Import sets getting cancelled with below error message
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-26-2024 03:11 AM
We are encountering an issue while executing the "Scheduled Data Imports" process in ServiceNow. The execution is being canceled with the following error message:
Error executing script : org.mozilla.javascript.JavaScriptException: Error: Unable to make a connection to Intune via Graph API call. Please check your credential configuration. Check system log for more details. HTTP return status code was 401 (sys_script_include.6a4e0342773310102dfb23446810611c.script; line 659)
Permissions & credentials are verified , everything looks good. Request assistance in identifying and resolving the root cause.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-30-2024 04:50 AM
Hi @Harish13696
Can you check the table "sys_outbound_http_log_list"
There two API URLs which Intune SG connector trying to access are listed below
https://graph.microsoft.com/v1.0/deviceManagement/managedDevices
https://graph.microsoft.com/v1.0/deviceManagement/detectedApps
Check if the credentials are having access to these above mentioned API end points also you should verify this with Intune team.
You can use external tools like Postman to verify the response is successful.
Also, I would suggest to debug the script include those specific line mentioned in the error to check if the function is for fetching any specific resource like IP address or any attributes for which credentials is not having the sufficient privilege.
Also, you have mentioned there is no issue with credentials but how you verified that?
If my response helped you, kindly mark it helpful and correct answer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-30-2024 05:31 AM
Hello Harish13696
Generally, when this occurs it is an issue with the permissions and scopes.
Check the following things if its permission issue.
1) Check that the OAuth configuration is correct:
Register Microsoft Intune as an OAuth provider (here micorsoft is the example)
2) The Graph API is accessible via the instance without the need for the MID Server.
- Go to "IntegrationHub" > "Connections"
- Open the "MS Intune Connection"
- Untick the "Use MID Server" box
- Save
3) Perform the Service Graph Connector for the Microsoft(your source) Intune test.
4) Check the outbound HTTP calls to confirm if token retrieval was successful and if there was a failure obtaining data.
- Go to "System logs" > "Outbound HTTP Requests"
- You should see two outbound requests to Microsoft(your source)
- The request to "https://login.microsoftonline.com/"(your source link) relates to obtaining the OAuth token. (If you see a 200 status, the token was successful)
- The request to "https://graph.microsoft.com/" (your source link)relates to obtaining data from Intune. IF this returns a 401 then there is an issue with permissions on the Azure side.
After that
Once it is confirmed that a 401 is being returned from the Microsoft Graph API, the permissions and scopes will need to be checked on the Microsoft Azure(your source) side.
While the documentation states that to use a "Delegated" type for permissions, it is better to use "Application" instead.
Change the following Permissions to "Application" type.
DeviceManagementApps.ReadWrite.All
DeviceManagementManagedDevices.PrivilegedOperations.All
DeviceManagementManagedDevices.ReadWrite.All
DeviceManagementManagedDevices.Read.All
Once complete, perform Service Graph Connector for Microsoft(your source) Intune test. If there is data on the Intune side, this should be successfully imported into the instance.
Please mark my answer if it was helpful.
Thank you.
