Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sharepoint will be omitted from the output because of failed authentication #1407

Open
lexpr0 opened this issue Nov 7, 2024 · 8 comments
Open
Labels
bug This issue or pull request addresses broken functionality public-reported This issue is reported by the public users of the tool.

Comments

@lexpr0
Copy link

lexpr0 commented Nov 7, 2024

After creating a new tenant to test Scuba, I run the command:

Invoke-SCuBA -ProductNames aad, defender, exo, powerplatform, sharepoint, teams

After loging in as a user with the permissions set as desribed (but also as the global admin) all tests run fine, except for Sharepoint. I receive the error: "sharepoint will be omitted from the output because of failed authentication"

To reproduce

Steps to reproduce the behavior:

  1. Create a new tenant, set the permissions as described.
  2. Run Invoke-SCuBA
  3. use the created user (with the permissions as described) of tenant admin.

Expected behavior

I expect the Sharepoint test to run like the other tests.

Any helpful log output or screenshots

Connect-Tenant : Error establishing a connection with sharepoint. Could not connect to SharePoint Online.
At C:\Program Files\WindowsPowerShell\Modules\ScubaGear\1.3.0\Modules\Orchestrator.psm1:1187 char:26

  •     $AnyFailedAuth = Connect-Tenant @ConnectTenantParams
    
  •                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    • CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
    • FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Connect-Tenant

($PSVersionTable).PsVersion
Major Minor Build Revision


5 1 22621 4391

(Get-Module -ListAvailable -Name Microsoft.Online.SharePoint.PowerShell).Version
Major Minor Build Revision


16 0 24810 12000

The users has the Sharepoint administrator role, the other account is global admin, but both give the same result.

@buidav buidav added the public-reported This issue is reported by the public users of the tool. label Nov 7, 2024
@buidav
Copy link
Collaborator

buidav commented Nov 7, 2024

Could you try this command in a PowerShell terminal, try signing in with the same user, and see if the authentication succeeds?

Connect-SPOService -Url https://REPLACEWITHYOURTENANTNAME-admin.sharepoint.com -ModernAuth $true -AuthenticationUrl https://login.microsoftonline.com/organizations

May be related to a ADFS claim rule blocking legacy auth

@lexpr0
Copy link
Author

lexpr0 commented Nov 8, 2024

The command seems to work, I am not receiving any errors.

@albert-widjaja
Copy link

@buidav ,

Thank you for the update, the issue persists when inserting the suggested line as follows:

# Install ScubaGear
Install-Module -Name ScubaGear
# Install the minimum required dependencies
Connect-SPOService -Url https://CorporateName-admin.sharepoint.com -ModernAuth $true -AuthenticationUrl https://login.microsoftonline.com/organizations
Initialize-SCuBA
# Check the version
Invoke-SCuBA -Version
# Assess all products
Invoke-SCuBA -ProductNames *

The error is still the same:
Image

@buidav buidav added the bug This issue or pull request addresses broken functionality label Nov 11, 2024
@buidav
Copy link
Collaborator

buidav commented Nov 11, 2024

The command seems to work, I am not receiving any errors.
@lexpr0

Thanks! We'll include the fix in a future release.

In the meantime, to bypass the error, running ScubaGear with service principal auth will bypass the error.

@buidav
Copy link
Collaborator

buidav commented Nov 11, 2024

Thank you for the update, the issue persists when inserting the suggested line as follows:

@albert-widjaja
This is a different error, but with the Graph PowerShell module dependency rather than SharePoint module.
Could you try running Initialize-SCuBA again and updating to Graph PowerShell v2.24.0 ?

@lexpr0
Copy link
Author

lexpr0 commented Nov 12, 2024

The command seems to work, I am not receiving any errors.
@lexpr0

Thanks! We'll include the fix in a future release.

In the meantime, to bypass the error, running ScubaGear with service principal auth will bypass the error.

I am trying to integratie your fix, adding the paramters:
'Url'= "https://$($InitialDomainPrefix)-admin.sharepoint.com";
'ModernAuth'= $true;
'AuthenticationUrl'= "https://login.microsoftonline.com/organizations";
}

However I get some simalar as albber-widjaja:
Connect-Tenant : Error establishing a connection with sharepoint. Could not connect to SharePoint Online.
At C:\Program Files\WindowsPowerShell\Modules\ScubaGear\1.3.0\Modules\Orchestrator.psm1:1187 char:26

  •     $AnyFailedAuth = Connect-Tenant @ConnectTenantParams
    
  •                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    • CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
    • FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Connect-Tenant

I have tried Initialize-SCuBA but without succes.

@buidav
Copy link
Collaborator

buidav commented Nov 14, 2024

However I get some simalar as albber-widjaja: Connect-Tenant : Error establishing a connection with sharepoint. Could not connect to SharePoint Online. At C:\Program Files\WindowsPowerShell\Modules\ScubaGear\1.3.0\Modules\Orchestrator.psm1:1187 char:26

  • FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Connect-Tenant

I have tried Initialize-SCuBA but without succes.

So the error doesn't appear when running this command by itself but it appears when you're trying to include the parameters within ScubaGear?

Connect-SPOService -Url https://REPLACEWITHYOURTENANTNAME-admin.sharepoint.com -ModernAuth $true -AuthenticationUrl https://login.microsoftonline.com/organizations

@lexpr0
Copy link
Author

lexpr0 commented Nov 20, 2024

Correct, I have added the parameter as follows:

` {($_ -eq "commercial") -or ($_ -eq "gcc")} {

                           $SPOParams += @{

                               'Url'= "https://$($InitialDomainPrefix)-admin.sharepoint.com";

			   'ModernAuth'=  $true;

			   'AuthenticationUrl'=  "https://login.microsoftonline.com/organizations";`

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug This issue or pull request addresses broken functionality public-reported This issue is reported by the public users of the tool.
Projects
None yet
Development

No branches or pull requests

3 participants