Skype to Teams: Get-CsOnlinePowerShellAccessToken: One or more errors occurred. (Solved)


Because when you have to move a Skype on prem user to Teams you should be connected at the same time to Skype On Prem and Skype Online. Not really obvious when your Skype On Prem front End server are not connected directly to Internet. We have set a Windows Server 2016 to run these operation migrations. This server doesn’t use any proxy and have a full connection through internet but through an edge firewall. When we try to connect on Skype Online this is what we get

Used cmdlet used to connect to Powershell

 

Issue

Get-CsOnlinePowerShellAccessToken : One or more errors occurred.
At C:\Program Files\Common Files\Skype for Business
Online\Modules\SkypeOnlineConnector\SkypeOnlineConnectorStartup.psm1:214 char:28
+ $accessToken = Get-CsOnlinePowerShellAccessToken @params
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-CsOnlinePowerShellAccessToken], AggregateException
+ FullyQualifiedErrorId :
System.AggregateException,Microsoft.Rtc.Management.OnlineConnector.GetPowerShellAccessToken


PS C:\Users\> Import-PSSession $sfbsession
Import-PSSession : Cannot validate argument on parameter ‘Session’. The argument is null. Provide a valid value for the
argument, and then try running the command again.At line:1 char:18
+ Import-PSSession $sfbsession
+ ~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Import-PSSession], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.ImportPSSessionCommand

 

Plateform

Microsoft Windows server 2016 Standard Build 10.0.1493 build 1493

Version of powershell

PS C:\Users\ > $PsversionTable
Name Value
—- —–
PSVersion 5.1.14393.3866
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
BuildVersion 10.0.14393.3866
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1

 

Proxy

 

Skype Online Module and Powershell

 

WinRM

PS C:\Users\ > Get-Service winrm
Status Name DisplayName
—— —- ———–
Running winrm Windows Remote Management (WS-Manag…

Allow Basic Authentication

PS C:\Users\ > winrm set winrm/config/client/auth ‘@{Basic= »True »}’

Auth
Basic = true
Digest = true
Kerberos = trueca    
Negotiate = true
Certificate = true
CredSSP = false

Test Outbound port

We made an outbound test form the server to check port 5986 and 5985. These ports are opened.


Test without Windows Firewall

Extract From Netmon

IP Source has been changed for security reason

Nothing relevant here.

The Server have a Root Ca certificate inside the container that belong to the Firewall. So Maybe SSL inspection is running. We removed it and reboot the computer. Same Issue when connecting to SKO.

SOLUTION

The connection scripts do not work correctly because the it should use basic Auth. if you type de cmdlet manually like this

get-pssession
|
remove-pssession

Import-Module
SkypeOnlineConnector

$sfbsession=new-CsOnlineSession
-OverrideAdminDomain
« tenantname.onmicrosoft.com »

Import-PSSession
$sfbsession

 

you will be prompted for an authentication windows Dialog. Modern authentication will be invoked and the connection will be successful. Because the account used here is a federated account. The problem could be linked to ADFS and the Basic authentication process.

Regards

Laurent TERUIN

 

 

 

Votre commentaire

Choisissez une méthode de connexion pour poster votre commentaire:

Logo WordPress.com

Vous commentez à l’aide de votre compte WordPress.com. Déconnexion /  Changer )

Photo Google

Vous commentez à l’aide de votre compte Google. Déconnexion /  Changer )

Image Twitter

Vous commentez à l’aide de votre compte Twitter. Déconnexion /  Changer )

Photo Facebook

Vous commentez à l’aide de votre compte Facebook. Déconnexion /  Changer )

Connexion à %s