Closed Meddell closed 8 months ago
almenscorner
commented
1 year ago Hi,
Definitely looks like you have all the required permissions and RemoteAssistancePartner requires the service config permission. Does it fail with that exact error if you re-run the pipeline every time? Can you run from your own terminal locally using the same app reg and see if you get the same result?
Meddell
commented
1 year ago Yep I had tried running the backup locally with the app registration and got the same error:
almenscorner
commented
1 year ago Interesting, can you send a print screen of the api permissions granted on the app reg?
Meddell
commented
1 year ago Sure thing, here are is the screenshot of it:
almenscorner
commented
1 year ago I'm trying to replicate but haven't been able to so far
Meddell
commented
1 year ago I will see if it was something with the app registration, going to replace the app registration and create a new one. Edit: I tried with a new app registration and still an error. I excluded RemoteAssistancePartner and it worked as normal. I ran the query in Graph Explorer and it worked fine as well.
almenscorner
commented
1 year ago Do you have any remote assistance partners connected in Intune?
Speed1
commented
1 year ago Hi, we encounter the exact same error. We have a remote assistance partner configured (Teamviewer).
almenscorner
commented
1 year ago So it seems like there is a different behaviour when there is a partner connected.. the same permissions should still apply though. Is the call working for you as well running it with your account instead of the app reg @Speed1?
Speed1
commented
1 year ago Sorry for the late response. I tried to run the application with the -i parameter but I get the following error after web authentication:
IntuneCD-startbackup -m 1 -p intuneBackup -i
Traceback (most recent call last):
File "/Users/username/src/intuneCD/venv_intuneCD/bin/IntuneCD-startbackup", line 8, in <module>
sys.exit(start())
^^^^^^^
File "/Users/username/src/intuneCD/venv_intuneCD/lib/python3.11/site-packages/IntuneCD/run_backup.py", line 370, in start
run_backup(args.path, args.output, exclude, token)
File "/Users/username/src/intuneCD/venv_intuneCD/lib/python3.11/site-packages/IntuneCD/run_backup.py", line 165, in run_backup
results.append(savebackup(path, output, exclude, token))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/username/src/intuneCD/venv_intuneCD/lib/python3.11/site-packages/IntuneCD/backup_appConfiguration.py", line 34, in savebackup
data = makeapirequest(ENDPOINT, token)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/username/src/intuneCD/venv_intuneCD/lib/python3.11/site-packages/IntuneCD/graph_request.py", line 24, in makeapirequest
"Authorization": "Bearer {0}".format(token["access_token"]),
~~~~~^^^^^^^^^^^^^^^^
KeyError: 'access_token'Do you have a hint?
almenscorner
commented
1 year ago Sorry for the late response. I tried to run the application with the -i parameter but I get the following error after web authentication:
IntuneCD-startbackup -m 1 -p intuneBackup -i Traceback (most recent call last): File "/Users/username/src/intuneCD/venv_intuneCD/bin/IntuneCD-startbackup", line 8, in <module> sys.exit(start()) ^^^^^^^ File "/Users/username/src/intuneCD/venv_intuneCD/lib/python3.11/site-packages/IntuneCD/run_backup.py", line 370, in start run_backup(args.path, args.output, exclude, token) File "/Users/username/src/intuneCD/venv_intuneCD/lib/python3.11/site-packages/IntuneCD/run_backup.py", line 165, in run_backup results.append(savebackup(path, output, exclude, token)) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/Users/username/src/intuneCD/venv_intuneCD/lib/python3.11/site-packages/IntuneCD/backup_appConfiguration.py", line 34, in savebackup data = makeapirequest(ENDPOINT, token) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/Users/username/src/intuneCD/venv_intuneCD/lib/python3.11/site-packages/IntuneCD/graph_request.py", line 24, in makeapirequest "Authorization": "Bearer {0}".format(token["access_token"]), ~~~~~^^^^^^^^^^^^^^^^ KeyError: 'access_token'Do you have a hint?
Have you configured the app registration per the requirements here? https://github.com/almenscorner/IntuneCD/wiki/Authentication#interactive
almenscorner
commented
1 year ago I struggling to replicate the remote assistance partner issue as I do not have an environment with TV available. Did you get interactive auth run to work @Speed1?
Speed1
commented
1 year ago Hi @almenscorner,
sorry, I totally forgot about this (currently excluded RemoteAssistancePartner from backup). I retried but I still get the same error. I have the URL "http://localhost" added to my Redirect URIs in the App registration.
I also set TENANT_NAME and CLIENT_ID as env variables but no luck...
