Connect-MgGraph Certificate authentication doesn't work anymore in version 2.11.1

[reinoutD]

Thanks for reporting the bug. Please ensure you've gone through the following checklist before opening an issue:

• Make sure you can reproduce this issue using the latest released version of Microsoft.Graph or Microsoft.Graph.Beta.
• Please search the existing issues to see if there has been a similar issue filed.
• For issues related to authentication and service errors, please refer to our troubleshooting guide. For service issues, please open a question at https://developer.microsoft.com/graph/support.

Describe the bug ogin with a client certificate fails with the next error: ClientCertificateCredential authentication failed: Could not load type 'Microsoft.Identity.Client.BaseAbstractApplicationBuilder`1' from assembly 'Microsoft.Identity.Client, Version=4.50.0.0, Culture=neutral, | PublicKeyToken=0a613f4dd989xxxx'.

To Reproduce Steps to reproduce the behavior: $TenantID = eafdf069-4dae-424c-abcd-b49f49f7abcd $ClientID = b68ae1d0-10ae-4248-abcd-54f3f217abcd $CertThumbPrint = DC126F33F3FA9B3DE7702F9FD5D1111111111111 $TenantName = 'MyTenant' Connect-MgGraph -TenantId $TenantId -ClientId $clientId -CertificateThumbprint $CertThumbPrint -NoWelcome

Expected behavior Log in to the environment of Mycystomer with the clientcertificate

Debug Output ClientCertificateCredential.GetToken invoked. Scopes: [ https://graph.microsoft.com/.default ] ParentRequestId: ClientCertificateCredential.GetToken was unable to retrieve an access token. Scopes: [ https://graph.microsoft.com/.default ] ParentRequestId: Exception: Azure.Identity.AuthenticationFailedException (0x80131500): ClientCertificateCredential authentication failed: Could not load type 'Microsoft.Identity.Client.BaseAbstractApplicationBuilder1' from assembly 'Microsoft.Identity.Client, Version=4.50.0.0, Culture=neutral, PublicKeyToken=0a613f4dd989xxxx'. ---> System.TypeLoadException (0x80131522): Could not load type 'Microsoft.Identity.Client.BaseAbstractApplicationBuilder1' from assembly 'Microsoft.Identity.Client, Version=4.50.0.0, Culture=neutral, PublicKeyToken=0a613f4dd989xxxx'. Connect-MgGraph: ClientCertificateCredential authentication failed: Could not load type 'Microsoft.Identity.Client.BaseAbstractApplicationBuilder`1' from assembly 'Microsoft.Identity.Client, Version=4.50.0.0, Culture=neutral, PublicKeyToken=0a613f4dd989xxxx'.

Module Version

ModuleType Version PreRelease Name ExportedCommands

---

Script 2.11.1 Microsoft.Graph.Authentication {Add-MgEnvironment, Connect-MgGraph, Disconnect-MgGraph, Get-MgContext…}

Environment Data Name Value

---

PSVersion 7.4.0 PSEdition Core GitCommitId 7.4.0 OS Microsoft Windows 10.0.20348 Platform Win32NT PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…} PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 WSManStackVersion 3.0

[reinoutD]

it seems that VS Code is the problem... However i dunno how to fix it :(

[peac3maker]

We had the same issue. It seems like the wrong version of Microsoft.Identity.Client.Broker is built in the Dependencies. One quick and dirty fix (without Code change): Visual Studio Code is still not working

1. Download the following package from nuget: https://www.nuget.org/packages/Microsoft.Identity.Client.Broker/4.50.0-preview
2. rename the nugetpackage to .zip
3. Copy the .dll file from \lib\netstandard2.0 to the folder your microsoft graph module is installed in, something like: C:\Program Files\WindowsPowerShell\Modules\Microsoft.Graph.Authentication\2.11.1\Dependencies
4. Restart your powershell or visual studio code

[oleksii-innoware]

Confirm the same issue. The most unpleasant - I use it in Azure Automation and thus very limited in applying workarounds

[peac3maker]

just another tip, use version 2.4.0 which actually worked for us...

[oleksii-innoware]

just another tip, use version 2.4.0 which actually worked for us...

Hi Luca, thank you for suggestion. Could you share please how can I install 2.4.0 with Powershell runtime 7.2? I tried to deploy from https://www.powershellgallery.com/ to Azure, but it installs runtime 5.1. I tried to install with New-AzAutomationModule, but it fails.

[tylermontneyacc]

Having the same issue with versions 2.10 up to 2.15, replacing the DLL didn't help me. Had to drop down to 1.28 for things to work.

What's the status on this?

[david-wedrat-deswik]

Also seeing it here.

[scottmckendry]

@timayabi2020 is there any update on this please? Still present in 2.17.0

[heggholmen]

Facing the same issues til 2.18.0 (and Automation account)

[Zerg00s]

Same issue. tried the latest version and 2.17

Connect-MgGraph -TenantId XXXXX  -ClientSecretCredential $Credential      

Connect-MgGraph: ClientSecretCredential authentication failed: Could not load type 'Microsoft.Identity.Client.BaseAbstractApplicationBuilder`1' from assembly 'Microsoft.Identity.Client, Version=4.50.0.0, Culture=neutral, PublicKeyToken=0a613f4dd989e8ae'.

Versions tried:

• the latest one
• 2.17.0

[ohaak2]

Same for me. Like @tylermontneyacc I can confirm it's still working fine with v1.28. I'm also pretty sure I had it working with 2.11 or some minor version before but had no intention to test that out again.

Would be nice to have this issue at least officially acknowledged and assigned to someone able to fix it. While v1.28 is doing the job for me at the moment, that version is quite old.

[GJPAdmin]

I can also confirm I had this issue, however, after deleting the app registration and starting over, my error changed to the following when I use the following command:

Connect-MgGraph -ClientId "###" -TenantId "###" -CertificateThumbprint "###" -NoWelcome

Error: Connect-MgGraph: ClientCertificateCredential authentication failed: Keyset does not exist

Not sure what I did different, but anyway, I'm running 2.19.0 which is the latest version at the time of writing. In the end though, this worked for me...switching to running PowerShell in Administrator mode. I installed the modules so they could be run by all users, but for whatever reason (I'm new to all this and PowerShell in general) it works when PowerShell is running as Administrator, but fails like above when it's just a normal session as the current user. I'm using PowerShell 7, latest version 7.4.2.

Fine for me and for now, but I think there are underlying issues still - clearly as other have the same/similar experience.

[david-wedrat-deswik]

That message is because your standard user doesn’t have access to the private key of your certificate.

In certificate management (certlm.msc), you can right-click > manage > all tasks > manage private keys to bring up the ACL.

[GJPAdmin]

Ah thank you @david-wedrat-deswik

If I wanted another user to run the script then, would I have to send them the certificate file? I thought that it would have just checked in Azure for the details provided.

I know with PnP.PowerShell you can use a PFX file to authenticate which can be used by any user, but not sure if you can specify a PFX file for use with Connect-MgGraph. If you can that would be great, but like I said, I'm pretty new to all this stuff so just finding my way around. Really appreciate your time.

[david-wedrat-deswik]

@GJPAdmin If the user is on the same machine, you'll just need to ensure they're also on the private key ACL.

If they're on a different machine, you'll have to send them the PFX or have them generate their own certificate and add it to the App Registration (you aren't limited to one certificate credential).

[cdquinn]

To those of you looking at this thread. I found that if you disable the PSScriptAnalyzerSettings.psd1 from the PowerShell 2024.2.2 extension, then connections will not complain about this issue. I do not have time to go into detail as I have wasted too many hours already. Just give it a try and let others know if that fixes the issue for you.