pnp / PnP-PowerShell

SharePoint PnP PowerShell CmdLets
https://pnp.github.io/powershell
Other
990 stars 662 forks source link

Apply-PnPTenantTemplate throws an error #2214

Open Nathaire opened 5 years ago

Nathaire commented 5 years ago

Notice: many issues / bugs reported are actually related to the PnP Core Library which is used behind the scenes. Consider carefully where to report an issue:

Reporting an Issue or Missing Feature

Apply-PnPTenantTemplate doesn't work on a customer tenant. Tried locally and with Azure Runbook, errors are always thrown.

Expected behavior

The Teams should be provisioned successfully without any error.

Actual behavior

When calling the PnP method from the Azure Runbook or locally, I get the following error:

Exception while invoking endpoint 
https://login.microsoftonline.com/{guid}/oauth2/token

Steps to reproduce behavior

Which version of the PnP-PowerShell Cmdlets are you using?

What is the version of the Cmdlet module you are running?

latest 3.12.1908.1

How did you install the PnP-PowerShell Cmdlets?

ghost commented 5 years ago

Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.

Nathaire commented 5 years ago

I just find a difference between my dev tenant and our customer tenant.

On my tenant, looking into Azure AD -> Enterprise Applications -> PnP.PowerShell -> Permissions, I see that: image

Looking into our customer tenant, I see this: image

I've dig a little bit more and executing Get-SPException after the error, I get the following StackTrace:

Message          : Exception while invoking endpoint https://login.microsoftonline.com/{tenantId}/oauth2/token.
Stacktrace       :    at OfficeDevPnP.Core.Utilities.HttpHelper.MakeHttpRequest[TResult](String httpMethod, String requestUrl, HttpResponseHeaders&
responseHeaders, String accessToken, String accept, Object content, String contentType, String referer, Func`2 resultPredicate)
   at OfficeDevPnP.Core.Utilities.HttpHelper.MakePostRequestForString(String requestUrl, Object content, String contentType, String
accessToken)
   at SharePointPnP.PowerShell.Commands.Base.TokenHandler.AcquireToken(String resource, String scope)
   at SharePointPnP.PowerShell.Commands.Provisioning.Tenant.ApplyTenantTemplate.<>c__DisplayClass18_0.<ExecuteCmdlet>b__4(String
resource, String scope)
   at OfficeDevPnP.Core.Framework.Provisioning.ObjectHandlers.PnPProvisioningContext.AcquireToken(String resource, String scope)
   at OfficeDevPnP.Core.Framework.Provisioning.ObjectHandlers.ObjectTeams.ProvisionObjects(Tenant tenant, ProvisioningHierarchy 
hierarchy, String sequenceId, TokenParser parser, ProvisioningTemplateApplyingInformation applyingInformation)
   at OfficeDevPnP.Core.Framework.Provisioning.ObjectHandlers.SiteToTemplateConversion.ApplyProvisioningHierarchy(Tenant tenant, 
ProvisioningHierarchy hierarchy, String sequenceId, ProvisioningTemplateApplyingInformation provisioningInfo)
   at SharePointPnP.PowerShell.Commands.Provisioning.Tenant.ApplyTenantTemplate.ExecuteCmdlet()
   at SharePointPnP.PowerShell.Commands.PnPCmdlet.ProcessRecord()

Looking then in PnP Core, ObjectTeams.cs (at https://github.com/SharePoint/PnP-Sites-Core/blob/master/Core/OfficeDevPnP.Core/Framework/Provisioning/ObjectHandlers/ObjectTeams.cs), I can find this image

So it seems a new token want to be retrieved with scope Group.ReadWrite.All but this one is not present in the App Permissions (only on our customer tenant)

Nathaire commented 5 years ago

Is there any update on this issue ?

