Skip to content

When recent Az.* modules are loaded, Connect-MgGraph errors out #2587

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
joshtransient opened this issue Feb 13, 2024 · 12 comments
Closed

When recent Az.* modules are loaded, Connect-MgGraph errors out #2587

joshtransient opened this issue Feb 13, 2024 · 12 comments
Labels
Status: Needs Investigation

Comments

@joshtransient
Copy link

joshtransient commented Feb 13, 2024
edited
Loading

Describe the bug
In a session where Az modules such as Az.Accounts and Az.KeyVault are loaded, Connect-MgGraph does not connect at all.

  • When trying to connect interactively, the error is "Method not found: 'System.Threading.Tasks.Task`1<Azure.Identity.AuthenticationRecord>
    Azure.Identity.InteractiveBrowserCredential.AuthenticateAsync(Azure.Core.TokenRequestContext, System.Threading.CancellationToken)'."
  • When trying to connect with an app registration and a secret or cert, the error is "Entry point was not found."

I believe the Az modules are using a newer version of MSAL that isn't compatible with the current ones included with the Graph PowerShell SDK modules. PnP v2+ couldn't happily coexist with Az modules either, until the latest release of the Az modules.

To Reproduce

  1. Open a new PowerShell prompt and import the Az.Accounts module
  2. Import Microsoft.Graph.Authentication and run Connect-MgGraph with any authentication option

Expected behavior
Running Connect-MgGraph should establish a connection to Graph instead of erroring out

Debug Output
When connecting with a certificate:

DEBUG: ClientCertificateCredential.GetToken invoked. Scopes: [ https://graph.microsoft.com/.default ] ParentRequestId:
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 Microsoft Windows 10.0.22621 [2024-02-13 17:01:06Z - d75e3fa0-444b-4e7c-bac1-a89548c43106] MSAL MSAL.CoreCLR with assembly version '4.56.0.0'. CorrelationId(d75e3fa0-444b-4e7c-bac1-a89548c43106)
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 Microsoft Windows 10.0.22621 [2024-02-13 17:01:06Z - d75e3fa0-444b-4e7c-bac1-a89548c43106] === AcquireTokenForClientParameters ===
SendX5C: False
ForceRefresh: False

DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 Microsoft Windows 10.0.22621 [2024-02-13 17:01:06Z - d75e3fa0-444b-4e7c-bac1-a89548c43106]
=== Request Data ===
Authority Provided? - True
Scopes - https://graph.microsoft.com/.default
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenForClient
IsConfidentialClient - True
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - d75e3fa0-444b-4e7c-bac1-a89548c43106
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:

DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 Microsoft Windows 10.0.22621 [2024-02-13 17:01:06Z - d75e3fa0-444b-4e7c-bac1-a89548c43106] === Token Acquisition (ClientCredentialRequest) started:
         Scopes: https://graph.microsoft.com/.default
        Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 Microsoft Windows 10.0.22621 [2024-02-13 17:01:06Z - d75e3fa0-444b-4e7c-bac1-a89548c43106] [Instance Discovery] Instance discovery is enabled and will be performed
DEBUG: False MSAL 4.56.0.0 MSAL.CoreCLR .NET 8.0.1 Microsoft Windows 10.0.22621 [2024-02-13 17:01:06Z - d75e3fa0-444b-4e7c-bac1-a89548c43106] [Region discovery] Not using a regional authority.
DEBUG: Request [71625b4f-01cf-4303-ba75-14d2395837bd] POST https://login.microsoftonline.com/raggedsail.onmicrosoft.com/oauth2/v2.0/token
x-client-SKU:REDACTED
x-client-Ver:REDACTED
x-client-CPU:REDACTED
x-client-OS:REDACTED
x-client-current-telemetry:REDACTED
x-client-last-telemetry:REDACTED
x-ms-lib-capability:REDACTED
client-request-id:REDACTED
return-client-request-id:REDACTED
x-app-name:REDACTED
x-app-ver:REDACTED
Content-Type:application/x-www-form-urlencoded
x-ms-client-request-id:71625b4f-01cf-4303-ba75-14d2395837bd
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.10.3 (.NET 8.0.1; Microsoft Windows 10.0.22621)
client assembly: Azure.Identity
Connect-MgGraph: Entry point was not found.

Module Version
Microsoft.Graph.Authentication: 2.13.1
Az PowerShell module release version is Az 11.3.0

  • Az.Accounts: 2.15.1
  • Az.KeyVault: 5.2.0
  • Az.Resources: 6.15.1

Environment Data
PSVersion 7.4.1
PSEdition Core
GitCommitId 7.4.1
OS Microsoft Windows 10.0.22621
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
@sysadmin256
Copy link

I've been having the exact same issue in an Azure Function app for a few days now. Been pulling my hair out trying to figure it out, so far no luck.

@raandree raandree mentioned this issue Mar 5, 2024
Closed
@joshtransient
Copy link
Author

Upgraded to 2.15.0, still throwing the same error.

Shocked that #2594 was auto-closed, even if it was a dupe of this one.

@jdarre
Copy link

jdarre commented Mar 17, 2024

I just discovered the same issue with 2.15.0 with PS Core 7.4.1. It is not an issue with PS Windows 5.1

  • Az.Accounts: 2.16.0
  • Az.KeyVault: 5.2.1
  • PSVersion: 7.4.1

@joshtransient
Copy link
Author

Upgraded to 2.16.0, still throwing the same error.

@colinator19
Copy link

Before I required the below modules to be imported for my script to work, never understood why as running the script manually it worked fine but it was the only way to make the script work in the runbook with a few graph commands I was using.

Did some troubleshooting as I have ran against the same issue. I was able to use a hybrid worker which gave the same "entry point not found" error when using Connect-MgGraph command on the runbook. However I noted that when doing this manually on the hybrid worker VM in PowerShell I did not get the error so I went looking at the script and when I removed these imports from my script, it seems to be working again for me. My script also seems to work without these modules now.

#Import-Module Microsoft.Graph.Authentication
#Import-Module Microsoft.Graph.Identity.Governance
#Import-Module Microsoft.Graph.Identity.DirectoryManagement
#Import-Module Microsoft.Graph.Groups

@joshtransient
Copy link
Author

Upgraded to 2.17.0, still throwing the same error. Az modules also updated:

  • Az.Accounts: 2.17.0
  • Az.KeyVault: 5.2.2
  • Az.Resources: 6.16.1

@skadann
Copy link

skadann commented Apr 24, 2024

When 2.15 broke with PS 7.2, I was able to successfully run with PS 5.1. Now 2.17 has broken with PS 5.1 and I'm dead in the water.
Using PowerShell within Azure Automation.

@skadann
Copy link

skadann commented Apr 24, 2024

Before I required the below modules to be imported for my script to work, never understood why as running the script manually it worked fine but it was the only way to make the script work in the runbook with a few graph commands I was using.

Did some troubleshooting as I have ran against the same issue. I was able to use a hybrid worker which gave the same "entry point not found" error when using Connect-MgGraph command on the runbook. However I noted that when doing this manually on the hybrid worker VM in PowerShell I did not get the error so I went looking at the script and when I removed these imports from my script, it seems to be working again for me. My script also seems to work without these modules now.

#Import-Module Microsoft.Graph.Authentication #Import-Module Microsoft.Graph.Identity.Governance #Import-Module Microsoft.Graph.Identity.DirectoryManagement #Import-Module Microsoft.Graph.Groups

Dude, that worked!

@joshtransient
Copy link
Author

Can confirm that loading Az.* modules before Microsoft.Graph.Authentication now allows for signing in with an app registration or delegated credentials.

Problem still exists for scripts that import Microsoft.Graph.Authentication first.

@joshtransient
Copy link
Author

Upgraded to 2.18.0, problem maybe seems like it's resolved now when loading Microsoft.Graph.Authentication first. Az.* modules also got updated:

  • Az.Accounts: 2.19.0
  • Az.KeyVault: 5.3.0
  • Az.Resources: 6.16.2

@joshtransient
Copy link
Author

Problem seems to be resolved with 2.19.0 for the same versions of the Az modules listed above.

@Bluffkin
Copy link

Before I required the below modules to be imported for my script to work, never understood why as running the script manually it worked fine but it was the only way to make the script work in the runbook with a few graph commands I was using.

Did some troubleshooting as I have ran against the same issue. I was able to use a hybrid worker which gave the same "entry point not found" error when using Connect-MgGraph command on the runbook. However I noted that when doing this manually on the hybrid worker VM in PowerShell I did not get the error so I went looking at the script and when I removed these imports from my script, it seems to be working again for me. My script also seems to work without these modules now.

#Import-Module Microsoft.Graph.Authentication #Import-Module Microsoft.Graph.Identity.Governance #Import-Module Microsoft.Graph.Identity.DirectoryManagement #Import-Module Microsoft.Graph.Groups

This fixed the problem for me!

@o-l-a-v o-l-a-v mentioned this issue Oct 1, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Needs Investigation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@joshtransient @Bluffkin @timayabi2020 @colinator19 @jdarre @sysadmin256 @skadann