Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AADNamedLocationPolicy: Fails to modify or create new resource #3656

Closed
Adamvg opened this issue Sep 7, 2023 · 0 comments · Fixed by #3658 or #3682
Closed

AADNamedLocationPolicy: Fails to modify or create new resource #3656

Adamvg opened this issue Sep 7, 2023 · 0 comments · Fixed by #3658 or #3682

Comments

@Adamvg
Copy link
Contributor

Adamvg commented Sep 7, 2023
edited
Loading

Description of the issue

When an attempt is made to either modify or create a new AADNamedLocationPolicy object, it fails - unfortunately the logs are not very helpful, and I couldn't see anything in the ETW either.

This example is adding the Aland Islands to the policy (AX)

Microsoft 365 DSC Version

1.23.830.1

Which workloads are affected

Azure Active Directory

The DSC configuration

        AADNamedLocationPolicy DEV_Trusted_Countries
        {
            CountriesAndRegions                         = @("ZM","WF","VI","VG","VN","VU","UM","UY","US","GB","AE","UG","TV","TC","TR","TT","TO","TK","TG","TL","TH","TZ","CH","SE","SZ","SJ","SR","LK","ES","GS","ZA","SB","SI","SK","SX","SG","SL","SC","SN","ST","SM","WS","VC","PM","MF","LC","KN","SH","BL","RW","RO","RE","CG","QA","PR","PT","PL","PN","PH","PE","PY","PG","PA","PW","PK","OM","NO","MP","MK","NF","NU","NG","NZ","NC","NL","NP","NR","NA","MZ","MA","MS","ME","MN","MC","FM","MX","YT","MU","MQ","MH","MT","ML","MV","MY","MW","MG","LU","LT","LI","LR","LS","LB","LV","LA","KW","KI","KE","JE","JP","JM","IT","IM","IE","ID","IN","IS","HU","HK","VA","HM","HT","GY","GG","GT","GU","GP","GD","GL","GR","GI","GH","DE","GE","GM","GA","TF","PF","GF","FR","FI","FJ","FO","FK","ET","EE","EH","EG","EC","DO","DM","DJ","DK","CZ","CY","CW","CU","HR","CI","CR","CK","CO","CC","CX","CL","TD","KY","CA","CM","KH","CV","BG","BN","IO","BR","BV","BW","BA","BQ","BO","BT","BM","BJ","BZ","BE","BB","BD","BH","BS","AT","AU","AW","AR","AG","AQ","AI","AO","AD","AS","AL","AX");
            DisplayName                                 = "DEV Trusted Countries";
            Ensure                                      = "Present";
            IncludeUnknownCountriesAndRegions           = $False;
            OdataType                                   = "#microsoft.graph.countryNamedLocation";
            Credential = $Creds
        }

