When applying a Machine Profile to an Azure-based Machine Creation Services catalog, attempting to Start machines may result in one of the following errors:

• {"code":"UnsupportedFeature","message":"Data Collection Rule Associations is not supported in the location of the targeted parent resource '/subscriptions/11111111-1111-1111-1111-111111111111/resourceGroups/RG-1' OR the association is being tried to be made to a resource type that does not have a location (such as to a subscription or resource group or tenant level resource type) and this type is not supported."}
• {"code":"LinkedAuthorizationFailed","message":"The client 'xxxxxxxx-xxxx-xxxx-xxxxx-xxxxxxxxxxx' with object id 'xxxxxxxx-xxxx-xxxx-xxxxx-xxxxxxxxxxx' has permission to perform action 'Microsoft.Insights/dataCollectionRuleAssociations/write' on scope '/subscriptions/11111111-1111-1111-1111-111111111111/resourcegroups/RG-1/providers/Microsoft.Compute/virtualMachines/TestMachine1/providers/Microsoft.Insights/dataCollectionRuleAssociations/assoc-xxxxxxxx'; however, it does not have permission to perform action(s) 'Microsoft.Insights/dataCollectionRules/read' on the linked scope(s) '/subscriptions/22222222-2222-2222-2222-222222222222/resourceGroups/RG-2/providers/Microsoft.Insights/dataCollectionRules/DCR-Rule-2' (respectively) or the linked scope(s) are invalid."}

Create a Template Spec for use in lieu of a Machine/Template.

https://docs.citrix.com/en-us/citrix-daas/install-configure/machine-catalogs-create/create-machine-catalog-citrix-azure.html#create-an-azure-template-spec

1. Select the Machine/Template originally chosen to be used as a Machine Profile.
2. Go to Automation -> Export Template
3. Select whether or not to Include Parameters
4. Download or Copy Contents
5. In a text editor, modify the contents to remove Azure Monitor and any DCRs
   
   1. Example:
      {
        "Properties": {
          "Publisher": "Microsoft.Azure.Monitor",
          "Type": "AzureMonitorWindowsAgent",
          "TypeHandlerVersion": "1.1",
          "AutoUpgradeMinorVersion": true,
          "Settings": {},
          "EnableAutomaticUpgrade": true
        },
        "Type": "Microsoft.Compute/virtualMachines/extensions",
        "ApiVersion": "2024-07-01",
        "Name": "[concat(parameters('Name'), '/', 'AzureMonitorWindowsAgent')]",
        "Location": "[parameters('Location')]",
        "DependsOn": [
          "[concat('Microsoft.Compute/virtualMachines/', parameters('Name'))]"
        ],
        "Tags": {}
      },
6. Save or Copy the modified contents
7. In Azure, search for and select the Template Specs section
8. Perform on of the following:
   1. For saved contents, select Import Template to select the saved file
   2. For copied contents, select Create Template Spec and paste the contents in the Edit Template tab
9. In Studio, select the newly created Template Spec for use as the Machine Profile

Problem Cause

When adding a Machine Profile to a Catalog, Citrix attempts to include all related data.  This includes any Data Collection Rules that are applicable to the Machine/Template selected for the Machine Profile.  These Data Collection Rules may not appear in the JSON of the Machine/Template, but the inclusion of Azure Monitor indicates DCRs are applicable, and Citrix will proactively query for those DCRs to include them in the Machine Profile.

The issue can occur for one of two reasons:

1. The selected Machine/Template may be in a different Resource Group or Region, and the DCR may not be applicable or compatible with the target Resource Group used for deploying the new machines.
2. The DCR exists in a different subscription.  In this instance, the failure occurs because the Service Principal assigned to Citrix does not have access to the other subscription.