Cannot create key for Azure AD application using Portal

%3CLINGO-SUB%20id%3D%22lingo-sub-125182%22%20slang%3D%22en-US%22%3ECannot%20create%20key%20for%20Azure%20AD%20application%20using%20Portal%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-125182%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EGo%20to%20App%20registrations%20from%20AzureActiveDirectory.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3ECreated%20password%20credentials%20by%26nbsp%3Bpatch%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3Bmanifest%20graph%20api%3A%3C%2FSPAN%3E%26nbsp%3B%3C%2FP%3E%3CDIV%3E%3CDIV%3E%3CDIV%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fgraph.windows.net%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgraph.windows.net%2F%3C%2FA%3E%3C%2FSPAN%3E%3CSPAN%3E%24%7B%3C%2FSPAN%3E%3CSPAN%3EtenantId%3C%2FSPAN%3E%3CSPAN%3E%7D%3C%2FSPAN%3E%3CSPAN%3E%2Fapplications%2F%3C%2FSPAN%3E%3CSPAN%3E%24%7B%3C%2FSPAN%3E%3CSPAN%3Emanifest%3C%2FSPAN%3E%3CSPAN%3E.%3C%2FSPAN%3E%3CSPAN%3EobjectId%3C%2FSPAN%3E%3CSPAN%3E%7D%3C%2FSPAN%3E%3CSPAN%3E%3Fapi-version%3D1.6%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3EAfter%20patching%2C%20manifest%20like%20that%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Screenshot_2.jpg%22%20style%3D%22width%3A%20554px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F23719iAF1E6B5283D38018%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Screenshot_2.jpg%22%20alt%3D%22Screenshot_2.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ENow%20trying%20to%20create%20new%20key%20using%20azure%20portal%3A%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Screenshot_3.jpg%22%20style%3D%22width%3A%20670px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F23721i5972B2A062CB1AA1%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Screenshot_3.jpg%22%20alt%3D%22Screenshot_3.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EClick%20Save%2C%20got%20error%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Screenshot_4.jpg%22%20style%3D%22width%3A%20300px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F23722iBCD16523CACD30A2%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Screenshot_4.jpg%22%20alt%3D%22Screenshot_4.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EF12%20to%20see%20what%20wrong.%20Got%20400%20with%20message%20(Removed%20sensitve%20data)%3CBR%20%2F%3E%7B%22ClassName%22%3A%22Microsoft.Portal.Framework.Exceptions.ClientException%22%2C%22Message%22%3A%22Graph%20call%20failed%20with%20httpCode%3DBadRequest%2C%20errorCode%3DRequest_BadRequest%2C%20errorMessage%3DUpdate%20to%20existing%20credential%20with%20KeyId%20'xyz'%20is%20not%20allowed.%2C%20reason%3DBad%20Request%2C%20correlationId%20%3D%20clientabc%2C%20response%20%3D%20%7B%22odata.error%22%3A%7B%22code%22%3A%22Request_BadRequest%22%2C%22message%22%3A%7B%22lang%22%3A%22en%22%2C%22value%22%3A%22Update%20to%20existing%20credential%20with%20KeyId%20'abc'%20is%20not%20allowed.%22%7D%2C%22date%22%3A%222017-11-07T18%3A45%3A38%22%2C%22requestId%22%3A%22requestID%22%2C%22values%22%3A%5B%7B%22item%22%3A%22PropertyName%22%2C%22value%22%3A%22passwordCredentials%22%7D%2C%7B%22item%22%3A%22PropertyErrorCode%22%2C%22value%22%3A%22KeyNotUpdatable%22%7D%5D%7D%7D%22%2C%22Data%22%3Anull%2C%22InnerException%22%3A%7B%22ClassName%22%3A%22Microsoft.ActiveDirectory.PortalExtension.ADExtension.Server.AADGraph.AADGraphException%22%2C%22Message%22%3A%22Graph%20call%20failed%20with%20httpCode%3DBadRequest%2C%20errorCode%3DRequest_BadRequest%2C%20errorMessage%3DUpdate%20to%20existing%20credential%20with%20KeyId%20'abc'%20is%20not%20allowed.%2C%20reason%3DBad%20Request%2C%20correlationId%20%3D%20clientabc%2C%20response%20%3D%20%7B%22odata.error%22%3A%7B%22code%22%3A%22Request_BadRequest%22%2C%22message%22%3A%7B%22lang%22%3A%22en%22%2C%22value%22%3A%22Update%20to%20existing%20credential%20with%20KeyId%20'abc'%20is%20not%20allowed.%22%7D%2C%22date%22%3A%222017-11-07T18%3A45%3A38%22%2C%22requestId%22%3A%22requestID%22%2C%22values%22%3A%5B%7B%22item%22%3A%22PropertyName%22%2C%22value%22%3A%22passwordCredentials%22%7D%2C%7B%22item%22%3A%22PropertyErrorCode%22%2C%22value%22%3A%22KeyNotUpdatable%22%7D%5D%7D%7D%22%2C%22Data%22%3A%7B%22graphError%22%3A%7B%22code%22%3A%22Request_BadRequest%22%2C%22message%22%3A%7B%22lang%22%3A%22en%22%2C%22value%22%3A%22Update%20to%20existing%20credential%20with%20KeyId%20'abc'%20is%20not%20allowed.%22%7D%2C%22values%22%3A%5B%7B%22item%22%3A%22PropertyName%22%2C%22value%22%3A%22passwordCredentials%22%7D%2C%7B%22item%22%3A%22PropertyErrorCode%22%2C%22value%22%3A%22KeyNotUpdatable%22%7D%5D%7D%7D%2C%22InnerException%22%3Anull%2C%22HelpURL%22%3Anull%2C%22StackTraceString%22%3A%22%20at%20Microsoft.ActiveDirectory.PortalExtension.ADExtension.Server.AADGraph.AADGraphMessageHandler.d__2.MoveNext()%20in%20E%3A%5Cbt%5C861473%5Crepo%5Csrc%5CADExtension%5CExtension%5CServer%5CAADGraph%5CAADGraphMessageHandler.cs%3Aline%2069%5Cr%5Cn---%20End%20of%20stack%20trace%20from%20previous%20location%20where%20exception%20was%20thrown%20---%5Cr%5Cn%20at%20System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()%5Cr%5Cn%20at%20System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task%20task)%5Cr%5Cn%20at%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-125182%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Visitor

