[BUG] Unknown Permissions Issue Running Backup #120
Comments
|
Hi, Definitely looks like you have all the required permissions and RemoteAssistancePartner requires the service config permission. Does it fail with that exact error if you re-run the pipeline every time? Can you run from your own terminal locally using the same app reg and see if you get the same result? |
|
Yep I had tried running the backup locally with the app registration and got the same error: |
|
Interesting, can you send a print screen of the api permissions granted on the app reg? |
|
Sure thing, here are is the screenshot of it: |
|
I'm trying to replicate but haven't been able to so far |
|
I will see if it was something with the app registration, going to replace the app registration and create a new one. |
|
Do you have any remote assistance partners connected in Intune? |
|
Hi, |
|
So it seems like there is a different behaviour when there is a partner connected.. the same permissions should still apply though. Is the call working for you as well running it with your account instead of the app reg @Speed1? |
|
Sorry for the late response. I tried to run the application with the -i parameter but I get the following error after web authentication: Do you have a hint? |
Have you configured the app registration per the requirements here? https://github.com/almenscorner/IntuneCD/wiki/Authentication#interactive |
|
I struggling to replicate the remote assistance partner issue as I do not have an environment with TV available. Did you get interactive auth run to work @Speed1? |
|
Hi @almenscorner, sorry, I totally forgot about this (currently excluded RemoteAssistancePartner from backup). I also set TENANT_NAME and CLIENT_ID as env variables but no luck... If I run the command |
|
Hmm, and the redirect URI is set as a "Mobile and desktop applications" type for the platform? |
|
If you mean this flag, yes I tried to enable it but the error was the same.
|
|
I mean like this, |
|
Now it works, thanks. I was confused from the phrase Nevermind, in interactive mode everything works as expected. The RemoteAssistancePartner was backuped
|
|
I will make it clearer in the text :) OK, so there is something wrong, maybe a bug where when application permissions are used to export Remote Assistance partner the permissions are not working. Sounds like something I need to bring to Microsoft.. |
almenscorner
added
verified
|
Hi @Speed1, I have engaged Microsoft in the issue of backing up remote assistance partners. Would you be able to provide me with an ActivityId of one of the failed calls? |
|
@Speed1, are you able to provide me an ActivityID so I can move the discussions forward? 😊 |
|
You could also do a new run and provide the ActivityID @Meddell ? |
|
Hi @almenscorner |
|
Hi @almenscorner |
No worries, thank you very much! :) |
|
Were also impacted by this. We have an active TeamViewer Integration, but as it's useless (for us) I simply disconnected it... |
|
Yeah I'm hearing nothing from MS unfortunately |
|
Were also impacted by this error. We have an active TeamViewer connector. Activity ID: 4d4d0345-789b-4544-bdf0-579364683170 |
|
I am getting no responses from MS... Can everyone create a ticket with MS on this so we get some push on it? |
|
I have been able to backup a remote assistance partner with application permissions lately. Is this working for you as well now? |
|
Sorry for the late response as projects have shifted within our team for a long time but yes problem is resolved |
Describe the bug
I had originally configured IntuneCD back in March 2023, I had recently noticed the ADO pipeline was failing due to a permission I had not added (DeviceManagementManagedDevices.ReadWrite.All). I added the permission to the app registration but now I am coming up with a new error that seems to be a permission issue but not too sure.
Error:
File "/home/vsts/.local/bin/IntuneCD-startbackup", line 8, in
sys.exit(start())
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/run_backup.py", line 370, in start
run_backup(args.path, args.output, exclude, token)
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/run_backup.py", line 270, in run_backup
results.append(savebackup(path, output, token))
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/backup_remoteAssistancePartner.py", line 28, in savebackup
data = makeapirequest(ENDPOINT, token)
File "/home/vsts/.local/lib/python3.10/site-packages/IntuneCD/graph_request.py", line 84, in makeapirequest
raise Exception(
Exception: ('Request failed with ', 403, ' - ', '{"error":{"code":"Forbidden","message":"{\r\n \"_version\": 3,\r\n \"Message\": \"An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: cd0c3d1d-00ca-4a00-abdc-e0cf2c43a00e - Url: https://fef.msua05.manage.microsoft.com/RemoteAssistService/StatelessRemoteAssistService/deviceManagement/remoteAssistancePartners?api-version=5022-08-15 - CustomApiErrorPhrase: Forbidden\",\r\n \"CustomApiErrorPhrase\": \"Forbidden\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{}\"\r\n}","innerError":{"date":"2023-06-21T17:29:40","request-id":"cd0c3d1d-00ca-4a00-abdc-e0cf2c43a00e","client-request-id":"cd0c3d1d-00ca-4a00-abdc-e0cf2c43a00e"}}}')
##[error]Bash exited with code '1'.
Current App Registration Permissions:
To Reproduce
Within the Pipeline:
env:
REPO_DIR: $(DEVREPO_DIR)
TENANT_NAME: $(DEVTENANT_NAME)
CLIENT_ID: $(DEVCLIENT_ID)
CLIENT_SECRET: $(DEV_SECRET)
displayName: Run IntuneCD backup Dev
Currently ran with a client secret and app registration
Current App Registration Permissions:
Expected behavior
Backup works accordingly without issues/errors
Screenshots
Run type (please complete the following information):
The text was updated successfully, but these errors were encountered: