Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, May 2, 2017 11:34 AM
I am seeing a weird behavior when trying to connect to MsolService, SpoService or for that matter any O365 service to manage using powershell at times powershell works and most of the times it does not,
There is not one article that lists out clear and precise details how to setup or for that matter to check and validate if proxy configuration is correct with respect to Powershell
I request all to assist me on this please asap
An Extremist
All replies (12)
Tuesday, May 2, 2017 12:13 PM
How are we supposed to help you with no error information and no idea what script you are using?
\(ツ)_/
Tuesday, May 2, 2017 12:30 PM
$365Logon = Get-Credential
$proxyOptions = New-PSSessionOption -ProxyAccessType IEConfig
netsh winhttp reset proxy
netsh winhttp show proxy
netsh winhttp set proxy http://proxyname:port
netsh winhttp show proxy
Import-Module MsOnline
Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
Connect-MsolService -Credential $365Logon -Verbose
Connect-SpoService -URL http://company/tenantname-admin.sharepoint.com -Credential $365Logon -Verbose
cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Current WinHTTP proxy settings:
Direct access (no proxy server).
Current WinHTTP proxy settings:
Direct access (no proxy server).
Current WinHTTP proxy settings:
Proxy Server(s) : http://proxyname:port
Bypass List : (none)
Current WinHTTP proxy settings:
Proxy Server(s) : http://proxyname:port
Bypass List : (none)
Connect-MsolService : There was no endpoint listening at https://provisioningapi.microsoftonline.com/provisioningwebservice.svc that could accept the message. This is
often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
At line:9 char:1
- Connect-MsolService -Credential $365Logon -Verbose
-
+ CategoryInfo : OperationStopped: (:) [Connect-MsolService], EndpointNotFoundException
+ FullyQualifiedErrorId : System.ServiceModel.EndpointNotFoundException,Microsoft.Online.Administration.Automation.ConnectMsolService
Connect-MsolService : Exception of type 'Microsoft.Online.Administration.Automation.MicrosoftOnlineException' was thrown.
At line:9 char:1
- Connect-MsolService -Credential $365Logon -Verbose
-
+ CategoryInfo : OperationStopped: (:) [Connect-MsolService], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.MicrosoftOnlineException,Microsoft.Online.Administration.Automation.ConnectMsolService
Connect-SpoService : Could not connect to SharePoint Online.
At line:10 char:1
- Connect-SpoService -URL http://company/tenant-admin.sharepoint.co ...
-
+ CategoryInfo : NotSpecified: (:) [Connect-SPOService], InvalidOperationException
+ FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.Online.SharePoint.PowerShell.ConnectSPOService
An Extremist
Tuesday, May 2, 2017 12:30 PM
$365Logon = Get-Credential
$proxyOptions = New-PSSessionOption -ProxyAccessType IEConfig
netsh winhttp reset proxy
netsh winhttp show proxy
netsh winhttp set proxy http://proxyname:port
netsh winhttp show proxy
Import-Module MsOnline
Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
Connect-MsolService -Credential $365Logon -Verbose
Connect-SpoService -URL http://company/tenantname-admin.sharepoint.com -Credential $365Logon -Verbose
cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Current WinHTTP proxy settings:
Direct access (no proxy server).
Current WinHTTP proxy settings:
Direct access (no proxy server).
Current WinHTTP proxy settings:
Proxy Server(s) : http://proxyname:port
Bypass List : (none)
Current WinHTTP proxy settings:
Proxy Server(s) : http://proxyname:port
Bypass List : (none)
Connect-MsolService : There was no endpoint listening at https://provisioningapi.microsoftonline.com/provisioningwebservice.svc that could accept the message. This is
often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
At line:9 char:1
- Connect-MsolService -Credential $365Logon -Verbose
-
+ CategoryInfo : OperationStopped: (:) [Connect-MsolService], EndpointNotFoundException
+ FullyQualifiedErrorId : System.ServiceModel.EndpointNotFoundException,Microsoft.Online.Administration.Automation.ConnectMsolService
Connect-MsolService : Exception of type 'Microsoft.Online.Administration.Automation.MicrosoftOnlineException' was thrown.
At line:9 char:1
- Connect-MsolService -Credential $365Logon -Verbose
-
+ CategoryInfo : OperationStopped: (:) [Connect-MsolService], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.MicrosoftOnlineException,Microsoft.Online.Administration.Automation.ConnectMsolService
Connect-SpoService : Could not connect to SharePoint Online.
At line:10 char:1
- Connect-SpoService -URL http://company/tenant-admin.sharepoint.co ...