PaoloPia commented 5 years ago

Hi @Nathaire, Have you managed to reconfigure the PnP.PowerShell permissions? If not, you should try to remove the enterprise app from the failing AAD tenant and then execute:

Connect-PnPOnline -Url https://contoso.sharepoint.com -PnPO365ManagementShell

It will register the app again. Please let us know if it will fix the issue. Thanks.

Nathaire commented 5 years ago

Thanks @PaoloPia No we didn't solve our issue and have actually implemented a workaround using the Teams module. I'll try your proposal tomorrow to see what happens.

Nathaire commented 5 years ago

Hi @PaoloPia Done one our client test system. Now PnP.Powershell is not listed in the Enterprise App in Azure AD anymore.

I've tried executing Apply-PnPTenantTemplate -Path .\Test.pnp.xml.txt and get a 401 error

PS C:\Temp> Apply-PnPTenantTemplate -Path .\Test.pnp.xml.txt
Apply-PnPTenantTemplate : The remote server returned an error: (401) Unauthorized.
At line:1 char:1
+ Apply-PnPTenantTemplate -Path .\Test.pnp.xml.txt
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Apply-PnPTenantTemplate], WebException
    + FullyQualifiedErrorId : System.Net.WebException,SharePointPnP.PowerShell.Commands.Provisioning.Tenant.ApplyTenantTemplate

PS C:\Temp> Get-PnPException

Message          : The remote server returned an error: (401) Unauthorized.
Stacktrace       :    at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
                      at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction,
                   Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
                   --- End of stack trace from previous location where exception was thrown ---
                      at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                      at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
                      at Microsoft.SharePoint.Client.SPWebRequestExecutor.<ExecuteAsync>d__0.MoveNext()
                   --- End of stack trace from previous location where exception was thrown ---
                      at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                      at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
                      at Microsoft.SharePoint.Client.ClientContext.<GetFormDigestInfoPrivateAsync>d__b.MoveNext()
                   --- End of stack trace from previous location where exception was thrown ---
                      at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                      at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
                      at Microsoft.SharePoint.Client.ClientContext.<EnsureFormDigestAsync>d__8.MoveNext()
                   --- End of stack trace from previous location where exception was thrown ---
                      at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                      at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
                      at Microsoft.SharePoint.Client.ClientContext.<ExecuteQueryAsync>d__4.MoveNext()
                   --- End of stack trace from previous location where exception was thrown ---
                      at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                      at
                   Microsoft.SharePoint.Client.ClientContextExtensions.<ExecuteQueryImplementation>d__7.MoveNext()
                   --- End of stack trace from previous location where exception was thrown ---
                      at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                      at
                   Microsoft.SharePoint.Client.ClientContextExtensions.<ExecuteQueryImplementation>d__7.MoveNext()
                   --- End of stack trace from previous location where exception was thrown ---
                      at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
                      at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
                      at Microsoft.SharePoint.Client.ClientContextExtensions.ExecuteQueryRetry(ClientRuntimeContext
                   clientContext, Int32 retryCount, Int32 delay, String userAgent)
                      at SharePointPnP.PowerShell.Commands.Base.SPOnlineConnection.CloneContext(String url)
                      at SharePointPnP.PowerShell.Commands.Base.PnPAdminCmdlet.BeginProcessing()
                      at System.Management.Automation.Cmdlet.DoBeginProcessing()
                      at System.Management.Automation.CommandProcessorBase.DoBegin()
DanielSanIT commented 4 years ago

Hello. Is there any update on this issue? I'm running into the same issue. I'm trying to do first example from this Community demo , but catching the "Exception while invoking endpoint".

CreativeAcer commented 4 years ago

First run a command such as this one: Connect-PnPOnline -Scopes "Group.ReadWrite.All","User.Read.All" Scopes depending on what you are trying to do, in my case provisioning a MS Teams Team This will give you a popup asking for consent, after this i was able to execute the Apply-PnPTenantTemplate -Path "TeamSchema.xml" succesfully In a new Connection with SharePoint context offcourse