Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SendConfigurationApply function does not succeed #4545

Open
samevansakido opened this issue Apr 10, 2024 · 5 comments
Open

SendConfigurationApply function does not succeed #4545

samevansakido opened this issue Apr 10, 2024 · 5 comments
Labels
Entra ID Pending Information

Comments

@samevansakido
Copy link

Description of the issue

I have seen a lot of reports on this issue in this github, but it looks like the original requesters never respond so I don't get to see the actual resolutions.

I am running into an issue testing recovering a configuration in a seperate tenant. The export went well with no issues, I have created the MOF, but when I run it I get a couple errors.

First off I keep getting: Unable to retrieve AccessToken. Have you registered the 'Microsoft Graph PowerShell' application already? Please run
'Connect-MgGraph -Scopes Domain.Read.All' and logon using '[email protected]'
For every policy. I have that command running directly above the call, as seen below:

UpdateTenant:

$TargetCredential = Get-Credential

#Get-AzureADTenantDetail
Connect-MgGraph -Scopes Domain.Read.All

Update-M365DSCAllowedGraphScopes -ResourceNameList @("AADConditionalAccessPolicy") -Type Update

Write-Host "Starting Creation of MOF now..."

#Below creates MOF
#D:\Users\Admin\Documents\M365\ConditionalAccess\M365TenantConfig.ps1 -Credential $TargetCredential

Write-Host "Stopping any DSC Configs currently running"
Stop-DSCConfiguration -Force

Write-Host "Removing DSCConfiguration Stage"
Remove-DSCConfigurationDocument -Stage Current

Write-Host "Starting DSC Config Now..."

Start-DscConfiguration -Path D:\Users\Admin\Documents\M365\ConditionalAccess -Wait -Verbose -Force

The above error regarding Connect-Mgraph doesn't appear to be the biggest issue though. I keep getting the "SendConfigurationApply" function failing. Error:
The SendConfigurationApply function did not succeed.
+ CategoryInfo : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
+ FullyQualifiedErrorId : MI RESULT 1
+ PSComputerName : localhost

Microsoft 365 DSC Version

1.24.403.1

Which workloads are affected

Azure Active Directory (Entra ID)

The DSC configuration

No response

Verbose logs showing the problem

VERBOSE: [WSAMZN-QL7IG20B]: LCM:  [ End    Set      ]
The SendConfigurationApply function did not succeed.
    + CategoryInfo          : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
    + FullyQualifiedErrorId : MI RESULT 1
    + PSComputerName        : localhost
 
VERBOSE: Operation 'Invoke CimMethod' complete.
VERBOSE: Time taken for configuration job to complete is 66.177 seconds

Environment Information + PowerShell Version

OsName               : Microsoft Windows Server 2022 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 20348.1.amd64fre.fe_release.210507-1500
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Key   : PSVersion
Value : 5.1.20348.2031
Name  : PSVersion

Key   : PSEdition
Value : Desktop
Name  : PSEdition

Key   : PSCompatibleVersions
Value : {1.0, 2.0, 3.0, 4.0...}
Name  : PSCompatibleVersions

Key   : BuildVersion
Value : 10.0.20348.2031
Name  : BuildVersion

Key   : CLRVersion
Value : 4.0.30319.42000
Name  : CLRVersion

Key   : WSManStackVersion
Value : 3.0
Name  : WSManStackVersion

Key   : PSRemotingProtocolVersion
Value : 2.3
Name  : PSRemotingProtocolVersion

Key   : SerializationVersion
Value : 1.1.0.1
Name  : SerializationVersion
@andikrueger
Copy link
Collaborator

  • Please run Start-DSCConfiguration with the verbose switch set.
  • are all users present in this tenant? They need to be provisioned prior to the conditional access policy

@samevansakido
Copy link
Author

  • Please run Start-DSCConfiguration with the verbose switch set.
  • are all users present in this tenant? They need to be provisioned prior to the conditional access policy

So I am running Start-DSCConfiguration with Verbose, Wait, and Force turned on.

I do not have all users present in this tenant. We made a new tenant for testing purposes. Do you know of an efficient way to export the user list from the production tenant and import to the test tenant?

Also, won't there be issues with the user ID's considering we don't have the same domains in both tenant?

If so, is there a better way to test recovery functionality that I am not aware of?

@samevansakido
Copy link
Author

Can I get an update on the above questions? We are concerned about how we can test without overwriting or potentially impacting our production tenant

@samevansakido
Copy link
Author

Is there no way to test recovery with M365DSC without attempting to recover on the live environment?

@FabienTschanz
Copy link
Collaborator

@samevansakido If you do an export of a tenant, you can then change the information in the ConfigurationData.psd1 file so it would e.g. target a different tenant. This is possible without issues, I use that regularly. Currently, if we detect the organization name in a string, we replace it with $OrganizationName. So if you specify that variable in your configuration data, it will update them all for that configuration too.

Let's know if you need further assistance.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Entra ID Pending Information
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@andikrueger @FabienTschanz @samevansakido