed with error: "The operation failed due to an internal server error. The initial state of the impacted resources (if any) are restored. Please try again in few minutes. If error still persists, report 6a129a53-2c5e-49ee-992c-e8cd76ea3441 to our forums for assistance or raise a support ticket.

Rakesh Mishra 2,265 Reputation points Microsoft External Staff Moderator

2025-10-16T04:07:00.56+00:00
Hi @Andy ,

Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

Could you please check below and share the requested information over private message to assist you further on this.

Check Your DNS Records: Ensure that the DNS entries are correctly set up to point your custom domain to the Event Grid namespace. The relevant DNS records (A, CNAME, TXT) should be in place. You should create a TXT record to validate your domain ownership as part of the process. Check the DNS propagation to confirm everything is properly configured.

Managed Identity Setup: Double-check that the system-managed identity is enabled for your Event Grid namespace and has the correct permissions on the Azure Key Vault. You can use the following command to enable the managed identity if you haven’t already:
az eventgrid namespace update --resource-group <resource group name> --name <namespace name> --identity "{type:systemassigned}"

Key Vault Permissions: Confirm that the system-managed identity has been given the necessary access policies to the Key Vault. The identity should have permissions to access the certificate stored in the Key Vault.

Certificate Validation: Make sure that your server certificate is correctly hosted in the Azure Key Vault and that it includes the domain name in its Subject Alternative Name. If the certificate setup is incorrect, it could lead to issues when trying to associate the domain.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Andy 0 Reputation points

2025-10-17T13:19:35.8333333+00:00

I am still trying to get this resolved. My private message reply was automatically deleted by Microsoft Q&A due to concerns about sensitive details. That makes working through this problem challenging compared with support tickets which are no longer an option. I have tried another private message reply now.
Pravallika KV 580 Reputation points Microsoft External Staff Moderator

2025-10-20T06:41:19.6733333+00:00
Hi Andy,

Confirm that the System Managed Identity of the Event Grid Namespace has get and list permissions on Certificates in the Key Vault access policies.

Sometimes missing list permission can cause access issues.

If you are using Azure RBAC for Key Vault access instead of access policies, make sure the SMI has the Key Vault Certificates User role assigned, refer MSDOC.

Sometimes the portal might cache or show outdated information, especially with identities.

Try performing the domain addition using Azure CLI or Azure PowerShell to bypass the portal UI.

Refer MSDOC for complete steps Assign custom domain names to Event Grid namespace's MQTT and HTTP host names

Update

After testing the payload shared, I could encounter the same error. To resolve the error, you need to enclose the command double quotes.

Make sure your NS.json is under resources folder

az resource create --resource-type "Microsoft.EventGrid/namespaces" --id "/subscriptions/SubscriptionID/resourceGroups/ResourceGroupName/providers/Microsoft.EventGrid/namespaces/EventGridNamespace" --is-full-object --properties "@./resources/ns.json"
Andy 0 Reputation points

2025-10-20T18:16:12.34+00:00
Using RBAC the SMI for the event grid namespace does have the Key Vault Certificates User role assigned. When using the portal (now over a week since this issue started, if we're considering a caching issue) I still receive the error below - where [UserAssignedIdentityNameHere] is an the name of a previously deleted User Assigned Identity never even referenced in the portal "Add custom domain" form. Instead on the form "System Assigned" was selected for the Managed Identity Type. Why is the Azure Portal referencing this user assigned identity on its own?

Custom domain addition failed with error: "Identity operation for resource '/subscriptions/X/resourceGroups/X/providers/Microsoft.EventGrid/namespaces/X' failed with error Failed to perform resource identity operation. Status: 'BadRequest' Response: error: code: "BadRequest" message: "Resource '/subscriptions/X/resourcegroups/X/providers/Microsoft.ManagedIdentity/userAssignedIdentities/[UserAssginedIdentityNameHere]' was not found."

When attempting to use the Azure CLI to issue the example command after uploading a JSON compliant version of NS.json (which has read permissions for all) the following error is returned:

az resource create --resource-type Microsoft.EventGrid/namespaces --id /subscriptions/X/resourceGroups/X/providers/Microsoft.EventGrid/namespaces/X --is-full-object --properties NS.json

Error parsing JSON. NS.json Expecting value: line 1 column 1 (char 0)
Pravallika KV 580 Reputation points Microsoft External Staff Moderator

2025-10-22T09:53:36.26+00:00
Hi Andy,

Apologies for the delay in response.

Try listing the available identities in your subscription and check if the user assigned managed identity still exists.

Run the following command to list all User Assigned Managed Identities (UAMI):

az identity list --subscription <your-subscription-id> -o table

To check if a specific identity still exists, run:

az identity show --name <identity-name> --resource-group <resource-group-name>

Also please share your NS.json if possible.
Pravallika KV 580 Reputation points Microsoft External Staff Moderator

2025-10-23T08:31:07.76+00:00

Hi Andy,

I hope you checked the response, and it was helpful. Please do let me know if you need any further assistance on this.

Thanks
Andy 0 Reputation points

2025-10-24T02:54:41.6733333+00:00

Hi Pravallika,

I have shared the NS.json contents in a private message. I have run the az identity list and show commands and they confirm the UAMI no longer exists. Again it is unclear why the error references a previously deleted UAMI when "System Assigned" was selected on the portal add domain form and the UAMI name referenced in the error was never referenced on the add domain form.
Pravallika KV 580 Reputation points Microsoft External Staff Moderator

2025-10-24T10:20:11.7333333+00:00
Hi Andy,

Even though the UAMI no longer exists, Event Grid’s control plane resource metadata can still hold a stale identity reference, and the error occurs due to stale metadata in the Event Grid Namespace referencing a deleted User Assigned Managed Identity.

So even when you select System Assigned for a new operation, the backend API may still include both identities in the request payload. This happens when the ARM and the Azure Portal cache identity references are not cleared completely.

When the Event Grid service backend attempts to authenticate against Key Vault, it tries the stale UAMI first, fails, and emits the error pointing to the deleted identity.

Check whether your Event Grid Namespace still has that stale reference by running:

az resource show --ids /subscriptions/<SUB_ID>/resourceGroups/<RG_NAME>/providers/Microsoft.EventGrid/namespaces/<NAMESPACE_NAME> --query "identity"

Force identity metadata refresh by detaching all identities and reattach cleanly:

1: Remove all identities:

az resource update --ids /subscriptions/<SUB_ID>/resourceGroups/<RG_NAME>/providers/Microsoft.EventGrid/namespaces/<NAMESPACE_NAME> --set identity.type="None"

2: Re-add system assigned identity only:

az resource update --ids /subscriptions/<SUB_ID>/resourceGroups/<RG_NAME>/providers/Microsoft.EventGrid/namespaces/<NAMESPACE_NAME> --set identity.type="SystemAssigned"

Wait for 5–10 minutes for propagation before retrying the custom domain creation.

Recreate namespace cleanly:

If ARM continues to hold a reference to the deleted identity:

Delete the existing Event Grid Namespace and recreate a new one.

Enabling System Assigned Identity before any Key Vault bindings or domain creation.

Use CLI to add domain to avoids stale cached schema.

Andy 0

The initial query (show identities command) on the event grid namespace confirmed that the namespace is both UserAssigned and SystemAssigned, with the userAssignedIdentities containing a reference to the previously deleted user assigned identity.

{
  "principalId": "---",
  "tenantId": "---",
  "type": "SystemAssigned, UserAssigned",
  "userAssignedIdentities": {
    "/subscriptions/---/resourceGroups/---/providers/Microsoft.ManagedIdentity/userAssignedIdentities/[PreviouslyDeletedUserAssignedIdentityNameHere]": {
      "clientId": "---",
      "principalId": "---"
    }
  }
}

The "Remove all identities" query has the following error:

(InvalidRequestContent) The request content was invalid and could not be deserialized: 'Required property 'type' not found in JSON. Path 'identity', line 1, position 725.'.
Code: InvalidRequestContent
Message: The request content was invalid and could not be deserialized: 'Required property 'type' not found in JSON. Path 'identity', line 1, position 725.'.

The "Remove all identities" query but with --set type="None" has the following error:

Code: FailedIdentityOperation
Message: Identity operation for resource '/subscriptions/---/resourceGroups/---/providers/Microsoft.EventGrid/namespaces/---' failed with error 'Failed to perform resource identity operation. Status: 'BadRequest'. Response: '{"error":{"code":"BadRequest","message":"Resource '/subscriptions/---/resourcegroups/---/providers/Microsoft.ManagedIdentity/userAssignedIdentities/[PreviouslyDeletedUserAssignedIdentityNameHere]' was not found."}}'.'.

I tried creating a new namespace that was System Assigned Identity on create, but cannot use the CLI to add the domain because I still need guidance on the NS.json failure - see private message the JSON contents. Using the portal to add the domain with the new namespace still generates this error:

Custom domain addition failed with error: "The operation failed due to an internal server error. The initial state of the impacted resources (if any) are restored. Please try again in few minutes. If error still persists, report 6810d792-280e-49e4-b6fd-9f1b7aac0974:10/24/2025 4:20:17 PM (UTC) to our forums for assistance or raise a support ticket ."

Pravallika KV 580 Reputation points Microsoft External Staff Moderator

2025-10-28T01:44:25.6466667+00:00
Andy,

Try clearing all the identity metadata explicitely:

The CLI --set identity.type="None" fails because the Event Grid namespace schema is strict. Clear the whole identity object, not just the type property by using below command.

az resource update --ids /subscriptions/<SUB_ID>/resourceGroups/<RG_NAME>/providers/Microsoft.EventGrid/namespaces/<NAMESPACE_NAME> --remove identity

This forcibly removes the entire identity block, including stale UAMI references.
Andy 0 Reputation points

2025-10-28T04:01:33.8966667+00:00
Running the command to forcibly remove the entire identity block causes the CLI to pause for 5 seconds and then it outputs the namespace details in JSON, including the identity.userAssignedIdentities list that contains the stale / previously deleted identity.

After this command completes and after waiting several minutes, running the command below to view the namespace identity details - it still shows the previously deleted user assigned identity. The suggested remove command had no effect.

az resource show --ids /subscriptions/<SUB_ID>/resourceGroups/<RG_NAME>/providers/Microsoft.EventGrid/namespaces/<NAMESPACE_NAME> --query "identity"

Pravallika KV 580 Microsoft External Staff Moderator

Hi Andy,

I am checking your NS.json payload. In the meantime, could you please try creating the domain using the below commands. The parameters available to create domain using AZ CLI are mentioned in MSDOC1 and MSDOC2:

az eventgrid domain create --name
                           --resource-group
                           [--identity {noidentity, systemassigned}]
                           [--inbound-ip-rules]
                           [--input-mapping-default-values]
                           [--input-mapping-fields]
                           [--input-schema {cloudeventschemav1_0, customeventschema, eventgridschema}]
                           [--location]
                           [--mi-system-assigned]
                           [--mi-user-assigned]
                           [--public-network-access {disabled, enabled}]
                           [--sku {basic, premium}]
                           [--tags]

az eventgrid domain topic create --domain-name
                                 --name
                                 --resource-group

Also, could you please confirm if the Json payload you are using is related to REST API? As I can see the some of the parameters mentioned in the Payload are not supported in CLI.

Andy 0 Reputation points

2025-10-28T18:42:09.76+00:00

The JSON payload is from the documentation you referenced on Oct 20 - Azure CLI example NS.json

Can the Add Custom Domain feature in the Azure be fixed so that it is functional?
Pashikanti Kumar 1,235 Reputation points Microsoft External Staff Moderator

2025-10-28T19:05:10.9133333+00:00
Hi Andy,

Custom Domain feature for Azure Event Grid is functional, but issues can arise due to misconfigurations or specific requirements not being met. If you're encountering issues with the JSON payload or the feature itself

Steps to Fix/Add Custom Domain for Azure Event Grid

Verify Prerequisites

Ensure the following prerequisites are met:

Azure CLI Version: Ensure you're using the latest version of Azure CLI. Run:

az --version

Update if necessary:

az upgrade

DNS Zone: You must have a DNS zone configured in Azure or an external DNS provider where the custom domain is registered.

Event Grid Topic or Domain: Ensure you have an Event Grid Topic or Domain already created.

Validate JSON Payload

The JSON payload provided in the documentation must be correctly formatted. Here's an example of the payload: ```

Replace: - `<subscription-id>`: Your Azure subscription ID. - `<resource-group>`: The name of your resource group. - `<event-grid-domain>`: The name of your Event Grid domain. - `<connection-name>`: The name of the private endpoint connection. - `@payload.json`: Path to your JSON payload file. --- #### **4. Check DNS Configuration** After running the command, Azure Event Grid will provide a **validation token**. You must create a **TXT record** in your DNS zone with the following details: - **Name**: The custom domain name (e.g., `events.mydomain.com`). - **Type**: TXT - **Value**: The validation token provided by Azure. Wait for DNS propagation (can take up to 24 hours). #### **5. Verify Custom Domain Assignment** Once the DNS record is propagated, Azure will automatically validate the custom domain. You can check the status using:

Kindly let us know if the above helps or you need further assistance on this issue.

