OperationStopped: Unknown Status: Unexpected Context: Operation did not start in the allotted time.

[jkbryan]

Hi,

I've been trying to run Maester with the Connect-Maester -Service All command, but get this error consistently:

Error Acquiring Token:
Unknown Status: Unexpected
Context: Operation did not start in the allotted time.
Tag: 0x1e3d43d2 (error code 0) (internal error code 507331538)
OperationStopped: Unknown Status: Unexpected Context: Operation did not start in the allotted time. Tag: 0x1e3d43d2 (error code 0)
(internal error code 507331538)

It occurs after choosing the tenant/ subscription option "Select a tenant and subscription (type a number or Enter to accept default):"

I have tried using different machines, Win 10 corporate (heavily managed), Win 10 non-corporate (lightly Intune manged), domain joined server 2012 (lightly GPO managed).

I've also tried against two distinct environments, where I have Global Admin rights and E5 licences.

I'm using PowerShell 7.5.0:

PSVersion 7.5.0
PSEdition Core
GitCommitId 7.5.0
OS Microsoft Windows 10.0.22631
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0

I've enforced TLS1.2: [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

ExchangeOnlineManagement (3.7.1) and Az.Acounts (4.0.0) modules are installed.

Googling the error brings up articles related to PowerShell authentication, e.g.: Azure/azure-powershell#25808

Based on this, I tried downgrading the Az.accounts module (after removing the current version):
Install-Module -Name Az.accounts -MaximumVersion 3.6.0 -AllowClobber

However, I see the same result :(

Note that I can successfully use the command Connect-IPPSSession -UserPrincipalName to connect to my environment, as a stand alone task.

Any help in resolving this would be greatly appreciated.

For the time being, I'll go down the Azure DevOps or GitHub automation paths to see if I can get results from all services.

Many thanks,

Jon

[jkbryan]

For reference, I also wanted to make sure that this wasn't an issue with my home network setup. So I spun up a new Azure VM - running Windows Server 2022 and installed all components from scratch:

• PowerShell 7.5.0
• Pester Module
• Maester Module
• Az module
• ExchangeOnlineManagement module
• Maester tests

However, I see the same result:

And separately against another tenant with only one subscription:

Also for reference, the sign-in logs for this activity show success:

[mklifman]

I am experiencing the same issue. I have run the commands on a Machine (both Windows 11) with PowerShell 7.4.6 and on a machine with PowerShell 7.5.0.

Strange thing is though, that this only occurs when running manually. Running Maester via Github Actions results in normal behaviour.

[jkbryan]

I am experiencing the same issue. I have run the commands on a Machine (both Windows 11) with PowerShell 7.4.6 and on a machine with PowerShell 7.5.0.

Strange thing is though, that this only occurs when running manually. Running Maester via Github Actions results in normal behaviour.

Yes, same for me, both Azure DevOps and GitHub runs work just fine. However, as I understand it, those are only running the standard tests, so are not running the "service -all" mode.

I think that the issue is when connecting to EOL.

I'm waiting for the update to this issue: https://github.com/maester365/maester/issues/640 then will incorporate those additional tests.

[soulemike]

Have you tried handling your authentication to the dependent modules before calling Maester? That is the recommendation for automation use cases.

https://maester.dev/docs/connect-maester/connect-maester-advanced#within-the-respective-modules-for-the-tests

Connect-AzAccount supports passing the subscription identifier in the connection request, which would be the best process.

https://learn.microsoft.com/en-us/powershell/module/az.accounts/connect-azaccount?view=azps-13.1.0#example-4-use-an-interactive-login-to-connect-to-a-specific-tenant-and-subscription

[Marcoevich]

I also have this issue. It seems indeed an issue Exchange Online.

I solved it by running connect-maester -service ExchangeOnline first.

Then invoke-maester. Then it proceeded.

[jkbryan]

OK, so I have identified the issue and have a fix - for me :)

The problem is actually when trying to connect to SecurityCompliance, where the Exchange Module is also required, but the error is with Connect-IPPSSession.

Depending on where you installed the maester module:
C:\Program Files\WindowsPowerShell\Modules\Maester\1.0.0\public\Connect-Maester.ps1
or
C:\Users<UserName>\Documents\PowerShell\Modules\Maester\1.0.0\public\Connect-Maester.ps1

Edit line 179, set to:

AuthZEndpointUri = $null

Note that this only affects the O365Default environment - I can't test any others. Note that once the file is saved, you'll need to reload the module.

Although the variables are set correctly in the script, if you try to run that part manually:

$ConnectionUri    = 'https://ps.compliance.protection.outlook.com/powershell-liveid/'
$AuthZEndpointUri = 'https://login.microsoftonline.com/common'
Connect-IPPSSession -BypassMailboxAnchoring -ConnectionUri $ConnectionUri -AzureADAuthorizationEndpointUri $AuthZEndpointUri

It will fail with the error referenced in the title. However, if you exclude the AzureADAuthorizationEndpointUri switch, or set the variable to $null, then connecting is successful.

So, the overall process to setup and connect all services:

Install-Module Maester
Install-MaesterTests
Install-Module ExchangeOnlineManagement
Install-Module MicrosoftTeams
Install-Module Az.Accounts

Import-Module Maester
Import-Module ExchangeOnlineManagement
Import-Module MicrosoftTeams
Import-Module Az.Accounts
Connect-Maester -Service All
Invoke-Maester

• Though I still don't think I'm seeing the Teams tests being carried out... That will be another issue, not for here.

[alexverboon]

Hello @jkbryan , thanks the workaround with
AuthZEndpointUri = $null
worked for me.