Microsoft365DSC
Microsoft365DSC copied to clipboard
Published
20 hours ago •
microsoft
microsoft
MSFT_O365OrgSetting: GCC-High missing $MRODeviceManagerService service principal
Description of the issue
When trying to apply O365OrgSettings to a GCC-High tenant an error occurs upon trying to create the service principal with appid 'ebe0c285-db95-403f-a1a3-a793bd6d7767' which appears to be triggered by this line https://github.com/microsoft/Microsoft365DSC/blob/c1ab37473b09807363c3b6af3ec14f0acd961782/Modules/Microsoft365DSC/DSCResources/MSFT_O365OrgSettings/MSFT_O365OrgSettings.psm1#L312
Since this happens on every connection it does not matter what the actual O365OrgSetting DSC code contains, the attempt always fails.
$servicePrincipal returns null when running the following
Connect-MgGraph -Environment USGov
$servicePrincipal = Get-MgServicePrincipal -Filter "appid eq 'ebe0c285-db95-403f-a1a3-a793bd6d7767'"
$null -eq $servicePrincipal
True
Microsoft 365 DSC Version
DEV / V1.24.313.1
Which workloads are affected
Office 365 Admin
The DSC configuration
Import-DscResource -ModuleName Microsoft365DSC
node localhost
{
O365OrgSettings 'O365OrgSettings'
{
IsSingleInstance = "Yes";
CortanaEnabled = $False;
ApplicationId = $ApplicationId
TenantId = $TenantId
CertificateThumbprint = $Thumbprint
}
}
Verbose logs showing the problem
[[O365OrgSettings]O365OrgSettings::[Office365]Office365_Configuration] Registering the MRO Device Manager Service Principal VERBOSE: [DESKTOP-M6RL1BC]: [[O365OrgSettings]O365OrgSettings::[Office365]Office365_Configuration] The appId 'ebe0c285-db95-403f-a1a3-a793bd6d7767' of the service principal does not reference a valid application object. Status: 400 (BadRequest) ErrorCode: Request_BadRequest Date: 2024-08-28T04:39:18 Headers: Transfer-Encoding : chunked Vary : Accept-Encoding Strict-Transport-Security : max-age=31536000
request-id : 596c1ba5-1208-461a-80d5-74295d54a61a
client-request-id : 60cf32a9-8d66-4ab1-b93c-73898d485eb1
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"USGov
Arizona","Slice":"E","Ring":"5","ScaleUnit":"001","RoleInstance":"PH1NEPF00008CCA"}}
Cache-Control : no-cache
Date : Wed, 28 Aug 2024 04:39:18 GMT
VERBOSE: [DESKTOP-M6RL1BC]:
[[O365OrgSettings]O365OrgSettings::[Office365]Office365_Configuration] Updating the Planner Allow Calendar Sharing
setting to {False}
[21:39:24 ERR] Error while starting DSC configuration: The request was aborted: Could not create SSL/TLS secure channel.
Environment Information + PowerShell Version
OsName : Microsoft Windows 11 Pro
OsOperatingSystemSKU : 48
OsArchitecture : 64-bit
WindowsVersion : 2009
WindowsBuildLabEx : 22621.1.amd64fre.ni_release.220506-1250
OsLanguage : en-US
OsMuiLanguages : {en-US}
Key : PSVersion
Value : 5.1.22621.3958
Name : PSVersion
Key : PSEdition
Value : Desktop
Name : PSEdition
Key : PSCompatibleVersions
Value : {1.0, 2.0, 3.0, 4.0...}
Name : PSCompatibleVersions
Key : BuildVersion
Value : 10.0.22621.3958
Name : BuildVersion
Key : CLRVersion
Value : 4.0.30319.42000
Name : CLRVersion
Key : WSManStackVersion
Value : 3.0
Name : WSManStackVersion
Key : PSRemotingProtocolVersion
Value : 2.3
Name : PSRemotingProtocolVersion
Key : SerializationVersion
Value : 1.1.0.1
Name : SerializationVersion
