search

grahamr975 / EWS-Office365-Contact-Sync

Uses Exchange Web Services to synchronize a Global Address List in Office 365 to a user's mailbox
MIT License
94 stars 21 forks source link

Error: Basic authentication is currently disabled in the client configuration. #60

Closed AdmiralNosnevets closed 1 year ago

AdmiralNosnevets commented 1 year ago

Good Afternoon,

First, thanks for the script, it is a lifesaver and much needed. I'm fairly new to scripting and have run into some issues. I am using the application method and have been able to follow the guide giving the app all the permissions needed. I am able to generate the pfx and cer files no problem. When i go to generate the export clixml it always generates an xml file. In your example batch file you show this as a .cred file not .xml. should i be generating a .cred? Do I just change the filename or is .xml correct? I have been using the .xml and have been getting an error no matter how many times I go through the instructions.

The WinRM client cannot process the request. Basic authentication is currently disabled in the client configuration. Change the client configuration and try the request again.

I am using the Modernauth flag. basic auth is disabled through gpo but since this is using cert and modern auth flag I figured that shouldn't matter.

Here is my anonymized batch.

@echo off cd "script directory"

PowerShell.exe -ExecutionPolicy Bypass ^ -File "C:\Users\jappleseed\OneDrive - apple\Documents\Projects\GAL Sync\EWSContactSync.ps1" ^ -CertificatePath "C:\Users\jappleseed\OneDrive - apple\Documents\Projects\GAL Sync\mycert.pfx" ^ -CertificatePasswordPath "C:\Users\jappleseed\OneDrive - apple\Documents\Projects\GAL Sync\SecureCertificatePassword.xml" ^ -ClientID "0d79f13d-anon-Hippopatamus" ^ -FolderName "C:\Users\jappleseed\OneDrive - apple\Documents\Projects\GAL Sync\CFILE" ^ -LogPath "C:\Users\jappleseed\OneDrive - apple\Documents\Projects\GAL Sync\Log" ^ -MailboxList JAppleseed@apple.com ^ -ExchangeOrg "apple.onmicrosoft.com" ^ -ModernAuth pause

Any Ideas?

grahamr975 commented 1 year ago

@AdmiralNosnevets

  1. Either .Cred or .XML is fine as long as your batch parameter matches the extension that you're using for the credential file.

  2. Exchange Powershell v2 requires client-side basic authentication on the host computer in order for WinRM to work. Don't worry -- OAuth is still used on the server-side. Can you please follow this tutorial to enable WinRM on your computer? Let me know how this works for you.

  3. The FolderName parameter needs to be just the name of the contacts folder that will be created in Exchange, such as "Company Contacts".

AdmiralNosnevets commented 1 year ago

@grahamr975 Thanks for the link, It got me going. I had seen it but since basic auth is going away I didn't use it. Our security guy is still noping the basic auth even if local. Does EXO V3 module provide any hope for going full certificate based? Once again thanks for the help!

grahamr975 commented 1 year ago

@AdmiralNosnevets

Microsoft is not depreciating WinRM. See the article here for more info on this. The script is already fully certificate-based & does not rely on any user credentials. You can try EXO V3 but you would need to make some tweaks within the script in order to use it. Sorry, but I don't have plans to upgrade the script to EXO V3 so I can't provide further direction on this.