office365 icon indicating copy to clipboard operation
office365 copied to clipboard

Published 20 hours ago verified publisher icon spjeff

Delete-CloudHybridSearchContent - does not support SharePoint Online credentials

Open AussieDavo opened this issue 5 years ago • 8 comments

When running Delete-CloudHybridSearchContent.ps1 I am receiving the following error:

`PS D:\Scripts> .\Delete-CloudHybridSearchContent.ps1 -PortalUrl https://tenant.sharepoint.com Exception calling "ExecuteQuery" with "0" argument(s): "Cannot contact web site 'https://tenant.sharepoint.com/' or the web site does not support SharePoint Online credentials. The response status code is 'Unauthorized'. The response headers are 'X-SharePointHealthScore=3, X-MSDAVEXT_Error=917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically., SPRequestGuid=<GUID>, request-id=<ID>, MS-CV=<CV>.0, Strict-Transport-Security=max-age=31536000, SPRequestDuration=136, SPIisLatency=0, MicrosoftSharePointTeamServices=16.0.0.8613, X-Content-Type-Options=nosniff, X-MS-InvokeApp=1; RequireReadOnly, X-MSEdge-Ref=Ref A: Ref B: Ref C: 2019-02-27T03:36:39Z, Content-Length=0, Content-Type=text/plain; charset=utf-8, Date=Wed, 27 Feb 2019 03:36:39 GMT, P3P=CP="ALL IND DSP COR ADM CONo CUR IVAo IVDo PSA PSD TAI TELo SAMo CNT COM INT NAV ONL PHY PRE PUR UNI", X-Powered-By=ASP.NET'." At D:\Scripts\Delete-CloudHybridSearchContent.ps1:44 char:1 $context.ExecuteQuery() CategoryInfo : NotSpecified: (:) [], MethodInvocationException FullyQualifiedErrorId : NotSupportedException

Started delete task (id=0)

PS D:\Scripts> `

Do you know of a way to get this working whilst keeping Legacy Authentication disabled within the tenancy?

AussieDavo avatar Feb 27 '19 05:02 AussieDavo

Can you connect to tenant with AppID and AppSecret?

Connect-PNPOnline -AppId "e419e703-5293-402c-bb70-3aff593b850b" -AppSecret "secret-here"

spjeff avatar Feb 27 '19 14:02 spjeff

Thanks @spjeff ,

I gave Connect-PNPOnline a try with this script: `<# .SYNOPSIS Issue a call to SharePoint Online to delete all metadata from on-premises content that was indexed through cloud hybrid search. This operation is asynchronous. .PARAMETER PortalUrl SharePoint Online portal URL, for example 'https://contoso.sharepoint.com'. .PARAMETER AppID AppID whith access to SharePoint Online. .PARAMETER AppSecret Secret for the App created in SahrePoint Online.

#> param( [Parameter(Mandatory=$true, HelpMessage="SharePoint Online portal URL, for example 'https://contoso.sharepoint.com'.")] [ValidateNotNullOrEmpty()] [String] $PortalUrl, [Parameter(Mandatory=$true, HelpMessage="AppID whith access to SharePoint Online")] [ValidateNotNullOrEmpty()] [String] $AppID, [Parameter(Mandatory=$true, HelpMessage="Secret for the App created in SahrePoint Online")] [ValidateNotNullOrEmpty()] [String] $AppSecret )

$SP_VERSION = "15" $regKey = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Office Server\15.0\Search" -ErrorAction SilentlyContinue if ($regKey -eq $null) { $regKey = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Office Server\16.0\Search" -ErrorAction SilentlyContinue if ($regKey -eq $null) { throw "Unable to detect SharePoint Server installation." } $SP_VERSION = "16" }

Add-Type -AssemblyName ("Microsoft.SharePoint.Client, Version=$SP_VERSION.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") Add-Type -AssemblyName ("Microsoft.SharePoint.Client.Search, Version=$SP_VERSION.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c") Add-Type -AssemblyName ("Microsoft.SharePoint.Client.Runtime, Version=$SP_VERSION.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c")

Connect-PnPOnline -AppId $AppID -AppSecret $AppSecret -Url $PortalUrl

$context = Get-PnPContext

$manager = New-Object Microsoft.SharePoint.Client.Search.ContentPush.PushTenantManager $context $task = $manager.DeleteAllCloudHybridSearchContent() $context.ExecuteQuery() `

However I am now getting this error: New-Object : Cannot find an overload for "PushTenantManager" and the argument count: "1".

