starred/CIPP
1
0
Fork 0
mirror of https://github.com/KelvinTegelaar/CIPP.git synced 2026-04-25 16:26:09 +03:00
Code Issues 20 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #3932] [Bug]: NamedLocation doesnt get created in time in New-CIPPCAPolicy causing CA policy to fail unitl next run #1764

New issue
Closed
opened 2026-03-02 13:46:55 +03:00 by kerem · 5 comments
kerem commented 2026-03-02 13:46:55 +03:00
Owner
Copy link

Originally created by @nickfratangelo on GitHub (Apr 5, 2025).
Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/3932

Originally assigned to: @nickfratangelo on GitHub.

Required confirmations before submitting

  • I can reproduce this issue on the latest released versions of both CIPP and CIPP-API.
  • I have searched existing issues (both open and closed) to avoid duplicates.
  • I am not requesting general support; this is an actual bug report.

Issue Description

This issue seems to only occur when your CA Template contains both a namedLocation Country code AND a namedLocation with IP ranges (trusted). I was able to duplicate this issue both in my live Azure tenant and then after spending a few hours setting up my dev environment i was able to duplicate the issue there as well.

Image

I did extensive research in discord and found one other user who reported this exact issue back in 2023, but it was deemed that he had setup his CA template incorrectly. For me i followed the documentation and setup my CA policies on my test tenant then created a CA Policy Template from that live tenant

conditional-access-json.txt

I have attached a copy of the conditional access template with the IP addresses stripped out.

During this failed run of the CA Policy Template the namedLocations do get created but i believe the GraphPostRequest fires off the API call before the namedLocation has had a chance to complete. A second run of the Standard/CAPolicy then correctly detects the namedLocation's as being present and creates the CA policy as intended.

This issue may not be present in all tenants and i do note that Kelvin dismissed this other users comments in the discord as user error. If that is the case please feel free to notify me of my mistake. How-ever i have already gone ahead and made a fix (although its simple) that i am ready to push for review.

