Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error Acquiring Token #1067

Closed
sdearnest opened this issue Feb 22, 2021 · 2 comments
Closed

Error Acquiring Token #1067

sdearnest opened this issue Feb 22, 2021 · 2 comments
Labels
Pending Information

Comments

@sdearnest
Copy link

sdearnest commented Feb 22, 2021
edited
Loading

Details of the scenario you tried and the problem that is occurring

When running:
Export-M365DSCConfiguration -Quiet -ComponentsToExtract @('O365OrgCustomizationSetting') -GlobalAdminAccount  $creds -Path "C:\Temp\DSCExtracts\" -FileName "O365-Extract.ps1"

Output showing the problem

[1/1] Extracting [O365OrgCustomizationSetting]...Error Acquiring Token:
System.Exception: AADSTS90010: The grant type is not supported over the /common or /consumers endpoints. Please use the /organizations or tenant-specific endpoint you used common.
Mitigation: as explained in the message from Azure AD, the authority you use in the application needs to be tenanted or otherwise organizations. change the "Tenant": property in the appsettings.json to be a GUID (tenant Id), or domain name (contoso.com) if such a domain is registered with your tenantor "organizations", if you want this application to sign-in users in any Work and School accounts.
InnerException : AADSTS9001023: The grant type is not supported over the /common or /consumers endpoints. Please use the /organizations or tenant-specific endpoint.
Trace ID: 1033d6e7-ff21-4b65-ae83-b9cb801f2900
Correlation ID: 6ce2cd5e-c0fd-49a0-a0f0-ea5b6c2aa262
Timestamp: 2021-02-22 19:27:07Z ---> Microsoft.Identity.Client.MsalServiceException: AADSTS9001023: The grant type is not supported over the /common or /consumers endpoints. Please use the /organizations or tenant-specific endpoint.
Trace ID: 1033d6e7-ff21-4b65-ae83-b9cb801f2900
Correlation ID: 6ce2cd5e-c0fd-49a0-a0f0-ea5b6c2aa262
Timestamp: 2021-02-22 19:27:07Z
   at Microsoft.Identity.Client.OAuth2.OAuth2Client.ThrowServerException(HttpResponse response, RequestContext requestContext)
   at Microsoft.Identity.Client.OAuth2.OAuth2Client.CreateResponse[T](HttpResponse response, RequestContext requestContext)
   at Microsoft.Identity.Client.OAuth2.OAuth2Client.<ExecuteRequestAsync>d__11`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.OAuth2.OAuth2Client.<GetTokenAsync>d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.OAuth2.TokenClient.<SendHttpAndClearTelemetryAsync>d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at Microsoft.Identity.Client.OAuth2.TokenClient.<SendHttpAndClearTelemetryAsync>d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.OAuth2.TokenClient.<SendTokenRequestAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<SendTokenRequestAsync>d__20.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.Requests.UsernamePasswordRequest.<ExecuteAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__13.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.ApiConfig.Executors.PublicClientExecutor.<ExecuteAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Exchange.Management.AdminApiProvider.Authentication.MSALTokenProvider.<GetTokenForWebApiUsingUsernamePasswordAsync>d__20.MoveNext()
   --- End of inner exception stack trace ---
   at Microsoft.Exchange.Management.AdminApiProvider.Authentication.MSALTokenProvider.<GetTokenForWebApiUsingUsernamePasswordAsync>d__20.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Exchange.Management.AdminApiProvider.Authentication.MSALTokenProvider.<GetAccessTokenAsync>d__22.MoveNext()
New-ExoPSSession : One or more errors occurred.
At C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\2.0.4\netFramework\ExchangeOnlineManagement.psm1:475 char:30
+ ... PSSession = New-ExoPSSession -ExchangeEnvironmentName $ExchangeEnviro ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [New-ExoPSSession], AggregateException
    + FullyQualifiedErrorId : System.AggregateException,Microsoft.Exchange.Management.ExoPowershellSnapin.NewExoPSSession
@sdearnest sdearnest changed the title Error Acquiring Token: Error Acquiring Token Feb 22, 2021
@jorisbaiutti
Copy link

I think the issue is in the MSCloudLoginAssistant module. I have the same issue with sensitivity labels microsoft/MSCloudLoginAssistant#100

I already created a pull request for the security and compliance workload. I think we need to do the same for exchange online workload: https://github.com/microsoft/MSCloudLoginAssistant/blob/Dev/Modules/MSCloudLoginAssistant/Workloads/ExchangeOnline.psm1 63 - 73

@NikCharlebois Do you see any issues with changing the common endpoint to organizations?

@NikCharlebois
Copy link
Collaborator

@jorisbaiutti & @sdearnest is this still occurring with the latest versions?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Pending Information
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@NikCharlebois @jorisbaiutti @sdearnest