Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Connect to SharePoint fails #16

Closed
pkbullock opened this issue May 13, 2020 · 6 comments
Closed

Connect to SharePoint fails #16

pkbullock opened this issue May 13, 2020 · 6 comments
Assignees
@alexc-MSFT

Comments

@pkbullock
Copy link

The CheckSiteExist.ps1 script fails with the error:
Cannot contact site at the specified URL https://XXXX-admin.sharepoint.com/. The app principal does not exist.

This will always return false.

I believe that the AppId/AppSecret combination doesn't work and a certificate is required for this type of connection.
@alexc-MSFT
Copy link
Member

The CheckSiteExist.ps1 script fails with the error:
Cannot contact site at the specified URL https://XXXX-admin.sharepoint.com/. The app principal does not exist.

This will always return false.

I believe that the AppId/AppSecret combination doesn't work and a certificate is required for this type of connection.

Did you receive any error when running the deployment script?

AppId/AppSecret combo with Connect-PnPOnline does work without a certificate.

I'm just wondering if the Azure AD App has not been created for some reason.

One option here, is to check inside the 'ProcessTeamRequest' Logic App and obtain the App Secret from where the variable is initialised.

You can then update the AppSecret variable in the Azure Automation account (this is what the runbook uses) in case the secret is incorrect for some reason.

@alexc-MSFT alexc-MSFT self-assigned this May 14, 2020
@pkbullock
Copy link
Author

I have followed the instructions as you provided and did not work, including adding new the App Secret in Azure AD App Registration.

However, if I follow this: https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/register-sharepoint-add-ins with permission:

<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl"/>
</AppPermissionRequests>

The command Connect-PnPOnline with AppId/AppSecret parameters works with the ACS method, but not with the Azure AD App method.

@pkbullock
Copy link
Author

Hi Alex,

I have discovered the pnp module (3.12.1908.1) in the Azure Automation is for August last year, which is a bit too old. I was using an updated version, there is a bug blocking latest this in PnP PowerShell the fix is pending (pnp/PnP-PowerShell#2624).

I have switched to a certificate based method of authenticating - think this is now the recommended approach anyway - based on this article (https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread#faq). Note, the latest release has a another bug with using certificates in Azure Automation (pnp/PnP-PowerShell#2635) in this area and rolling back to March release fixes this temporarily.

I will write up a blog on the current working certificate approach to share with the community. I really like your deployment script in general, I hadn't considered you can achieve so much in terms of setup - lots of learning for me there, Thank you.

@alexc-MSFT
Copy link
Member

Hi Alex,

I have discovered the pnp module (3.12.1908.1) in the Azure Automation is for August last year, which is a bit too old. I was using an updated version, there is a bug blocking latest this in PnP PowerShell the fix is pending (pnp/PnP-PowerShell#2624).

I have switched to a certificate based method of authenticating - think this is now the recommended approach anyway - based on this article (https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread#faq). Note, the latest release has a another bug with using certificates in Azure Automation (pnp/PnP-PowerShell#2635) in this area and rolling back to March release fixes this temporarily.

I will write up a blog on the current working certificate approach to share with the community. I really like your deployment script in general, I hadn't considered you can achieve so much in terms of setup - lots of learning for me there, Thank you.

Thanks for the update - I will share this with the team to see if we can move to a certificate based approach.

Just out of interest, were you using an existing Automation account and therefore you had the updated PnP module installed?

Glad you like the deployment script 😀

@alexc-MSFT
Copy link
Member

Closing for now - as discussed above we will investigate a certificate based approach for future versions.

@Jonroberts84
Copy link

I am still getting this issue (I never used to have it before) - I have double checked the entire install process and I may be missing something but I don't think so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alexc-MSFT alexc-MSFT

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pkbullock @alexc-MSFT @Jonroberts84