search

pnp / PnP-PowerShell

SharePoint PnP PowerShell CmdLets
https://pnp.github.io/powershell
Other
988 stars 662 forks source link

Unable to connect to spo to set o365 group logo from runbook w & w/o mfa enabled #2635

Open deanbot opened 4 years ago

deanbot commented 4 years ago

Reporting an Issue or Missing Feature

Issue

Expected behavior

Can apply o365 group logo via azure automation.

https://github.com/pnp/PnP-PowerShell/issues/1257 (@wobba) points to a user token requirement for setting a group logo due to a graph API limitation - instead of the usual app only approach for azure runbooks. The only other option presented is a site extension, but the hidden requirement there is that the admin visiting the site must be an o365 group owner which isn't always feasible.

Is Connect-PnPOnline with credentials possible from a runbook assuming MFA is required (seems to be the new default)?

Actual behavior

Exception Type: Microsoft.SharePoint.Client.IdcrlException
Error: The sign-in name or password does not match one in the Microsoft account system.

Steps to reproduce behavior

param(
  $Url
)
$ServiceAccountName = Get-AutomationVariable -Name 'ServiceAccountName'
$ServiceAccountPassword = Get-AutomationVariable -Name 'ServiceAccountPassword'

  # set up service account creds
  # then log in with scopes
  $SecurePWD = ConvertTo-SecureString $ServiceAccountPassword -AsPlainText -Force
  $Credentials = New-Object -TypeName System.Management.Automation.PSCredential `
    -ArgumentList $ServiceAccountName, $SecurePWD

  Write-Output "Connecting to SharePoint Online '$Url' with scopes using '$ServiceAccountName'"
  try {
    Connect-PnPOnline -Url $Url `
      -Credentials $Credentials `
      -Scopes "Group.ReadWrite.All", "User.Read.All"
    if ($? -ne 0 ) {
      Write-Output "[[ Connected Successfully ]]"

      # set logo here
    }
  } catch {
    Write-Output "Error connecting. Unable to apply logo."
    Write-Output "Exception Type: $($_.Exception.GetType().FullName)"
    Write-Output "Error: $($_.Exception.Message)"
  }

Which version of the PnP-PowerShell Cmdlets are you using?

What is the version of the Cmdlet module you are running?

3.19.2003.0

How did you install the PnP-PowerShell Cmdlets?

ghost commented 4 years ago

Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.

deanbot commented 4 years ago

When I try logging in with scopes from a runbook on a tenant which doesn't require MFA I get an System.EntryPointNotFoundException of Unable to find an entry point named 'GetPerAdapterInfo' in DLL 'iphlpapi.dll'

param(
  $Url
)
$ServiceAccountName = Get-AutomationVariable -Name 'ServiceAccountName'
$ServiceAccountPassword = Get-AutomationVariable -Name 'ServiceAccountPassword'

  # set up service account creds
  # then log in with scopes
  $SecurePWD = ConvertTo-SecureString $ServiceAccountPassword -AsPlainText -Force
  $Credentials = New-Object -TypeName System.Management.Automation.PSCredential `
    -ArgumentList $ServiceAccountName, $SecurePWD

try {
Connect-PnPOnline -Url $Url `
      -Credentials $Credentials `
      -Scopes "Group.ReadWrite.All", "User.Read.All"
} catch {
    Write-Output "Exception Type: $($_.Exception.GetType().FullName)"
    Write-Output "Error: $($_.Exception.Message)"
}
samculver commented 4 years ago

We were getting the same error yesterday in Runbook: "Unable to find an entry point named 'GetPerAdapterInfo' in DLL 'iphlpapi.dll'". One of our developers said he fixed it by downgrade SharePointPnPPowerShellOnline version to 3.19.2003.0

deanbot commented 4 years ago

@samculver, interesting. I'm already using that version on that automation account.

JanBehnicka commented 4 years ago

Exactly same problem in our runbook with Connect-PnPOnline cmdlet. I did a lot of testing with the PnP module versions, but no luck.

Billbrockbank commented 4 years ago

I am getting the same error when using a certificate in a Azure Automation runbook. the "pfx" is stored in the Azure Automation account there it is extracted in the runbook. I get the following error:

Connect-PnPOnline : Unable to find an entry point named 'GetPerAdapterInfo' in DLL 'iphlpapi.dll'.

The code was working previous build: 3.19.2003.0.

Note: in order to add a certificate in a Azure Automation it must be password protected. I am using the -CertificatePath and -CertificatePassword to connect

lrarbin commented 4 years ago

I'm getting the same error as Billbrockbank. Connect-PnPOnline : Unable to find an entry point named 'GetPerAdapterInfo' in DLL 'iphlpapi.dll'. If I rollback the Runbook to use 3.19.2003.0 using: https://www.powershellgallery.com/packages/SharePointPnPPowerShellOnline/3.19.2003.0 (Azure Automation deployment) It works fine. I'm following the method described in: https://mmsharepoint.wordpress.com/2018/12/19/modern-sharepoint-authentication-in-azure-automation-runbook-with-pnp-powershell/

BombPAC commented 4 years ago

I'm also getting the same error as Billbrockbank and Irarbin when trying to connect in an Azure Automation runbook using application ID and client secret - e.g.:

Connect-PnPOnline -Url $siteUrl -ClientId $Global:applicationID -Thumbprint $Global:applicationCertThumbprint -Tenant $Global:tenantDomain

Connect-PnPOnline -AppId $Global:applicationID -AppSecret $Global:applicationClientSecret -AADDomain $Global:tenantDomain

It's fine for me too when I roll back to 3.19.2003.0

benstegink commented 4 years ago

Myself and a client of mine just discovered the same issue with 3.20.2004.0. Trying to use Connect-PnPOnline within Azure Automation fails with the error Connect-PnPOnline : Unable to find an entry point named 'GetPerAdapterInfo' in DLL 'iphlpapi.dll'.

Billbrockbank commented 4 years ago

I just add the May version 3.21.2005.1 of SharePointPnPPowerShellOnline, I am still getting the same error: Connect-PnPOnline : Unable to find an entry point named 'GetPerAdapterInfo' in DLL 'iphlpapi.dll'. At line:26 char:5 + Connect-PnPOnline -Url $tenantRootURL -ClientId $clientID -Thumbp ... +

I did additional review of the PnP PorwerShell code. It looks like the error is in the new version of the Microsoft.Identity.Client changed in April, from version 1.0.304142221-alpha to 4.10.0. Investigating the history of the packages.config, I found it was updated in the "Updated MSAL references" commit.

I have concluded the error is due to the version of the iphlpapi.dll is missing in the Azure Automation image referenced in Microsoft.Identity.Client.dll, because I do not get the error from my desktop.

pkbullock commented 4 years ago

I have found reverting to the march release (3.19.2003.0) this also solves the problem, again not idea but works. I haven't found how to update Azure Automation to use the newer Microsoft.Identity.Client.

KoenZomers commented 4 years ago

There are some known authentication issues with the April and May releases of PnP PowerShell. These will be addressed with the June 2020 release of PnP PowerShell taking place on June 9th, 2020. Please try this again with the June 2020 release once its available and let us know if that indeed resolves it for you.

oobedan commented 4 years ago

Fixed for me with latest update 3.22.2006.1

KoenZomers commented 4 years ago

Seems like two issues are being mixed up here. The people who describe getting: Unable to find an entry point named 'GetPerAdapterInfo' in DLL 'iphlpapi.dll'"

with PnP PowerShell of April, May or June 2020, this issue is related to https://github.com/pnp/PnP-PowerShell/issues/2726 for which we're trying to identify a fix.

The issue described by the topic starter seems to be a different issue.

deanbot commented 4 years ago

@KoenZomers correct. The original issue was around setting an o365 group logo via azure automation. Simply, can it be done? All conversation thus far has been around the connect-PnpOnline issue which makes sense given the way I worded this issue.

KoenZomers commented 4 years ago

@KoenZomers correct. The original issue was around setting an o365 group logo via azure automation. Simply, can it be done? All conversation thus far has been around the connect-PnpOnline issue which makes sense given the way I worded this issue.

I've filed PR https://github.com/pnp/PnP-PowerShell/pull/2746 in which you can start using:

Connect-PnPOnline -Scopes "Group.ReadWrite.All","Sites.ReadWrite.All" -Credentials (New-Object System.Management.Automation.PSCredential ("johndoe@contoso.onmicrosoft.com", (ConvertTo-SecureString "password" -AsPlainText -Force)))

which creates a delegated permission access to Microsoft Graph which should then allow you to execute something like::

Set-PnPUnifiedGroup -Identity 492e9c09-d0d1-49db-a44a-6b2ba1586d39 -GroupLogoPath C:\logo.jpg

To set the logo of a Microsoft 365 Group. Note that it must at least be 48 pixels wide and at most can be 4 MB in size. It will update the group logo in AAD. It won't surface in the SharePoint Online site connected to the group. Not sure why, but seems by design.

KoenZomers commented 4 years ago

Edit: now, 24 hours later, it actually has copied the new Group logo to the SharePoint Site. So it does do that, it just takes a really long time before it becomes visible.

deanbot commented 4 years ago

Excellent @KoenZomers, this will give us more options. The ~ 24h wait is consistent with the graph endpoint as used via other means (i.e. Flow/Logic).

There's another SP api endpoint, _api/groupservice/SetGroupImage, that might get rid of the delay (you'd call both the graph endpoint and this).