search

microsoft / EntraExporter

PowerShell module to export a local copy of an Entra (Azure AD) tenant configuration.
https://aka.ms/EntraExporter
MIT License
572 stars 92 forks source link

"Unexpected exception returned from MSAL" (Invoke-MgGraphRequest) when exporting DirectoryRoles #26

Closed LijuV-MSFT closed 1 year ago

LijuV-MSFT commented 2 years ago

The export steps work fine until it gets to some DirectoryRoles. I have run the Connect-AzureADExporter command, I am running as a Global Administrator, and the user does not need MFA?

image

In this run it is the Attribute Assignment Reader role.

Invoke-MgGraphRequest : Code: generalException
Message: Unexpected exception returned from MSAL.
At C:\Program Files\WindowsPowerShell\Modules\AzureADExporter\1.0.957478\internal\Invoke-Graph.ps1:116 char:48
+ ...  $results = Invoke-MgGraphRequest -Method GET -Uri $uriQueryEndpointF ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Invoke-MgGraphRequest], AuthenticationException
    + FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Authentication.Cmdlets.InvokeMgGraphRequest
PS C:\> $Error[0] | Select-Object *

writeErrorStream      : True
PSMessageDetails      :
Exception             : Microsoft.Graph.Auth.AuthenticationException: Code: generalException
                        Message: Unexpected exception returned from MSAL.
                         ---> Microsoft.Identity.Client.MsalUiRequiredException: AADSTS50196: The server terminated an
                        operation because it encountered a client request loop. Please contact your app vendor.
                        Trace ID: 4c78c73f-bb81-41f6-a2ba-7d0b2fd1a100
                        Correlation ID: aa47e6ed-c509-4025-a912-e486ee7d3029
                        Timestamp: 2022-07-22 14:11:17Z
                           at Microsoft.Identity.Client.OAuth2.OAuth2Client.ThrowServerException(HttpResponse
                        response, RequestContext requestContext)
                           at Microsoft.Identity.Client.OAuth2.OAuth2Client.CreateResponse[T](HttpResponse response,
                        RequestContext requestContext)
                           at Microsoft.Identity.Client.OAuth2.OAuth2Client.<ExecuteRequestAsync>d__11`1.MoveNext()
                        --- End of stack trace from previous location where exception was thrown ---
                           at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                           at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
                        task)
                           at Microsoft.Identity.Client.OAuth2.OAuth2Client.<GetTokenAsync>d__10.MoveNext()
                        --- End of stack trace from previous location where exception was thrown ---
                           at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                           at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
                        task)
                           at
                        Microsoft.Identity.Client.OAuth2.TokenClient.<SendHttpAndClearTelemetryAsync>d__8.MoveNext()
                        --- End of stack trace from previous location where exception was thrown ---
                           at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                           at
                        Microsoft.Identity.Client.OAuth2.TokenClient.<SendHttpAndClearTelemetryAsync>d__8.MoveNext()
                        --- End of stack trace from previous location where exception was thrown ---
                           at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                           at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
                        task)
                           at Microsoft.Identity.Client.OAuth2.TokenClient.<SendTokenRequestAsync>d__5.MoveNext()
                        --- End of stack trace from previous location where exception was thrown ---
                           at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                           at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
                        task)
                           at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<GetTokenResponseAsync>d__
                        11.MoveNext()
                        --- End of stack trace from previous location where exception was thrown ---
                           at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                           at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
                        task)
                           at
                        Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<ExecuteAsync>d__8.MoveNext()
                        --- End of stack trace from previous location where exception was thrown ---
                           at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                           at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
                        task)
                           at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__13.MoveNext()
                        --- End of stack trace from previous location where exception was thrown ---
                           at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                           at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
                        task)
                           at Microsoft.Identity.Client.ApiConfig.Executors.PublicClientExecutor.<ExecuteAsync>d__2.Mov
                        eNext()
                        --- End of stack trace from previous location where exception was thrown ---
                           at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                           at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
                        task)
                           at
                        Microsoft.Graph.Auth.InteractiveAuthenticationProvider.<GetNewAccessTokenAsync>d__18.MoveNext()
                           --- End of inner exception stack trace ---
                           at
                        Microsoft.Graph.Auth.InteractiveAuthenticationProvider.<GetNewAccessTokenAsync>d__18.MoveNext()
                        --- End of stack trace from previous location where exception was thrown ---
                           at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                           at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
                        task)
                           at Microsoft.Graph.Auth.InteractiveAuthenticationProvider.<AuthenticateRequestAsync>d__17.Mo
                        veNext()
                        --- End of stack trace from previous location where exception was thrown ---
                           at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                           at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
                        task)
                           at Microsoft.Graph.AuthenticationHandler.<SendAsync>d__16.MoveNext()
                        --- End of stack trace from previous location where exception was thrown ---
                           at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                           at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
                        task)
                           at Microsoft.Graph.PowerShell.Authentication.Cmdlets.InvokeMgGraphRequest.<GetResponseAsync>
                        d__105.MoveNext()
                        --- End of stack trace from previous location where exception was thrown ---
                           at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                           at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
                        task)
                           at Microsoft.Graph.PowerShell.Authentication.Cmdlets.InvokeMgGraphRequest.<ProcessRecordAsyn
                        c>d__120.MoveNext()
TargetObject          :
CategoryInfo          : NotSpecified: (:) [Invoke-MgGraphRequest], AuthenticationException
FullyQualifiedErrorId : Microsoft.Graph.PowerShell.Authentication.Cmdlets.InvokeMgGraphRequest
ErrorDetails          :
InvocationInfo        : System.Management.Automation.InvocationInfo
ScriptStackTrace      : at Invoke-Graph<Process>, C:\Program
                        Files\WindowsPowerShell\Modules\AzureADExporter\1.0.957478\internal\Invoke-Graph.ps1: line 116
                        at Export-AzureAD, C:\Program
                        Files\WindowsPowerShell\Modules\AzureADExporter\1.0.957478\Export-AzureAD.ps1: line 112
                        at Export-AzureAD, C:\Program
                        Files\WindowsPowerShell\Modules\AzureADExporter\1.0.957478\Export-AzureAD.ps1: line 140
                        at <ScriptBlock>, <No file>: line 1
PipelineIterationInfo : {0, 1}
merill commented 1 year ago

Can you please try with the new EntraExporter module and re-open this if you are still seeing an issue? Tx.