Verbose logs showing the problem

VERBOSE: [CPC-adamv-QWZZO]: LCM:  [ Start  Set      ]                                                                                                                                                                                                                                   VERBOSE: [CPC-adamv-QWZZO]: LCM:  [ Start  Resource ]  [[AADNamedLocationPolicy]DEV_Trusted_Countries]
VERBOSE: [CPC-adamv-QWZZO]: LCM:  [ Start  Test     ]  [[AADNamedLocationPolicy]DEV_Trusted_Countries]                                                                                                                                                                                  VERBOSE: [CPC-adamv-QWZZO]:                            [[AADNamedLocationPolicy]DEV_Trusted_Countries] Testing configuration of AAD Named Location                                                                                                                                      VERBOSE: [CPC-adamv-QWZZO]:                            [[AADNamedLocationPolicy]DEV_Trusted_Countries] Getting configuration of AAD Named Location                                                                                                                                                                           VERBOSE: [CPC-adamv-QWZZO]:                            [[AADNamedLocationPolicy]DEV_Trusted_Countries] Found existing AAD Named Location {DEV Trusted Countries}                                                                                                                        VERBOSE: [CPC-adamv-QWZZO]:                            [[AADNamedLocationPolicy]DEV_Trusted_Countries] Get-TargetResource Result:                                                                                                                                                        ApplicationId=***                                                                                                                                                                                                                                                                      ApplicationSecret=$null                                                                                                                                                                                                                                                                 CertificateThumbprint=***                                                                                                                                                                                                                                                               CountriesAndRegions=(KW,JE,JP,JM,IT,ZM,WF,VI,VG,VN,VU,UM,UY,US,GB,AE,UG,TV,TC,TR,TT,TO,TK,TG,TL,TH,TZ,CH,SE,SZ,SJ,SR,LK,ES,GS,ZA,SC,SL,SG,SX,SK,SI,SB,SN,RW,BL,SH,KN,LC,MF,PM,VC,WS,SM,ST,PA,PG,PY,PE,PH,PN,PL,PT,PR,QA,CG,RE,RO,MK,MP,NO,OM,PK,PW,NG,NU,NF,NA,NR,NP,NL,NC,NZ,MC,MN,ME,
MS,MA,MZ,MU,YT,MX,FM,MG,MW,MY,MV,ML,MT,MH,MQ,LI,LT,LU,LA,LV,LB,LS,LR,KE,KI,IE,IM,HK,HU,IS,IN,ID,GY,HT,HM,VA,EE,ET,FK,FO,FJ,FI,FR,GF,PF,TF,GA,GM,GE,DE,GH,GI,GR,GL,GD,GP,GU,GT,GG,DK,DJ,DM,DO,EC,EG,EH,CK,CR,CI,HR,CU,CW,CY,CZ,CX,CC,CO,TD,CL,CV,KH,CM,CA,KY,BE,BZ,BJ,BM,BT,BO,BQ,BA,BW, BV,BR,IO,BN,BG,BS,BH,BD,BB,AW,AU,AT,AD,AO,AI,AQ,AG,AR,AS,AL)                                                                                                                                                                                                                            CountryLookupMethod=clientIpAddress                                                                                                                                                                                                                                                     Credential=***                                                                                                                                                                                                                                                                          DisplayName=DEV Trusted Countries                                                                                                                                                                                                                                                       Ensure=Present                                                                                                                                                                                                                                                                          Id=16c8ff1e-6e8e-4253-847e-4ee3daa7ec73                                                                                                                                                                                                                                                 IncludeUnknownCountriesAndRegions=False                                                                                                                                                                                                                                                 IpRanges=$null
IsTrusted=$null
Managedidentity=False
OdataType=#microsoft.graph.countryNamedLocation
TenantId=***
VERBOSE: [CPC-adamv-QWZZO]:                            [[AADNamedLocationPolicy]DEV_Trusted_Countries] Target Values:
CountriesAndRegions=(ZM,WF,VI,VG,VN,VU,UM,UY,US,GB,AE,UG,TV,TC,TR,TT,TO,TK,TG,TL,TH,TZ,CH,SE,SZ,SJ,SR,LK,ES,GS,ZA,SB,SI,SK,SX,SG,SL,SC,SN,ST,SM,WS,VC,PM,MF,LC,KN,SH,BL,RW,RO,RE,CG,QA,PR,PT,PL,PN,PH,PE,PY,PG,PA,PW,PK,OM,NO,MP,MK,NF,NU,NG,NZ,NC,NL,NP,NR,NA,MZ,MA,MS,ME,MN,MC,FM,MX,
YT,MU,MQ,MH,MT,ML,MV,MY,MW,MG,LU,LT,LI,LR,LS,LB,LV,LA,KW,KI,KE,JE,JP,JM,IT,IM,IE,ID,IN,IS,HU,HK,VA,HM,HT,GY,GG,GT,GU,GP,GD,GL,GR,GI,GH,DE,GE,GM,GA,TF,PF,GF,FR,FI,FJ,FO,FK,ET,EE,EH,EG,EC,DO,DM,DJ,DK,CZ,CY,CW,CU,HR,CI,CR,CK,CO,CC,CX,CL,TD,KY,CA,CM,KH,CV,BG,BN,IO,BR,BV,BW,BA,BQ,BO,
BT,BM,BJ,BZ,BE,BB,BD,BH,BS,AT,AU,AW,AR,AG,AQ,AI,AO,AD,AS,AL,AX)
Credential=***
DisplayName=DEV Trusted Countries
Ensure=Present
IncludeUnknownCountriesAndRegions=False
OdataType=#microsoft.graph.countryNamedLocation
Verbose=True
VERBOSE: [CPC-adamv-QWZZO]:                            [[AADNamedLocationPolicy]DEV_Trusted_Countries] Test-TargetResource returned False
VERBOSE: [CPC-adamv-QWZZO]: LCM:  [ End    Test     ]  [[AADNamedLocationPolicy]DEV_Trusted_Countries]  in 12.6560 seconds.
VERBOSE: [CPC-adamv-QWZZO]: LCM:  [ Start  Set      ]  [[AADNamedLocationPolicy]DEV_Trusted_Countries]
VERBOSE: [CPC-adamv-QWZZO]:                            [[AADNamedLocationPolicy]DEV_Trusted_Countries] Setting configuration of AAD Named Location
VERBOSE: [CPC-adamv-QWZZO]:                            [[AADNamedLocationPolicy]DEV_Trusted_Countries] Getting configuration of AAD Named Location
WARNING: [CPC-adamv-QWZZO]:                            [[AADNamedLocationPolicy]DEV_Trusted_Countries] We recommend providing the username in the format of <tenant>.onmicrosoft.* for the Credential property.
VERBOSE: [CPC-adamv-QWZZO]:                            [[AADNamedLocationPolicy]DEV_Trusted_Countries] Found existing AAD Named Location {DEV Trusted Countries}
VERBOSE: [CPC-adamv-QWZZO]:                            [[AADNamedLocationPolicy]DEV_Trusted_Countries] Get-TargetResource Result:
 ApplicationId=***
ApplicationSecret=$null
CertificateThumbprint=***
CountriesAndRegions=(KW,JE,JP,JM,IT,ZM,WF,VI,VG,VN,VU,UM,UY,US,GB,AE,UG,TV,TC,TR,TT,TO,TK,TG,TL,TH,TZ,CH,SE,SZ,SJ,SR,LK,ES,GS,ZA,SC,SL,SG,SX,SK,SI,SB,SN,RW,BL,SH,KN,LC,MF,PM,VC,WS,SM,ST,PA,PG,PY,PE,PH,PN,PL,PT,PR,QA,CG,RE,RO,MK,MP,NO,OM,PK,PW,NG,NU,NF,NA,NR,NP,NL,NC,NZ,MC,MN,ME,
MS,MA,MZ,MU,YT,MX,FM,MG,MW,MY,MV,ML,MT,MH,MQ,LI,LT,LU,LA,LV,LB,LS,LR,KE,KI,IE,IM,HK,HU,IS,IN,ID,GY,HT,HM,VA,EE,ET,FK,FO,FJ,FI,FR,GF,PF,TF,GA,GM,GE,DE,GH,GI,GR,GL,GD,GP,GU,GT,GG,DK,DJ,DM,DO,EC,EG,EH,CK,CR,CI,HR,CU,CW,CY,CZ,CX,CC,CO,TD,CL,CV,KH,CM,CA,KY,BE,BZ,BJ,BM,BT,BO,BQ,BA,BW,
BV,BR,IO,BN,BG,BS,BH,BD,BB,AW,AU,AT,AD,AO,AI,AQ,AG,AR,AS,AL)
CountryLookupMethod=clientIpAddress
Credential=***
DisplayName=DEV Trusted Countries
Ensure=Present
Id=16c8ff1e-6e8e-4253-847e-4ee3daa7ec73
IncludeUnknownCountriesAndRegions=False
IpRanges=$null
IsTrusted=$null
Managedidentity=False
OdataType=#microsoft.graph.countryNamedLocation
TenantId=***
VERBOSE: [CPC-adamv-QWZZO]:                            [[AADNamedLocationPolicy]DEV_Trusted_Countries] Updating existing AAD Named Location {DEV Trusted Countries)} with attributes:
Key                                                               Value Name
---                                                               ----- ----
includeUnknownCountriesAndRegions                                 False includeUnknownCountriesAndRegions
@odata.type                       #microsoft.graph.countryNamedLocation @odata.type
countryLookupMethod                                                     countryLookupMethod
isTrusted                                                         False isTrusted
NamedLocationId                    16c8ff1e-6e8e-4253-847e-4ee3daa7ec73 NamedLocationId
countriesAndRegions                                 {ZM, WF, VI, VG...} countriesAndRegions
displayName                                       DEV Trusted Countries displayName
VERBOSE: [CPC-adamv-QWZZO]:                            [[AADNamedLocationPolicy]DEV_Trusted_Countries] Updating AAD Named Location {DEV Trusted Countries)} with attributes:
Key                                                               Value Name
---                                                               ----- ----
includeUnknownCountriesAndRegions                                 False includeUnknownCountriesAndRegions
@odata.type                       #microsoft.graph.countryNamedLocation @odata.type
countryLookupMethod                                                     countryLookupMethod
isTrusted                                                         False isTrusted
NamedLocationId                    16c8ff1e-6e8e-4253-847e-4ee3daa7ec73 NamedLocationId
countriesAndRegions                                 {ZM, WF, VI, VG...} countriesAndRegions
displayName                                       DEV Trusted Countries displayName
VERBOSE: [CPC-adamv-QWZZO]:                            [[AADNamedLocationPolicy]DEV_Trusted_Countries] JSON: {
    "includeUnknownCountriesAndRegions":  false,
    "@odata.type":  "#microsoft.graph.countryNamedLocation",
    "countryLookupMethod":  "",
    "isTrusted":  false,
    "NamedLocationId":  "16c8ff1e-6e8e-4253-847e-4ee3daa7ec73",
    "countriesAndRegions":  [
                                "ZM",
                                "WF",
                                "VI",
                                "VG",
                                "VN",
                                "VU",
                                "UM",
                                "UY",
                                "US",
                                "GB",
                                "AE",
                                "UG",
                                "TV",
                                "TC",
                                "TR",
                                "TT",
                                "TO",
                                "TK",
                                "TG",
                                "TL",
                                "TH",
                                "TZ",
                                "CH",
                                "SE",
                                "SZ",
                                "SJ",
                                "SR",
                                "LK",
                                "ES",
                                "GS",
                                "ZA",
                                "SB",
                                "SI",
                                "SK",
                                "SX",
                                "SG",
                                "SL",
                                "SC",
                                "SN",
                                "ST",
                                "SM",
                                "WS",
                                "VC",
                                "PM",
                                "MF",
                                "LC",
                                "KN",
                                "SH",
                                "BL",
                                "RW",
                                "RO",
                                "RE",
                                "CG",
                                "QA",
                                "PR",
                                "PT",
                                "PL",
                                "PN",
                                "PH",
                                "PE",
                                "PY",
                                "PG",
                                "PA",
                                "PW",
                                "PK",
                                "OM",
                                "NO",
                                "MP",
                                "MK",
                                "NF",
                                "NU",
                                "NG",
                                "NZ",
                                "NC",
                                "NL",
                                "NP",
                                "NR",
                                "NA",
                                "MZ",
                                "MA",
                                "MS",
                                "ME",
                                "MN",
                                "MC",
                                "FM",
                                "MX",
                                "YT",
                                "MU",
                                "MQ",
                                "MH",
                                "MT",
                                "ML",
                                "MV",
                                "MY",
                                "MW",
                                "MG",
                                "LU",
                                "LT",
                                "LI",
                                "LR",
                                "LS",
                                "LB",
                                "LV",
                                "LA",
                                "KW",
                                "KI",
                                "KE",
                                "JE",
                                "JP",
                                "JM",
                                "IT",
                                "IM",
                                "IE",
                                "ID",
                                "IN",
                                "IS",
                                "HU",
                                "HK",
                                "VA",
                                "HM",
                                "HT",
                                "GY",
                                "GG",
                                "GT",
                                "GU",
                                "GP",
                                "GD",
                                "GL",
                                "GR",
                                "GI",
                                "GH",
                                "DE",
                                "GE",
                                "GM",
                                "GA",
                                "TF",                                                                                                                                                                                                                                                                                   "PF",                                                                                                                                                                                                                                                                                   "GF",                                                                                                                                                                                                                                                                                   "FR",                                                                                                                                                                                                                                                                                   "FI",                                                                                                                                                                                                                                                                                   "FJ",                                                                                                                                                                                                                                                                                   "FO",                                                                                                                                                                                                                                                                                   "FK",                                                                                                                                                                                                                                                                                   "ET",                                                                                                                                                                                                                                                                                   "EE",                                                                                                                                                                                                                                                                                   "EH",                                                                                                                                                                                                                                                                                   "EG",                                                                                                                                                                                                                                                                                   "EC",                                                                                                                                                                                                                                                                                   "DO",                                                                                                                                                                                                                                                                                   "DM",                                                                                                                                                                                                                                                                                   "DJ",                                                                                                                                                                                                                                                                                   "DK",                                                                                                                                                                                                                                                                                   "CZ",                                                                                                                                                                                                                                                                                   "CY",                                                                                                                                                                                                                                                                                   "CW",                                                                                                                                                                                                                                                                                   "CU",                                                                                                                                                                                                                                                                                   "HR",                                                                                                                                                                                                                                                                                   "CI",                                                                                                                                                                                                                                                                                   "CR",                                                                                                                                                                                                                                                                                   "CK",                                                                                                                                                                                                                                                                                   "CO",                                                                                                                                                                                                                                                                                   "CC",                                                                                                                                                                                                                                                                                   "CX",                                                                                                                                                                                                                                                                                   "CL",                                                                                                                                                                                                                                                                                   "TD",                                                                                                                                                                                                                                                                                   "KY",                                                                                                                                                                                                                                                                                   "CA",                                                                                                                                                                                                                                                                                   "CM",                                                                                                                                                                                                                                                                                   "KH",                                                                                                                                                                                                                                                                                   "CV",                                                                                                                                                                                                                                                                                   "BG",
                                "BN",
                                "IO",
                                "BR",
                                "BV",
                                "BW",
                                "BA",
                                "BQ",
                                "BO",
                                "BT",
                                "BM",
                                "BJ",
                                "BZ",
                                "BE",
                                "BB",
                                "BD",
                                "BH",
                                "BS",
                                "AT",
                                "AU",
                                "AW",
                                "AR",
                                "AG",
                                "AQ",
                                "AI",
                                "AO",
                                "AD",
                                "AS",
                                "AL",
                                "AX"
                            ],
    "displayName":  "DEV Trusted Countries"
}
VERBOSE: [CPC-adamv-QWZZO]:                            [[AADNamedLocationPolicy]DEV_Trusted_Countries] PATCH https://graph.microsoft.com/v1.0/identity/conditionalAccess/namedLocations/16c8ff1e-6e8e-4253-847e-4ee3daa7ec73 with 8149-byte payload
VERBOSE: [CPC-adamv-QWZZO]:                            [[AADNamedLocationPolicy]DEV_Trusted_Countries] received 417-byte response of content type application/json
Response status code does not indicate success: BadRequest (Bad Request).
    + CategoryInfo          : InvalidOperation: (Method: PATCH, ...ication/json
}:) [], CimException
    + FullyQualifiedErrorId : InvokeGraphHttpResponseException,Microsoft.Graph.PowerShell.Authentication.Cmdlets.InvokeMgGraphRequest
    + PSComputerName        : localhost

VERBOSE: [CPC-adamv-QWZZO]: LCM:  [ End    Set      ]  [[AADNamedLocationPolicy]DEV_Trusted_Countries]  in 0.9380 seconds.
The PowerShell DSC resource '[AADNamedLocationPolicy]DEV_Trusted_Countries' with SourceInfo 'C:\dev\local_m365dsc\scripts\DSCConfigurations\003-AADNamedLocationPolicy.ps1::24::9::AADNamedLocationPolicy' threw one or more non-terminating errors while running the
Set-TargetResource functionality. These errors are logged to the ETW channel called Microsoft-Windows-DSC/Operational. Refer to this channel for more details.
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : NonTerminatingErrorFromProvider
    + PSComputerName        : localhost

VERBOSE: [CPC-adamv-QWZZO]: LCM:  [ End    Set      ]
The SendConfigurationApply function did not succeed.
    + CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : MI RESULT 1
    + PSComputerName        : localhost

VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 13.963 seconds

Environment Information + PowerShell Version

OsName               : Microsoft Windows 11 Enterprise
OsOperatingSystemSKU : EnterpriseEdition
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 22621.1.amd64fre.ni_release.220506-1250
OsLanguage           : en-US
OsMuiLanguages       : {en-US, en-GB}
Name                           Value
----                           -----
PSVersion                      5.1.22621.1778
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.22621.1778
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
@Adamvg Adamvg mentioned this issue Sep 7, 2023
Merged
NikCharlebois added a commit that referenced this issue Sep 8, 2023
@NikCharlebois
Merge pull request #3658 from Adamvg/Dev
02a6b0e 
Fix #3656: AADNamedLocationPolicy: Add default CountryLookupMethod and reorganise IsTrusted assignment
@NikCharlebois NikCharlebois mentioned this issue Sep 14, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@Adamvg