Multiple DL Migration Errors

[sdinney]

I am able to successfully migrate DLs one at a time. However, when trying to migrate using the Start-MultipleDistributionListMigration commandlet, I'm getting an error connecting to Exchange Online. I am not using certificates to connect to Exchange, only Graph. I'm not seeing anything specific in the logs that I can troubleshoot. I get to the point where the Thread folders are created and the log for each DL is created. It looks to be failing at the following spot in the logs:

[2/27/2024 3:06:48 PM] - **** [2/27/2024 3:06:48 PM] - **** [2/27/2024 3:06:48 PM] - BEGIN NEW-EXCHANGEONLINEPOWERSHELLSESSION [2/27/2024 3:06:48 PM] - **** [2/27/2024 3:06:48 PM] - ExchangeOnlineCredentialsUserName = [2/27/2024 3:06:48 PM] - Is certificate auth = False [2/27/2024 3:06:48 PM] - ExchangeOnlineCommandPrefix = O365 [2/27/2024 3:06:48 PM] - Creating the exchange online powershell session. An error occurred while sending the request. At C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\3.4.0\netFramework\ExchangeOnlineManagement.psm1:762 char:21

• throw $_.Exception.InnerException;

• 
  + CategoryInfo          : OperationStopped: (:) [], HttpRequestException
  + FullyQualifiedErrorId : An error occurred while sending the request.

[2/27/2024 3:06:49 PM] - ****

I use the same stored credentials for both the single move script and multiple move script, so I'm pretty sure that it's not a credential / permissions issue.

Attached is a redacted log file from one of the failures. Let me know if you need any additional information.

Thanks! Simon dl-dlmtestchild1.log

[sdinney]

I ended up figuring out that this issue was due to the TLS settings on my server. I was starting PS session using the following parameters to ensure that the session was using strong SCH crypto:

$TLS12Protocol = [System.Net.SecurityProtocolType] 'Ssl3 , Tls12' [System.Net.ServicePointManager]::SecurityProtocol = $TLS12Protocol

and this worked for single migrations. However once I started using the multiple migration script, each session (job) was not using the strong SCH crypto settings in the original session. I tried updating the $profile file, as well as setting the .net default settings in the registry. Neither seemed to work. I ended up modifying the New-ExchangeOnlinePowershellSession.ps1 file in the C:\Program Files\WindowsPowerShell\Modules\DLConversionV2\2.9.8.26 folder, to include the two lines of code above. This seems to have at least got past the error when connecting to ExO. now on to testing multiple migrations.

Thanks! Simon

[timmcmic]

Can you submit your change on git hub or send the specifics here. You're not the only one that's seen this and the error is cryptic at best.

I'd love to include it.

Tim

From: sdinney @.> Sent: Thursday, March 7, 2024 10:06 AM To: timmcmic/DLConversionV2 @.> Cc: Subscribed @.***> Subject: Re: [timmcmic/DLConversionV2] Multiple DL Migration Errors (Issue #158)

I ended up figuring out that this issue was due to the TLS settings on my server. I was starting PS session using the following parameters to ensure that the session was using strong SCH crypto:

$TLS12Protocol = [System.Net.SecurityProtocolType] 'Ssl3 , Tls12' [System.Net.ServicePointManager]::SecurityProtocol = $TLS12Protocol

and this worked for single migrations. However once I started using the multiple migration script, each session (job) was not using the strong SCH crypto settings in the original session. I tried updating the $profile file, as well as setting the .net default settings in the registry. Neither seemed to work. I ended up modifying the New-ExchangeOnlinePowershellSession.ps1 file in the C:\Program Files\WindowsPowerShell\Modules\DLConversionV2\2.9.8.26 folder, to include the two lines of code above. This seems to have at least got past the error when connecting to ExO. now on to testing multiple migrations.

Thanks! Simon

- Reply to this email directly, view it on GitHubhttps://github.com/timmcmic/DLConversionV2/issues/158#issuecomment-1983705911, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AKGTN6MTW5L6R7DCPMVHERTYXB67DAVCNFSM6AAAAABD4ZBBK6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSOBTG4YDKOJRGE. You are receiving this because you are subscribed to this thread.Message ID: @.**@.>>

[sdinney]

Hi Tim.

Thanks for getting back to me. I was actually able to make a change to the registry settings, this morning, that fixed this issue without the need to modify your code. The reference site that I used was https://www.inflectra.com/Support/KnowledgeBase/KB510.aspx

and I made the following registry changes:

HKLM\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319\SchUseStrongCrypto: 0X00000001 and HKLM\SOFTWARE\Microsoft.NETFramework\v4.0.30319\SchUseStrongCrypto: 0X00000001

both are DWord values and I didn't require a reboot.

Simon

[timmcmic]

Right...but you're not alone in running into this. The registry keys are pretty much best practices at this point for a variety of reasons and code issues. I'm thinking of including these lines anyway to help ensure better reliability.

Might be a way to programmatically try it too.

From: sdinney @.> Sent: Thursday, March 7, 2024 10:36 AM To: timmcmic/DLConversionV2 @.> Cc: Tim McMichael @.>; Comment @.> Subject: Re: [timmcmic/DLConversionV2] Multiple DL Migration Errors (Issue #158)

Hi Tim.

Thanks for getting back to me. I was actually able to make a change to the registry settings, this morning, that fixed this issue without the need to modify your code. The reference site that I used was https://www.inflectra.com/Support/KnowledgeBase/KB510.aspx

and I made the following registry changes:

HKLM\SOFTWARE\WOW6432Node\Microsoft.NETFramework\v4.0.30319\SchUseStrongCrypto: 0X00000001 and HKLM\SOFTWARE\Microsoft.NETFramework\v4.0.30319\SchUseStrongCrypto: 0X00000001

both are DWord values and I didn't require a reboot.

Simon

- Reply to this email directly, view it on GitHubhttps://github.com/timmcmic/DLConversionV2/issues/158#issuecomment-1983775302, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AKGTN6O3QNWGR5M4TCH64ODYXCCMNAVCNFSM6AAAAABD4ZBBK6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSOBTG43TKMZQGI. You are receiving this because you commented.Message ID: @.**@.>>