400 Bad Request when importing custom settings

Question

400 Bad Request when importing custom settings

JelleMarc opened this issue 3 years ago · 7 comments

When trying to import Custom Settings from the Device Configuration we are receiving an error message as following:

invoke-intunerestoredeviceconfiguration : 400 Bad Request
{"error":{"code":"NotSupported","message":"{\r\n "_version": 3,\r\n "Message": "SecretReferenceValueId invalid
for create. - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID:
4c664761-d691-42dd-8f05-06eaa16c0f4a - Url: https://fef.amsub0502.manage.microsoft.com/DeviceConfiguration_2107/Statele
ssDeviceConfigurationFEService/deviceManagement/deviceConfigurations?api-version=5021-05-26",\r\n
"CustomApiErrorPhrase": "",\r\n "RetryAfter": null,\r\n "ErrorSourceService": "",\r\n "HttpHeaders": "{
}"\r\n}","innerError":{"date":"2021-08-06T07:38:49","request-id":"4c664761-d691-42dd-8f05-06eaa16c0f4a","client-reques
t-id":"4c664761-d691-42dd-8f05-06eaa16c0f4a"}}}
At line:1 char:1

invoke-intunerestoredeviceconfiguration -path C:\temp\template

  + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
  + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-IntuneRestoreDeviceConfiguration

It has something to do with the "secretReferenceValueId", however when trying multiple things I am unable to restore the policy. A new export/import leaves the same issue.

Answer 1 · 2021-08-11T23:57:49.000Z

I've started getting the same errors on restoring configs.
It's not all configs, but if I re-run the import the same ones will always fail

All of mine that fail are all Windows 10 Custom Templates using OMA-URI

Answer 2 · 2021-08-12T15:18:31.000Z

Hi @JelleMarc and @memphisraynz,

Thanks for the report. I noticed Microsoft has started to encrypt values in Custom OMA Uri profiles. I'll have an update released soon that will decrypt the values during backup, so restoration is possible.

Answer 3 · 2021-08-12T15:37:29.000Z

Fix has been released in IntuneBackupAndRestore update 3.1.0.

Answer 4 · 2021-08-24T16:39:09.000Z

Still see an issue when oma-uri is an integer the id returns a 400 bad request and the value does not return or does not exist
#microsoft.graph.omaSettingInteger

                        "@odata.type":  "#microsoft.graph.omaSettingInteger",
                        "description":  "\u0027Accounts: Block Microsoft accounts\u0027",
                        "omaUri":  "./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts",
                        "secretReferenceValueId":  null,
                        "isEncrypted":  false,
                        "displayName":  "Accounts: Block Microsoft accounts\u0027"

Invoke-MSGraphRequest : 400 Bad Request
{"error":{"code":"BadRequest","message":"{\r\n "_version": 3,\r\n "Message": "Invalid Id in the URL - Operation
ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 71619b29-c9d1-4ee0-bb5c-80e8825af30a -
Url: https://fef.amsua0502.manage.microsoft.com/DeviceConfiguration_2108/StatelessDeviceConfigurationFEService/deviceMa
nagement/deviceConfigurations%28%279a596b21-6a46-47a1-8bc6-33ba98d61efb%27%29/microsoft.management.services.api.getOmaS
ettingPlainTextValue%28secretReferenceValueId%3D%27%27%29?api-version=5021-05-26",\r\n "CustomApiErrorPhrase":
"",\r\n "RetryAfter": null,\r\n "ErrorSourceService": "",\r\n "HttpHeaders": "{}"\r\n}","innerError":{"d
ate":"2021-08-24T16:23:24","request-id":"71619b29-c9d1-4ee0-bb5c-80e8825af30a","client-request-id":"71619b29-c9d1-4ee0-
bb5c-80e8825af30a"}}}
At C:\Program
Files\WindowsPowerShell\Modules\IntuneBackupAndRestore\3.1.1\Public\Invoke-IntuneBackupDeviceConfiguration.ps1:55
char:40

... ing.value = Invoke-MSGraphRequest -HttpMethod GET -Url "deviceManagem ...
```
            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : ConnectionError: (@{Request=; Response=}:PSObject) [Invoke-MSGraphRequest], HttpRequestE
  xception
- FullyQualifiedErrorId : PowerShellGraphSDK_HttpRequestError,Microsoft.Intune.PowerShellGraphSDK.PowerShellCmdlet
  s.InvokeRequest

Answer 5 · 2021-09-21T22:11:09.000Z

Hi,
Im still getting errors when importing OMAURI's

`VERBOSE: User Profile - Default Applications - Failed to restore Device Configuration
Invoke-IntuneRestoreDeviceConfiguration : 400 Bad Request
{"error":{"code":"NotSupported","message":"{\r\n "_version": 3,\r\n "Message": "SecretReferenceValueId invalid
for create. - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID:
9191d659-3797-4532-94f5-1ec06233f62d - Url: https://fef.msud01.manage.microsoft.com/DeviceConfiguration_2109/StatelessD
eviceConfigurationFEService/deviceManagement/deviceConfigurations?api-version=5021-06-23",\r\n
"CustomApiErrorPhrase": "",\r\n "RetryAfter": null,\r\n "ErrorSourceService": "",\r\n "HttpHeaders": "{
}"\r\n}","innerError":{"date":"2021-09-21T22:09:01","request-id":"9191d659-3797-4532-94f5-1ec06233f62d","client-reques
t-id":"9191d659-3797-4532-94f5-1ec06233f62d"}}}
At C:\Program Files\WindowsPowerShell\Modules\IntuneBackupAndRestore\3.1.1\Public\Start-IntuneRestoreConfig.ps1:36
char:5

Invoke-IntuneRestoreDeviceConfiguration -Path $Path

```
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
- CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
- FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-IntuneRestoreDeviceConfiguratio
  n`

Answer 6 · 2021-10-05T22:09:33.000Z

@jseerden Can we get this re-opened. The issue is still ongoing.

Answer 7 · 2021-12-10T21:46:33.000Z

Possible fix applied in version 3.2.0. If it is still ongoing from version 3.2.0, please submit a new issue.