Environment Type

Non-sponsored user

Front End Version

7.4.2

Back End Version

7.4.2

Relevant Logs / Stack Trace

[2025-04-05T14:57:14.437Z] Executed 'Functions.CIPPHttpTrigger' (Succeeded, Id=ad52af9d-a6d0-48bb-aabe-d19993a9c98e, Duration=57ms)
[2025-04-05T14:57:26.597Z] INFORMATION: Replacing All
[2025-04-05T14:57:26.600Z] INFORMATION: Found
[2025-04-05T14:57:26.601Z] INFORMATION: Replacing (exclude) ALA Technologies Trusted Locations
[2025-04-05T14:57:26.602Z] INFORMATION: Found (exclude) @{id=03aa7cd2-dc52-42e6-ae60-a367717579fe; name=ALA Technologies Trusted Locations}
[2025-04-05T14:57:26.604Z] INFORMATION: Replacing (exclude) Australia
[2025-04-05T14:57:26.605Z] INFORMATION: Found (exclude) @{id=1a96d3f4-44bb-44e0-a686-8e9d87f8faa5; name=Australia}
[2025-04-05T14:57:26.606Z] INFORMATION: Replacement pattern for inclusions and exclusions is displayName.
[2025-04-05T14:57:26.850Z] WARNING: Replaced group name Travelling Overseas with ID db5d98e5-1539-4ea6-bac9-89f41f207121
[2025-04-05T14:57:26.856Z] INFORMATION: {"grantControls":{"operator":"OR","builtInControls":["block"]},"tenantFilter":"M365x77577559.onmicrosoft.com","state":"enabledForReportingButNotEnforced","conditions":{"clientAppTypes":["all"],"applications":{"includeApplications":["All"]},"locations":{"includeLocations":["All"],"excludeLocations":["03aa7cd2-dc52-42e6-ae60-a367717579fe","1a96d3f4-44bb-44e0-a686-8e9d87f8faa5"]},"users":{"excludeGroups":["db5d98e5-1539-4ea6-bac9-89f41f207121"],"includeUsers":["All"]}},"displayName":"Restrict login to Australia"}
[2025-04-05T14:57:26.857Z] INFORMATION: Checking
[2025-04-05T14:57:27.772Z] INFORMATION: Creating
[2025-04-05T14:57:28.209Z] INFORMATION: innererror.message found: 1040: NamedLocation with id 03aa7cd2-dc52-42e6-ae60-a367717579fe does not exist in the directory.
Originally created by @nickfratangelo on GitHub (Apr 5, 2025). Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/3932 Originally assigned to: @nickfratangelo on GitHub. ### Required confirmations before submitting - [x] **I can reproduce this issue on the latest released versions** of both CIPP and CIPP-API. - [x] **I have searched existing issues** (both open and closed) to avoid duplicates. - [x] I am **not** requesting general support; this is an actual bug report. ### Issue Description This issue seems to only occur when your CA Template contains both a namedLocation Country code AND a namedLocation with IP ranges (trusted). I was able to duplicate this issue both in my live Azure tenant and then after spending a few hours setting up my dev environment i was able to duplicate the issue there as well. ![Image](https://github.com/user-attachments/assets/6af4382e-c88c-4fd0-bf91-664ad0f0c947) I did extensive research in discord and found one other user who reported this exact issue back in 2023, but it was deemed that he had setup his CA template incorrectly. For me i followed the documentation and setup my CA policies on my test tenant then created a CA Policy Template from that live tenant [conditional-access-json.txt](https://github.com/user-attachments/files/19616701/conditional-access-json.txt) I have attached a copy of the conditional access template with the IP addresses stripped out. During this failed run of the CA Policy Template the namedLocations do get created but i believe the GraphPostRequest fires off the API call before the namedLocation has had a chance to complete. A second run of the Standard/CAPolicy then correctly detects the namedLocation's as being present and creates the CA policy as intended. This issue may not be present in all tenants and i do note that Kelvin dismissed this other users comments in the discord as user error. If that is the case please feel free to notify me of my mistake. How-ever i have already gone ahead and made a fix (although its simple) that i am ready to push for review. ### Environment Type Non-sponsored user ### Front End Version 7.4.2 ### Back End Version 7.4.2 ### Relevant Logs / Stack Trace ```plaintext [2025-04-05T14:57:14.437Z] Executed 'Functions.CIPPHttpTrigger' (Succeeded, Id=ad52af9d-a6d0-48bb-aabe-d19993a9c98e, Duration=57ms) [2025-04-05T14:57:26.597Z] INFORMATION: Replacing All [2025-04-05T14:57:26.600Z] INFORMATION: Found [2025-04-05T14:57:26.601Z] INFORMATION: Replacing (exclude) ALA Technologies Trusted Locations [2025-04-05T14:57:26.602Z] INFORMATION: Found (exclude) @{id=03aa7cd2-dc52-42e6-ae60-a367717579fe; name=ALA Technologies Trusted Locations} [2025-04-05T14:57:26.604Z] INFORMATION: Replacing (exclude) Australia [2025-04-05T14:57:26.605Z] INFORMATION: Found (exclude) @{id=1a96d3f4-44bb-44e0-a686-8e9d87f8faa5; name=Australia} [2025-04-05T14:57:26.606Z] INFORMATION: Replacement pattern for inclusions and exclusions is displayName. [2025-04-05T14:57:26.850Z] WARNING: Replaced group name Travelling Overseas with ID db5d98e5-1539-4ea6-bac9-89f41f207121 [2025-04-05T14:57:26.856Z] INFORMATION: {"grantControls":{"operator":"OR","builtInControls":["block"]},"tenantFilter":"M365x77577559.onmicrosoft.com","state":"enabledForReportingButNotEnforced","conditions":{"clientAppTypes":["all"],"applications":{"includeApplications":["All"]},"locations":{"includeLocations":["All"],"excludeLocations":["03aa7cd2-dc52-42e6-ae60-a367717579fe","1a96d3f4-44bb-44e0-a686-8e9d87f8faa5"]},"users":{"excludeGroups":["db5d98e5-1539-4ea6-bac9-89f41f207121"],"includeUsers":["All"]}},"displayName":"Restrict login to Australia"} [2025-04-05T14:57:26.857Z] INFORMATION: Checking [2025-04-05T14:57:27.772Z] INFORMATION: Creating [2025-04-05T14:57:28.209Z] INFORMATION: innererror.message found: 1040: NamedLocation with id 03aa7cd2-dc52-42e6-ae60-a367717579fe does not exist in the directory. ```
kerem 2026-03-02 13:46:55 +03:00
kerem commented 2026-03-02 13:46:55 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Apr 5, 2025):

Thank you for reporting a potential bug. If you would like to work on this bug, please comment:

I would like to work on this please!

Thank you for helping us maintain the project!

<!-- gh-comment-id:2780869678 --> @github-actions[bot] commented on GitHub (Apr 5, 2025): Thank you for reporting a potential bug. If you would like to work on this bug, please comment: > I would like to work on this please! Thank you for helping us maintain the project!
kerem commented 2026-03-02 13:46:56 +03:00
Author
Owner
Copy link

@nickfratangelo commented on GitHub (Apr 5, 2025):

I would like to work on this please!

