Closed LukaszKrukowski closed 6 years ago
@LukaszKrukowski this is definitely a permissions issue. Does the user account have appropriate admin rights granted in Google Apps?
I'd run through and double check the steps in the following guide.
Let me know if you have still having trouble after confirming those settings. What version of the MA are you running?
Hi @ryannewington ,
Thank you for your reply.
I have granted super admin rights in Google Apps for the user. I even granted all available roles for service account as a desperation try once, still no luck.
I'm always following steps in the guide (except for 'Service Account Actor' role which is now depreciated I believe). It did work for me with no issues until the last week or so when I was asked to create MA for GSuite instance.
I'm using latest release (v1.1.6520) of MA, however I did give it a try with v1.1.6451 too.
Kind regards, Lukasz
@LukaszKrukowski can you try the build located here
https://github.com/lithnet/googleapps-managementagent/issues/26
and change your scopes to
https://www.googleapis.com/auth/admin.directory.user,https://www.googleapis.com/auth/admin.directory.userschema.readonly,https://apps-apis.google.com/a/feeds/emailsettings/2.0/,https://www.googleapis.com/auth/admin.directory.group,https://www.googleapis.com/auth/admin.directory.group.member,https://www.googleapis.com/auth/apps.groups.settings,https://www.googleapis.com/auth/admin.directory.domain.readonly,http://www.google.com/m8/feeds/contacts/,https://www.googleapis.com/auth/calendar,https://www.googleapis.com/auth/admin.directory.resource.calendar,https://www.googleapis.com/auth/admin.directory.resource.calendar,https://www.googleapis.com/auth/admin.directory.resource.calendar,https://www.googleapis.com/auth/admin.directory.domain.readonly
Domain-wide delegation is definitely enabled, right?
Thank you @ryannewington , it worked with this new build and changed API scopes.
Not sure if it's helpful but I went to the other server where I still have MA v1.1.6520 and it threw the same 'Unable to retrieve schema' error. I think that if you have working GSuite MA v1.1.6520 everything is fine, but if for whatever reason you decide to re-create MA (using the very same GSuite project) I think you'll get this schema error due to unathorized access.
Anyway, thank you very much for your help Ryan, appreciate it!
Kind regards, Lukasz
Great news. I think it's my fault. I've been tweaking the scopes required by the app so it doesn't need as many privileges, but I think I've gotten the documentation out if sync with the main build. Apologies for the inconvenience!
No worries mate, thank you for fixing it with the new build.
I've noticed possibly one more issue. I have no errors reading schema fixed types attribute values (i.e. phones_home or organizations_home_title) but when I'm trying to export values to these attributes I get:
An exception has occurred in PutCSEntryChange Type: Google.GoogleApiException
Message: Google.Apis.Requests.RequestError Invalid value for: custom is not a valid value [400] Errors [ Message[Invalid value for: custom is not a valid value] Location[ - ] Reason[invalid] Domain[global] ]
Source: Google.Apis
TargetSite: Void MoveNext()
StackTrace:
at Google.Apis.Requests.ClientServiceRequest1.<ParseResponse>d__34.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Google.Apis.Requests.ClientServiceRequest
1.Execute()
at Lithnet.GoogleApps.ApiExtensions.ExecuteWithBackoff[T](ClientServiceRequest1 request, Int32 retryAttempts) at Lithnet.GoogleApps.ApiExtensions.ExecuteWithBackoff[T](ClientServiceRequest
1 request)
at Lithnet.GoogleApps.UserRequestFactory.Add(User item)
at Lithnet.GoogleApps.MA.ApiInterfaceUser.ApplyChanges(CSEntryChange csentry, SchemaType type, IManagementAgentParameters config, Object& target, Boolean patch) in D:\github\lithnet\googleapps-managementagent\src\Lithnet.GoogleApps.MA\ApiInterfaces\ApiInterfaceUser.cs:line 99
at Lithnet.GoogleApps.MA.ExportProcessor.PutCSEntryChangeAdd(CSEntryChange csentry, CSEntryChange deltaCSEntry, MASchemaType maType, SchemaType type, IManagementAgentParameters config) in D:\github\lithnet\googleapps-managementagent\src\Lithnet.GoogleApps.MA\ExportProcessor.cs:line 97
at Lithnet.GoogleApps.MA.ExportProcessor.PutCSEntryChangeObject(CSEntryChange csentry, SchemaType type, IManagementAgentParameters config) in D:\github\lithnet\googleapps-managementagent\src\Lithnet.GoogleApps.MA\ExportProcessor.cs:line 58
at Lithnet.GoogleApps.MA.ExportProcessor.PutCSEntryChange(CSEntryChange csentry, SchemaType type, IManagementAgentParameters config) in D:\github\lithnet\googleapps-managementagent\src\Lithnet.GoogleApps.MA\ExportProcessor.cs:line 16
Kind regards, Lukasz
@LukaszKrukowski can you export the MA and email me the xml file?
@ryannewington I've sent you exported xml file via an e-mail.
Thank you, Lukasz
Hi @LukaszKrukowski
It’s a google limitation. The only supported types for ‘organization’ are as follows
"domain_only" "school" "unknown" "work"
If you change the organization ‘home’ to ‘work’, you should be able to export without problems.
Ryan
Hi @ryannewington
You're right, my bad. Thank you for your support once again, I really appreciate it!
Kind regards, Lukasz
Since the last week I'm unable to create MA as it returns 'Unable to retrieve schema. Error: Exception from HRESULT: 0x80231343' This is the error from EventLog:
The extensible extension returned an unsupported error. The stack trace is:
"Google.Apis.Auth.OAuth2.Responses.TokenResponseException: Error:"unauthorized_client", Description:"Client is unauthorized to retrieve access tokens using this method.", Uri:"" at Google.Apis.Requests.ClientServiceRequest
1.Execute() in C:\Apiary\v1.25\Src\Support\GoogleApis\Apis\Requests\ClientServiceRequest.cs:line 101 at Lithnet.GoogleApps.ApiExtensions.ExecuteWithBackoff[T](ClientServiceRequest
1 request, Int32 retryAttempts) at Lithnet.GoogleApps.ApiExtensions.ExecuteWithBackoff[T](ClientServiceRequest1 request) at Lithnet.GoogleApps.SchemaRequestFactory.HasSchema(String customerID, String schemaName) at Lithnet.GoogleApps.MA.SchemaBuilder.GetSchema(IManagementAgentParameters config) in D:\github\lithnet\googleapps-managementagent\src\Lithnet.GoogleApps.MA\Schema\SchemaBuilder.cs:line 31 at Lithnet.GoogleApps.MA.ManagementAgent.GetSchema(KeyedCollection
2 configParameters) in D:\github\lithnet\googleapps-managementagent\src\Lithnet.GoogleApps.MA\ManagementAgent.cs:line 405 Forefront Identity Manager 4.4.1642.0"I've tried with two different instances of GSuite and MIM with no luck. It used to work without issues earlier, please assist.