400 Bad Request when importing custom settings

[JelleMarc]

When trying to import Custom Settings from the Device Configuration we are receiving an error message as following:

invoke-intunerestoredeviceconfiguration : 400 Bad Request {"error":{"code":"NotSupported","message":"{\r\n \"_version\": 3,\r\n \"Message\": \"SecretReferenceValueId invalid for create. - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 4c664761-d691-42dd-8f05-06eaa16c0f4a - Url: https://fef.amsub0502.manage.microsoft.com/DeviceConfiguration_2107/Statele ssDeviceConfigurationFEService/deviceManagement/deviceConfigurations?api-version=5021-05-26\",\r\n \"CustomApiErrorPhrase\": \"\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{ }\"\r\n}","innerError":{"date":"2021-08-06T07:38:49","request-id":"4c664761-d691-42dd-8f05-06eaa16c0f4a","client-reques t-id":"4c664761-d691-42dd-8f05-06eaa16c0f4a"}}} At line:1 char:1

• invoke-intunerestoredeviceconfiguration -path C:\temp\template

• 
  + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
  + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-IntuneRestoreDeviceConfiguration

It has something to do with the "secretReferenceValueId", however when trying multiple things I am unable to restore the policy. A new export/import leaves the same issue.

[memphisraynz]

I've started getting the same errors on restoring configs. It's not all configs, but if I re-run the import the same ones will always fail

All of mine that fail are all Windows 10 Custom Templates using OMA-URI

[jseerden]

Hi @JelleMarc and @memphisraynz,

Thanks for the report. I noticed Microsoft has started to encrypt values in Custom OMA Uri profiles. I'll have an update released soon that will decrypt the values during backup, so restoration is possible.

[jseerden]

Fix has been released in IntuneBackupAndRestore update 3.1.0.

[brooke-azure]

Still see an issue when oma-uri is an integer the id returns a 400 bad request and the value does not return or does not exist

microsoft.graph.omaSettingInteger

                        "@odata.type":  "#microsoft.graph.omaSettingInteger",
                        "description":  "\u0027Accounts: Block Microsoft accounts\u0027",
                        "omaUri":  "./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts",
                        "secretReferenceValueId":  null,
                        "isEncrypted":  false,
                        "displayName":  "Accounts: Block Microsoft accounts\u0027"

Invoke-MSGraphRequest : 400 Bad Request {"error":{"code":"BadRequest","message":"{\r\n \"_version\": 3,\r\n \"Message\": \"Invalid Id in the URL - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 71619b29-c9d1-4ee0-bb5c-80e8825af30a - Url: https://fef.amsua0502.manage.microsoft.com/DeviceConfiguration_2108/StatelessDeviceConfigurationFEService/deviceMa nagement/deviceConfigurations%28%279a596b21-6a46-47a1-8bc6-33ba98d61efb%27%29/microsoft.management.services.api.getOmaS ettingPlainTextValue%28secretReferenceValueId%3D%27%27%29?api-version=5021-05-26\",\r\n \"CustomApiErrorPhrase\": \"\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{}\"\r\n}","innerError":{"d ate":"2021-08-24T16:23:24","request-id":"71619b29-c9d1-4ee0-bb5c-80e8825af30a","client-request-id":"71619b29-c9d1-4ee0- bb5c-80e8825af30a"}}} At C:\Program Files\WindowsPowerShell\Modules\IntuneBackupAndRestore\3.1.1\Public\Invoke-IntuneBackupDeviceConfiguration.ps1:55 char:40

• ... ing.value = Invoke-MSGraphRequest -HttpMethod GET -Url "deviceManagem ...

• 
  + CategoryInfo          : ConnectionError: (@{Request=; Response=}:PSObject) [Invoke-MSGraphRequest], HttpRequestE
  xception
  + FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlet
  s.InvokeRequest

[memphisraynz]

Hi, Im still getting errors when importing OMAURI's

`VERBOSE: User Profile - Default Applications - Failed to restore Device Configuration Invoke-IntuneRestoreDeviceConfiguration : 400 Bad Request {"error":{"code":"NotSupported","message":"{\r\n \"_version\": 3,\r\n \"Message\": \"SecretReferenceValueId invalid for create. - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 9191d659-3797-4532-94f5-1ec06233f62d - Url: https://fef.msud01.manage.microsoft.com/DeviceConfiguration_2109/StatelessD eviceConfigurationFEService/deviceManagement/deviceConfigurations?api-version=5021-06-23\",\r\n \"CustomApiErrorPhrase\": \"\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{ }\"\r\n}","innerError":{"date":"2021-09-21T22:09:01","request-id":"9191d659-3797-4532-94f5-1ec06233f62d","client-reques t-id":"9191d659-3797-4532-94f5-1ec06233f62d"}}} At C:\Program Files\WindowsPowerShell\Modules\IntuneBackupAndRestore\3.1.1\Public\Start-IntuneRestoreConfig.ps1:36 char:5

• Invoke-IntuneRestoreDeviceConfiguration -Path $Path

• 
  + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
  + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-IntuneRestoreDeviceConfiguratio
  n`

[memphisraynz]

@jseerden Can we get this re-opened. The issue is still ongoing.

[jseerden]

Possible fix applied in version 3.2.0. If it is still ongoing from version 3.2.0, please submit a new issue.