Hello @jberry , since this is application authentication no reply address is necessary and although an error is being thrown the service principal will be added to the foreign tenant.
In order to avoid such error, you can instruct other tenant admins to user Powershell to add the new service principal:
Connect-AzureAd
Or, in case of a specific tenant:
Connect-AzureAd -TenantId <TENANT ID>
New-AzureADServicePrincipal -AppId <SERVICE PRINCIPAL APP ID>
Let us know if this answer was helpful to you or if you need additional assistance. If it was helpful, please remember to accept it so that others in the community with similar questions can more easily find a solution.