Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10: Cannot deploy to another tenant #3438

Closed
ricmestre opened this issue Jul 6, 2023 · 10 comments · Fixed by #4910 or #4923
Closed

IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10: Cannot deploy to another tenant #3438

ricmestre opened this issue Jul 6, 2023 · 10 comments · Fixed by #4910 or #4923
Labels
Bug Something isn't working Intune V1.23.628.1 Version 1.23.628.1 V1.23.705.1 Version 1.23.705.1

Comments

@ricmestre
Copy link
Contributor

ricmestre commented Jul 6, 2023
edited
Loading

Details of the scenario you tried and the problem that is occurring

The exported blueprint, see below, can be redeployed to the same tenant since the Test succeeds, nevertheless trying to deploy it to another tenant fails with an error message when calling New-MgDeviceManagementWindowsFeatureUpdateProfile, also see below.

Verbose logs showing the problem

# [...]

[[IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10]IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10-REDACTED] Creating
 an Intune Windows Update For Business Feature Update Profile for Windows10 with DisplayName {REDACTED}
{
  "_version": 3,
  "Message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 53adab70-a0bc-4808-b518-513fcfe6c74e - Url:
4-21",
  "CustomApiErrorPhrase": "",
  "RetryAfter": null,
  "ErrorSourceService": "",
  "HttpHeaders": "{}"
}
    + CategoryInfo          : InvalidOperation: ({ body = Micros...UpdateProfile }:) [], CimException
    + FullyQualifiedErrorId : BadRequest,Microsoft.Graph.PowerShell.Cmdlets.NewMgDeviceManagementWindowFeatureUpdateProfile_Create
    + PSComputerName        : localhost

Suggested solution to the issue

N/A

The DSC configuration that is used to reproduce the issue (as detailed as possible)

# Generated with Microsoft365DSC version 1.23.628.1
# For additional information on how to use Microsoft365DSC, please visit https://aka.ms/M365DSC
param (
    [parameter()]
    [System.Management.Automation.PSCredential]
    $Credential
)

Configuration Feature
{
    param (
        [parameter()]
        [System.Management.Automation.PSCredential]
        $Credential
    )

    if ($null -eq $Credential)
    {
        <# Credentials #>
        $Credscredential = Get-Credential -Message "Credentials"

    }
    else
    {
        $CredsCredential = $Credential
    }

    $OrganizationName = $CredsCredential.UserName.Split('@')[1]

    Import-DscResource -ModuleName 'Microsoft365DSC' -ModuleVersion '1.23.628.1'

    Node localhost
    {
        IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10 "IntuneWindowsUpdateForBusinessFeatureUpdateProfileWindows10-REDACTED"
        {
            Assignments          = @(
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    dataType = '#microsoft.graph.groupAssignmentTarget'
                    groupId = 'REDACTED'
                }
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    dataType = '#microsoft.graph.groupAssignmentTarget'
                    groupId = 'REDACTED'
                }
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    dataType = '#microsoft.graph.exclusionGroupAssignmentTarget'
                    groupId = 'REDACTED'
                }
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    dataType = '#microsoft.graph.groupAssignmentTarget'
                    groupId = 'REDACTED'
                }
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    dataType = '#microsoft.graph.groupAssignmentTarget'
                    groupId = 'REDACTED'
                }
                MSFT_DeviceManagementConfigurationPolicyAssignments{
                    deviceAndAppManagementAssignmentFilterType = 'none'
                    dataType = '#microsoft.graph.groupAssignmentTarget'
                    groupId = 'REDACTED'
                }
            );
            Credential           = $Credscredential;
            Description          = "";
            DisplayName          = "REDACTED";
            Ensure               = "Present";
            FeatureUpdateVersion = "Windows 10, version 21H2";
            Id                   = "REDACTED";
            RolloutSettings      = MSFT_MicrosoftGraphwindowsUpdateRolloutSettings{
                OfferEndDateTimeInUTC = '2023-07-15T11:55:01.2680000+00:00'
                OfferStartDateTimeInUTC = '2023-07-22T11:55:01.2680000+00:00'
                OfferIntervalInDays = 7
            };
        }
    }
}

Feature -ConfigurationData .\ConfigurationData.psd1 -Credential $Credential

The operating system the target node is running

Win10

Version of the DSC module that was used ('dev' if using current dev branch)

1.23.628.1
@andikrueger andikrueger added Bug Something isn't working Intune V1.23.628.1 Version 1.23.628.1 labels Jul 6, 2023
@ricmestre
Copy link
Contributor Author

Please update label to V1.23.705.1 since it also fails with latest version, tested it locally (not DevOps) with cert-based auth.

@andikrueger andikrueger added the V1.23.705.1 Version 1.23.705.1 label Jul 11, 2023
@ricmestre ricmestre mentioned this issue Oct 4, 2023
Closed
@richardjgreen
Copy link

We get the same Bad Request error on 1.23.906.1 too.

@ricmestre
Copy link
Contributor Author

This was not yet solved, so it actually happens on latest release 1.23.1018.1 as well.

@richardjgreen richardjgreen mentioned this issue Nov 9, 2023
Closed
@William-Francillette
Copy link
Contributor

Hi @ricmestre and @richardjgreen

The way this policy is managed in the API is tricky - I had issue while creating and testing this resource due to the OfferStartDateTimeInUTC - try changing this date manually in your export to the time of your run and it should work

@ricmestre
Copy link
Contributor Author

ricmestre commented Nov 9, 2023
edited
Loading

@William-Francillette I just tested it and that doesn't solve the issue, both OfferStartDateTimeInUTC and OfferEndDateTimeInUTC from my export are dates in past so I tried first to change OfferEndDateTimeInUTC for a future date and got the same error message, after that then I also tried to change OfferStartDateTimeInUTC and still had the same behavior.

@William-Francillette
Copy link
Contributor

Do you get the same issue if you try with the Graph sdk for example ?
When I tested it, it was very restrictive but can have another look in the evening

@ricmestre
Copy link
Contributor Author

Yes, same issue using cmdlet New-MgBetaDeviceManagementWindowsFeatureUpdateProfile directly, but there's really something fishy happening with RolloutSettings property since if I remove the parameter I'm able to create the profile and of course also works with M365DSC if I remove that property from the export.

@William-Francillette
Copy link
Contributor

I'm not surprised this policy is very restrictive but this is more on the API side of things not even the sdk

@ricmestre
Copy link
Contributor Author

Yep it definitely looks like a problem on the API side or we just didn't learn how to tame it yet :)

@peombwa Hi, could you please share your thoughts about this issue?

@ricmestre
Copy link
Contributor Author

Any updates on this issue?

@ricmestre ricmestre mentioned this issue Jul 16, 2024
Closed
@FabienTschanz FabienTschanz mentioned this issue Jul 19, 2024
Merged
@NikCharlebois NikCharlebois mentioned this issue Jul 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Something isn't working Intune V1.23.628.1 Version 1.23.628.1 V1.23.705.1 Version 1.23.705.1
Projects
None yet
Milestone
No milestone
4 participants
@richardjgreen @andikrueger @William-Francillette @ricmestre