Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue in Authenticating to SharePoint Online site using PnP PowerShell #1566

Closed
arjunumenon opened this issue May 15, 2018 · 5 comments

Comments

@arjunumenon
Copy link

@arjunumenon arjunumenon commented May 15, 2018

###Notice: many issues / bugs reported are actually related to the PnP Core Library which is used behind the scenes. Consider carefully where to report an issue:###

  1. Are you using Apply-SPOProvisioningTemplate or Get-SPOProvisioningTemplate? The issue is most likely related to the Provisioning Engine. The Provisioning engine is not located in the PowerShell repo. Please report the issue here: https://github.com/officedev/PnP-Sites-Core/issues.
  2. Is the issue related to the cmdlet itself, its parameters, the syntax, or do you suspect it is the code of the cmdlet that is causing the issue? Then please continue reporting the issue in this repo.
  3. If you think that the functionality might be related to the underlying libraries that the cmdlet is calling (We realize that that might be difficult to determine), please first double check the code of the cmdlet, which can be found here: https://github.com/OfficeDev/PnP-PowerShell/tree/master/Commands. If related to the cmdlet, continue reporting the issue here, otherwise report the issue at https://github.com/officedev/PnP-Sites-Core/issues

Reporting an Issue or Missing Feature

Issue in authenticating to the SharePoint Site

Expected behavior

We are a tenant which uses Multi-factor authentication and PnP PowerShell Authentication used to be working as expected 3 weeks back. Now, we are having an issue and the error is

Connect-PnPOnline : The underlying connection was closed: An unexpected error occurred on a send.

We are using PnP PowerShell in unattended mode and now the complete process is in stand still mode. When we use the code, Connect-PnPOnline –Url https://oursite.sharepoint.com/ -UseWebLogin it works as expected. But in our case, we cannot rely on that since we need have our packages executed in unattended mode.

Actual behavior

We should get the PnP PowerShell Module connected to SharePoint Site

Steps to reproduce behavior

when we execute Connect-PnPOnline –Url https://oursite.sharepoint.com/subsite1 –Credentials (Get-Credential) we are getting the error,

Connect-PnPOnline : The underlying connection was closed: An unexpected error occurred on a send.

Which version of the PnP-PowerShell Cmdlets are you using?

  • PnP PowerShell for SharePoint Online

What is the version of the Cmdlet module you are running?

(you can retrieve this by executing Get-Module -Name *pnppowershell* -ListAvailable)
ModuleType Version Name


Binary 2.26.18... SharePointPnPPowerShellOnline

How did you install the PnP-PowerShell Cmdlets?

  • MSI Installed downloaded from GitHub
@erwinvanhunen

This comment has been minimized.

Copy link
Contributor

@erwinvanhunen erwinvanhunen commented May 15, 2018

The only way around this is by using an app only approach. E.g. create either on SharePoint or Azure AD an app-only id and secret or certificate and use that to authenticate. Alternatively create a service account which does not require multi-factor authentication, but from a security standpoint this is maybe not the right approach.

We have not changed the connection approaches behind the scenes in PnP PowerShell or PnP Sites Core (which is the underlying library behind many of the PnP PowerShell Cmdlets), so it if worked until a few weeks ago I assume a change in the authentication process was made to your tenant.

@arjunumenon

This comment has been minimized.

Copy link
Author

@arjunumenon arjunumenon commented May 15, 2018

Thank you @erwinvanhunen for the super quick response and the recommendation . Do you mind giving me a lead on app-only-id for authenticating a PowerShell authentication. We are a bit grey in that area on how to achieve that. Any links / articles which you are aware of; it would be great if you can share that.

Change in the tenant level authentication is what we are assuming and the concerned team is looking into that. What we wanted to make sure is to have any kind of modification done from the PowerShell standpoint in O365 level. That is the reason we had raised as an issue.

@arjunumenon

This comment has been minimized.

Copy link
Author

@arjunumenon arjunumenon commented Jan 16, 2019

I have created a blog post where I have explained how to authenticate using the method recommended by Erwin. You can access it FROM HERE. Closing the issue which I had initiated

@hahns520

This comment has been minimized.

Copy link

@hahns520 hahns520 commented Feb 5, 2019

Found this Article. http://sharepointviews.com/the-underlying-connection-was-closed/

Basically, a mismatch in security protocol. Microsoft announced that they will be moving to TLS 1.2 for encryption on October 31, 2018 for Office 365. Here is a Microsoft support article Preparing for the mandatory use of TLS 1.2 in Office 365 explaining this.

Resolution:
Update your default security protocol to be TLS 1.2+. As an immediate fix you can add the below line to the top of your script:

[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;

@hahns520

This comment has been minimized.

Copy link

@hahns520 hahns520 commented Feb 5, 2019

I found via testing on another server that the new version of SharePointPNPPoerShellOnline module enables tls 1.2 by default when you run the Connect cmdlet. This was not happening for me; however, as I had a previous version of the module installed. I had to manually remove the current and previous versions of the module and reinstall the module via Install-Module cmdlet.

Now, my default setting still does not include tls 1.2 ([System.Net.ServicePointManager]::SecurityProtocol) until I run the connect cmdlet with the current version of the module installed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.