Problem with deployment

[mgordic]

Hi,

Can someone help me, I am getting error message when I am trying to execute NewApp.ps1 script.

Error message says: Insufficient privileges to complete the operation.

Do I need some additional parameters for Connect-Graph, like scope?

Thank you

[TBag]

Hello,

Couple of quick questions...

1. Did you run the Powershell command prompt as an Administrator?
2. When you ran Connect-Graph, did you authenticate with a user that has permissions to create AAD groups? I updated the docs to point this out.

[mgordic]

Hi Todd, Thank you for your reply.

1. Yes, I am running it with admin account
2. I am calling Connect-Graph with my Tennant admin account.

I am not sure, maybe this is relevant: I m trying to deploy this on brand new developer subscription O365 Tennant.

Thank you for you assistance Marko

[TBag]

You're welcome. Can you run the script in the debugger and isolate the line of code that is failing?

[mgordic]

It's failing immediately here $newApp = New-Application...

[TBag]

Are you able to log into the azure portal with the same account and create an AAD application using the web pages?

[mgordic]

If you mean App Registration, yes I can create new App Registration in Azure using mentioned account.

[mikewalker74]

I have exactly the same problem, The exception is below and I am logged in with permissions suitable to create a new application registration. - One thought was the Connect-Graph applet did not ask for much in the way of permissions but i didnt take a note so is it possible that the Oauth request for running Connect-Graph is not seeking enough permissions ?

New-Application : Insufficient privileges to complete the operation. At C:\Users\mike.walker\source\repos\meetings-capture-sample\Deployment\NewApp.ps1:44 char:1

• $newApp = New-Application -DisplayName $appName -RequiredResourceAcce ...

• 
  + CategoryInfo          : InvalidOperation: ({ body = Micros...phApplication }:<>f__AnonymousType1`1) [New-Applic                                           ation_CreateExpanded], Exception
  + FullyQualifiedErrorId : Authorization_RequestDenied,Microsoft.Graph.PowerShell.Cmdlets.NewApplication_CreateExp
  anded

[TBag]

Thanks for the details. We are looking into it and trying to replicate.

---

From: mikewalker74 notifications@github.com Sent: Thursday, January 9, 2020 6:36:23 PM To: microsoftgraph/meetings-capture-sample meetings-capture-sample@noreply.github.com Cc: Todd Baginski todd@toddbaginski.com; Comment comment@noreply.github.com Subject: Re: [microsoftgraph/meetings-capture-sample] Problem with deployment (#1)

I have exactly the same problem, The exception is below and I am logged in with permissions suitable to create a new application registration. - One thought was the Connect-Graph applet did not ask for much in the way of permissions but i didnt take a note so is it possible that the Oauth request for running Connect-Graph is not seeking enough permissions ?

New-Application : Insufficient privileges to complete the operation. At C:\Users\mike.walker\source\repos\meetings-capture-sample\Deployment\NewApp.ps1:44 char:1

• $newApp = New-Application -DisplayName $appName -RequiredResourceAcce ...

• CategoryInfo : InvalidOperation: ({ body = Micros...phApplication }:<>f__AnonymousType1`1) [New-Applic ation_CreateExpanded], Exception

• FullyQualifiedErrorId : Authorization_RequestDenied,Microsoft.Graph.PowerShell.Cmdlets.NewApplication_CreateExp anded

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://github.com/microsoftgraph/meetings-capture-sample/issues/1?email_source=notifications&email_token=AAKXSTXQ7ZQCF2QQ3IBAEZLQ46YHPA5CNFSM4KEH5TTKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEISFJXQ#issuecomment-572806366, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAKXSTW2GJ3I3IKJZAMANA3Q46YHPANCNFSM4KEH5TTA.

[mgordic]

@TBag Just one more thing I noticed:

If I call Connect-Graph without -Scopes parameter, and then Get-User command, then I am getting the same error message as above regarding permissions. Maybe this will help you to figure out the problem

[TBag]

We can replicate the error when we Connect-Graph with an account that does not have sufficient permissions. Can you try first Disconnect-Graph, then run Connect-Graph to reconnect with the account that has the proper permissions? See the example in the screenshot below.

We are also following up on this with the Microsoft engineers.

[mgordic]

Hi Todd, Yes, I already tried your suggestion before I raised issue here, anyway doesn't work.

It's funny, because I can create app using the same account in Azure UI.

Is it maybe possible that problem is causing by MFA, that is enabled by default for Tennant admin account?

[mikewalker74]

Agreed the same here the account does have the permission, on this tenant I don't have MFA enabled for the admin account but did trust graph-connect for all users which may have gone through a lesser permissions grant process

---

From: Marko Gordic notifications@github.com Sent: Friday, 10 January 2020, 22:42 To: microsoftgraph/meetings-capture-sample Cc: mikewalker74; Comment Subject: Re: [microsoftgraph/meetings-capture-sample] Problem with deployment (#1)

Hi Todd, Yes, I already tried your suggestion before I raised issue here, anyway doesn't work.

It's funny, because I can create app using the same account in Azure UI.

Is it maybe possible that problem is causing by MFA, that is enabled by default for Tennant admin account?

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmicrosoftgraph%2Fmeetings-capture-sample%2Fissues%2F1%3Femail_source%3Dnotifications%26email_token%3DAISDT4JG3H4IUNMXUKMKPHTQ5D2WHA5CNFSM4KEH5TTKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIVN2VA%23issuecomment-573234516&data=02%7C01%7C%7C7220878d35ab4b8db39a08d7961e68aa%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637142929651143059&sdata=rwcdBZ1nYjeE9MOqk7QomUAEt3Ks1Gm6lHjMPsqHgjU%3D&reserved=0, or unsubscribehttps://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAISDT4LJSIGEFLYXSXY75K3Q5D2WHANCNFSM4KEH5TTA&data=02%7C01%7C%7C7220878d35ab4b8db39a08d7961e68aa%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637142929651143059&sdata=wPiK0NLNOSmR6Usnc9ExJCWK7oTVZ%2BiT8Khzn4SWOzk%3D&reserved=0.

[TBag]

Hi guys,

Please try this approach and let us know how it goes.

Run Connect-Graph -Scopes Directory.AccessAsUser.All and select the Consent on behalf of your organization checkbox as the tenant admin.

2. As a regular user (in another computer), run Connect-Graph -ForceRefresh since the access token in your cache hasn’t expired yet and you need to use the new scope (Directory.AccessAsUser.All). If your access token had expired, MSAL will refresh the token silently and acquire a new one with the updated scope.

3. Run the .\NewApp.ps1 script.

   

[mgordic]

Hi @TBag,

Hereby I can confirm that your suggestion works! :) Thank you very much for your assistance.

However, after full deployment of solution, in teams tab app is not loading (I see only tab with background image). In console I can see different errors regarding to authorization against Graph I think.

BR Marko

[TBag]

Glad to hear that. I'm going to modify the instructions to use these steps.

Please start a new issue that describes the issue you are seeing with the teams tab not loading. Please provide as many details as possible.

[mgordic]

Hi @TBag,

I haven't had time to try it before, finally today I made some progress.

At the end, I deployed everything and now I see option to create a meeting, but I can't save it.

I saw in console that there is an 404 error message:

POST https://##url##/MeetingCapture/CreateMeeting 404 (Not Found)

url## is my custom demo that I am using for the demo (it has ssl certificate set)

Any ideas what I might missed here in configuration / deployment?

[TBag]

Double check all the spots where you input your custom host name during the deployment.

What happens if you run it locally and debug the request? The endpoint you are failing to invoke is in the same controller class that allows you to see the new meeting page, this is very curious. Did you try resetting the web app?

[ikhwanmd]

Hi @TBag ,

I downloaded this and managed to get it to deploy it to Teams. But upon creating the meeting and click on save, i'm getting an error and it looks like the same error that @mgordic was having. It was calling /meetingCapture/CreateMeeting (with error 404 not found). Is this a js file that I'm missing or something else? The data did saved to the database, file was uploaded successfully, tasks were created, but there's no calendar meeting.

I did changed the /meetingCapture/CreateMeeting to /meetingCapture/NewMeeting. By doing so, I've managed to get the the message "Your meeting has been created" but it's not populating it in the database or any other locations.

I'm not a developer, was trying to figure out how to debug this, but failed miserably.

I've went and redployed and used the steps again with the correct custom host but kept on getting the same error. Any tips or pointers?

[TBag]

Hmm, if data is going into the database it sounds like the issue was invoking the Graph API to make the meeting. What happens if you run it locally and debug the request, what exception do you see?

[ikhwanmd]

Do i load it in Visual Studio 2019 or Visual Studio Code with the Teams extension?

[TBag]

We built the solution in VS 2019. That's what I'd debug it with.

[ikhwanmd]

I've loaded in VS2019 and did a debug, IE opens with the application laucnched (https://localhost:5001/ ) i then navigate to https://localhost:5001/meetingcapture/newmeeting. I wasn't able to add attendees. How do I connect/which configuration should i add so that it will connect to my test tenant? Wasn't able to proceed from there.

[TBag]

This document describes the options you have to debug apps locally. https://docs.microsoft.com/en-us/microsoftteams/platform/concepts/build-and-test/debug The Meeting Capture app needs to run within the context of a Team for the single sign-on authentication to work. Without the Teams context it will not authenticate or be able to determine other contextual information it needs to work properly. You'll need to modify the package you put into Teams to point to the code running on your local machine, then load the Meeting Capture inside the Team where you deploy the package.

[ikhwanmd]

Would this be an issue if i ignore this error when running gulp bundle --ship

Just an update, I've edited the "gulp.js" file to add "build.addSuppression(/Warning/gi);" the build error no longer shows. Still trying to get the debug to run locally with the document you provided.

[ikhwanmd]

@TBag I've managed to debug the code, what should i be looking for?

Here's what I saw..

[TBag]

Cool, good to see you got the debugging going. It is a permission issue. Check that you configured all the AAD apps and settings correctly in Azure and throughout all the settings files.