question

Alex-2401 avatar image
0 Votes"
Alex-2401 asked saldana-msft edited

SCCM & Intune co-management

Dear all,

I have started to add the Cloud Attached connection into SCCM console with our Intune subscription. Unfortunately for the last few days I still get a failure and cannot go forward with the connection.
Log at this moment is providing these messages and cannot figure it out why.

 Worker CMGatewayNotificationWorker was triggered by timer.    SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker    07.03.2022 14:19:41    101 (0x0065)
 Triggered CMGatewayNotificationWorker::ExecuteAsync()    SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker    07.03.2022 14:19:41    101 (0x0065)
 Using location service to look up URL base    SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker    07.03.2022 14:19:41    143 (0x008F)
 Using direct connection to URL 'https://gateway.configmgr.manage.microsoft.com/api/gateway/LocationService'    SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker    07.03.2022 14:19:41    143 (0x008F)
 Creating web request to: https://gateway.configmgr.manage.microsoft.com/api/gateway/LocationService    SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker    07.03.2022 14:19:41    143 (0x008F)
 [LocationRequest (unauthenticated)] Creating web request to: https://gateway.configmgr.manage.microsoft.com/api/gateway/LocationService Method: HEAD Activity ID: be38adb6-8ab6-4aa7-a8a7-dd56753c1216 Timeout: 00:02:00    SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker    07.03.2022 14:19:41    143 (0x008F)
 [LocationRequest (unauthenticated)] Response from https://gateway.configmgr.manage.microsoft.com/api/gateway/LocationService is: 401 (Unauthorized)    SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker    07.03.2022 14:19:42    134 (0x0086)
 Response status code: 401 (Unauthorized) Activity ID: 9435896c-2027-439f-be6a-2b095476a3b2    SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker    07.03.2022 14:19:42    134 (0x0086)
 Authenticating with web service at: https://gateway.configmgr.manage.microsoft.com/api/gateway/LocationService    SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker    07.03.2022 14:19:42    134 (0x0086)
 AADSTS500014: The service principal for resource 'https://cmmicrosvc.manage.microsoft.com/' is disabled. This indicate that a subscription within the tenant has lapsed, or that the administrator for this tenant has disabled the application, preventing tokens from being issued for it.
 Trace ID: b56c834a-f3b9-47ce-9a05-4a4fd0ce3500
 Correlation ID: d8965a13-ad74-4f52-9908-e53c4475dd67
 Timestamp: 2022-03-07 13:19:42Z    SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker    07.03.2022 14:19:42    139 (0x008B)
 Exception details:    SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker    07.03.2022 14:19:42    139 (0x008B)
 [Critical][CMGatewayNotificationWorker][0][Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException][0x80131500]
 AADSTS500014: The service principal for resource 'https://cmmicrosvc.manage.microsoft.com/' is disabled. This indicate that a subscription within the tenant has lapsed, or that the administrator for this tenant has disabled the application, preventing tokens from being issued for it.
 Trace ID: b56c834a-f3b9-47ce-9a05-4a4fd0ce3500
 Correlation ID: d8965a13-ad74-4f52-9908-e53c4475dd67
 Timestamp: 2022-03-07 13:19:42Z    at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Http.AdalHttpClient.<GetResponseAsync>d__22`1.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Http.AdalHttpClient.<GetResponseAsync>d__21`1.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<SendHttpMessageAsync>d__72.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<SendTokenRequestAsync>d__69.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<CheckAndAcquireTokenUsingBrokerAsync>d__59.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<RunAsync>d__57.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenForClientCommonAsync>d__33.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenAsync>d__61.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.ConfigurationManager.ServiceConnector.Utility.<GetAuthenticationResultAsync>d__50.MoveNext()    SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker    07.03.2022 14:19:42    139 (0x008B)
 [Critical][CMGatewayNotificationWorker][1][System.Net.Http.HttpRequestException][0x80131500]
 Response status code does not indicate success: 400 (BadRequest).     SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker    07.03.2022 14:19:42    139 (0x008B)
 [Critical][CMGatewayNotificationWorker][2][Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException][0x80131500]
 {"error":"invalid_resource","error_description":"AADSTS500014: The service principal for resource 'https://cmmicrosvc.manage.microsoft.com/' is disabled. This indicate that a subscription within the tenant has lapsed, or that the administrator for this tenant has disabled the application, preventing tokens from being issued for it.\r\nTrace ID: b56c834a-f3b9-47ce-9a05-4a4fd0ce3500\r\nCorrelation ID: d8965a13-ad74-4f52-9908-e53c4475dd67\r\nTimestamp: 2022-03-07 13:19:42Z","error_codes":[500014],"timestamp":"2022-03-07 13:19:42Z","trace_id":"b56c834a-f3b9-47ce-9a05-4a4fd0ce3500","correlation_id":"d8965a13-ad74-4f52-9908-e53c4475dd67"}: Unknown error     SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker    07.03.2022 14:19:42    139 (0x008B)
 ADAL exception    SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker    07.03.2022 14:19:42    139 (0x008B)
 Exception details:    SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker    07.03.2022 14:19:42    139 (0x008B)
 [Critical][CMGatewayNotificationWorker][0][Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException][0x80131500]
 Exception of type 'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException' was thrown.    at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Http.AdalHttpClient.<GetResponseAsync>d__22`1.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Http.AdalHttpClient.<GetResponseAsync>d__21`1.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<SendHttpMessageAsync>d__72.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<SendTokenRequestAsync>d__69.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<CheckAndAcquireTokenUsingBrokerAsync>d__59.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<RunAsync>d__57.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenForClientCommonAsync>d__33.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenAsync>d__61.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.ConfigurationManager.ServiceConnector.Utility.<GetAuthenticationResultAsync>d__50.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.ConfigurationManager.ServiceConnector.ServiceConnectorWorkerBase.<ApplyAuthorizationToRequestAsync>d__86.MoveNext()    SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker    07.03.2022 14:19:42    139 (0x008B)
 [Critical][CMGatewayNotificationWorker][1][System.Net.Http.HttpRequestException][0x80131500]
 Exception of type 'System.Net.Http.HttpRequestException' was thrown.     SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker    07.03.2022 14:19:42    139 (0x008B)
 [Critical][CMGatewayNotificationWorker][2][Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException][0x80131500]
 Exception of type 'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException' was thrown.     SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker    07.03.2022 14:19:42    139 (0x008B)
 Unexpected exception for worker CMGatewayNotificationWorker    SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker    07.03.2022 14:19:42    139 (0x008B)
 Exception details:    SMS_SERVICE_CONNECTOR_CMGatewayNotificationWorker    07.03.2022 14:19:42    139 (0x008B)
 [Critical][CMGatewayNotificationWorker][0][Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException][0x80131500]
 Exception of type 'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException' was thrown.    at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Http.AdalHttpClient.<GetResponseAsync>d__22`1.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Http.AdalHttpClient.<GetResponseAsync>d__21`1.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<SendHttpMessageAsync>d__72.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<SendTokenRequestAsync>d__69.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<CheckAndAcquireTokenUsingBrokerAsync>d__59.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<RunAsync>d__57.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenForClientCommonAsync>d__33.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenAsync>d__61.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.ConfigurationManager.ServiceConnector.Utility.<GetAuthenticationResultAsync>d__50.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.ConfigurationManager.ServiceConnector.ServiceConnectorWorkerBase.<ApplyAuthorizationToRequestAsync>d__86.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.ConfigurationManager.ServiceConnector.ServiceConnectorWorkerBase.<ApplyAuthorizationToRequestAsync>d__85.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.ConfigurationManag


mem-intune-enrollmentmem-cm-co-management
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

6 Answers

AllenLiu-MSFT avatar image
1 Vote"
AllenLiu-MSFT answered

Hi, @Alex-2401

Thanks very much for your feedback. We're glad that the question is solved now. Here's a short summary for the problem. I think this will help other users to search for useful information more quickly.

Problem/Symptom:
When trying to add the Cloud Attached connection into SCCM console with Intune subscription, get a failure and cannot go forward with the connection.
"error":"invalid_resource","error_description":"AADSTS500014: The service principal for resource 'https://cmmicrosvc.manage.microsoft.com/' is disabled. This indicate that a subscription within the tenant has lapsed, or that the administrator for this tenant has disabled the application, preventing tokens from being issued for it.

Solution/Workaround:
The Configuration Manager Microservice was disabled and not accepting registration by users. After enabled it, everythig goes well.


If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Jason-MSFT avatar image
1 Vote"
Jason-MSFT answered

From the above log: "This indicate that a subscription within the tenant has lapsed, or that the administrator for this tenant has disabled the application, preventing tokens from being issued for it."

Have you reviewed the health of the Intune tenant and subscription?

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Alex-2401 avatar image
0 Votes"
Alex-2401 answered

180742-image.png




Status is healthy and Subscriptions are active


image.png (68.5 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

EswarKoneti-MVP avatar image
0 Votes"
EswarKoneti-MVP answered

Intune is not subscription, you will need to check in the azure portal, subscription, locate the subscription https://docs.microsoft.com/en-us/azure/media-services/latest/setup-azure-subscription-how-to?tabs=portal

Thanks,
Eswar
www.eskonr.com

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Alex-2401 avatar image
0 Votes"
Alex-2401 answered

180907-unbenannt.png


180879-image.png
All our subscriptions are active. and healthy, without any issues.



unbenannt.png (4.7 KiB)
image.png (110.9 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Alex-2401 avatar image
0 Votes"
Alex-2401 answered

Dear all,
Thank you for your responses.
I managed to make it work and solve the issue.

My problem was that one application was by default disabled and I had to enable it.
The Configuration Manager Microservice was disabled and not accepting registration by users. After I enabled it, everythign went ok.
181931-image.png



Hope this will help other users.


image.png (97.3 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.