tynidev
commented
4 years ago @svenska-primekey can you share your config properties without the tenant information so I can attempt to reproduce? I have not as yet been able to reproduce this error.
Closed svenska-primekey closed 2 years ago
tynidev
commented
4 years ago @svenska-primekey can you share your config properties without the tenant information so I can attempt to reproduce? I have not as yet been able to reproduce this error.
svenska-primekey
commented
4 years ago VALIDATION_SERVICE_NAME = ScepRequestValidationFEService
AAD_APP_ID = ****
AAD_APP_KEY = ****
TENANT = **
INTUNE_APP_ID =
PROVIDER_NAME_AND_VERSION_NAME = EJBCA 7.4.0
INTUNE_RESOURCE_URL = https://api.manage.microsoft.com/
GRAPH_API_VERSION = 1.6
GRAPH_RESOURCE_URL = https://graph.windows.net/
PROXY_HOST =
PROXY_PORT =
PROXY_USER =
PROXY_PASS =
AUTH_AUTHORITY = https://login.microsoftonline.com/
xandrilios
commented
3 years ago We are experiencing the same issue. Do you have any more information on this? This may be a case of misconfiguration on Endpoint Manager / Azure Portal? That's odd as I have tried to follow https://docs.microsoft.com/en-us/mem/intune/protect/scep-libraries-apis as good as possible
Our Properties configuration only contains the mandatory values AAD_APP_ID = **** [GUID] AAD_APP_KEY = **** [GUID] TENANT = [tenantname].onmicrosoft.com INTUNE_APP_ID = [the same as AAD_APP_ID]
So using the existing default values for the URLs/versions IntuneClient protected String intuneResourceUrl = "https://api.manage.microsoft.com/"; protected String graphApiVersion = "1.6"; protected String graphResourceUrl = "https://graph.windows.net/"; ADALClientWrapper private String authority = "https://login.microsoftonline.com/";
The single Azure AD Application has API permissions for Intune: scep_challenge_provider Azure Active Directory Graph: Application.Read.All and for: Microsoft Graph: Application.Read.All DeviceManagementServiceConfig.Read.All DeviceManagementApps.Read.All User.Read.All
xandrilios
commented
3 years ago Not providing INTUNE_APP_ID (thus using the hard-coded default) does present a proper serviceMap. This results in a bad request response from Intune: Request to: https://[server ref].manage.microsoft.com/TrafficGateway/TrafficRoutingService/RACerts/StatelessScepRequestValidationService/ScepActions/validateRequest returned: HTTP/1.1 400 Bad Request
danishfoxpass
commented
3 years ago Hi, i am facing the same issue "com.microsoft.intune.scepvalidation.IntuneServiceNotFoundException: Did not find service named 'ScepRequestValidationFEService' listed in Microsoft.Graph discovery service list.". Any idea on how to fix this?
I have the
AAD_APP_ID=
xandrilios
commented
3 years ago @danishfoxpass I believe I've fixed this by never setting INTUNE_APP_ID and leaving it set to the default "0000000a-0000-0000-c000-000000000000"
danishfoxpass
commented
3 years ago Thanks @xandrilios, that helped and i had to update my App with the right permissions also. I am getting "CSR decoding error" although it's base64 encoded string of the CSR request (pem). Is base64 encoding the right way?
tynidev
commented
3 years ago Can you paste the non CSR request (pem) after it is base64 encoded here?
danishfoxpass
commented
3 years ago Yes thanks, pls see it below [removed]
tynidev
commented
3 years ago As I suspected you are base64 encoding the entire -----BEGIN CERTIFICATE REQUEST----- to -----END CERTIFICATE REQUEST-----. You want to send only the blob in the middle which is already base64 encoded so you won't need to encode it again.
danishfoxpass
commented
3 years ago Thanks @tynidev, i fixed the issue by sending the tbs_certrequest_bytes of the loaded pem csr.
tynidev
commented
2 years ago This is a duplicate of issue 111
Trying to use this code for SCEP issuance with Intune and EJBCA. What should the service name be to report this to Microsoft Graph since ScepRequestValidationFEService is not present?
2020-07-08 14:50:25,802 INFO [com.microsoft.intune.scepvalidation.IntuneClient] (EJB default - 7) Refreshing service map from Microsoft.Graph 2020-07-08 14:50:25,803 INFO [com.microsoft.aad.adal4j.AuthenticationAuthority] (pool-31-thread-1) [Correlation ID: d257b9f3-7e20-43b1-b1ba-3bbc44e0cd04] Instance discovery was successful 2020-07-08 14:50:25,975 DEBUG [com.microsoft.aad.adal4j.AuthenticationContext] (pool-31-thread-1) [Correlation ID: d257b9f3-7e20-43b1-b1ba-3bbc44e0cd04] Access Token was returned 2020-07-08 14:50:26,158 INFO [com.microsoft.intune.scepvalidation.IntuneClient] (EJB default - 7) Could not find endpoint for service 'ScepRequestValidationFEService' 2020-07-08 14:50:26,158 INFO [com.microsoft.intune.scepvalidation.IntuneClient] (EJB default - 7) ServiceMap: 2020-07-08 14:50:26,158 ERROR [com.microsoft.intune.scepvalidation.IntuneClient] (EJB default - 7) Did not find service named 'ScepRequestValidationFEService' listed in Microsoft.Graph discovery service list.: com.microsoft.intune.scepvalidation.IntuneServiceNotFoundException: Did not find service named 'ScepRequestValidationFEService' listed in Microsoft.Graph discovery service list. at com.microsoft.intune.scepvalidation.IntuneClient.PostRequest(IntuneClient.java:288) at com.microsoft.intune.scepvalidation.IntuneScepServiceClient.PostRequest(IntuneScepServiceClient.java:40) at com.microsoft.intune.scepvalidation.IntuneScepServiceClient.Post(IntuneScepServiceClient.java:231) at com.microsoft.intune.scepvalidation.IntuneScepServiceClient.ValidateRequest(IntuneScepServiceClient.java:121)