Please "Upvote" if the information helped you. This will help us and others in the community as well.

Thanks

1 answer

Your answer

Rakesh Mishra 2,265 Reputation points Microsoft External Staff Moderator

2025-10-16T04:07:00.56+00:00

Hi @Andy ,

Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

Could you please check below and share the requested information over private message to assist you further on this.

Check Your DNS Records: Ensure that the DNS entries are correctly set up to point your custom domain to the Event Grid namespace. The relevant DNS records (A, CNAME, TXT) should be in place. You should create a TXT record to validate your domain ownership as part of the process. Check the DNS propagation to confirm everything is properly configured.

Managed Identity Setup: Double-check that the system-managed identity is enabled for your Event Grid namespace and has the correct permissions on the Azure Key Vault. You can use the following command to enable the managed identity if you haven’t already:
az eventgrid namespace update --resource-group <resource group name> --name <namespace name> --identity "{type:systemassigned}"

Key Vault Permissions: Confirm that the system-managed identity has been given the necessary access policies to the Key Vault. The identity should have permissions to access the certificate stored in the Key Vault.

Certificate Validation: Make sure that your server certificate is correctly hosted in the Azure Key Vault and that it includes the domain name in its Subject Alternative Name. If the certificate setup is incorrect, it could lead to issues when trying to associate the domain.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Andy 0 Reputation points

2025-10-17T13:19:35.8333333+00:00

I am still trying to get this resolved. My private message reply was automatically deleted by Microsoft Q&A due to concerns about sensitive details. That makes working through this problem challenging compared with support tickets which are no longer an option. I have tried another private message reply now.
Pravallika KV 580 Reputation points Microsoft External Staff Moderator

2025-10-20T06:41:19.6733333+00:00

Hi Andy,

Confirm that the System Managed Identity of the Event Grid Namespace has get and list permissions on Certificates in the Key Vault access policies.

Sometimes missing list permission can cause access issues.

If you are using Azure RBAC for Key Vault access instead of access policies, make sure the SMI has the Key Vault Certificates User role assigned, refer MSDOC.

Sometimes the portal might cache or show outdated information, especially with identities.

Try performing the domain addition using Azure CLI or Azure PowerShell to bypass the portal UI.

Refer MSDOC for complete steps Assign custom domain names to Event Grid namespace's MQTT and HTTP host names

Update

After testing the payload shared, I could encounter the same error. To resolve the error, you need to enclose the command double quotes.

Make sure your NS.json is under resources folder

az resource create --resource-type "Microsoft.EventGrid/namespaces" --id "/subscriptions/SubscriptionID/resourceGroups/ResourceGroupName/providers/Microsoft.EventGrid/namespaces/EventGridNamespace" --is-full-object --properties "@./resources/ns.json"
Andy 0 Reputation points

2025-10-20T18:16:12.34+00:00

Using RBAC the SMI for the event grid namespace does have the Key Vault Certificates User role assigned. When using the portal (now over a week since this issue started, if we're considering a caching issue) I still receive the error below - where [UserAssignedIdentityNameHere] is an the name of a previously deleted User Assigned Identity never even referenced in the portal "Add custom domain" form. Instead on the form "System Assigned" was selected for the Managed Identity Type. Why is the Azure Portal referencing this user assigned identity on its own?

Custom domain addition failed with error: "Identity operation for resource '/subscriptions/X/resourceGroups/X/providers/Microsoft.EventGrid/namespaces/X' failed with error Failed to perform resource identity operation. Status: 'BadRequest' Response: error: code: "BadRequest" message: "Resource '/subscriptions/X/resourcegroups/X/providers/Microsoft.ManagedIdentity/userAssignedIdentities/[UserAssginedIdentityNameHere]' was not found."

When attempting to use the Azure CLI to issue the example command after uploading a JSON compliant version of NS.json (which has read permissions for all) the following error is returned:

az resource create --resource-type Microsoft.EventGrid/namespaces --id /subscriptions/X/resourceGroups/X/providers/Microsoft.EventGrid/namespaces/X --is-full-object --properties NS.json

Error parsing JSON. NS.json Expecting value: line 1 column 1 (char 0)
Pravallika KV 580 Reputation points Microsoft External Staff Moderator

2025-10-22T09:53:36.26+00:00

Hi Andy,

Apologies for the delay in response.

Try listing the available identities in your subscription and check if the user assigned managed identity still exists.

Run the following command to list all User Assigned Managed Identities (UAMI):

az identity list --subscription <your-subscription-id> -o table

To check if a specific identity still exists, run:

az identity show --name <identity-name> --resource-group <resource-group-name>

Also please share your NS.json if possible.
Pravallika KV 580 Reputation points Microsoft External Staff Moderator

2025-10-23T08:31:07.76+00:00

Hi Andy,

I hope you checked the response, and it was helpful. Please do let me know if you need any further assistance on this.

Thanks
Andy 0 Reputation points

2025-10-24T02:54:41.6733333+00:00

Hi Pravallika,

I have shared the NS.json contents in a private message. I have run the az identity list and show commands and they confirm the UAMI no longer exists. Again it is unclear why the error references a previously deleted UAMI when "System Assigned" was selected on the portal add domain form and the UAMI name referenced in the error was never referenced on the add domain form.
Pravallika KV 580 Reputation points Microsoft External Staff Moderator

2025-10-24T10:20:11.7333333+00:00

Hi Andy,

Even though the UAMI no longer exists, Event Grid’s control plane resource metadata can still hold a stale identity reference, and the error occurs due to stale metadata in the Event Grid Namespace referencing a deleted User Assigned Managed Identity.

So even when you select System Assigned for a new operation, the backend API may still include both identities in the request payload. This happens when the ARM and the Azure Portal cache identity references are not cleared completely.

When the Event Grid service backend attempts to authenticate against Key Vault, it tries the stale UAMI first, fails, and emits the error pointing to the deleted identity.

Check whether your Event Grid Namespace still has that stale reference by running:

az resource show --ids /subscriptions/<SUB_ID>/resourceGroups/<RG_NAME>/providers/Microsoft.EventGrid/namespaces/<NAMESPACE_NAME> --query "identity"

Force identity metadata refresh by detaching all identities and reattach cleanly:

1: Remove all identities:

az resource update --ids /subscriptions/<SUB_ID>/resourceGroups/<RG_NAME>/providers/Microsoft.EventGrid/namespaces/<NAMESPACE_NAME> --set identity.type="None"

2: Re-add system assigned identity only:

az resource update --ids /subscriptions/<SUB_ID>/resourceGroups/<RG_NAME>/providers/Microsoft.EventGrid/namespaces/<NAMESPACE_NAME> --set identity.type="SystemAssigned"

Wait for 5–10 minutes for propagation before retrying the custom domain creation.

Recreate namespace cleanly:

If ARM continues to hold a reference to the deleted identity:

Delete the existing Event Grid Namespace and recreate a new one.

Enabling System Assigned Identity before any Key Vault bindings or domain creation.

Use CLI to add domain to avoids stale cached schema.
Pravallika KV 580 Reputation points Microsoft External Staff Moderator

2025-10-28T01:44:25.6466667+00:00

Andy,

Try clearing all the identity metadata explicitely:

The CLI --set identity.type="None" fails because the Event Grid namespace schema is strict. Clear the whole identity object, not just the type property by using below command.

az resource update --ids /subscriptions/<SUB_ID>/resourceGroups/<RG_NAME>/providers/Microsoft.EventGrid/namespaces/<NAMESPACE_NAME> --remove identity

This forcibly removes the entire identity block, including stale UAMI references.
Andy 0 Reputation points

2025-10-28T04:01:33.8966667+00:00

Running the command to forcibly remove the entire identity block causes the CLI to pause for 5 seconds and then it outputs the namespace details in JSON, including the identity.userAssignedIdentities list that contains the stale / previously deleted identity.

After this command completes and after waiting several minutes, running the command below to view the namespace identity details - it still shows the previously deleted user assigned identity. The suggested remove command had no effect.

az resource show --ids /subscriptions/<SUB_ID>/resourceGroups/<RG_NAME>/providers/Microsoft.EventGrid/namespaces/<NAMESPACE_NAME> --query "identity"
Pravallika KV 580 Reputation points Microsoft External Staff Moderator

2025-10-28T07:40:48.9066667+00:00

Hi Andy,

I am checking your NS.json payload. In the meantime, could you please try creating the domain using the below commands. The parameters available to create domain using AZ CLI are mentioned in MSDOC1 and MSDOC2:

az eventgrid domain create --name --resource-group [--identity {noidentity, systemassigned}] [--inbound-ip-rules] [--input-mapping-default-values] [--input-mapping-fields] [--input-schema {cloudeventschemav1_0, customeventschema, eventgridschema}] [--location] [--mi-system-assigned] [--mi-user-assigned] [--public-network-access {disabled, enabled}] [--sku {basic, premium}] [--tags]

az eventgrid domain topic create --domain-name --name --resource-group

Also, could you please confirm if the Json payload you are using is related to REST API? As I can see the some of the parameters mentioned in the Payload are not supported in CLI.
Andy 0 Reputation points

2025-10-28T18:42:09.76+00:00

The JSON payload is from the documentation you referenced on Oct 20 - Azure CLI example NS.json

Can the Add Custom Domain feature in the Azure be fixed so that it is functional?
Pashikanti Kumar 1,235 Reputation points Microsoft External Staff Moderator

2025-10-28T19:05:10.9133333+00:00

Hi Andy,

Custom Domain feature for Azure Event Grid is functional, but issues can arise due to misconfigurations or specific requirements not being met. If you're encountering issues with the JSON payload or the feature itself

Steps to Fix/Add Custom Domain for Azure Event Grid

Verify Prerequisites

Ensure the following prerequisites are met:

Azure CLI Version: Ensure you're using the latest version of Azure CLI. Run:

az --version

Update if necessary:

az upgrade

DNS Zone: You must have a DNS zone configured in Azure or an external DNS provider where the custom domain is registered.

Event Grid Topic or Domain: Ensure you have an Event Grid Topic or Domain already created.

Validate JSON Payload

The JSON payload provided in the documentation must be correctly formatted. Here's an example of the payload: ```

Replace: - `<subscription-id>`: Your Azure subscription ID. - `<resource-group>`: The name of your resource group. - `<event-grid-domain>`: The name of your Event Grid domain. - `<connection-name>`: The name of the private endpoint connection. - `@payload.json`: Path to your JSON payload file. --- #### **4. Check DNS Configuration** After running the command, Azure Event Grid will provide a **validation token**. You must create a **TXT record** in your DNS zone with the following details: - **Name**: The custom domain name (e.g., `events.mydomain.com`). - **Type**: TXT - **Value**: The validation token provided by Azure. Wait for DNS propagation (can take up to 24 hours). #### **5. Verify Custom Domain Assignment** Once the DNS record is propagated, Azure will automatically validate the custom domain. You can check the status using:

Kindly let us know if the above helps or you need further assistance on this issue.

Please "Upvote" if the information helped you. This will help us and others in the community as well.

Thanks

Answer 1

Hi Andy,

Thanks for reaching out to Microsoft Q&A.

I have analyzed your Payload and tried to run the Az command you mentioned and got the same error.


az resource create --resource-type Microsoft.EventGrid/namespaces --id /subscriptions/X/resourceGroups/X/providers/Microsoft.EventGrid/namespaces/X --is-full-object --properties NS.json


Error parsing JSON.

NS.json

Expecting value: line 1 column 1 (char 0)

To resolve this error, you need to enclose the parameters in double quotes and add @ before the file name NS.json as below:


az resource create --resource-type "Microsoft.EventGrid/namespaces" --id "/subscriptions/SubscriptionID/resourceGroups/RGName/providers/Microsoft.EventGrid/namespaces/NamespaceName" --is-full-object --properties @"NS.json"

You can also use below commands to create the custom domain. The parameters available to create domain using AZ CLI are mentioned in MSDOC1 and MSDOC2:


az eventgrid domain create --name

                           --resource-group

                           [--identity {noidentity, systemassigned}]

                           [--inbound-ip-rules]

                           [--input-mapping-default-values]

                           [--input-mapping-fields]

                           [--input-schema {cloudeventschemav1_0, customeventschema, eventgridschema}]

                           [--location]

                           [--mi-system-assigned]

                           [--mi-user-assigned]

                           [--public-network-access {disabled, enabled}]

                           [--sku {basic, premium}]

                           [--tags]


az eventgrid domain topic create --domain-name

                                 --name

                                 --resource-group

Follow below steps to avoids the stale identity metadata issues:

Create a new Event Grid namespace in the same region but don't attach a user-assigned identity.
Enable system-assigned identity only from the start.
Configure Key Vault and custom domain immediately after creation.

Hope it helps!

Please do not forget to click "Accept the answer” and Yes, this can be beneficial to other community members.

User's image

If you have any other questions, let me know in the "comments" and I would be happy to help you.

Share via

Errors when adding a MQTT custom domain to an Event Grid Namespace

1 answer

Your answer