Go to App registrations from AzureActiveDirectory. 

Created password credentials by patch manifest graph api: 

https://graph.windows.net/${tenantId}/applications/${manifest.objectId}?api-version=1.6
After patching, manifest like that

Screenshot_2.jpg

 

Now trying to create new key using azure portal:

Screenshot_3.jpg

 

Click Save, got error

Screenshot_4.jpg

 

F12 to see what wrong. Got 400 with message (Removed sensitve data)
{"ClassName":"Microsoft.Portal.Framework.Exceptions.ClientException","Message":"Graph call failed with httpCode=BadRequest, errorCode=Request_BadRequest, errorMessage=Update to existing credential with KeyId 'xyz' is not allowed., reason=Bad Request, correlationId = clientabc, response = {"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"Update to existing credential with KeyId 'abc' is not allowed."},"date":"2017-11-07T18:45:38","requestId":"requestID","values":[{"item":"PropertyName","value":"passwordCredentials"},{"item":"PropertyErrorCode","value":"KeyNotUpdatable"}]}}","Data":null,"InnerException":{"ClassName":"Microsoft.ActiveDirectory.PortalExtension.ADExtension.Server.AADGraph.AADGraphException","Message":"Graph call failed with httpCode=BadRequest, errorCode=Request_BadRequest, errorMessage=Update to existing credential with KeyId 'abc' is not allowed., reason=Bad Request, correlationId = clientabc, response = {"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"Update to existing credential with KeyId 'abc' is not allowed."},"date":"2017-11-07T18:45:38","requestId":"requestID","values":[{"item":"PropertyName","value":"passwordCredentials"},{"item":"PropertyErrorCode","value":"KeyNotUpdatable"}]}}","Data":{"graphError":{"code":"Request_BadRequest","message":{"lang":"en","value":"Update to existing credential with KeyId 'abc' is not allowed."},"values":[{"item":"PropertyName","value":"passwordCredentials"},{"item":"PropertyErrorCode","value":"KeyNotUpdatable"}]}},"InnerException":null,"HelpURL":null,"StackTraceString":" at Microsoft.ActiveDirectory.PortalExtension.ADExtension.Server.AADGraph.AADGraphMessageHandler.d__2.MoveNext() in E:\bt\861473\repo\src\ADExtension\Extension\Server\AADGraph\AADGraphMessageHandler.cs:line 69\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at

0 Replies