If I run the command IntuneCD-startbackup -m 1 -p intuneBackup -a secret.json it runs until the RemoteAssistancePartner as the Pipeline
almenscorner
commented
1 year ago Hmm, and the redirect URI is set as a "Mobile and desktop applications" type for the platform?
Speed1
commented
1 year ago If you mean this flag, yes I tried to enable it but the error was the same.
almenscorner
commented
1 year ago I mean like this,
Speed1
commented
1 year ago Now it works, thanks. I was confused from the phrase If using interactive mode, a Web Redirect URI needs to be added to the app registration with the value http://localhost". Maybe it should be changed in If using interactive mode, a Mobile and desktop applications Redirect URI needs...?
Nevermind, in interactive mode everything works as expected. The RemoteAssistancePartner was backuped
almenscorner
commented
1 year ago I will make it clearer in the text :)
OK, so there is something wrong, maybe a bug where when application permissions are used to export Remote Assistance partner the permissions are not working. Sounds like something I need to bring to Microsoft..
almenscorner
commented
1 year ago Hi @Speed1, I have engaged Microsoft in the issue of backing up remote assistance partners. Would you be able to provide me with an ActivityId of one of the failed calls?
almenscorner
commented
1 year ago @Speed1, are you able to provide me an ActivityID so I can move the discussions forward? 😊
almenscorner
commented
1 year ago You could also do a new run and provide the ActivityID @Meddell ?
Speed1
commented
1 year ago Hi @almenscorner Sorry, I'm still on holidays. I will provide you on Monday with an activity ID.
Speed1
commented
1 year ago Hi @almenscorner here the activityID 97aa6610-5155-4e74-a784-bdc6f7def485 Sorry for the delay...
almenscorner
commented
1 year ago Hi @almenscorner here the activityID 97aa6610-5155-4e74-a784-bdc6f7def485 Sorry for the delay...
No worries, thank you very much! :)
AlphaSeb
commented
11 months ago Were also impacted by this. We have an active TeamViewer Integration, but as it's useless (for us) I simply disconnected it...
almenscorner
commented
11 months ago Yeah I'm hearing nothing from MS unfortunately
mrtzlbm
commented
10 months ago Were also impacted by this error. We have an active TeamViewer connector. Activity ID: 4d4d0345-789b-4544-bdf0-579364683170
almenscorner
commented
9 months ago I am getting no responses from MS... Can everyone create a ticket with MS on this so we get some push on it?
almenscorner
commented
8 months ago I have been able to backup a remote assistance partner with application permissions lately. Is this working for you as well now?
almenscorner
commented
8 months ago See above @mrtzlbm @AlphaSeb @Meddell
Meddell
commented
8 months ago Sorry for the late response as projects have shifted within our team for a long time but yes problem is resolved
Describe the bug I had originally configured IntuneCD back in March 2023, I had recently noticed the ADO pipeline was failing due to a permission I had not added (DeviceManagementManagedDevices.ReadWrite.All). I added the permission to the app registration but now I am coming up with a new error that seems to be a permission issue but not too sure.
Error: File "/home/vsts/.local/bin/IntuneCD-startbackup", line 8, in
sys.exit(start())
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/run_backup.py", line 370, in start
run_backup(args.path, args.output, exclude, token)
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/run_backup.py", line 270, in run_backup
results.append(savebackup(path, output, token))
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/backup_remoteAssistancePartner.py", line 28, in savebackup
data = makeapirequest(ENDPOINT, token)
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/graph_request.py", line 84, in makeapirequest
raise Exception(
Exception: ('Request failed with ', 403, ' - ', '{"error":{"code":"Forbidden","message":"{\r\n \"_version\": 3,\r\n \"Message\": \"An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: cd0c3d1d-00ca-4a00-abdc-e0cf2c43a00e - Url: https://fef.msua05.manage.microsoft.com/RemoteAssistService/StatelessRemoteAssistService/deviceManagement/remoteAssistancePartners?api-version=5022-08-15 - CustomApiErrorPhrase: Forbidden\",\r\n \"CustomApiErrorPhrase\": \"Forbidden\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{}\"\r\n}","innerError":{"date":"2023-06-21T17:29:40","request-id":"cd0c3d1d-00ca-4a00-abdc-e0cf2c43a00e","client-request-id":"cd0c3d1d-00ca-4a00-abdc-e0cf2c43a00e"}}}')
[error]Bash exited with code '1'.
Current App Registration Permissions:
To Reproduce Within the Pipeline:
Currently ran with a client secret and app registration
Current App Registration Permissions:
Expected behavior Backup works accordingly without issues/errors
Screenshots
Run type (please complete the following information):