locked
Connecting SFB through powershell throws Get-CsAccessToken Error RRS feed

  • Question

  • Hello,

    Trying to connect to this Tenant causes this Error on only this Server:

    PS C:\Users\Administrator> $cred = Get-Credential
    cmdlet Get-Credential at command pipeline position 1
    Supply values for the following parameters:
    Credential
    PS C:\Users\Administrator> $session = New-CsOnlineSession -Credential $cred
    Get-CsAccessToken : Federated service at https://fs.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx returned error: An
    error occurred when verifying security for the message.
    At C:\Program Files\Common Files\Skype for Business
    Online\Modules\SkypeOnlineConnector\SkypeOnlineConnectorStartup.psm1:128 char:22
    + ... cessToken = Get-CsAccessToken -UserName $UserName -TargetUri $targetU ...
    +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Get-CsAccessToken], AdalServiceException
        + FullyQualifiedErrorId : Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException,Microsoft.Rtc.Manag
       ement.OnlineConnector.GetAccessToken

    Connecting to another tenant from the same machine works without problems. Accessing the portal from the same machine also is no problem and trying to connect from another machine is not a problem either.  The problems seems thus specific to this machine and this tenant only. 

    Has anybody come across this before and maybe point me in the right direction to solve this problem?

    Thursday, May 16, 2019 7:09 AM

Answers

  • Hello, 

    Yes, we did also try that but there the behavior was more like MFA was activated for this user account as we came to a new loggin site where no account managed to logg in. Since then we have set-up a new machine with a new account without this problem so I will close this case for now. 

    Thank you for your help Evan. 

    Regards

    Moritz 

    • Proposed as answer by woshixiaobai Wednesday, May 22, 2019 6:57 AM
    • Marked as answer by Kiewitt Moritz Thursday, May 23, 2019 9:19 AM
    Tuesday, May 21, 2019 7:32 AM

All replies

  • Hi Kiewitt Moritz,

    According to your description, it seems this tenant has enabled Modern authentication. Based on my research, if the account you are trying to connect with is protected by MFA, do not specify the -Credential parameter, as it bypasses the modern authentication flow and you will not be able to connect. So please use the New-CsOnlineSession with just the username to trigger the ADAL flow:
    New-CsOnlineSession -UserName user@domain.com

    In addition, please update the SFB online module to the latest version, you could download it from following link: https://www.microsoft.com/en-us/download/details.aspx?id=39366

    You could also refer to the blog to find some details: Skype for Business Online PowerShell finally supports Modern authentication! 

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Proposed as answer by Shaw_Lu Thursday, May 16, 2019 9:51 AM
    Thursday, May 16, 2019 9:28 AM
  • Hello,

    As mentioned this happens only for this account on this machine, accessing to this account with the same user information, running the same commands is not a problem when run on another machine. It also works there without the updated PowerShell module. 

    Also checked again and MFA is not activated for that account. 

    Regards

    Moritz Kiewitt 

    Thursday, May 16, 2019 1:19 PM
  • Hi Kiewitt Moritz,

    According to your description, this issue only occurred in the special server, when you run the same commend with the same account in another server, this issue will not occur. If my understanding is right, it is very strange, as the error shows Get-CsAccessToken issue, it is more related to the MA.

    Anyway, did you try to run the commend I provided in my last reply? It could also connect to the SFB online. 

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, May 21, 2019 6:22 AM
  • Hello, 

    Yes, we did also try that but there the behavior was more like MFA was activated for this user account as we came to a new loggin site where no account managed to logg in. Since then we have set-up a new machine with a new account without this problem so I will close this case for now. 

    Thank you for your help Evan. 

    Regards

    Moritz 

    • Proposed as answer by woshixiaobai Wednesday, May 22, 2019 6:57 AM
    • Marked as answer by Kiewitt Moritz Thursday, May 23, 2019 9:19 AM
    Tuesday, May 21, 2019 7:32 AM
  • Hi Moritz,

    Thanks for your reply, I'm glad to see your issue is not occurred in the new machine with a new account. In addition, you could try to mark the helpful reply as answer, it will help others who have the similar issue. 


    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.


    Tuesday, May 21, 2019 7:36 AM
  • Hi Moritz,

    Do you have any further issue on this topic?
    If there is no issue, please remember to mark helpful reply as answer to close the thread. Your action would be helpful to other users who encounter the same issue and read this thread. Thanks for your understanding.

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, May 22, 2019 6:58 AM