Unexpected exception returned from msal #17
Labels
bug
This issue or pull request addresses broken functionality
public-reported
This issue is reported by the public users of the tool.
馃悰 Summary
When attempting to scan AAD, multiple AAD prompts occur even though the account being used is a Global Reader or even Global Admin and the enterprise application has the appropriate consent granted for the organization. This occurs during the "Running the AAD Provider; 1 of 1 Product settings extracted" process. If you respond to the constant authentication prompts about 20 times it, one of two things will occur.
To reproduce
Steps to reproduce the behavior:
Expected behavior
Should complete the AAD check
Any helpful log output or screenshots
ERROR when getting the MS "we couldn't sign you in..."
Export-AADProvider : Check the second error message below and if it appears to be related to permissions, your user
account must have a minimum of Global Reader role to run this script. You must also get an administrator to consent to the required MS Graph Powershell application permissions. View the README file for detailed instructions and then try again. At C:\temp2\ScubaGear-main\PowerShell\ScubaGear\Modules\Orchestrator.psm1:154 char:31 + $RetVal = Export-AADProvider | Select-Object -Las ... + ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Export-AADProvider
Get-MgRoleManagementDirectoryRoleAssignmentScheduleInstance : Code: generalException
Message: Unexpected exception returned from MSAL.
At C:\temp2\ScubaGear-main\PowerShell\ScubaGear\Modules\Providers\ExportAADProvider.psm1:221 char:34
tance_List
ERROR when just clicking on the authentication account about 20 times.
PS C:\temp2\ScubaGear-main> .\RunSCuBA.ps1
Export-AADProvider : Check the second error message below and if it appears to be related to permissions, your user
account must have a minimum of Global Reader role to run this script. You must also get an administrator to consent to the required MS Graph Powershell application permissions. View the README file for detailed instructions and then try again. At C:\temp2\ScubaGear-main\PowerShell\ScubaGear\Modules\Orchestrator.psm1:154 char:31 + $RetVal = Export-AADProvider | Select-Object -Las ... + ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Export-AADProvider
Get-MgUser : Code: generalException
Message: Unexpected exception returned from MSAL.
At C:\temp2\ScubaGear-main\PowerShell\ScubaGear\Modules\Providers\ExportAADProvider.psm1:120 char:17
Add any screenshots of the problem here.
![image](https://user-images.githubusercontent.com/75508728/206510327-b7ce8df0-f4f3-41a9-a76d-1b70ad62740d.png)
![image](https://user-images.githubusercontent.com/75508728/206511033-40109667-847c-4159-b084-9baab1563937.png)
The text was updated successfully, but these errors were encountered: