Cannot connect as service principal #3475
Comments
|
have you tried seperating the securestring conversion ? This solved the issue for me when working with certificate based authentication. e.g. |
I did, I had to modify another Microsoft library on my computer. My colleagues also want to use M365DSC and it would be nice if it worked out of the box without having to modify other libraries on the system. |
|
What other libraries did you modifiy? Ususally, M365DSC works out of the box. We have seen similar issues with other modules, that did not export functions properly. |
|
Receiving the same error with unmodified libraries in PowerShell 7.3.6
|
I cannot recall what the name was exactly, but it was something like "microsoft client authentication helper". Note, that without modifying anything, M365DSC does not work and produces the error above as also said by @DVDNetworksGithub |
|
was it MSCloudLoginAssistant? This is the module used to create the authentication context for M365DSC. |
Yes, that was the module. |
|
I receive exactly the same error with both PowerShell 5.1 and PowerShell 7.3.6. In both cases its the Module MSCloudLoginAssistant of Version 1.0..117. Customizing the module to convert the access token to secure string will solve the issue. Microsoft365Dsc cannot be used for any automation pipelines at the moment due to this issue. |
|
Also experiencing this issue: Error: |
|
MSCloudLoginAssistant 1.0.119 will fix this. This is due to a new way of handling the AccessToken parameter as a SecureString in Graph SDK 2.0. |
|
Linking to #3527 |
|
I have the same issue when using Application Secrets Authentication: Export-M365DSCConfiguration -ApplicationId 26cXXXX -TenantId XXXX.onmicrosoft.com -ApplicationSecret 0oR8QXXXXX -Workloads @("intune") -Path c:\Export_Secret. will generate the cannot bind parameter 'AccessToken'At C:\Program Files\WindowsPowerShell\Modules\MSCloudLoginAssistant\1.0.118\Workloads\MicrosoftGraph.psm1:126 char:46
However, as a workaround you create a certificate and run the same command (using the same app reg & permissions) it will work: Export-M365DSCConfiguration -ApplicationId 26cXXX -TenantId XXX.onmicrosoft.com -CertificateThumbprint 19XXXX -Workloads @("intune") -Path c:\Export_Cert |
|
Update MSCloudLoginAssistant 1.0.119 did the trick for me. |
|
Even with MSCloudLoginAssistant 1.0.119 i'm still having this issue, both with an Application ID and with user credentials. New-Object : Cannot find type [MSCloudLoginConnectionProfile]: verify that the assembly containing this type is loaded.
1.23.809.1 Microsoft365DSC |
|
latest version (1.23.809.1) has now resolved this and i can successfully export using application secret. |
Details of the scenario you tried and the problem that is occurring
ISSUE DESCRIPTION:
My problem is that I try to connect to M365 with the following command
Export-M365DSCConfiguration -ApplicationID $cred[0] -TenantId ****.onmicrosoft.com -ApplicationSecret $cred[1] -Components @("AADConditionalAccessPolicy")and I receive the following error message (that means the program successfully retrieved an access token):Verbose logs showing the problem
Suggested solution to the issue
The DSC configuration that is used to reproduce the issue (as detailed as possible)
# insert configuration hereThe operating system the target node is running
OsName : Microsoft Windows 11 Enterprise
OsOperatingSystemSKU : EnterpriseEdition
OsArchitecture : 64-bit
WindowsVersion : 2009
WindowsBuildLabEx : 22621.1.amd64fre.ni_release.220506-1250
OsLanguage : de-DE
OsMuiLanguages : {de-DE, en-US}
Version of the DSC module that was used ('dev' if using current dev branch)
1.20.723.1
I tried PowerShell 5.1.22621.1778 and 7.3.5
The text was updated successfully, but these errors were encountered: