Error Running Connect-Maester -service all #261
Comments
|
Thanks for sharing this detail @grumpykiwi. For this issue, please try disabling WAM authentication in the Az module or roll back to a earlier version than Az.Accounts 3.0.0.
Azure/azure-powershell#25005 (comment) For this issue, please try using PowerShell 7. It looks like that parameter is only available for the module when in PowerShell 7. We will need to add more handling in the connect cmdlet for these scenarios.
|
|
HI
I did a clean install of Powershell 7, loaded all the modules, cleaned out the previous tests folder, reinstalled those and perfecto. I have results.
Now I have some work to do 😊
This is a great tool. A guide to making changing some of the recommended changes via REST/Graph would be handy. I kind of know my way around Postman but a step by step guide to authenticating and an example change would sure help.
Cheers
Mark
Mark Nash
IT Director
(817) 465-9277 | Arlington, Tx
Winner of 104 IABC Gold Quills and the 2023 Large Agency of the Year
[cid:linkedin_4c6f3bdf-dd4e-4f46-94f0-1885fa83094c.png]<https://www.linkedin.com/company/partnercomm> [cid:instagram_bebedbe2-cb80-462a-af3c-7ae9caf0718c.png] <https://www.instagram.com/partnercomm> [cid:facebook_a2d99c62-cb5a-42d3-b0e4-d08e71427149.png] <https://www.facebook.com/PartnerCommInc/> [cid:twitter_53725725-ce5d-4ef3-bd47-bfd64fe511d7.png] <https://twitter.com/partnercomm> [cid:vimeo_f71007e4-e318-469a-b82c-5751fc4fbe28.png] <https://vimeo.com/sweet250> [cid:web_a51bd891-a842-461a-b706-81937a9daae4.png] www.partnercomm.net<https://www.partnercomm.net>
[cid:logo-pcomm-30_74bce84a-c4e7-4724-87ee-9c2ca3e3421e.png]
From: Michael ***@***.***>
Sent: Friday, June 21, 2024 2:10 PM
To: maester365/maester ***@***.***>
Cc: Mark Nash ***@***.***>; Mention ***@***.***>
Subject: Re: [maester365/maester] Error Running Connect-Maester -service all (Issue #261)
[EXTERNAL SENDER]
Thanks for sharing this detail @grumpykiwi<https://github.com/grumpykiwi>.
For this issue, please try disabling WAM authentication in the Az module or roll back to a earlier version than Az.Accounts 3.0.0.
Connect-AzAccount : InteractiveBrowserCredential authentication failed: Entry point was not found.
Azure/azure-powershell#25005 (comment)<Azure/azure-powershell#25005 (comment)>
For this issue, please try using PowerShell 7. It looks like that parameter is only available for the module when in PowerShell 7. We will need to add more handling in the connect module for these scenarios.
Connect-ExchangeOnline : A parameter cannot be found that matches parameter name 'Device'.
https://learn.microsoft.com/en-us/powershell/module/exchange/connect-exchangeonline?view=exchange-ps#-device
—
Reply to this email directly, view it on GitHub<#261 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AKOLVXZVVIB3YR2W4GLF2ULZIR27DAVCNFSM6AAAAABJWSTJPCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOBTGMYDSMRSGA>.
You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>
|
|
Glad to hear it is working! Definitely reach out if more challenges crop up. Good ideas too, I think we are beginning to plan around remediation items, but that will definitely be a big lift. |
|
HI
Do you know of a good step by step guide to implementing CBA in Entra ID? We want to implement phishing resistant MFA due to some history, and don't want to deal with the hassle of maintaining yubikeys. Our staff are bad enough with building access cards
I have been thru a bunch of articles today but always end up with the dreaded AADSTS50017 error.
Any help would be appreciated.
Cheers
Mark
Mark Nash
IT Director
(817) 465-9277 | Arlington, Tx
Winner of 104 IABC Gold Quills and the 2023 Large Agency of the Year
[cid:linkedin_4c6f3bdf-dd4e-4f46-94f0-1885fa83094c.png]<https://www.linkedin.com/company/partnercomm> [cid:instagram_bebedbe2-cb80-462a-af3c-7ae9caf0718c.png] <https://www.instagram.com/partnercomm> [cid:facebook_a2d99c62-cb5a-42d3-b0e4-d08e71427149.png] <https://www.facebook.com/PartnerCommInc/> [cid:twitter_53725725-ce5d-4ef3-bd47-bfd64fe511d7.png] <https://twitter.com/partnercomm> [cid:vimeo_f71007e4-e318-469a-b82c-5751fc4fbe28.png] <https://vimeo.com/sweet250> [cid:web_a51bd891-a842-461a-b706-81937a9daae4.png] www.partnercomm.net<https://www.partnercomm.net>
[cid:logo-pcomm-30_74bce84a-c4e7-4724-87ee-9c2ca3e3421e.png]
From: Michael ***@***.***>
Sent: Monday, June 24, 2024 4:02 PM
To: maester365/maester ***@***.***>
Cc: Mark Nash ***@***.***>; Mention ***@***.***>
Subject: Re: [maester365/maester] Error Running Connect-Maester -service all (Issue #261)
[EXTERNAL SENDER]
Glad to hear it is working! Definitely reach out if more challenges crop up. Good ideas too, I think we are beginning to plan around remediation items, but that will definitely be a big lift.
-
Reply to this email directly, view it on GitHub<#261 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AKOLVX5ILBIAR4GVBFGDOSDZJCCL3AVCNFSM6AAAAABJWSTJPCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOBXGM4TKMJWG4>.
You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>
|
|
If you have followed the Learn walkthrough, then I would say most commonly it is an attribute mismatch. Depending on your PKI that could also introduce some wildcards. You could trial Cloud PKI just to simplify the architecture a step further. |
|
After some more debugging I discovered that the correct certificate is not in the dropdown presented to the end user. I have the self-signed root certificate uploaded into the Entra portal fine, and for testing I omitted the CRL URL. I just have to figure how to get the cert to the client.
This is the part that so far, the documentation is a bit wishy washy on.
Thanks for your help.
Mark Nash
IT Director
(817) 465-9277 | Arlington, Tx
Winner of 104 IABC Gold Quills and the 2023 Large Agency of the Year
[cid:linkedin_4c6f3bdf-dd4e-4f46-94f0-1885fa83094c.png]<https://www.linkedin.com/company/partnercomm> [cid:instagram_bebedbe2-cb80-462a-af3c-7ae9caf0718c.png] <https://www.instagram.com/partnercomm> [cid:facebook_a2d99c62-cb5a-42d3-b0e4-d08e71427149.png] <https://www.facebook.com/PartnerCommInc/> [cid:twitter_53725725-ce5d-4ef3-bd47-bfd64fe511d7.png] <https://twitter.com/partnercomm> [cid:vimeo_f71007e4-e318-469a-b82c-5751fc4fbe28.png] <https://vimeo.com/sweet250> [cid:web_a51bd891-a842-461a-b706-81937a9daae4.png] www.partnercomm.net<https://www.partnercomm.net>
[cid:logo-pcomm-30_74bce84a-c4e7-4724-87ee-9c2ca3e3421e.png]
From: Michael ***@***.***>
Sent: Monday, June 24, 2024 10:29 PM
To: maester365/maester ***@***.***>
Cc: Mark Nash ***@***.***>; Mention ***@***.***>
Subject: Re: [maester365/maester] Error Running Connect-Maester -service all (Issue #261)
[EXTERNAL SENDER]
If you have followed the Learn walkthrough, then I would say most commonly it is an attribute mismatch. Depending on your PKI that could also introduce some wildcards. You could trial Cloud PKI just to simplify the architecture a step further.
https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-certificate-based-authentication
-
Reply to this email directly, view it on GitHub<#261 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AKOLVXZGK2JHNFVTQVIZYYDZJDPWXAVCNFSM6AAAAABJWSTJPCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOBXHA4TSMZUGE>.
You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>
|
|
Typically you'd want to have a device management tool like Intune proxy (Registration Authority) the request and get a signed cert back from your CA, the Intune Connector can do that or you can do Cloud PKI. For just testing then manually copying the PFX to the client's appropriate authentication store and making sure the CA is in the proper trust container if you are domain joined. Then it should be made available. A lot of different components to making CBA work. |
|
Thanks Michael. I figured there was some magic involved there somewhere. Appreciate the assistance.
Mark Nash
IT Director
(817) 465-9277 | Arlington, Tx
Winner of 104 IABC Gold Quills and the 2023 Large Agency of the Year
[cid:linkedin_4c6f3bdf-dd4e-4f46-94f0-1885fa83094c.png]<https://www.linkedin.com/company/partnercomm> [cid:instagram_bebedbe2-cb80-462a-af3c-7ae9caf0718c.png] <https://www.instagram.com/partnercomm> [cid:facebook_a2d99c62-cb5a-42d3-b0e4-d08e71427149.png] <https://www.facebook.com/PartnerCommInc/> [cid:twitter_53725725-ce5d-4ef3-bd47-bfd64fe511d7.png] <https://twitter.com/partnercomm> [cid:vimeo_f71007e4-e318-469a-b82c-5751fc4fbe28.png] <https://vimeo.com/sweet250> [cid:web_a51bd891-a842-461a-b706-81937a9daae4.png] www.partnercomm.net<https://www.partnercomm.net>
[cid:logo-pcomm-30_74bce84a-c4e7-4724-87ee-9c2ca3e3421e.png]
From: Michael ***@***.***>
Sent: Tuesday, June 25, 2024 9:27 AM
To: maester365/maester ***@***.***>
Cc: Mark Nash ***@***.***>; Mention ***@***.***>
Subject: Re: [maester365/maester] Error Running Connect-Maester -service all (Issue #261)
[EXTERNAL SENDER]
Typically you'd want to have a device management tool like Intune proxy (Registration Authority) the request and get a signed cert back from your CA, the Intune Connector can do that or you can do Cloud PKI. For just testing then manually copying the PFX to the client's appropriate authentication store and making sure the CA is in the proper trust container if you are domain joined. Then it should be made available. A lot of different components to making CBA work.
-
Reply to this email directly, view it on GitHub<#261 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AKOLVX3XBHHVD63I7GG55SLZJF42NAVCNFSM6AAAAABJWSTJPCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOBZGEYTMMBVGE>.
You are receiving this because you were mentioned.Message ID: ***@***.******@***.***>>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
On a brand new install of windows server 2022, domain joined with windows update, I followed the instructions to setup maester from scratch.
Got all the way to the above command, before it threw an error. Straight after I ran the command, I was prompted for MFA which seemed to work ok. Then the error appeared
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
Install the latest PowerShell for new features and improvements! https://aka.ms/PSWindows PS C:\Windows\system32> Install-Module Pester -SkipPublisherCheck -Force -Scope CurrentUser NuGet provider is required to continue PowerShellGet requires NuGet provider version '2.8.5.201' or newer to interact with NuGet-based repositories. The NuGet provider must be available in 'C:\Program Files\PackageManagement\ProviderAssemblies' or 'C:\Users\mnash\AppData\Local\PackageManagement\ProviderAssemblies'. You can also install the NuGet provider by running 'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force'. Do you want PowerShellGet to install and import the NuGet provider now? [Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): y
PS C:\Windows\system32> Install-Module Maester -Scope CurrentUser
Untrusted repository
You are installing the modules from an untrusted repository. If you trust this repository, change its
InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from
'PSGallery'?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "N"): a
PS C:\Windows\system32> Install-Module Az -Scope CurrentUser
Untrusted repository
You are installing the modules from an untrusted repository. If you trust this repository, change its
InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from
'PSGallery'?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "N"): a
PS C:\Windows\system32> Install-Module ExchangeOnlineManagement -Scope CurrentUser
Untrusted repository
You are installing the modules from an untrusted repository. If you trust this repository, change its
InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from
'PSGallery'?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "N"): a
PS C:\Windows\system32> cd
PS C:> md maester-tests
Mode LastWriteTime Length Name
d----- 6/21/2024 1:40 PM maester-tests
PS C:> cd maester-tests
PS C:\maester-tests> Install-MaesterTests .\tests
Maester tests installed successfully!
Run Connect-Maester to sign in and then run Invoke-Maester to start testing.
PS C:\maester-tests> Connect-Maester -Service All
Please select the account you want to login with.
WARNING: Unable to acquire token for tenant 'organizations' with error 'InteractiveBrowserCredential authentication
failed: Entry point was not found.'
WARNING: Please run 'Connect-AzAccount -DeviceCode' if browser is not supported in this session.
Connect-AzAccount : InteractiveBrowserCredential authentication failed: Entry point was not found.
At C:\Users\mnash\Documents\WindowsPowerShell\Modules\Maester\0.0.131\public\Connect-Maester.ps1:59 char:7
Connect-ExchangeOnline : A parameter cannot be found that matches parameter name 'Device'.
At C:\Users\mnash\Documents\WindowsPowerShell\Modules\Maester\0.0.131\public\Connect-Maester.ps1:65 char:49
PS C:\maester-tests>
Any ideas
The text was updated successfully, but these errors were encountered: