msgraph-sdk-powershell icon indicating copy to clipboard operation
msgraph-sdk-powershell copied to clipboard

Published 20 hours ago verified publisher icon microsoftgraph

When recent Az.* modules are loaded, Connect-MgGraph errors out

Open joshtransient opened this issue 1 year ago • 10 comments

Describe the bug In a session where Az modules such as Az.Accounts and Az.KeyVault are loaded, Connect-MgGraph does not connect at all.

  • When trying to connect interactively, the error is "Method not found: 'System.Threading.Tasks.Task`1<Azure.Identity.AuthenticationRecord> Azure.Identity.InteractiveBrowserCredential.AuthenticateAsync(Azure.Core.TokenRequestContext, System.Threading.CancellationToken)'."
  • When trying to connect with an app registration and a secret or cert, the error is "Entry point was not found."

I believe the Az modules are using a newer version of MSAL that isn't compatible with the current ones included with the Graph PowerShell SDK modules. PnP v2+ couldn't happily coexist with Az modules either, until the latest release of the Az modules.

To Reproduce

  1. Open a new PowerShell prompt and import the Az.Accounts module
  2. Import Microsoft.Graph.Authentication and run Connect-MgGraph with any authentication option

Expected behavior Running Connect-MgGraph should establish a connection to Graph instead of erroring out

Debug Output When connecting with a certificate:

DEBUG: ClientCertificateCredential.GetToken invoked. Scopes: [ https://graph.microsoft.com/.default ] ParentRequestId:
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 Microsoft Windows 10.0.22621 [2024-02-13 17:01:06Z - d75e3fa0-444b-4e7c-bac1-a89548c43106] MSAL MSAL.CoreCLR with assembly version '4.56.0.0'. CorrelationId(d75e3fa0-444b-4e7c-bac1-a89548c43106)
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 Microsoft Windows 10.0.22621 [2024-02-13 17:01:06Z - d75e3fa0-444b-4e7c-bac1-a89548c43106] === AcquireTokenForClientParameters ===
SendX5C: False
ForceRefresh: False

DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 Microsoft Windows 10.0.22621 [2024-02-13 17:01:06Z - d75e3fa0-444b-4e7c-bac1-a89548c43106]
=== Request Data ===
Authority Provided? - True
Scopes - https://graph.microsoft.com/.default
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenForClient
IsConfidentialClient - True
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - d75e3fa0-444b-4e7c-bac1-a89548c43106
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:

DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 Microsoft Windows 10.0.22621 [2024-02-13 17:01:06Z - d75e3fa0-444b-4e7c-bac1-a89548c43106] === Token Acquisition (ClientCredentialRequest) started:
         Scopes: https://graph.microsoft.com/.default
        Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 Microsoft Windows 10.0.22621 [2024-02-13 17:01:06Z - d75e3fa0-444b-4e7c-bac1-a89548c43106] [Instance Discovery] Instance discovery is enabled and will be performed
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 Microsoft Windows 10.0.22621 [2024-02-13 17:01:06Z - d75e3fa0-444b-4e7c-bac1-a89548c43106] [Region discovery] Not using a regional authority.
DEBUG: Request [71625b4f-01cf-4303-ba75-14d2395837bd] POST https://login.microsoftonline.com/raggedsail.onmicrosoft.com/oauth2/v2.0/token
x-client-SKU:REDACTED
x-client-Ver:REDACTED
x-client-CPU:REDACTED
x-client-OS:REDACTED
x-client-current-telemetry:REDACTED
x-client-last-telemetry:REDACTED
x-ms-lib-capability:REDACTED
client-request-id:REDACTED
return-client-request-id:REDACTED
x-app-name:REDACTED
x-app-ver:REDACTED
Content-Type:application/x-www-form-urlencoded
x-ms-client-request-id:71625b4f-01cf-4303-ba75-14d2395837bd
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.10.3 (.NET 8.0.1; Microsoft Windows 10.0.22621)
client assembly: Azure.Identity
Connect-MgGraph: Entry point was not found.

Module Version Microsoft.Graph.Authentication: 2.13.1 Az PowerShell module release version is Az 11.3.0

  • Az.Accounts: 2.15.1
  • Az.KeyVault: 5.2.0
  • Az.Resources: 6.15.1

Environment Data PSVersion 7.4.1 PSEdition Core GitCommitId 7.4.1 OS Microsoft Windows 10.0.22621 Platform Win32NT PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…} PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 WSManStackVersion 3.0

joshtransient avatar Feb 13 '24 17:02 joshtransient

I've been having the exact same issue in an Azure Function app for a few days now. Been pulling my hair out trying to figure it out, so far no luck.

sysadmin256 avatar Feb 13 '24 21:02 sysadmin256

Upgraded to 2.15.0, still throwing the same error.

Shocked that #2594 was auto-closed, even if it was a dupe of this one.

joshtransient avatar Mar 15 '24 13:03 joshtransient

I just discovered the same issue with 2.15.0 with PS Core 7.4.1. It is not an issue with PS Windows 5.1

  • Az.Accounts: 2.16.0
  • Az.KeyVault: 5.2.1
  • PSVersion: 7.4.1

jdarre avatar Mar 17 '24 12:03 jdarre

Upgraded to 2.16.0, still throwing the same error.

joshtransient avatar Apr 01 '24 17:04 joshtransient

Before I required the below modules to be imported for my script to work, never understood why as running the script manually it worked fine but it was the only way to make the script work in the runbook with a few graph commands I was using.

Did some troubleshooting as I have ran against the same issue. I was able to use a hybrid worker which gave the same "entry point not found" error when using Connect-MgGraph command on the runbook. However I noted that when doing this manually on the hybrid worker VM in PowerShell I did not get the error so I went looking at the script and when I removed these imports from my script, it seems to be working again for me. My script also seems to work without these modules now.

#Import-Module Microsoft.Graph.Authentication #Import-Module Microsoft.Graph.Identity.Governance #Import-Module Microsoft.Graph.Identity.DirectoryManagement #Import-Module Microsoft.Graph.Groups

colinator19 avatar Apr 08 '24 08:04 colinator19

Upgraded to 2.17.0, still throwing the same error. Az modules also updated:

  • Az.Accounts: 2.17.0
  • Az.KeyVault: 5.2.2
  • Az.Resources: 6.16.1

joshtransient avatar Apr 09 '24 13:04 joshtransient

When 2.15 broke with PS 7.2, I was able to successfully run with PS 5.1. Now 2.17 has broken with PS 5.1 and I'm dead in the water. Using PowerShell within Azure Automation.

skadann avatar Apr 24 '24 12:04 skadann

Before I required the below modules to be imported for my script to work, never understood why as running the script manually it worked fine but it was the only way to make the script work in the runbook with a few graph commands I was using.

Did some troubleshooting as I have ran against the same issue. I was able to use a hybrid worker which gave the same "entry point not found" error when using Connect-MgGraph command on the runbook. However I noted that when doing this manually on the hybrid worker VM in PowerShell I did not get the error so I went looking at the script and when I removed these imports from my script, it seems to be working again for me. My script also seems to work without these modules now.

#Import-Module Microsoft.Graph.Authentication #Import-Module Microsoft.Graph.Identity.Governance #Import-Module Microsoft.Graph.Identity.DirectoryManagement #Import-Module Microsoft.Graph.Groups

Dude, that worked!

skadann avatar Apr 24 '24 12:04 skadann

Can confirm that loading Az.* modules before Microsoft.Graph.Authentication now allows for signing in with an app registration or delegated credentials.

Problem still exists for scripts that import Microsoft.Graph.Authentication first.

joshtransient avatar Apr 24 '24 13:04 joshtransient

Upgraded to 2.18.0, problem maybe seems like it's resolved now when loading Microsoft.Graph.Authentication first. Az.* modules also got updated:

  • Az.Accounts: 2.19.0
  • Az.KeyVault: 5.3.0
  • Az.Resources: 6.16.2

joshtransient avatar Apr 30 '24 13:04 joshtransient

Problem seems to be resolved with 2.19.0 for the same versions of the Az modules listed above.

joshtransient avatar May 10 '24 17:05 joshtransient

Before I required the below modules to be imported for my script to work, never understood why as running the script manually it worked fine but it was the only way to make the script work in the runbook with a few graph commands I was using.

Did some troubleshooting as I have ran against the same issue. I was able to use a hybrid worker which gave the same "entry point not found" error when using Connect-MgGraph command on the runbook. However I noted that when doing this manually on the hybrid worker VM in PowerShell I did not get the error so I went looking at the script and when I removed these imports from my script, it seems to be working again for me. My script also seems to work without these modules now.

#Import-Module Microsoft.Graph.Authentication #Import-Module Microsoft.Graph.Identity.Governance #Import-Module Microsoft.Graph.Identity.DirectoryManagement #Import-Module Microsoft.Graph.Groups

This fixed the problem for me!

Bluffkin avatar May 13 '24 09:05 Bluffkin