Join-AADIntDeviceToAzureAD-An Attribute key or value specified is invalid or exceeds length limits (512).

pawp81 commented 3 years ago

Running: Join-AADIntDeviceToAzureAD -AccessToken eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1d<cut>ku640TzItkBra0Jj4oZEGVl2uno4hFm019I7MBeSLWqmotb9yr20O4C06SdTXj9XlfGxuCkGU0HOlpyj27nkkrhO9gXuAqMquRDTAnxid-ZGanjHzyXLjefb5kJ84ksN3B2k9Nzkn1YjmqA9dWk_1IA -DeviceName "JoinTest" -DeviceType "Windows" ends up with error:

Register-DeviceToAzureAD : {"ErrorType":"InvalidParameter","Message":"An Attribute key or value specified is invalid or exceeds length limits (512).","TraceId":"88a32c70-87ca-4f8f-a018-2d0ff3906f9f","Time":"06-24-2021
10:57:11Z"}
At C:\Program Files\WindowsPowerShell\Modules\AADInternals\0.4.6\PRT.ps1:400 char:31
+ ... tResponse = Register-DeviceToAzureAD -AccessToken $AccessToken -Devic ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Register-DeviceToAzureAD

Below Fiddler trace capturing the HTTPS traffic when Join-AADIntDeviceToAzureAD was run

POST https://enterpriseregistration.windows.net/EnrollmentServer/device/?api-version=1.0 HTTP/1.1
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1d<cut>ku640TzItkBra0Jj4oZEGVl2uno4hFm019I7MBeSLWqmotb9yr20O4C06SdTXj9XlfGxuCkGU0HOlpyj27nkkrhO9gXuAqMquRDTAnxid-ZGanjHzyXLjefb5kJ84ksN3B2k9Nzkn1YjmqA9dWk_1IA
User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1023
Content-Type: application/json; charset=utf-8
Host: enterpriseregistration.windows.net
Content-Length: 1769
Expect: 100-continue

{
    "TransportKey":  "UlNBMQAIAAADAAAAAAEAAAAAAAAAAAAAAQAB07jinw0y68+PPJtaIZAQX+z5ys0raRRazBMJMazXyhGFDWHMIqbC4y8qnjLritkwQUXkBrNdqb6y9XygNk04/rH6oytitEPMsCYl5bTfkPYLS7Pigj/C2Bk9zndg/DMtyFvQP7lNrUQ3qdwXE0Fi1daabttghen989X+ok6Z7IRPRjWarGkvOVMNlTUUKcDUXu53oOb4fUtG1EydSNAcok9Uo4UR15TIxC7RPDYK1LADYwLgcCIeXh2byUKpxK7UYkV+suXPcojl6f+TSeJ25x4SaB4Rp8SMX5O0Dz5GCfqWxr0BqzGlIf9NOrZL8WNXR33OiRkguclNfJGl1OB0+Q==",
    "JoinType":  0,
    "DeviceDisplayName":  "JoinTest",
    "OSVersion":  "10.0.19041.804",
    "CertificateRequest":  {
                               "Type":  "pkcs10",
                               "Data":  "MIICdDCCAVwCAQAwLzEtMCsGA1UEAxMkN0U5ODBBRDktQjg2RC00MzA2LTk0MjUtOUFDMDY2RkIwMTRBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07jinw0y68+PPJtaIZAQX+z5ys0raRRazBMJMazXyhGFDWHMIqbC4y8qnjLritkwQUXkBrNdqb6y9XygNk04/rH6oytitEPMsCYl5bTfkPYLS7Pigj/C2Bk9zndg/DMtyFvQP7lNrUQ3qdwXE0Fi1daabttghen989X+ok6Z7IRPRjWarGkvOVMNlTUUKcDUXu53oOb4fUtG1EydSNAcok9Uo4UR15TIxC7RPDYK1LADYwLgcCIeXh2byUKpxK7UYkV+suXPcojl6f+TSeJ25x4SaB4Rp8SMX5O0Dz5GCfqWxr0BqzGlIf9NOrZL8WNXR33OiRkguclNfJGl1OB0+QIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAMT/PAv8l9S847vWipru1UORibB4jYjke5IEWZjg77eVGPlm51VxEjbYe6H20m75lBXVnrOYzuqZ42/pXLMlFjCxuuc9JFFT7u+OtGLnoEYdnq+1ALLnAi+KqkV8g4qH0Fjl+HQ+WzXQ0BK2bHUtJQ1GoNjRyy17uqF86ueQ1YCBM1faCaDNcFdRMLWlZcag5X/QsmqIllx5m5q+vQD4jKFtmRZ7q3PvQKGB2Gv8NcwahDcrbk+0WwIZekVNZXWQEkb+3eK6O0ABYxj6w2fGGMeXGUz+OvjC/3wHa8Mv1CyLou0YpBZegLtu5mf6E6H29ACzY4foR6aahYYQBE27E+8="
                           },
    "TargetDomain":  "mydomain.com",
    "DeviceType":  "Windows",
    "Attributes":  {
                       "ReuseDevice":  true,
                       "ReturnClientSid":  true,
                       "SharedDevice":  false
                   }
}
HTTP/1.1 400 Bad Request
Content-Length: 202
Content-Type: application/json
request-id: 88a32c70-87ca-4f8f-a018-2d0ff3906f9f
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Date: Thu, 24 Jun 2021 10:57:11 GMT

{"ErrorType":"InvalidParameter","Message":"An Attribute key or value specified is invalid or exceeds length limits (512).","TraceId":"88a32c70-87ca-4f8f-a018-2d0ff3906f9f","Time":"06-24-2021 10:57:11Z"}

ConstantinT commented 3 years ago

Hi, I had the same problem with my own tool. The solution is to change the 3 values in the "Attributes" part from bool to string.

From:

"Attributes": { "ReuseDevice":true, "ReturnClientSid": true, "SharedDevice":false }

To:

"Attributes": { "ReuseDevice":"true", "ReturnClientSid": "true", "SharedDevice":"false" }

They also change from api-version=1 to api-version=2, but this doesn't matter.

pawp81 commented 3 years ago

Yes changing all 3 parameters to strings resolved the problem

NestoriSyynimaa commented 3 years ago

Will fix this to the next release, thanks for reporting!

Gerenios / AADInternals

Join-AADIntDeviceToAzureAD-An Attribute key or value specified is invalid or exceeds length limits (512). #11