SharePoint Online Powershell CSOM script authentication problem


  • We are getting the below error message when trying to connect to SharePoint Online sites. Not sure what's happened but none of our CSOM scripts will work.

    Exception calling "ExecuteQuery" with "0" argument(s): "Cannot contact web site '' or the web site does not support SharePoint Online credentials. The response
    status code is 'Unauthorized'. The response headers are 'X-SharePointHealthScore=0, X-MSDAVEXT_Error=917656; Access+denied.+Before+opening+files+in+this+location%2c+you+must+first+browse+to+the+web+site+and+select+the+option+to+login+automatically., SPRequestGuid=df2ed19d-603a-3000-a30b-ec1d18d76b72, request-id=df2ed19d-603a-3000-a30b-ec1d18d76b72,Strict-Transport-Security=max-age=31536000, X-FRAME-OPTIONS=SAMEORIGIN, SPRequestDuration=245, SPIisLatency=1,MicrosoftSharePointTeamServices=, X-Content-Type-Options=nosniff, X-MS-InvokeApp=1; RequireReadOnly,Content-Length=0, Content-Type=text/plain; charset=utf-8, Date=Thu, 02 Feb 2017 21:35:39 GMT, P3P=CP="ALL IND DSP CORADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI", Server=Microsoft-IIS/8.5,X-Powered-By=ASP.NET'."
    + $ctx.ExecuteQuery();
    + ~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
        + FullyQualifiedErrorId : NotSupportedException

    Thursday, February 2, 2017 9:53 PM

All replies

  • Hi,


    Try with below code.


    #Credentials to connect to office 365 site collection url 
    $url =""
    $Password = $password |ConvertTo-SecureString -AsPlainText -force
    Write-Host "Load CSOM libraries" -foregroundcolor black -backgroundcolor yellow
    Set-Location $PSScriptRoot
    Add-Type -Path (Resolve-Path "C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll")
    Add-Type -Path (Resolve-Path "C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll")
    Add-Type -Path (Resolve-Path "C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Taxonomy.dll")
    Add-Type -Path (Resolve-Path "C:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Publishing.dll")
    Write-Host "CSOM libraries loaded successfully" -foregroundcolor black -backgroundcolor Green 
    Write-Host "authenticate to SharePoint Online Tenant site $url and get ClientContext object" -foregroundcolor black -backgroundcolor yellow  
    $Context = New-Object Microsoft.SharePoint.Client.ClientContext($url) 
    $credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($username, $password) 
    $Context.Credentials = $credentials 
    $context.RequestTimeOut = 5000 * 60 * 10;
    $web = $context.Web
    $site = $context.Site 

    If this doesn’t help, could you provide more details about your solution?


    Best Regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Friday, February 3, 2017 4:00 AM
  • Hi,

    Is any update for your issue?

    Best Regards,


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Tuesday, February 7, 2017 10:32 AM
  • Here is the solution:

    Changing the property LegacyAuthProtocolsEnabled to true fixed the issue. 

    I opened the  SharePoint online management console and changed the property value using poweshell.

    Check if it is false using Get-SPOTenant, By default value should be true in any tenant.

    Set-SOPTenant -LegacyAuthProtocolsEnabled $True to view more details of SPOTenant properties.

    Hope it will help.

    Thanks keshav,Share point Developer

    Wednesday, March 8, 2017 2:18 AM
  • We actually had to log a support case with Microsoft and it was ultimately solved and no one knows the root cause.

    Basically, try to execute the below command and wait for few hours before testing again. Whether you set the flag to true or false doesn't matter. What matters is that you execute the command which changes something and causes something in the background to happen which makes PowerShell work again.

     Set-SOPTenant -LegacyAuthProtocolsEnabled $false

    Wednesday, March 8, 2017 2:30 AM
  • In my case the issue was related to this parameter was set to True -
    Command: Get-SPOTenant
    RequireAcceptingAccountMatchInvitedAccount : True

    which should be :

    RequireAcceptingAccountMatchInvitedAccount : False
    Command : Set-SPOTenant -RequireAcceptingAccountMatchInvitedAccount $False

    Note: You may be instantly able to see the newly changed value, but it takes about an hour to actually see the effect.
    Monday, September 4, 2017 2:21 PM