I created and App for this using this URL: https://[tenant].sharepoint.com/_layouts/15/appregnew.aspx

And added the permissions using this URL: https://[tenant]-admin.sharepoint.com/_layouts/15/appinv.aspx With This XML: <AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" /> </AppPermissionRequests>

Do you have any idea where I could be going wrong? Could it be a permissions issue?

AussieDavo avatar Mar 01 '19 02:03 AussieDavo

Haven't see this error before. Steps worked well on my tenant.

spjeff avatar Mar 01 '19 03:03 spjeff

Looking at MS docs I see single parameter constructor.

https://docs.microsoft.com/en-us/dotnet/api/microsoft.sharepoint.client.search.contentpush.pushtenantmanager

spjeff avatar Mar 01 '19 04:03 spjeff

Hi @spjeff ,

I ended up enabling legacy authentication temporarily to run the original script as I was under some time pressure. Using the following command: Set-SPOTenant -LegacyAuthProtocolsEnabled $True

It did take over an hour to take affect though.

I would still be interested to get this working as may need to run it again in the future without having to turn Legacy Auth on and off again.

Unfortunately I am not familiar with constructors. Sorry.

You mentioned that it worked well on your tenant. Could that mean that it may be something in my environment (proxy or reverse proxy related)?. I'll setup a new test tenancy and give it a try there too.

Thanks for your help.

AussieDavo avatar Mar 01 '19 07:03 AussieDavo

HI @spjeff @AussieDavo I'm facing same issue, but the -LegacyAuthProtocolsEnabled parameter is already set to true. It also looks like this issue is reproducible at least in two different tenants. Any ideas how to solve it?

BlueBart avatar May 27 '20 09:05 BlueBart

Above is my experience too with the onboarding and removal scripts. Even with legacy enabled, it is a nogo with a recent tenants. And, using SharePointPnPPowerShellOnline the Connect-PnP ... with -UseWebLogin authenticat works fine, but it fails with Set-PnPcontext to load the object PushTenantManager in the context. With error "overload for "PushTenantManager" and the argument count: "1"."

Found 2 actions to do, to get this done:
1a Use SharePointPnPCoreOnline for modern Authentication (Azure oAuth) 1b Idem, with PnPcore the object "pushTenantManager" loads in the context, without error 2 Use a W2019 for the PreparePushTenant() part. A W2012 under SP2013 lacks .NET, TLS and ciphers.

$AuthenticationManager = New-Object OfficeDevPnP.Core.AuthenticationManager $mctx = $AuthenticationManager.GetWebLoginClientContext($siteUrl)

$pushTenantManager = New-Object Microsoft.SharePoint.Client.Search.ContentPush.PushTenantManager $mctx $pushTenantManager.PreparePushTenant() $mctx.ExecuteQuery()

The scripts are from 4 years ago and use $code=@"...." to get a "SPOAuth2Bearer"-token for $cred. I guess that method is no longer supported by modern AzureAD.

Hope it helps someone.

NL12143 avatar Nov 04 '21 11:11 NL12143

Have one question for myself working with this. We see that SharePointPnPCoreOnline with New-Object OfficeDevPnP.Core.AuthenticationManager is working. But that is deprecated and followed up by PnP Framework. Where is the AuthenticationManager in PnP Framework ?

New-Object OfficeDevPnP.Core.AuthenticationManager or New-Object PnP.Framework.AuthenticationManager both do not seem to work (from PnP Framework)

PnP Framework = PnP.Framework.dll is found in folders netstandard2.0 and net5.0 SharePointPnPCoreOnline = OfficeDevPnP.Core.dll is found in folder net461 We use Add-Type to load these assemblies in powershell.

Found this in Github PnP Framework var authManager = new AuthenticationManager("<Azure AD client id>", "[email protected]", "Pwd as SecureString"); using (var context = authManager.GetContext("https://contoso.sharepoint.com")) How to do this in powershell ?

NL12143 avatar Nov 04 '21 11:11 NL12143