10000 [BUG] Python Error at Compliance Update · Issue #218 · almenscorner/IntuneCD · GitHub
[go: up one dir, main page]

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Python Error at Compliance Update #218

Closed
jmuellerffn opened this issue Jan 22, 2025 · 18 comments
Closed

[BUG] Python Error at Compliance Update #218

jmuellerffn opened this issue Jan 22, 2025 · 18 comments
Labels
bug Something isn't working

Comments

@jmuellerffn
Copy link

Problem/Bug
Last Week I rebackuped a Configuration with the newest Version, the Configuration is meant to be used for multiple of our customers.

When we (me or a colleague) try to update a customers tenant we get following Error:
Filters and Compliant Scripts work
Wed Jan 22 10:39:06 2025 [INFO] Updating Compliance Script Policy: first endpoint update - update discovery script, list changes:
Wed Jan 22 10:39:06 2025 [INFO] Setting: roleScopeTagIds, Added Value: , Removed Value: ['0']
Traceback (most recent call last):
File "", line 198, in _run_module_as_main
File "", line 88, in run_code
File "C:\Program Files\Python313\Scripts\IntuneCD-startupdate.exe_main
.py", line 7, in
sys.exit(start())
~~~~~^^
File "C:\Program Files\Python313\Lib\site-packages\IntuneCD\run_update.py", line 314, in start
run_update(
~~~~~~~~~~^
args.path,
^^^^^^^^^^
...<5 lines>...
args.remove,
^^^^^^^^^^^^
)
^
File "C:\Program Files\Python313\Lib\site-packages\IntuneCD\run_update.py", line 244, in run_update
update_intune(
~~~~~~~~~~~~~^
diff_summary,
^^^^^^^^^^^^^
...<7 lines>...
args,
^^^^^
)
^
File "C:\Program Files\Python313\Lib\site-packages\IntuneCD\update_intune.py", line 78, in update_intune
diff_summary.append(DeviceComplianceUpdateModule(**params).main())
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^
File "C:\Program Files\Python313\Lib\site-packages\IntuneCD\update\Intune\DeviceCompliance.py", line 176, in main
for action in item["scheduledActionsForRule"][0][
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^
IndexError: list index out of range

Info:

  • The weird thing is it only happens with about half our customers. We can't figure out what about these customers/Tenants is different.
  • Both my colleague and I have the newest Python and IntuneCD Version.
  • As mentioned the policy templates are newly backed up, and do work on some tenants
  • it has worked before with older Versions
  • command run : IntuneCD-startupdate -p $policiesFolder -m 1 -c -u
  • it is run from a client
  • The App Registration is the same for all customers

I'm not sure if its actually a bug, because I'm not a Developer and don't understand the Module that deeply, but I can't figure out what would be wrong with our setup, especially with it working with some tenants.

Thanks for the help.

@jmuellerffn jmuellerffn added the bug Something isn't working label Jan 22, 2025
@jmuellerffn
Copy link
Author

I did some new Tests (obvious ones I should have done before). I removed the Compliance Policy jsons and tried again. That worked with out any errors. Out of the 3 we use, I added them by their own and it failed everytime.

One of them is typical one which checks if bitlocker, antivirus and the firewall is activated and the other two are with custom scripts. I also don't think they have something special that other Policies don't have (similiar names, similiar or same assignments, also use filters).

It also makes no difference if the compliance policy is created in the tenant already or not at all.

@almenscorner
Copy link
Owner

Are you able to give me the JSON of some of the policies so I can test them in my tenant?

@jmuellerffn
Copy link
Author

I attached the security compliance profile, I changed the displayname for privacy reasons.

security compliance policy_windows10CompliancePolicy.json

@almenscorner
Copy link
Owner

I was able to replicate the issue and it seems to happen when scheduledActionsForRule was removed when updating the policy and then not added back correctly after the diff check. Try the new beta version and see if this resolves the error: pip3 install IntuneCD==2.3.7b1

@jmuellerffn
Copy link
Author

I tried it with the new beta version and it still gave me the same error.

@almenscorner
Copy link
Owner

Specifically this error?

File "C:\Program Files\Python313\Lib\site-packages\IntuneCD\update\Intune\DeviceCompliance.py", line 176, in main
for action in item["scheduledActionsForRule"][0][
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^
IndexError: list index out of range` 
```

@almenscorner
Copy link
Owner

Try beta 2 -> pip3 install IntuneCD==2.3.7b2

@jmuellerffn
Copy link
Author

It worked with beta 2. Thanks!

Something i now saw is a seperate Error with the Update Policies, I also tested it with 2.3.6, might make Sense to create a new Issue. It doesnt stop the script like the Error in this Issue

The Error is following:
Thu Feb 6 15:51:10 2025 [ERROR] Error updating Device Configuration Windows Update Policy [Test]: Request failed with 400 - {"error":{"code":"BadRequest","message":"{\r\n "_version": 3,\r\n "Message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 8b5ad54c-58a1-4ad8-9b0e-df0bb77cb2c9 - Url: https://fef.msub06.manage.microsoft.com/DeviceConfiguration_2501/StatelessDeviceConfigurationFEService/deviceManagement/deviceConfigurations('cbd4b009-4b4e-4856-b3c9-0fcaaaf86fdf')?api-version=5024-10-08\",\r\n "CustomApiErrorPhrase": "",\r\n "RetryAfter": null,\r\n "ErrorSourceService": "",\r\n "HttpHeaders": "{}"\r\n}","innerError":{"date":"2025-02-06T14:51:10","request-id":"8b5ad54c-58a1-4ad8-9b0e-df0bb77cb2c9","client-request-id":"8b5ad54c-58a1-4ad8-9b0e-df0bb77cb2c9"}}}

@almenscorner
Copy link
Owner

Can you do a run with -v to see if we get some more info where it goes wrong?

@jmuellerffn
Copy link
Author

Hope this helps:

[Fri Feb 7 09:42:35 2025] - Updating Device Configuration: Windows Update Policy [Prod], list changes:
[Fri Feb 7 09:42:35 2025] - Setting: roleScopeTagIds, Added Value: , Removed Value: ['0']
[Fri Feb 7 09:42:35 2025] - Error updating Device Configuration Windows Update Policy [Prod]: Request failed with 400 - {"error":{"code":"BadRequest","message":"{\r\n "_version": 3,\r\n "Message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 09c34338-b15e-4ead-a836-cd08af8185f4 - Url: https://fef.msub06.manage.microsoft.com/DeviceConfiguration_2501/StatelessDeviceConfigurationFEService/deviceManagement/deviceConfigurations('60f2858e-1d4a-4f0f-b945-4476007e7001')?api-version=5024-10-08\",\r\n "CustomApiErrorPhrase": "",\r\n "RetryAfter": null,\r\n "ErrorSourceService": "",\r\n "HttpHeaders": "{}"\r\n}","innerError":{"date":"2025-02-07T08:42:35","request-id":"09c34338-b15e-4ead-a836-cd08af8185f4","client-request-id":"09c34338-b15e-4ead-a836-cd08af8185f4"}}}
Fri Feb 7 09:42:35 2025 [INFO] [get_scope_tags_id] - Checking if scope tags are in the data.
Fri Feb 7 09:42:35 2025 [INFO] [get_scope_tags_id] - Scope tags are in the data.
Fri Feb 7 09:42:35 2025 [INFO] [get_scope_tags_id] - Scope tags: []
Fri Feb 7 09:42:35 2025 [INFO] [get_scope_tags_id] - Checking if scope tags are in the data.
[Fri Feb 7 09:42:35 2025] - Updating Device Configuration: Windows Update Policy [Test], list changes:
[Fri Feb 7 09:42:35 2025] - Setting: roleScopeTagIds, Added Value: , Removed Value: ['0']
[Fri Feb 7 09:42:35 2025] - Error updating Device Configuration Windows Update Policy [Test]: Request failed with 400 - {"error":{"code":"BadRequest","message":"{\r\n "_version": 3,\r\n "Message": "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 435b18d0-895c-4aeb-a6e6-413f998298a0 - Url: https://fef.msub06.manage.microsoft.com/DeviceConfiguration_2501/StatelessDeviceConfigurationFEService/deviceManagement/deviceConfigurations('cbd4b009-4b4e-4856-b3c9-0fcaaaf86fdf')?api-version=5024-10-08\",\r\n "CustomApiErrorPhrase": "",\r\n "RetryAfter": null,\r\n "ErrorSourceService": "",\r\n "HttpHeaders": "{}"\r\n}","innerError":{"date":"2025-02-07T08:42:36","request-id":"435b18d0-895c-4aeb-a6e6-413f998298a0","client-request-id":"435b18d0-895c-4aeb-a6e6-413f998298a0"}}}
Fri Feb 7 09:42:37 2025 [INFO] [get_scope_tags_id] - Checking if scope tags are in the data.
Fri Feb 7 09:42:37 2025 [INFO] [get_scope_tags_id] - Scope tags are in the data.
Fri Feb 7 09:42:37 2025 [INFO] [get_scope_tags_id] - Scope tags: []
Fri Feb 7 09:42:37 2025 [INFO] [get_scope_tags_id] - Checking if scope tags are in the data.

@almenscorner
Copy link
Owner

Thanks, are you also able to share that configs JSON?

@jmuellerffn
Copy link
Author

@almenscorner
Copy link
Owner

What version were these backed up with? roleScopeTagIds shouldn't say 0 it should have Default as the value. This is why you are getting that error because it is trying to patch the scope tags to a null value.

@jmuellerffn
Copy link
Author

I'm pretty sure it was 2.3.6. I checked the other Policies and all of them them also say 0, should I change them all to Default? Or only the update policies?

@almenscorner
Copy link
Owner
almenscorner commented Feb 7, 2025

Are you by any chance excluding ScopeTags when running the backup?

@jmuellerffn
Copy link
Author

I checked the command and yes it seems like I did. So I should just rebackup the Policies and try to run the update again?

@almenscorner
Copy link
Owner
almenscorner commented Feb 7, 2025

Try a new backup with scope tags included, then you should not see that error above

@jmuellerffn
Copy link
Author

That did the Trick. Thanks a lot for the Help!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants
0