msgraph-sdk-powershell
msgraph-sdk-powershell copied to clipboard
microsoftgraph
Remove-MgUserAuthenticationWindowsHelloForBusinessMethod fails with 'Invalid value for KeyId' and 'The input is not a valid Base-64 string' possibly due to corrupt KeyId?
Describe the bug
I am trying to remove two orphaned Windows Hello For Business authentication methods from one of our business' user accounts.
I get the errors as mentioned in the subject title from both the Azure Entra web UI and from Azure shell.
I've tried both using the reported raw KeyIds and encoding them to Base64 URL strings but neither works.
It appears that the two orphaned IDs do not look like any other IDs; neither those already deleted for the current user nor those from other user accounts.
The KeyIDs in question look like UUIDs rather than the expected Base64 IDs. I suspect the records may be corrupted so am wondering how I remove them if so?
Expected behavior
Ability to remove orphaned (and possibly corrupt) Windows Hello For Business authentication methods from a user account.
How to reproduce
I have obfuscated the UUIDs shown below but the original ones are in the same format (probably unnecessary).
Get-MgUserAuthenticationWindowsHelloForBusinessMethod -UserId [email protected]
Id CreatedDateTime DisplayName KeyStrength
-- --------------- ----------- -----------
d4d62b5c-533c-42b4-835a-2aebc94cc75e 9/15/2015 4:15:13 PM normal
541230e0-f444-47ce-8d9b-ccf9fa912d46 9/30/2015 12:53:07 AM normal
Remove-MgUserAuthenticationWindowsHelloForBusinessMethod -UserId [email protected] -WindowsHelloForBusinessAuthenticationMethodId d4d62b5c-533c-42b4-835a-2aebc94cc75e
Remove-MgUserAuthenticationWindowsHelloForBusinessMethod_Delete: {"odata.error":
{"code":"invalid_request","message":{"lang":"en","value":"Invalid value for KeyId: d4d62b5c-533c-42b4-835a-2aebc94cc75e. KeyId must be a valid base64 URL encoded string"},"values":
[{"item":"subCode","value":"error_invalid_key_id_format"},{"item":"requestId","value":"60b2812b-faa0-4591-9dae-42cd366996d1"},{"item":"date","value":"07-23-2024 23:11:42Z"}]}}
- Similarly for the other KeyId, except the error is:
Remove-MgUserAuthenticationWindowsHelloForBusinessMethod_Delete: {"odata.error":
{"code":"invalid_request","message":{"lang":"en","value":"The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters. "},"values":
[{"item":"subCode","value":"error_invalid_key_id_format"},{"item":"requestId","value":"60b2812b-faa0-4591-9dae-42cd366996d1"},{"item":"date","value":"07-23-2024 23:13:34Z"}]}}
- Other user's KeyIds look different. As did the first user's other KeyIds before deletion.
Get-MgUserAuthenticationWindowsHelloForBusinessMethod -UserId [email protected]
Id CreatedDateTime DisplayName KeyStrength
-- --------------- ----------- -----------
RAMOKUYOWDc2oH00NHt5Wg9c8fy3Uerk2-xypb-0reYQ 12/23/2015 9:39:03 PM unknown
INdwNQZgAKvSX27MUHx63Oc2cz4vmsqW01z9fMwx8sxc 11/2/2015 3:30:47 PM unknown
coOhhvj-_9_di98ceL5g-R6VmFdRn62I4cg5AF0Gz7IJ 12/6/2016 10:54:01 PM unknown
37JRqvV918a7VgVz9625Q6ykvt23E5ps7_JSZ8wbDy1q 12/15/2016 3:26:55 PM unknown
Fuz11mAP1XS6V90H65x2Q5b7AjgV52RT2xfo66r3WAFC 6/27/2018 8:10:20 AM normal
- Encoding the UUID KeyIds as safe Base64 URLs beforehand has no effect and the errors reported are the same.
SDK Version
2.20.0
Latest version known to work for scenario above?
No response
Known Workarounds
No response
Debug output
Click to expand log
```</details>
### Configuration
Azure shell at shell.azure.com
Name Value
PSVersion 7.4.3 PSEdition Core GitCommitId 7.4.3 OS CBL-Mariner/Linux Platform Unix PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…} PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 WSManStackVersion 3.0
### Other information
_No response_
