jseerden / IntuneBackupAndRestore

PowerShell Module that queries Microsoft Graph, and allows for cross-tenant Backup & Restore actions of your Intune Configuration.
MIT License
341 stars 99 forks source link

400 Bad Request when importing custom settings #39

Closed JelleMarc closed 3 years ago

JelleMarc commented 3 years ago

When trying to import Custom Settings from the Device Configuration we are receiving an error message as following:

invoke-intunerestoredeviceconfiguration : 400 Bad Request {"error":{"code":"NotSupported","message":"{\r\n \"_version\": 3,\r\n \"Message\": \"SecretReferenceValueId invalid for create. - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 4c664761-d691-42dd-8f05-06eaa16c0f4a - Url: https://fef.amsub0502.manage.microsoft.com/DeviceConfiguration_2107/Statele ssDeviceConfigurationFEService/deviceManagement/deviceConfigurations?api-version=5021-05-26\",\r\n \"CustomApiErrorPhrase\": \"\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{ }\"\r\n}","innerError":{"date":"2021-08-06T07:38:49","request-id":"4c664761-d691-42dd-8f05-06eaa16c0f4a","client-reques t-id":"4c664761-d691-42dd-8f05-06eaa16c0f4a"}}} At line:1 char:1

It has something to do with the "secretReferenceValueId", however when trying multiple things I am unable to restore the policy. A new export/import leaves the same issue.

memphisraynz commented 3 years ago

I've started getting the same errors on restoring configs. It's not all configs, but if I re-run the import the same ones will always fail

All of mine that fail are all Windows 10 Custom Templates using OMA-URI

jseerden commented 3 years ago

Hi @JelleMarc and @memphisraynz,

Thanks for the report. I noticed Microsoft has started to encrypt values in Custom OMA Uri profiles. I'll have an update released soon that will decrypt the values during backup, so restoration is possible.

jseerden commented 3 years ago

Fix has been released in IntuneBackupAndRestore update 3.1.0.

brooke-azure commented 3 years ago

Still see an issue when oma-uri is an integer the id returns a 400 bad request and the value does not return or does not exist

microsoft.graph.omaSettingInteger

                        "@odata.type":  "#microsoft.graph.omaSettingInteger",
                        "description":  "\u0027Accounts: Block Microsoft accounts\u0027",
                        "omaUri":  "./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts",
                        "secretReferenceValueId":  null,
                        "isEncrypted":  false,
                        "displayName":  "Accounts: Block Microsoft accounts\u0027"

Invoke-MSGraphRequest : 400 Bad Request {"error":{"code":"BadRequest","message":"{\r\n \"_version\": 3,\r\n \"Message\": \"Invalid Id in the URL - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 71619b29-c9d1-4ee0-bb5c-80e8825af30a - Url: https://fef.amsua0502.manage.microsoft.com/DeviceConfiguration_2108/StatelessDeviceConfigurationFEService/deviceMa nagement/deviceConfigurations%28%279a596b21-6a46-47a1-8bc6-33ba98d61efb%27%29/microsoft.management.services.api.getOmaS ettingPlainTextValue%28secretReferenceValueId%3D%27%27%29?api-version=5021-05-26\",\r\n \"CustomApiErrorPhrase\": \"\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{}\"\r\n}","innerError":{"d ate":"2021-08-24T16:23:24","request-id":"71619b29-c9d1-4ee0-bb5c-80e8825af30a","client-request-id":"71619b29-c9d1-4ee0- bb5c-80e8825af30a"}}} At C:\Program Files\WindowsPowerShell\Modules\IntuneBackupAndRestore\3.1.1\Public\Invoke-IntuneBackupDeviceConfiguration.ps1:55 char:40

memphisraynz commented 3 years ago

Hi, Im still getting errors when importing OMAURI's

`VERBOSE: User Profile - Default Applications - Failed to restore Device Configuration Invoke-IntuneRestoreDeviceConfiguration : 400 Bad Request {"error":{"code":"NotSupported","message":"{\r\n \"_version\": 3,\r\n \"Message\": \"SecretReferenceValueId invalid for create. - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 9191d659-3797-4532-94f5-1ec06233f62d - Url: https://fef.msud01.manage.microsoft.com/DeviceConfiguration_2109/StatelessD eviceConfigurationFEService/deviceManagement/deviceConfigurations?api-version=5021-06-23\",\r\n \"CustomApiErrorPhrase\": \"\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{ }\"\r\n}","innerError":{"date":"2021-09-21T22:09:01","request-id":"9191d659-3797-4532-94f5-1ec06233f62d","client-reques t-id":"9191d659-3797-4532-94f5-1ec06233f62d"}}} At C:\Program Files\WindowsPowerShell\Modules\IntuneBackupAndRestore\3.1.1\Public\Start-IntuneRestoreConfig.ps1:36 char:5

memphisraynz commented 3 years ago

@jseerden Can we get this re-opened. The issue is still ongoing.

jseerden commented 2 years ago

Possible fix applied in version 3.2.0. If it is still ongoing from version 3.2.0, please submit a new issue.