DSC SCLabelPolicy export error #3104
Comments
|
Can you provide additional details around the policy that is throwing the error? Screenshots that would allow us to recreate in our environment to help troubleshooting the issue would be very useful. Thanks |
|
Hi Nik, sure. |
|
Thanks for the screenshots. We are not able to replicate on our end. $creds = Get-Credential
Connect-IPPSSession -Credential $creds
$policy = Get-LabelPolicy -Identity UMobi_all
$settings = $policy.Settings
foreach ($setting in $settings)
{
$settingString = $setting.Replace('[', '').Replace(']', '')
$settingKey = $settingString.Split(',')[0]
$startPos = $settingString.IndexOf(',', 0) + 1
$valueString = $settingString.Substring($startPos, $settingString.Length - $startPos).Trim()
if ($valueString -like '*,*')
{
$values = $valueString -split ','
}
else
{
$values = $valueString
}
if ($settingKey -like '*defaultlabel*')
{
$label = Get-Label -Identity $values
Write-Host $label.DisplayName
}
} |
|
Hi Nik, Same error: PS C:\WINDOWS\system32> Connect-IPPSSession -Credential $creds
$policy = Get-LabelPolicy -Identity UMobi_all
$settings = $policy.Settings
foreach ($setting in $settings)
{
$settingString = $setting.Replace('[', '').Replace(']', '')
$settingKey = $settingString.Split(',')[0]
$startPos = $settingString.IndexOf(',', 0) + 1
$valueString = $settingString.Substring($startPos, $settingString.Length - $startPos).Trim()
if ($valueString -like '*,*')
{
$values = $valueString -split ','
}
else
{
$values = $valueString
}
if ($settingKey -like '*defaultlabel*')
{
$label = Get-Label -Identity $values
Write-Host $label.DisplayName
}
}
The operation couldn't be performed because object 'None' couldn't be found on 'FfoConfigurationSession'.
+ CategoryInfo : NotSpecified: (:) [Get-Label], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : [Server=DM6NAM11WS032,RequestId=4c2e6269-fe1e-472a-9a9c-a1b6dc2b5da5,TimeStamp=05.04.2023 09:03:44] [FailureCategory=Cmdlet-ManagementObje
ctNotFoundException] EB231B2F,Microsoft.Office.CompliancePolicy.Tasks.GetLabel
+ PSComputerName : nam11b.ps.compliance.protection.outlook.com |
|
Could you please extend the output of the script a bit: Connect-IPPSSession -Credential $creds
$policy = Get-LabelPolicy -Identity UMobi_all
$settings = $policy.Settings
foreach ($setting in $settings)
{
try{
$settingString = $setting.Replace('[', '').Replace(']', '')
$settingKey = $settingString.Split(',')[0]
$startPos = $settingString.IndexOf(',', 0) + 1
$valueString = $settingString.Substring($startPos, $settingString.Length - $startPos).Trim()
Write-Host "valueString: $($valuestring)"
if ($valueString -like '*,*')
{
$values = $valueString -split ','
}
else
{
$values = $valueString
}
if ($settingKey -like '*defaultlabel*')
{
Write-Host "Getting Label for value: $($values)"
$label = Get-Label -Identity $values
Write-Host $label.DisplayName
}
}
catch
{
Write-Host $_
}
}
|
|
Hi Andi, Sure: PS C:\WINDOWS\system32> $policy = Get-LabelPolicy -Identity Umobi_all
$settings = $policy.Settings
foreach ($setting in $settings)
{
try{
$settingString = $setting.Replace('[', '').Replace(']', '')
$settingKey = $settingString.Split(',')[0]
$startPos = $settingString.IndexOf(',', 0) + 1
$valueString = $settingString.Substring($startPos, $settingString.Length - $startPos).Trim()
Write-Host "valueString: $($valuestring)"
if ($valueString -like '*,*')
{
$values = $valueString -split ','
}
else
{
$values = $valueString
}
if ($settingKey -like '*defaultlabel*')
{
Write-Host "Getting Label for value: $($values)"
$label = Get-Label -Identity $values
Write-Host $label.DisplayName
}
}
catch
{
Write-Host $_
}
}
valueString: false
valueString: true
valueString: true
valueString: false
valueString: false
valueString: false
valueString: false
valueString: true
valueString: None
Getting Label for value: None
The operation couldn't be performed because object 'None' couldn't be found on 'FfoConfigurationSession'.
+ CategoryInfo : NotSpecified: (:) [Get-Label], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : [Server=DM6NAM11WS032,RequestId=9790444a-4548-454c-a8f3-eabe66857a93,TimeStamp=05.04.2023 09:23:04] [FailureCategory=Cmdlet-ManagementObje
ctNotFoundException] EB231B2F,Microsoft.Office.CompliancePolicy.Tasks.GetLabel
+ PSComputerName : nam11b.ps.compliance.protection.outlook.com
valueString: false |
|
Why is there a 'None'. Would you mind outputting the setting as well and the policy? |
|
No problem Andi. Which command should I do that you can get all your information that you need? |
|
I think I got the error. The advanced label policy setting for "outlookdefaultlabel" is set to none not false or true. I will check that and inform you. |
|
Ok for the advanced settings is not allowed to set it to false or true. PS C:\Company\Scripts\M365DSC> Set-LabelPolicy -Identity Umobi_all -AdvancedSettings @{outlookdefaultlabel="false"}
WARNING: Encountered exception: Microsoft.Exchange.Management.UnifiedPolicy.ErrorResolvingMipLabelIdException: Error resolving MIP label ID 'false' to a Guid.
at Microsoft.Office.CompliancePolicy.Tasks.MipLabelContentTypeUtils.ValidateDefaultLabelContentType(String defaultLabelId, MipLabelContentType expectedContentType, Lis
t`1 labels)
at Microsoft.Office.CompliancePolicy.Tasks.MipLabelUtilities.ValidateDefaultLabel(List`1 labelStorages, List`1 settings, OrganizationId orgId, UnifiedPolicyCmdletLogge
r cmdletLogger, MipLabelsSnapshot tenantSnapshot)
at Microsoft.Office.CompliancePolicy.Tasks.SetLabelPolicy.InternalValidate()
Error resolving MIP label ID 'false' to a Guid.
+ CategoryInfo : NotSpecified: (:) [Set-LabelPolicy], ErrorResolvingMipLabelIdException
+ FullyQualifiedErrorId : [Server=DM6NAM11WS032,RequestId=676c3478-db03-4b1d-bdfa-117e6cf1caab,TimeStamp=05.04.2023 10:37:24] [FailureCategory=Cmdlet-ErrorResolving
MipLabelIdException] 3F4C9378,Microsoft.Office.CompliancePolicy.Tasks.SetLabelPolicy
+ PSComputerName : nam11b.ps.compliance.protection.outlook.com
|
|
How does the advanced label differ? We need to add an additional condition to this statement: if ($settingKey -like 'defaultlabel') |
|
I checked the advanced setting and in the UI it is possible to set "None" for this setting. |
|
Could you try to set it to $null
|
|
Yes like this: OutlookDefaultLabel: Outlook apps that support this setting apply a default label, or no label. Example: Set-LabelPolicy -Identity Global -AdvancedSettings @{OutlookDefaultLabel="None"}. For more information about this configuration choice, see Outlook-specific options for default label and mandatory labeling. Output: PS C:\Company\Scripts\M365DSC> (Get-Labelpolicy -Identity Umobi_all).settings
[powerbimandatory, false]
[requiredowngradejustification, true]
[mandatory, true]
[disablemandatoryinoutlook, false]
[enablecustompermissions, false]
[hidebarbydefault, false]
[siteandgroupmandatory, false]
[enablepdfv2protection, true]
[teamworkmandatory, false]
[outlookdefaultlabel, None]
|
|
I don’t get it. I’ve read this passage as well. Either the documentation is wrong or the code 😬 |
|
I think the DSC Module can't handle this setting because "None" is set. You can test ist by your own. Now is my second policy also not working as well ;) |
|
|
|
I think, we are closer to the solution. At the moment, in M365DSC there is an issue with NONE values. On the other hand, you were not able to run this command with success: Would be good to know, if we can set it like this: or Any chance you could run the both commands above? I don't a have a test environment for labels ATM. |
|
First command not possible second command no error occurs. PS C:\Company\Scripts\MIP> Set-LabelPolicy -Identity Umobi_all -AdvancedSettings @{outlookdefaultlabel="null"}
WARNING: Encountered exception: Microsoft.Exchange.Management.UnifiedPolicy.ErrorResolvingMipLabelIdException: Error resolving MIP label ID 'null' to a Guid.
at Microsoft.Office.CompliancePolicy.Tasks.MipLabelContentTypeUtils.ValidateDefaultLabelContentType(String defaultLabelId, MipLabelContentType expectedContentType, Lis
t`1 labels)
at Microsoft.Office.CompliancePolicy.Tasks.MipLabelUtilities.ValidateDefaultLabel(List`1 labelStorages, List`1 settings, OrganizationId orgId, UnifiedPolicyCmdletLogge
r cmdletLogger, MipLabelsSnapshot tenantSnapshot)
at Microsoft.Office.CompliancePolicy.Tasks.SetLabelPolicy.InternalValidate()
Error resolving MIP label ID 'null' to a Guid.
+ CategoryInfo : NotSpecified: (:) [Set-LabelPolicy], ErrorResolvingMipLabelIdException
+ FullyQualifiedErrorId : [Server=DM6NAM11WS025,RequestId=82d90740-7287-477a-9ee2-94b3d0f609ac,TimeStamp=05.04.2023 11:32:13] [FailureCategory=Cmdlet-ErrorResolving
MipLabelIdException] C1898350,Microsoft.Office.CompliancePolicy.Tasks.SetLabelPolicy
+ PSComputerName : nam11b.ps.compliance.protection.outlook.com
PS C:\Company\Scripts\MIP> Set-LabelPolicy -Identity Umobi_all -AdvancedSettings @{outlookdefaultlabel=$null}
PS C:\Company\Scripts\MIP>
|
|
But now the setting in the UI is changed to "same as document" that would be false. |
|
I was about to celebrate... What do we know so far:
|
|
Can I confirm ;) |
|
So what is going on next? |
|
We need to find a fix for this issue. Right now, there is the challenge on how to set the object to be none. |
|
@andikrueger Hi, setting outlookdefaultlabel to None works, in fact this is documented in https://learn.microsoft.com/en-us/powershell/module/exchange/set-labelpolicy?view=exchange-ps : OutlookDefaultLabel: Outlook apps that support this setting apply a default label, or no label. Example: Set-LabelPolicy -Identity Global -AdvancedSettings @{OutlookDefaultLabel="None"}. For more information about this configuration choice, see Outlook-specific options for default label and mandatory labeling. C:\> $Policy = Get-LabelPolicy
C:\> $Policy.Settings
[mandatory, false]
[powerbimandatory, false]
[outlookdefaultlabel, defa4170-0d19-0005-0004-bc88714345d2] # Here is set to "All Employees (unrestricted)"
[requiredowngradejustification, true]
[defaultlabelid, defa4170-0d19-0005-0004-bc88714345d2]
[disablemandatoryinoutlook, true]
PS C:\> Set-LabelPolicy -Identity $Policy.Identity -AdvancedSettings @{ outlookdefaultlabel = "None" }
PS C:\> $Policy = Get-LabelPolicy
PS C:\> $Policy.Settings
[mandatory, false]
[powerbimandatory, false]
[outlookdefaultlabel, None] # Here is correctly set to None after changing it
[requiredowngradejustification, true]
[defaultlabelid, defa4170-0d19-0005-0004-bc88714345d2]
[disablemandatoryinoutlook, true]I have a quick fix to handle "None" which just bypasses `Get-Label' cmdlet since it's not required and I was able to export/test with M365Dsc. I'll send a PR for this. |
|
Well, setting the label policy to null, has seen in this discussion, also works but removes it from the settings list. Is this something that should be checked too? It's easy to add a check for null. PS C:\> $Policy = Get-LabelPolicy
PS C:\> $Policy.Settings
[mandatory, false]
[powerbimandatory, false]
[requiredowngradejustification, true]
[defaultlabelid, defa4170-0d19-0005-0004-bc88714345d2]
[disablemandatoryinoutlook, true]
[outlookdefaultlabel, None]
PS C:\> Set-LabelPolicy -Identity $Policy.Identity -AdvancedSettings @{ outlookdefaultlabel = $null }
PS C:\> (Get-LabelPolicy).Settings
[mandatory, false]
[powerbimandatory, false]
[requiredowngradejustification, true]
[defaultlabelid, defa4170-0d19-0005-0004-bc88714345d2]
[disablemandatoryinoutlook, true]Arguably this would only make sense if writing a blueprint manually and set outlookdefaultlabel to null, so probably should be left alone and my PR is enough to fix this. |
Details of the scenario you tried and the problem that is occurring
Verbose logs showing the problem
Suggested solution to the issue
The DSC configuration that is used to reproduce the issue (as detailed as possible)
# At the end in picturesVersion of the DSC module that was used ('dev' if using current dev branch)
Newest version from 03.28.23
Pictures
The text was updated successfully, but these errors were encountered: