Microsoft365DSC
Microsoft365DSC copied to clipboard
microsoft
MSFT_SPOTenantSettings - 404 Error while connecting to a renamed SharePoint Online instance using PnP - incorrect SPO admin url used in 'Export-M365DSCConfiguration'
Description of the issue
For any SPO tenant that was renamed using the documentation., when we perform extract of SPO using M365 DSC modules, we are getting 404 Not found errors., even though SPO tenant has various configurations in place.
Error Log file : SPO-AdminUrl-404.txt During the troubleshooting, it was found that, the scripts in M365 DSC modules are only referring to the main/original tenant and appending "-admin" to retrieve SPO Admin Url. So it is returning incorrect SPO Admin url. Thus any further queries do not result any ouput other than 404 not found. Reference Script : https://github.com/microsoft/Microsoft365DSC/blob/master/Modules/Microsoft365DSC/Modules/M365DSCUtil.psm1 Reference location : function Get-SPOAdministrationUrl (Line # 1976)
Steps to reproduce: Example : Original tenant name : contoso.onmicrosoft.com Original SPO url : contoso.sharepoint.com / contoso-admin.sharepoint.com New SPO url after rename process : Fabrikam.sharepoint.com / Fabrikam-admin.sharepoint.com
Connect-PnPOnline -url 'contoso-admin.sharepoint.com' ; Get-PnPTenant : Gives 404 not found error (as per current MS DSC module) Connect-PnPOnline -url 'Fabrikam-admin.sharepoint.com' ; Get-PnPTenant : Retrieves correct data (need to be corrected)
So, request you to modify 'M365DSCUtil.psm1' , to consider to retrieve actual SPO Admin url, for tenant renamed scenarios as well.
Now, without this data, we cannot go ahead with M365 DSC.
Microsoft 365 DSC Version
1.24.117.1
Which workloads are affected
OneDrive for Business, SharePoint Online
The DSC configuration
not available since the extract itself is not working, due to the current error. But all logs and steps to reproduce are shared above.
Export-M365DSCConfiguration -ApplicationId '<xxxxx>' -CertificateThumbprint '<xxxxx>' -TenantId '<original-aad-tenantname>.onmicrosoft.com' -GenerateInfo $true -Components @("SPOTenantSettings") -Path C:\temp\SPO\ -FileName 'M365TenantConfig_SPO.ps1' -ConfigurationName 'SPO' -Verbose
Verbose logs showing the problem
Error from log file :
[2024/01/25 12:33:54]
{WriteError}
System.Net.WebException: The remote server returned an error: (404) Not Found.
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.SharePoint.Client.SPWebRequestExecutor.<ExecuteAsync>d__20.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.SharePoint.Client.ClientContext.<GetFormDigestInfoPrivateAsync>d__37.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.SharePoint.Client.ClientContext.<EnsureFormDigestAsync>d__36.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.SharePoint.Client.ClientContext.<ExecuteQueryAsync>d__28.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.SharePoint.Client.ClientContextExtensions.<ExecuteQueryImplementation>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.SharePoint.Client.ClientContextExtensions.<ExecuteQueryImplementation>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.SharePoint.Client.ClientContextExtensions.ExecuteQueryRetry(ClientRuntimeContext clientContext, Int32 retryCount, String userAgent)
at PnP.PowerShell.Commands.Admin.GetTenant.ExecuteCmdlet()
at PnP.PowerShell.Commands.Base.PnPConnectedCmdlet.ProcessRecord()
"Error retrieving data:"
at Get-TargetResource, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.24.117.1\DSCResources\MSFT_SPOTenantSettings\MSFT_SPOTenantSettings.psm1: line 160
at Export-TargetResource, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.24.117.1\DSCResources\MSFT_SPOTenantSettings\MSFT_SPOTenantSettings.psm1: line 642
at Start-M365DSCConfigurationExtract, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.24.117.1\modules\M365DSCReverse.psm1: line 639
at Export-M365DSCConfiguration, C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.24.117.1\modules\M365DSCUtil.psm1: line 1312
at <ScriptBlock>, <No file>: line 1
TenantId: xxx<original tenant name-masked-intentionally>xxxxxx.onmicrosoft.com
Environment Information + PowerShell Version
Get-ComputerInfo -Property @(
'OsName',
'OsOperatingSystemSKU',
'OSArchitecture',
'WindowsVersion',
'WindowsBuildLabEx',
'OsLanguage',
'OsMuiLanguages')
$PSVersionTable
OsName : Microsoft Windows Server 2019 Standard
OsOperatingSystemSKU : StandardServerEdition
OsArchitecture : 64-bit
WindowsVersion : 1809
WindowsBuildLabEx : 17763.1.amd64fre.rs5_release.180914-1434
OsLanguage : en-US
OsMuiLanguages : {en-US}
Key : PSVersion
Value : 5.1.17763.5202
Name : PSVersion
Key : PSEdition
Value : Desktop
Name : PSEdition
Key : PSCompatibleVersions
Value : {1.0, 2.0, 3.0, 4.0...}
Name : PSCompatibleVersions
Key : BuildVersion
Value : 10.0.17763.5202
Name : BuildVersion
Key : CLRVersion
Value : 4.0.30319.42000
Name : CLRVersion
Key : WSManStackVersion
Value : 3.0
Name : WSManStackVersion
Key : PSRemotingProtocolVersion
Value : 2.3
Name : PSRemotingProtocolVersion
Key : SerializationVersion
Value : 1.1.0.1
Name : SerializationVersion
can I ask MS to ack this issue ? It fails with any SPO renamed tenant. This is blocking us to proceed further. It must b a common problem for many.
Thanks for reporting. Could you run Get-MgBetaDomain within your renamed tenant and share the result. I'm interested in the output and what kind of additional information there is for your new SharePoint Url.
Thanks for reporting. Could you run
Get-MgBetaDomainwithin your renamed tenant and share the result. I'm interested in the output and what kind of additional information there is for your new SharePoint Url.
@andikrueger thanks for reply. Below attached is the result when I did 'Get-MgBetaDomain'.
I do not see much information from here, to identify sharepoint url domain. However, I see below graph call should give SPO url as <renamedSPOtenant>.sharepoint.com" in id, weburl, sitecollection->Hostname properties. Hope we can use that to construct <renamedSPOtenant>-admin.sharepoint.com"
graph call : https://graph.microsoft.com/v1.0/sites/root
Is there a change within the SupportedServices array? Interestingly we are already doing the Graph Request in MSCloudLoginProvider...
https://github.com/microsoft/MSCloudLoginAssistant/blob/9fb41789592c4dc6b8288e12853c40b95561f458/Modules/MSCloudLoginAssistant/MSCloudLoginAssistant.psm1#L395-L440
I see two options:
Change the resource to do the same Graph Query or change the resource to trust MSCloudLoginAssistant to get the right Admin URL. I would prefer the second option.
Just reviewed the code. Get-SPOAdministrationUrl function is only used within SPOStorageEntity and not SPOTenantSettings - which is currently failing. In SPOTenantSettings, we already use the MSCloudLoginSolution to get the tenant name correctly.
Could you re-run the export and do the following:
Set-PnPTraceLog -On -LogFile traceoutput.txt -Level Debug
Export-M365DSCConfiguration <YOUR PARAMS>
Set-PnPTraceLog -Off
This will enable the tracelog of PNP and hopefully we will see the urls that are being used.
@andikrueger I tried above commands, but I did not see much information about - which tenant name it was trying to get in debug logs. When tried first time, I got tracelog.txt created, it has similar logs like original log file i sent,, but it just had additional correlation id. May be if you could get some additional details from this correlation id, that would be great. Attached traceoutput-1.txt. when I tried same Export operation (just SPOTenantSettings and sharingSettings) with debug off - I did not get any error with connection to Graph, but just only above error with partial export ps1 file. then I turned ON debug and tried same export command I got error with Get-MgBetaOrganization (which did not come with debug off ie wierd).
Get-MgBetaOrganization : Could not load type 'Microsoft.Graph.Authentication.AzureIdentityAccessTokenProvider' from assembly 'Microsoft.Graph.Core, Version=1.25.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'. At C:\Program Files\WindowsPowerShell\Modules\Microsoft365DSC\1.24.117.1\modules\M365DSCUtil.psm1:1517 char:13
-
$tenantDetails = Get-MgBetaOrganization -ErrorAction 'Sto ... -
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~- CategoryInfo : NotSpecified: (:) [Get-MgBetaOrganization_List], TypeLoadException
- FullyQualifiedErrorId : Microsoft.Graph.Beta.PowerShell.Cmdlets.GetMgBetaOrganization_List
I ran commands separately from above M365DSCUtil.psm1 (line 1517), it seems it is getting Initial Tenant names only ($_.IsInitial). In our case , that is returning original Tenant name only, not the renamed tenant domain name. For renamed tenant name : isManaged - true; IsInitial - false
i believe - the way to identiify to idnetify sharepoint renamed domain name (ie active domain name for all sharepoint urls) is via above graph call (https://graph.microsoft.com/v1.0/sites/root), but not via get-mgdomain or get-mgorganization (unless there any PS module command to retrieve above). Because Entra ID (AAD) doesnt not have this information in it, only sharpeoint tenant seem have that information. NOt sure if this is possible, I am ok to connect by separate call and interested to work wit you on this further.