Share via

Connect-exchangeonline with certificate thumbprint failing on server when Powershell is not started in Administrative mode

Petra Johnsson 25 Reputation points
2023-10-20T09:33:55.45+00:00

I have registred a App-only authentication - Exchange Online PowerShell in AzureAD and created a selfsigned certificate

I connect to Exchange Online powershell with following:

Connect-ExchangeOnline -CertificateThumbprint "<thumbprint>" -AppID "<AppID>" -Organization "xxxxx.onmicrosoft.com"

On local computer it works fine when starting Powershell in Non-Administrative mode but on server it only works when I start powershell as Administrator. In Non-Administrative mode I get the error below.

I haven't found out why. Any ideas?

 Could not use the certificate for signing. See inner exception for details. Possible cause: this may be a known issue with apps build against .NET Desktop 4.6 or lower. Either target a higher version of .NET desktop - 4
.6.1 and above, or use a different certificate type (non-CNG) or sign your own assertion as described at https://aka.ms/msal-net-signed-assertion. 
At C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\3.2.0\netFramework\ExchangeOnlineManagement.psm1:739 char:21
+                     throw $_.Exception.InnerException;
+                     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (:) [], MsalClientException
    + FullyQualifiedErrorId : Could not use the certificate for signing. See inner exception for details. Possible cause: this may be a known issue with apps build against .NET Desktop 4.6 or lower. Either target a hig 
   her version of .NET desktop - 4.6.1 and above, or use a different certificate type (non-CNG) or sign your own assertion as described at https://aka.ms/msal-net-signed-assertion.
Exchange Online
Exchange Online

A cloud-based service included in Microsoft 365, delivering scalable messaging and collaboration features with simplified management and automatic updates.

0 comments

Answer accepted by question author

  1. Yuki Sun-MSFT 41,456 Reputation points Moderator
    2023-10-23T05:39:17.28+00:00

    Hi @Anonymous ,

    Please ensure that the certificate has been installed in the user certificate store. Then try to authorize the user account you need to use by right clicking the certificate > All tasks > Manage Private Keys... > Add, search for the account and give it Full Control Access:

    User's image

    Here's a thread about the similar error message for reference: EXO: Cannot connect to tenant using app/certificate.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Was this answer helpful?

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 126.5K Reputation points MVP Volunteer Moderator
    2023-10-20T15:56:11.8633333+00:00

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.