Troubleshooting
Solutions to common issues and frequently asked questions about self-hosting IntuneGet.
Quick Diagnosis
Start by checking the health endpoint to identify which components are working:
curl https://your-app.vercel.app/api/healthExpected response:
{
"status": "healthy",
"mode": "self-hosted",
"services": {
"database": true,
"auth": true,
"pipeline": true
}
}If any service shows false, focus troubleshooting on that component.
Common Error Messages
Authentication Errors
AADSTS50011: The reply URL specified in the request does not match
The redirect URI in your request doesn't match the configured URIs.
Solution:
- Go to Azure Portal > Your App Registration > Authentication
- Verify your URL is listed (e.g.,
https://your-app.vercel.app) - Ensure it's added as a SPA redirect, not Web
- Check for trailing slashes - they must match exactly
AADSTS65001: The user or administrator has not consented
Admin consent has not been granted for your tenant.
Solution:
- Contact your Global Administrator
- Have them visit:
https://login.microsoftonline.com/YOUR_TENANT/adminconsent?client_id=YOUR_CLIENT_ID - They must click Accept on the consent screen
AADSTS700016: Application with identifier was not found
The client ID is incorrect or the app was deleted.
Solution:
- Verify NEXT_PUBLIC_AZURE_AD_CLIENT_ID is correct
- Check the app still exists in Azure AD
- Compare the ID in your .env with the Overview page in Azure
Database Errors
Failed to fetch / Network error
Cannot connect to Supabase.
Solution:
- Check NEXT_PUBLIC_SUPABASE_URL is correct and includes https://
- Verify your Supabase project isn't paused
- Test connectivity: curl $NEXT_PUBLIC_SUPABASE_URL/rest/v1/
- Check if there are any Supabase service outages
Invalid API key / JWT expired
Supabase API key is incorrect or expired.
Solution:
- Go to Supabase Dashboard > Settings > API
- Copy fresh values for anon and service_role keys
- Update your environment variables
- Redeploy your application
Pipeline Errors
Workflow not triggering
Deployments get stuck in "pending" status.
Solution:
- Verify GITHUB_PAT has repo and workflow scopes
- Check workflows are enabled in your fork's Actions tab
- Verify GITHUB_OWNER and GITHUB_REPO match your fork
- Check the PAT hasn't expired
Callback verification failed
Pipeline completes but status doesn't update.
Solution:
- Verify CALLBACK_SECRET matches in both GitHub Secrets and .env
- Check NEXT_PUBLIC_URL is accessible from the internet
- Look at the workflow run logs in GitHub Actions
IntuneWinAppUtil failed
Packaging fails for specific apps.
Solution:
- Check the app exists in Winget: winget show {app-id}
- Verify the app has a supported installer type
- Check workflow logs for specific error messages
- Some apps may not be compatible with IntuneWinAppUtil
Debugging Tips
Check Logs
Vercel: Dashboard > Your Project > Logs
Docker: docker-compose logs -f
Browser Console
Press F12 and check the Console and Network tabs for errors and failed requests.
GitHub Actions
Check your fork's Actions tab for workflow run details and error messages.
Environment Check
Verify all environment variables are set. Missing or incorrect values cause most issues.
Environment Variable Checklist
Verify each variable is set correctly:
| Variable | Check |
|---|---|
NEXT_PUBLIC_SUPABASE_URL | Starts with https://, ends with .supabase.co |
NEXT_PUBLIC_SUPABASE_ANON_KEY | Long JWT string starting with eyJ |
SUPABASE_SERVICE_ROLE_KEY | Different from anon key, also starts with eyJ |
NEXT_PUBLIC_AZURE_AD_CLIENT_ID | UUID format: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx |
AZURE_AD_CLIENT_SECRET | Should not be expired, contains ~ |
GITHUB_PAT | Starts with ghp_ or github_pat_ |
CALLBACK_SECRET | Same value in both web app and GitHub Secrets |
NEXT_PUBLIC_URL | Full URL with https://, no trailing slash |
Frequently Asked Questions
The complete setup typically takes 1-2 hours if you follow the guide step by step. Most of this time is spent on Azure AD and GitHub configuration. The actual deployment takes only a few minutes.
Yes! IntuneGet is open source under the MIT license. All required services (Supabase, GitHub Actions, Vercel) offer generous free tiers. For most use cases, you won't pay anything. GitHub Actions may incur costs for private repos over 2,000 minutes/month.
You need permission to create app registrations, which is often available to all users by default. However, a Global Administrator is needed to grant admin consent for the application permissions that allow uploading to Intune.
IntuneGet is designed for Supabase, but it can work with plain PostgreSQL. However, you'll lose real-time capabilities (live deployment status updates). If you need this, you'd need to implement your own WebSocket solution.
Pull the latest changes from your upstream remote (git fetch upstream && git merge upstream/main), then redeploy. For Docker: docker-compose down && docker-compose build --no-cache && docker-compose up -d. Check release notes for any required migrations.
Yes! IntuneGet is designed as a multi-tenant application. Users from different Microsoft 365 organizations can sign in and deploy apps to their respective Intune tenants, as long as their admin has granted consent.
Supabase free tier projects pause after 7 days of inactivity. When you access the app again, the project will automatically resume, but there may be a short delay. Consider upgrading or keeping the project active with periodic requests.
Currently, IntuneGet only supports apps available in the Winget repository. Adding custom apps would require modifications to the GitHub Actions workflow. This is on the roadmap for future releases.
Getting Help
GitHub Issues
Report bugs or request features. Search existing issues first to see if your problem has been solved.
GitHub Discussions
Ask questions, share ideas, and connect with other self-hosters.
Before Opening an Issue
- Search existing issues for similar problems
- Include your deployment method (Vercel, Docker, etc.)
- Share relevant error messages (redact sensitive info)
- Describe what you expected vs. what happened
Still Need Help?
Review the detailed setup guides for each component: