-
Notifications
You must be signed in to change notification settings - Fork 662
Connect PnP Online using AADL Thumbprint deletes Cert Private Key #2101
Comments
Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible. |
Connecting with Connect-AzureAD and the same setup for Thumbprints do not delete the cert key. |
Following up if there's any ETA on the fix? Thanks in advance. |
@alzia this code was added as each connect would generate a new private key file, thus filling up space - which was reported as an issue. Cleanup happens after the token has been retrieved, so not sure what issue this causes. Can you explain a bit more how to repro? |
@wobba - thanks for your response. Running the Connect-PnP command with AADL settings removes the private key of the certificate. The first time when we run the command we notice the connection is established smoothly without any issues, however, the second time when we run the same command that connected previously with no issues throws an exception that a KeySet doesn't exist. Please see the screen grabs below : We are updating our modules so it can support MFA and require the AADL setting, previously running Connect-PnP with credentials multiple times in a session did not throw the KeySet exception. |
One solution could be to remove the file on Disconnect, and for those having issues, they would need to call that to properly clean up. What do you think @erwinvanhunen? @alzia If you run disconnect between your commands, does that work? Seems to me there is some caching in the adal lib which needs the cert perhaps..and I will see what the best option would be for cleanup. |
@wobba The private key is already deleted before we can disconnect. The deletion seems to appear when we run connect-pnponline. The strange behaviour however is that when @alzia runs this for a tenant in Canada the key is not deleted. But for tenants in North America they key is deleted. @alzia is this still the case? |
I know it's deleted on connect, but please try a disconnect before your second connect to verify behavior. I will look at this a bit later. |
Seems the issue with new private key files is when loading from a pfx file. I'll work on a proper fix for this. |
Pushed a fix for this where we now cleanup only for file based certificates, not when loaded via thumbprint. |
Thanks you |
@yumoraby would you be able to build the dev branch and verify if this fix works for you? You might have to reinstall the certificate. |
@wobba - I will check and get back to you on this. |
@wobba I have built the Dev Branch, there was some errors in the Get-Provisioning Templates, however as we were not working on this module. @alzia and I commented out the errors. We were then able to test and connect with PnP Online without the private key being deleted. This fix has been confirmed to work. Thank you! |
Gentlemen, Is the fix going to take some time to reach all tenants? |
Have you downloaded the latest package 3.10.1906.0 as this has fixed the issue for me, no deletion of Private Key. Make sure you do a clean upgrade, remove the old version and install the latest. |
Will give it a go now. Thanks for the prompt reply. |
I was successful after upgrading the module, thanks! What is weird is that I didn't experience the same on a Windows 10 machine with 3.9.XXX (did on a 2012r2 box). |
Happy the fix solved the issue and sorry for causing it in the first place :) |
The new AADL Auth setting added on May 14/15th 2019 when running the command on my machines for some reason deletes the cert private key. The first running of the commandlet will connect to the Office 365 Tenant.
However it will also remove the cert private Key. Not sure why this is happening, had this with my colleague and he was getting the same error. When connecting to North America data centre, however when connecting to Canada data centre the private key is not removed, as can continue to connect without any Issue.
The text was updated successfully, but these errors were encountered: