Skip to main content

ENTRA051 - Failed to Update Entra Named Location

Agent error code #ENTRA051 indicates that the agent retrieved the Named Location successfully but the PATCH to update its ipRanges was rejected by Microsoft Graph.

This is distinct from authentication failures (#ENTRA001) and authorization failures (#ENTRA002). At this point Graph has already accepted the credentials and the permission; the request body or the request itself was the problem.

Common causes include:

  • A grant produced an ipRange value Microsoft Graph considers invalid (e.g. a malformed CIDR)
  • The Named Location was modified by another tool between the agent's GET and PATCH and Graph rejected the update with a precondition failure
  • A transient 5xx from Microsoft Graph

Steps to Resolve

Inspect the Agent Logs

Look in the agent log for the body of the PATCH request that produced this error. The ipRanges array should contain entries of the form:

{ "@odata.type": "#microsoft.graph.iPv4CidrRange", "cidrAddress": "203.0.113.4/32" }

If a cidrAddress value looks malformed, check the source ACL grant for the user whose IP was included.

Check for Concurrent Modifications

  1. In the Azure portal, navigate to Microsoft Entra ID > Audit logs
  2. Filter by Category: Policy and Activity: Update named location, scoped to the affected location
  3. If another principal (a person or service principal other than the Knocknoc app) updated the location around the same time, coordinate with whatever made the change

For the full setup, see the Microsoft Entra ID setup guide.

Retry After Investigating Microsoft Status

If the underlying error mentions a 5xx response, check the Microsoft 365 Status page. Transient 5xx errors during a service incident resolve themselves.

Still Having Issues?

We can help you out, contact us at support@knocknoc.io.

Back to top