There is no "user" involved when using Certificate-based authentication, you are running in the context of an application (service principal). As part of the requirements, you need to make sure that the corresponding service principal object has been granted the necessary permissions (added to admin role). Make sure you follow all the steps as described here: https://learn.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps
If you are still having issues, check the Azure AD Sign-in logs for events corresponding to the service principal ID (not the same thing as the appID you used above, look for the ObjectId instead).
Exchange Online Powershell unattended access: Create powershell session failed using ouauth, basic authentication is enabled, remotesigned execution policy as well
Hello Everyone
I am currently trying to set up an unattended access to the Exchange Online Powershell. I have already set up an app registration with the permissions that I need for my script. I unfortunately now cannot connect to it because of the following error message:
Connect-ExchangeOnline -CertificateThumbprint "73CE694B35FE5554F7B0A07B2CF39E6D4F417A83" -AppId "efbacdff-77d5-478d-a681-4c1f8f2433d5" -ShowBanner:$false -Organization tenantname.onmicrosoft.com
New-ExoPSSession : Connecting to remote server outlook.office365.com failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
At C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\2.0.3\ExchangeOnlineManagement.psm1:426 char:30
+ ... PSSession = New-ExoPSSession -ExchangeEnvironmentName $ExchangeEnviro ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (:) [New-ExoPSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : System.Management.Automation.Remoting.PSRemotingDataStructureException,Microsoft.Exchange.Management.ExoPowershellSnapin.NewExoPSSession
Or I get the following error message (when I close the sessions first): " Create powershell session failed using ouauth"
The user has the required permissions to connect to the Exchange Online Powershell, since it does work when I connect to it manually.
Do you know what I forgot to set up?
Thank you for your help.
Kind regards,
Gabe
2 answers
Sort by: Most helpful
-
Vasil Michev 95,671 Reputation points MVP
2022-01-06T10:51:10.97+00:00 -
Limitless Technology 39,381 Reputation points
2022-01-10T09:00:41.643+00:00 Hi there,
Some users have stated that enabling basic auth for WinRM has sorted this issue [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client] "AllowBasic"=dword:00000001
Here is a thread as well which discusses the same issue and you can try out some troubleshooting steps from this and see if that helps you to sort the Issue.
https://learn.microsoft.com/en-us/answers/questions/204156/connect-exchangeonline-oath-fun.html-------------------------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer--