When using the PowerShell method or the Cloud Shell method I am getting an error when trying to create App Registrations:

Cloud Shell:

1st Error: Deploy\Scripts\openhack-fhir-auth-config.sh - Line 42

PowerShell:

1st Error: deploy\scripts\fhir-server\samples\scripts\PowerShell\FhirServer\Public\New-FhirServerApiApplicationRegistration.ps1 - Line 68

It looks like this is being caused by a breaking change in AzureAD which have new requirements for the AppId Uri:
https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-breaking-changes#appid-uri-in-single-tenant-applications-will-require-use-of-default-scheme-or-verified-domains

I believe this could be resolved by appending the domain name to the end of the ServiceURL when creating App Registrations, but Im not sure what downstream effects that will have on this OpenHack.

A few of us on mac got stuck with the very first powershell step and getting the correct modules installed. The following process was used by a few of us and seemed to work pretty well.

Bootstrap Mac Powershell

• brew cask install powershell or Restart powershell
• Uninstall Az, Azure, AzureRM and AzureAD
• Unregister-PSRepository -Name 'Posh Test Gallery'

This should get you "clean", then:

• Restart powershell
• Install-Module Az
• Install-Module Azure
• Install-Module -Name Az.Accounts -AllowPrerelease -Force
• Register-PackageSource -Trusted -ProviderName 'PowerShellGet' -Name 'Posh Test Gallery' -Location https://www.poshtestgallery.com/api/v2/
• Install-Module AzureAD.Standard.Preview
• Restart powershell
• Import-Module Az
• Import-Module Azure
• Import-Module AzureAD.Standard.Preview

You should then be able to login, set you subscription then set your azuread to point at the new tenant.

When you go to run the first ps1 file you need to add the -adminPassword as explained in the docs because you are on mac.

When listing Primary /secondary tenant, would be valuable to indicate Primary (Resource), secondary (Data). i keep losing track

When something is wrong with device or fhir templates no data gets into FHIR Server.
What is the the way to troubleshoot the problems - any logging that could be enabled?

Doc Says its a slider. i see a drop down, where i can select the environment. then click the Eye to view. then edit.

The databricks notebook will fail out of the box because the insert statement in Cmd 13 is not compatible with the SQL Schema.

There should be a fix to the databricks workbook or the SQL schema. The insert that fails is the following:

INSERT INTO jdbcObservationTable
SELECT id AS observationid, SUBSTRING_INDEX(subject.reference,'/',-1) AS patientid, code.coding[0].code AS observationcode, code.coding[0].display AS observation, status, valueQuantity.unit, valueQuantity.value FROM observationTable;

A simple workaround is to insert dummy data to the missing columns:

INSERT INTO jdbcObservationTable
SELECT id AS observationid, SUBSTRING_INDEX(subject.reference,'/',-1) AS patientid, code.coding[0].code AS observationcode, '' AS deviceid, code.coding[0].display AS observation, '', '', status, valueQuantity.unit, valueQuantity.value FROM observationTable;

A better workaround is to fix the SQL schema, or insert the correct data in the databricks workbook.

If you are using Windows subsystem for Linux and bash/Ubuntu shell, and Github desktop, github desktop converts the file format to Windows/DOS. this creates the following error:
: invalid option nameh: line 2: set: pipefail

there are 2 fixes - run git clone from subsystem for linux - so we can supply the command
or
run 'dos2unix ./deployhl7ingest.bash' which will convert file format.

This is a fix for the already existing error in troubleshooting section.

Script requires an enviornment name, which was originally used to create the fhir resources. picking the same thing puts all new resources for anonymization and export into same RG. Probably want them in new rg, so should leave a hint that this is a New environment name

Given the naming conventions used by JAVA, consider clarifying the relationship between JDK 1.8 and JDK SE 8 for participants that may not be familiar.

Got below warnings while completing first challenge.

WARNING: The provided information does not map to an AD object id.
WARNING: Access policy is not set. No user or application have access permission to use this vault. This can happen if the vault was
created by a service principal. Please use Set-AzKeyVaultAccessPolicy to set access policies.

In order to do challenge 3 you'll need to install dotnet core 3.1 to build the FHIR data tools. It should be added as a prereq in challenge 0

I opened an issue on the Health Architectures repo which causes an issue for Mac users.

microsoft/health-architectures#22

The shebang lines need to be changed. I'm not sure how this zip is created, so can the person who owns that process make that change? 😄

When running through the hack steps I found myself debugging a lot of dependency installation issues or version mismatches where my local environment was using a different version than the hack instructions called for.

One area of improvement would be to configure the dependencies using a devcontainer so that people can focus on hacking, and less on dependency management/tooling installs.

On the prerequisite links (Challenge 00), since there are multiple links and steps, consider making the links open in a new tab or new window so the person following the instructions does not lose their instruction page when navigating to the specific pre-requisite information.

In Challenge 1 when navigating to dashboards getting block by AAD message blocked by Admin consent needed.

Resolution - navigate to secondary Tenant and grant Admin Consent in API/permissions for each of the three SP created with environment

I saw something curious during Challenge 2 that may be an issue. Is there a reason to have OpenHack participants download the Health Architectures repo as a zip instead of cloning/downloading it themselves directly from that Github repo?

Reasons to send the user to the repo:

• Reduces size of OpenHack repository
• Reduces need to update the OpenHack repo when Health Architectures repo changes
• Exposes users to another repo that may help drive Health Cloud adoption

Using the az cli causes deployment failures as the resources are not fully provisioned, causing subsequent commands to fail. The process of prompting the user for 12 variables is tedious.

Running deployhl7ingest.bash throws time out exception

Executing ./deployhl7ingest.bash...
Checking Azure Authentication...
Enter your subscription ID [xxx]:
Resource group with name fhirhacknero2 could not be found. Creating new resource group..
+ az group create --name fhirhacknero2 --location eastus
Starting HL7 Ingest Platform deployment...
Creating Storage Account [hack2store32574]...
The behavior of this command has been altered by the following extension: storage-preview
Retrieving Storage Account Connection String...
Creating Storage Account Container [hl7]...
Creating Service Bus Namespace [hlsb19805]...
Creating Queue [hl7ingest]...
Retrieving ServiceBus Connection String...
Creating hl7ingest Function App Serviceplan[hack2asp]...
Creating hl7ingest Function App [hl7ingest21194]...
Application Insights "hl7ingest21194" was created for this Function App. You can visit https://portal.azure.com/#resource/subscriptions/7xxxx/resourceGroups/fhirhacknero2/providers/microsoft.insights/components/hl7ingest21194/overview to view your Application Insights component
Retrieving Function App Host Key...
Configuring hl7ingest Function App [hl7ingest21194]...
Deploying hl7ingest Function App from source repo to [hl7ingest21194.azurewebsites.net]...
Setting SCM_DO_BUILD_DURING_DEPLOYMENT to false
Waiting SCM site to be updated with the latest app settings
The command failed with an unexpected error. Here is the traceback:

HTTPSConnectionPool(host='hl7ingest21194.scm.azurewebsites.net', port=443): Read timed out. (read timeout=3)
Traceback (most recent call last):
  File "C:\Users\VSSADM~1\AppData\Local\Temp\pip-install-zmnkj_hi\urllib3\urllib3\connectionpool.py", line 384, in _make_request
  File "<string>", line 2, in raise_from
  File "C:\Users\VSSADM~1\AppData\Local\Temp\pip-install-zmnkj_hi\urllib3\urllib3\connectionpool.py", line 380, in _make_request
  File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\lib\http\client.py", line 1331, in getresponse
    response.begin()
  File "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\li

Resolution Updating SKU to "B3" in deployhl7ingest.bash declare serviceplansku="B3" works

If you havent done ADF work before, you wont know where to go to get status, and errors. should make that clear to click author and monitor

current instructions ask to use Iot Central Data Export (Legacy), we have tested it with newer version of Data Export and it worked with following changes:

• setup Data Export
  Add destinattion pointing to IotConnector EventHubs Connection String and export Telemetry:

• update device template in Iot Connector as per https://github.com/microsoft/iomt-fhir/blob/master/docs/Configuration.md#iotcentraljsonpathcontenttemplate

{
    "templateType": "CollectionContent",
    "template": [
        {
            "templateType": "IotCentralJsonPathContent",
            "template": {
                "typeName": "heartrate",
                "typeMatchExpression": "$..[?(@telemetry.HeartRate)]",
                "values": [
                    {
                        "required": "true",
                        "valueExpression": "$.telemetry.HeartRate",
                        "valueName": "hr"
                    }
                ]
            }
        }
    ]
}

Postman section indicates that you should 'Import Collection' and 'Import environment'. for non-postman user this would lead me down the path of clicking import, choosing the JSON file. Postman returns not recognized format. Should specify - Click import, select Raw Text tab, and past the contents of the Collection and Enviroment files.

Also it says import collection 2x.

The ARM template contains client credentials and should be removed and creds should be rolled

Doc States: mport Environment. An environment is a set of variables pre-created that will be used in requests. Click on Manage Environments (a slider on the top right). Click on the environment you imported. Enter these values for Initial Value:

I added to initial value, but nothing worked until i added to current value. Not sure how to 'set' current value. should document

in Task 2: After running ./deployFHIRExportwithAnonymization.ps1 with all required updates in parameters.json
Logic App was failing as the tenantid populated is the for the primary tenant instead of secondary AD tenant:

• also had to set manually in Keyvault clientappID and secret