Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problems with Authenticating with AppID and Certificate when deploying localhost.mof #4364

Closed
lrarbin opened this issue Feb 23, 2024 · 4 comments
Closed

Problems with Authenticating with AppID and Certificate when deploying localhost.mof #4364

lrarbin opened this issue Feb 23, 2024 · 4 comments
Labels
Authentication Teams

Comments

@lrarbin
Copy link

lrarbin commented Feb 23, 2024

Description of the issue

I keep having issues with authentication, this is just the latest problem I've been having.
I can run 'Export-M365DSCConfiguration' with a certificate and thumbprint.
I can also then generate the localhost.mof
I get the error:

PowerShell DSC resource MSFT_TeamsAudioConferencingPolicy  failed to execute Test-TargetResource functionality with
error message: Cannot bind parameter 'Certificate'. Cannot convert value "CERTIFICATETHUMBPRINT" to
type "Microsoft.TeamsCmdlets.Powershell.Connect.Utilities.CertificateParameter". Error: "Certificate not found:
CERTIFICATETHUMBPRINT"

When deploying the localhost.mof the error will repeat for each Resource item.
I have tried removing all the PowerShell Module, including the 'Microsoft365DSC' module and the re-installing with 'Update-M365DSCDependencies' and clearing things up with 'Uninstall-M365DSCOutdatedDependencies'.

I have the certificate in both computer and personal stores, as I wasn't sure if this was the issue.
I'd be greatful of any assistance.
Thanks

Microsoft 365 DSC Version

1.24.221.1

Which workloads are affected

Teams

The DSC configuration

Configuration MY_DSC
{
    param (
    )

    $OrganizationName = $ConfigurationData.NonNodeData.OrganizationName

    Import-DscResource -ModuleName 'Microsoft365DSC' -ModuleVersion '1.24.221.1'

    Node localhost
    {
        TeamsAudioConferencingPolicy "TeamsAudioConferencingPolicy-Global"
        {
            AllowTollFreeDialin       = $True;
            ApplicationId             = $ConfigurationData.NonNodeData.ApplicationId;
            CertificateThumbprint     = $ConfigurationData.NonNodeData.CertificateThumbprint;
            Ensure                    = "Present";
            Identity                  = "Global";
            MeetingInvitePhoneNumbers = @();
            TenantId                  = $OrganizationName;
        }
        TeamsCallHoldPolicy "TeamsCallHoldPolicy-Global"
        {
            ApplicationId         = $ConfigurationData.NonNodeData.ApplicationId;
            CertificateThumbprint = $ConfigurationData.NonNodeData.CertificateThumbprint;
            Ensure                = "Present";
            Identity              = "Global";
            TenantId              = $OrganizationName;
        }
}
}
MY_DSC -ConfigurationData .\ConfigurationData.psd1

@{
    AllNodes = @(
        @{
            NodeName                    = "localhost"
            PSDscAllowPlainTextPassword = $true;
            PSDscAllowDomainUser        = $true;
            #region Parameters
            # Default Value Used to Ensure a Configuration Data File is Generated
            ServerNumber = "0"

        }
    )
    NonNodeData = @(
        @{
            # Azure AD Application Id for Authentication
            ApplicationId = "MY_APP_ID"

            # The Id or Name of the tenant to authenticate against
            TenantId = "my.onmicrosoft.com"

            # API Token for the Teams SDN Provider for Meeting Broadcast
            SdnApiToken = "**********"

            # Thumbprint of the certificate to use for authentication
            CertificateThumbprint = "CERTIFICATETHUMBPRINT"

            # Tenant's default verified domain name
            OrganizationName = "my.onmicrosoft.com"

        }
    )
}

Verbose logs showing the problem

VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' =
SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' =
root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer DSC_SERVER with user sid
S-1-5-21-21957344-1260221052-1159422225-44743.
VERBOSE: [E2R2S02ISPT0002]: LCM:  [ Start  Set      ]
VERBOSE: [E2R2S02ISPT0002]: LCM:  [ Start  Resource ]
[[TeamsAudioConferencingPolicy]TeamsAudioConferencingPolicy-Global]
VERBOSE: [E2R2S02ISPT0002]: LCM:  [ Start  Test     ]
[[TeamsAudioConferencingPolicy]TeamsAudioConferencingPolicy-Global]
VERBOSE: [E2R2S02ISPT0002]:
[[TeamsAudioConferencingPolicy]TeamsAudioConferencingPolicy-Global] Testing configuration of {Global}
VERBOSE: [E2R2S02ISPT0002]: LCM:  [ End    Test     ]
[[TeamsAudioConferencingPolicy]TeamsAudioConferencingPolicy-Global]  in 8.8900 seconds.
PowerShell DSC resource MSFT_TeamsAudioConferencingPolicy  failed to execute Test-TargetResource functionality with
error message: Cannot bind parameter 'Certificate'. Cannot convert value "CERTIFICATETHUMBPRINT" to
type "Microsoft.TeamsCmdlets.Powershell.Connect.Utilities.CertificateParameter". Error: "Certificate not found:
CERTIFICATETHUMBPRINT"
    + CategoryInfo          : InvalidOperation: (:) [], CimException
    + FullyQualifiedErrorId : ProviderOperationExecutionFailure
    + PSComputerName        : localhost

Environment Information + PowerShell Version

OsName               : Microsoft Windows Server 2019 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture       : 64-bit
WindowsVersion       : 1809
WindowsBuildLabEx    : 17763.1.amd64fre.rs5_release.180914-1434
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Key   : PSVersion
Value : 5.1.17763.5458
Name  : PSVersion

Key   : PSEdition
Value : Desktop
Name  : PSEdition

Key   : PSCompatibleVersions
Value : {1.0, 2.0, 3.0, 4.0...}
Name  : PSCompatibleVersions

Key   : BuildVersion
Value : 10.0.17763.5458
Name  : BuildVersion

Key   : CLRVersion
Value : 4.0.30319.42000
Name  : CLRVersion

Key   : WSManStackVersion
Value : 3.0
Name  : WSManStackVersion

Key   : PSRemotingProtocolVersion
Value : 2.3
Name  : PSRemotingProtocolVersion

Key   : SerializationVersion
Value : 1.1.0.1
Name  : SerializationVersion

Name                           Value                                                                                                                                                                                                                             
----                           -----                                                                                                                                                                                                                             
PSVersion                      5.1.17763.5458                                                                                                                                                                                                                    
PSEdition                      Desktop                                                                                                                                                                                                                           
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                                                                                                                                                                                                           
BuildVersion                   10.0.17763.5458                                                                                                                                                                                                                   
CLRVersion                     4.0.30319.42000                                                                                                                                                                                                                   
WSManStackVersion              3.0                                                                                                                                                                                                                               
PSRemotingProtocolVersion      2.3                                                                                                                                                                                                                               
SerializationVersion           1.1.0.1
@ricmestre
Copy link
Contributor

For deployments the certificates must be stored in LocalMachine, not the User's store.

@andikrueger
Copy link
Collaborator

Looks like this is a further issue in this list of team’s resources and certificate authentication: #4018 , #4258,…

@ricmestre
Copy link
Contributor

@andikrueger This is definetely not the same type of issue I encountered, in this case it's just complaining the certificate it's not there so if it works while exporting it just means the cert is missing from LocalMachine store.

@lrarbin
Copy link
Author

lrarbin commented Feb 27, 2024

For deployments the certificates must be stored in LocalMachine, not the User's store.

Thanks for this. I double checked the certificate and the one in LocalMachine was wrong/out of date. Re-importing the correct certificate solved the issue. Thanks for the help. I must have been suffering from Friday-itus!

@lrarbin lrarbin closed this as completed Feb 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Authentication Teams
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lrarbin @andikrueger @ricmestre