search

grahamr975 / EWS-Office365-Contact-Sync

Uses Exchange Web Services to synchronize a Global Address List in Office 365 to a user's mailbox
MIT License
96 stars 21 forks source link

ERROR Failed to Sync-ContactList for test@company.nl A constructor was not found. Cannot find an appropriate constructor for type Microsoft.Exchange.WebServices.Data.OAuthCredentials. #24

Closed nickboon18 closed 1 year ago

nickboon18 commented 3 years ago

Hi,

I got this error ERROR Failed to Sync-ContactList for test@company.nl A constructor was not found. Cannot find an appropriate constructor for type Microsoft.Exchange.WebServices.Data.OAuthCredentials.

Can someone help me with this?

DLangenberg commented 3 years ago

I got the same issue, issue with modernauth.

if i disable modernauth it connects

!update!

It seems to be happening in:

$AADcredential = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserPasswordCredential" -ArgumentList $Credentials.UserName.ToString(), $Credentials.GetNetworkCredential().password.ToString() $token = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContextIntegratedAuthExtensions]::AcquireTokenAsync($Context,"https://outlook.office365.com",$ClientId,$AADcredential).result $service.Credentials = New-Object Microsoft.Exchange.WebServices.Data.OAuthCredentials($token.AccessToken)

I did notice that the exchange api is now missing in office 365, while this application is calling that api (outlook.office365.com) with guid d3590ed6-52b3-4102-aeff-aad2292ab01c

The strange thing is that negotiaite auth is still working, while i expect Microsoft to first end that type of authentication. before closing the exchange api and forcing us to Graph

grahamr975 commented 3 years ago

ModernAuth still works in my environment just fine (Exchange Online). Unfortunately, I don't have the resources or time to test in other environments. Can you confirm that you followed the new README instructions and manually unblocked the included .dll files?

I am thinking of redesigning this script in Graph API, but just don't currently have the time.

Noiden commented 3 years ago

I have the same issue.

ERROR Failed to Sync-ContactList for xxxxxx@xxxxxx.yyy Cannot convert argument "ctx", with value: "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext", for "AcquireTokenAsync" to type "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext": "Cannot convert the "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" value of type "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" to type "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext"."

The weird thing is that it worked fine a couple of days ago.

nldenic commented 2 years ago

Any update on this ?

Csarly commented 2 years ago

Hi Graham, first, thanks for providing your work and your efforts!

I do have the same issue, that login to EWS via ModernAuth is failing.

Yes, I have read redme and unblocked the DLLs and exported the credentials of the service account to a xml. the svc has got ApplicationImpersonation in Exchange.

I ran: .\EWSContactSync.ps1 -FolderName 'testsync' -LogPath 'C:\temp\EWS-Office365-Contact-Sync' -MailboxList 'mailbox1@my.domain' -ClientID 'my-Azure-EWS-App-ID' -ModernAuth -ExcludeContactsWithoutPhoneNumber -ExcludeSharedMailboxContacts -CredentialPath "C:\temp\svc-acc.xml"

The first error I got was: Failed to Sync-ContactList for mailbox1@my.domain No constructor found. No suitable constructor can be found for the Microsoft.Exchange.WebServices.Data.OAuthCredentials type. As I said, DLLs are unblocked.

I did some research and found this line in Connect-EXCExchange.ps1: 104: $service.Credentials = New-Object Microsoft.Exchange.WebServices.Data.OAuthCredentials($token.AccessToken) I changed it to: 104: $service.Credentials = [Microsoft.Exchange.WebServices.Data.OAuthCredentials]$token.AccessToken It was just a try, as I found this way in another script.

Then the error turned into: ERROR Failed to Sync-ContactList for mailbox1@my.domain Exception when calling "AutodiscoverUrl" with 2 argument(s): "Credentials are required to make a service request."

So this didn't work out. I hope this helps in some way, and I hope you have a suggestions for me, what I can still try..?

Btw., you are checking for EWS dll files this way: $EWSDLL = (($(Get-ItemProperty -ErrorAction SilentlyContinue -Path Registry::$(Get-ChildItem -ErrorAction SilentlyContinue -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Web Services'|Sort-Object Name -Descending| Select-Object -First 1 -ExpandProperty Name)).'Install Directory') + "Microsoft.Exchange.WebServices.dll")

This doesn't return a path, if you have installed the EWS API via "Install-Package Exchange.WebServices.Managed.Api -Version 2.2.1.2". This way it does: $EWSDLL = (Get-ChildItem -Path "$(split-path $((Get-Package -Name 'Exchange.WebServices.Managed.Api').Source) -Parent)\Microsoft.Exchange.WebServices.dll" -Recurse).FullName Just for your information and for a future version. :)

Cheers, Csarly

grahamr975 commented 2 years ago

@Csarly Can you try to bypass MFA via trusting the IP of the server you're running the script on, per the guide below? Let me know.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-adfs#trusted-ips-for-federated-users

Csarly commented 2 years ago

Hi @grahamr975 , I was trying to use the script with cloud only users and mailboxes. The admin account with ApplicationImpersonation permission in Exchange is not activated for MFA. I was running the script from my notebook and desktop pc. Was it intended to run on a on-premises member server? Thanks, regards, Csarly

Csarly commented 2 years ago

Hi @grahamr975 , I just discovered it was a layer8 issue ( me ;) ). In the azure application, in the authentication screen, Advanced settings -> Allow public client flows -> Enable the following mobile and desktop flows -> needs to be YES !

This wasn't mentioned here: https://www.m365tech.nl/2020/08/unattended-powershell-scripts-using-modern-authentication-with-exchange-online/

Thanks Ryan!

nldenic commented 2 years ago

Hi @grahamr975 , I just discovered it was a layer8 issue ( me ;) ). In the azure application, in the authentication screen, Advanced settings -> Allow public client flows -> Enable the following mobile and desktop flows -> needs to be YES !

This wasn't mentioned here: https://www.m365tech.nl/2020/08/unattended-powershell-scripts-using-modern-authentication-with-exchange-online/

Thanks Ryan!

Can you maybe write an little manual how to get it work with api connection?

For now its working for me onprem. But i want to deactivade basic auth. So want to use also the api connection.

How did you write your ps1 script can you share it?

Csarly commented 2 years ago

hi @nldenic , I'm new to GitHub, I am trying to find my way around to provide you with my version... Thanks for your patience.

grahamr975 commented 1 year ago

Hello all,

I just wrote up a guide on how to apply certificate-based authentication to the script, which should resolve this error. See commit 9fcfe1f06192848882564615dd9aa05e71d69970.