-
+ CategoryInfo : NotSpecified: (:) [Connect-SPOService], InvalidOperationException
+ FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.Online.SharePoint.PowerShell.ConnectSPOService
An Extremist
Tuesday, May 2, 2017 1:00 PM
It looks like your proxy server has issues. Talk to your network admins and have them review the proxy server logs.
\(ツ)_/
Wednesday, May 3, 2017 4:42 AM
But Proxy is same for all machines globally we are using ZScaler,
and as mentioned above at times it works and most of the times it does not,
I have worked with my Network team on this they have shown which is visible in the network traces that for some URLs powershell is sending traffic to some IP and for some URLs specifically for the ones mentioned in the failure error "provisioningapi" it is not sending it to the right IP,
How or why does Powershell is behaving in such a way,
What are the reasons for powershell to do this,
How can I enable logging to check and find out whats causing this powershell behavior,
So far I have used wireshark, netmon, sysmon, procmon, process explorer to garb what happens when these commands are executed on powershell traces clearly show for URLs like login.microsoftonline.com connection powershell send the request to correct hop/node and connect is established successfully,
and wherever I can in the trace where provisioningapi URL is sent with connect request it is not to the same hop/node howcome powershell could be doing this,
this is why you can see in my commands I have executed I am trying to tell powershell specifically which proxy to use,
I have upgraded PowerShell to 5.0 on my windows 7 machine,
how can I check which all the places or configuration where powershell could be reading proxy info so that I configure or hardcode the correct to be used...
Please assist at your earliest
An Extremist
Wednesday, May 3, 2017 4:52 AM
This is not a scripting issue. There is nothing you can change in the script to fix this. It is either a network issue or a system issue. You might do better contacting MS Support for help troubleshooting this.
note that authentication through some proxy servers cannot be done correctly for many MS services.
\(ツ)_/
Wednesday, May 3, 2017 5:27 AM
So far it does seem like a system issue or rather say powershell config on the machine I use,
how can I troubleshoot and resolve this issue,
Why do you say this, does Microsoft confirms the same, please share the Microsoft article links for this
"note that authentication through some proxy servers cannot be done correctly for many MS services. "
If not this forum, Where else I am suppose to get support for powershell
Please assist in identifying which file which config it is causing this issue
An Extremist
Wednesday, May 3, 2017 5:39 AM
Just searched more on the internet on this and tried following
I am able to run this URLs using IE 11 browser
https://provisioningapi.microsoftonline.com/provisioningwebservice.svc
I do see the successful message
ProvisioningWebService Service
You have created a service
Whereas when I run it using powershell following is shown
Invoke-WebRequest -Uri https://provisioningapi.microsoftonline.com/provisioningwebservice.svc -Verbose -Debug
VERBOSE: GET https://provisioningapi.microsoftonline.com/provisioningwebservice.svc with 0-byte payload
Invoke-WebRequest : Method Not Allowed
The requested method CONNECT is not allowed for the URL /index.html.
At line:1 char:1
+ Invoke-WebRequest -Uri https://provisioningapi.microsoftonline.com/pr ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
An Extremist
Wednesday, May 3, 2017 5:42 AM
Also while searching I came across this URL
It shows that you must check the certificate your being presented with or you see in the browser on the machine behind proxy and compare the certificate with machine which has direct internet connection
I did the same and found out that the certificate I am presented is issued to *.microsoftonline.com by ZSCaler which is my proxy, however the actual certificate on the URL is complete different when checked on the machine with direct internet connection,
How come this is happening, is this correct behavior ?
An Extremist
Wednesday, May 3, 2017 7:28 AM
As you are beginning too see this is a web proxy config issue. MS does not allow certain types of proxies to be used during authentication. On a call to MS support will help you to track down what is happening and none of it has anything to do with PowerShell.
I have learned that lesson after trying to authenticate for licensing through a proxy that was no configured correctly. After three months I found an MS tech who was able to work with me to track down which components of the proxy were responsible. It took less than 5 minutes to fix the issue once we were able to identify that it was to proxy server and not the MS products or the client computer that were at fault.
This is a scripting forum. We cannot help you troubleshoot your proxy server or network.
You can also contact support for your proxy server and see if they have knowledge of this issue.
\(ツ)_/
Wednesday, May 3, 2017 7:42 AM
Here is one possible solution that works with some proxy servers: https://misstech.co.uk/2015/03/13/office-365-msonline-powershell-and-proxy-servers/
\(ツ)_/
Wednesday, May 3, 2017 12:29 PM
Just to confirm whatever is applicable for powershell is also applicable for powershell_ise,
as I have testing most of things using powershell_ise only
An Extremist