<!-- gh-comment-id:2780870890 --> @nickfratangelo commented on GitHub (Apr 5, 2025): I would like to work on this please!
kerem commented 2026-03-02 13:46:56 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Apr 5, 2025):

Great! I assigned you (@nickfratangelo) to the issue. Have fun working on it!

<!-- gh-comment-id:2780870973 --> @github-actions[bot] commented on GitHub (Apr 5, 2025): Great! I assigned you (@nickfratangelo) to the issue. Have fun working on it!
kerem commented 2026-03-02 13:46:56 +03:00
Author
Owner
Copy link

@nickfratangelo commented on GitHub (Apr 5, 2025):

Sorry for the sloppy git pushes. I submitted the first push using my work account by mistake.

<!-- gh-comment-id:2780914234 --> @nickfratangelo commented on GitHub (Apr 5, 2025): Sorry for the sloppy git pushes. I submitted the first push using my work account by mistake.
kerem commented 2026-03-02 13:46:56 +03:00
Author
Owner
Copy link

@KelvinTegelaar commented on GitHub (Apr 13, 2025):

Resolved in dev

<!-- gh-comment-id:2799898404 --> @KelvinTegelaar commented on GitHub (Apr 13, 2025): Resolved in dev
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
docs
dev
dependabot/npm_and_yarn/dev/uiw/react-json-view-2.0.0-alpha.42
dependabot/npm_and_yarn/dev/tanstack/react-query-persist-client-5.96.2
dependabot/npm_and_yarn/dev/mui-tiptap-1.30.0
dependabot/npm_and_yarn/dev/tanstack/react-query-devtools-5.96.2
dependabot/npm_and_yarn/dev/recharts-3.8.1
dependabot/github_actions/dev/actions/setup-node-6.4.0
copilot/add-alert-for-report-only-ca
release/beta
release/nightly
docs-maintenance
v10.4.0
v10.3.0
v10.2.0
v10.1.0
v10.0.0
v8.8.0
v8.7.0
v8.6.0
v8.5.0
v8.4.0
v8.3.0
v8.2.0
v8.1.0
v8.0.0
v7.5.0
v7.4.0
v7.3.0
v7.2.0
v7.1.0
v7.0.1
v6.4.0
v6.3.0
v6.2.0
v6.1.0
v6.0.0
v5.9.0
v5.8.5
v5.8.0
v5.7.0
v5.6.0
v5.5.0
v5.4.0
v5.3.0
v5.2.0
v5.1.0
v5.0.0
v4.9.0
v4.8.0
v4.7.0
v.4.6.0
v4.5.0
v4.4.0
v4.3.0
v4.2.0
v4.1.0
v4.0.0
v3.8.0
v3.7.0
v3.6.0
v3.5.0
v3.4.0
v3.3.0
v3.2.0
v3.1.0
v3.0.0
v2.20.0
v2.19.0
v2.18.0
v2.17.0
v2.16.0
v2.15.0
v2.13.0
v2.12.0
v2.11.2
v2.1.11.0
v.2.10.0
v2.9.0
v2.8.0
v2.7.0
v2.6.0
v2.5.5
v2.5.0
v2.4.0
v.2.3.0
v2.2.0
v2.1.2
v2.1.1
v2.1.0
v2.0.1
2.0.0
v1.5.1
v1.5.0
v1.4.3
v1.4.2
v1.4.0
v1.3.0
v1.2.1
v1.2.0
1.1.0
release
Labels
Clear labels   
API

   
Feature

   
NotABug

   
NotABug

   
Planned

   
Sponsor Priority

   
Sponsor Priority

   
bug

   
documentation

   
duplicate

   
enhancement

   
needs more info

   
no-activity

   
no-priority

   
not-assigned

   
pull-request

Mirrored from GitHub Pull Request

  
react-conversion

   
react-conversion

   
roadmap

   
security

   
stale

   
unconfirmed-by-user

   
unconfirmed-by-user

   
wontfix
No labels
API
Feature
NotABug
NotABug
Planned
Sponsor Priority
Sponsor Priority
bug
documentation
duplicate
enhancement
needs more info
no-activity
no-priority
not-assigned
pull-request
react-conversion
react-conversion
roadmap
security
stale
unconfirmed-by-user
unconfirmed-by-user
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/CIPP#1764
No description provided.