IntuneDeviceConfigurationCustomPolicyWindows10: Cannot Deploy Resource to Tenant #3655
Comments
|
Issue relates to this single OMA-URI Setting: MSFT_MicrosoftGraphomaSetting{
OmaUri = './Device/Vendor/MSFT/Policy/Config/UserRights/DenyLocalLogOn'
SecretReferenceValueId = '6d75adbc-f4a0-426c-8897-db4fa24db282_114ec7ab-e4f2-4fd7-a3f2-0a1373395430_92939978-230a-49bf-8cdc-ba71a02964a6'
Value = '****'
odataType = '#microsoft.graph.omaSettingString'
IsEncrypted = $True
DisplayName = 'Deny log on locally'
} |
|
I am seeing this behavior with several other settings: MSFT_MicrosoftGraphomaSetting{
OmaUri = './Vendor/MSFT/Policy/Config/ApplicationDefaults/DefaultAssociationsConfiguration'
SecretReferenceValueId = '162adda1-92ff-4d4d-bef5-5e9cd87fefcf_f1fa203f-27bb-42dc-974f-a2ded0b5dfc6_7ff2e7a0-7726-45a0-9282-355e950dbdc5'
Value = '****'
odataType = '#microsoft.graph.omaSettingString'
IsEncrypted = $True
DisplayName = 'Application Defaults'
}MSFT_MicrosoftGraphomaSetting{
Description = 'GMS001-%SERIAL%'
OmaUri = './Device/Vendor/MSFT/Accounts/Domain/ComputerName'
SecretReferenceValueId = '162adda1-92ff-4d4d-bef5-5e9cd87fefcf_d327dfe4-ddb5-46a4-8010-33492c7809b4_6d911eba-59a1-4850-a067-053805eddcfa'
Value = '****'
odataType = '#microsoft.graph.omaSettingString'
IsEncrypted = $True
DisplayName = 'Device Rename'
}I managed to work around this issue by removing the |
|
@andikrueger Forgot this issue was raised, in my solution for crypted entries I decrypt the values and reinsert them back into the blueprint then remove SecretReferenceValueId and IsEncrypted parameters. Having this directly in M365DSC probably would be better? Otherwise people will trip into this problem which needs manual intervention. Of course in order to decrypt the values then you need to connect to the tenant from where the values where encrypted in the first place, you cannot decrypt them into a target tenant in cloning scenario. |
When running Start-DscConfiguration with a valid exported and generated MOF file, I am getting the following error which relates to IntuneDeviceConfigurationCustomPolicyWindows10.
Details of the scenario you tried and the problem that is occurring
I have attempted to deploy to multiple tenants and this resource seems to fail where others seem to work correctly.
Verbose logs showing the problem
[NotSupported] : {
"_version": 3,
"Message": "SecretReferenceValueId invalid for create. - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 463a2e03-bca2-444d-a098-362b19c1b87a - Url: https://fef.msub06.manage.microsoft.com/DeviceConfiguration_2308/StatelessDeviceConfigurationFEService/deviceManagement/deviceConfigurations?a pi-version=5023-07-14",
"CustomApiErrorPhrase": "",
"RetryAfter": null,
"ErrorSourceService": "",
"HttpHeaders": "{}"
}
The PowerShell DSC resource '[IntuneDeviceConfigurationCustomPolicyWindows10]IntuneDeviceConfigurationCustomPolicyWindows10- CIS Microsoft Intune for Windows 11 Benchmark v1.0.0 - Custom' with SourceInfo 'C:\Users...\Microsoft365DSC\Temp\ACP201890b.onmicrosoft.com.ps1::17::9::IntuneDeviceConfigurationCustomPolicyWindows10' threw one or more non-terminating errors while running the Set-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
Cannot process argument transformation on parameter 'BodyParameter'. Cannot convert value "System.Management.Automation.PSBoundParametersDictionary" to type
"Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphDeviceEnrollmentConfiguration". Error: "Specified cast is not valid." + CategoryInfo : InvalidData: (:) [], CimException
The PowerShell DSC resource '[IntuneDeviceEnrollmentPlatformRestriction]IntuneDeviceEnrollmentPlatformRestriction-All users and all devices' with SourceInfo 'C:\Users...\Microsoft365DSC\Temp\ACP201890b.onmicrosoft.com.ps1::1492::9::IntuneDeviceEnrollmentPlatformRestriction' threw one or more non-terminating errors while running the Set-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
The SendConfigurationApply function did not succeed.
+ CategoryInfo : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
+ FullyQualifiedErrorId : MI RESULT 1
+ PSComputerName : localhost
Suggested solution to the issue
The DSC configuration that is used to reproduce the issue (as detailed as possible)
The operating system the target node is running
OsName : Microsoft Windows 11 Enterprise
OsOperatingSystemSKU : EnterpriseEdition
OsArchitecture : 64-bit
WindowsVersion : 2009
WindowsBuildLabEx : 22000.1.amd64fre.co_release.210604-1628
OsLanguage : en-US
OsMuiLanguages : {en-US, en-GB}
Version of the DSC module that was used ('dev' if using current dev branch)
1.23.830.1
The text was updated successfully, but these errors were encountered: