Because when you have to move a Skype on prem user to Teams you should be connected at the same time to Skype On Prem and Skype Online. Not really obvious when your Skype On Prem front End server are not connected directly to Internet. We have set a Windows Server 2016 to run these operation migrations. This server doesn’t use any proxy and have a full connection through internet but through an edge firewall. When we try to connect on Skype Online this is what we get
Used cmdlet used to connect to Powershell
Issue
Get-CsOnlinePowerShellAccessToken : One or more errors occurred.
At C:\Program Files\Common Files\Skype for Business
Online\Modules\SkypeOnlineConnector\SkypeOnlineConnectorStartup.psm1:214 char:28
+ $accessToken = Get-CsOnlinePowerShellAccessToken @params
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-CsOnlinePowerShellAccessToken], AggregateException
+ FullyQualifiedErrorId :
System.AggregateException,Microsoft.Rtc.Management.OnlineConnector.GetPowerShellAccessToken
PS C:\Users\> Import-PSSession $sfbsession
Import-PSSession : Cannot validate argument on parameter ‘Session’. The argument is null. Provide a valid value for the
argument, and then try running the command again.At line:1 char:18
+ Import-PSSession $sfbsession
+ ~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Import-PSSession], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.ImportPSSessionCommand
Plateform
Microsoft Windows server 2016 Standard Build 10.0.1493 build 1493
Version of powershell
PS C:\Users\ > $PsversionTable
Name Value
—- —–
PSVersion 5.1.14393.3866
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
BuildVersion 10.0.14393.3866
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
Proxy
Skype Online Module and Powershell
WinRM
PS C:\Users\ > Get-Service winrm
Status Name DisplayName
—— —- ———–
Running winrm Windows Remote Management (WS-Manag…
Allow Basic Authentication
PS C:\Users\ > winrm set winrm/config/client/auth ‘@{Basic= »True »}’
Auth
Basic = true
Digest = true
Kerberos = trueca
Negotiate = true
Certificate = true
CredSSP = false
Test Outbound port
We made an outbound test form the server to check port 5986 and 5985. These ports are opened.
Test without Windows Firewall
Extract From Netmon
IP Source has been changed for security reason
Nothing relevant here.
The Server have a Root Ca certificate inside the container that belong to the Firewall. So Maybe SSL inspection is running. We removed it and reboot the computer. Same Issue when connecting to SKO.
SOLUTION
The connection scripts do not work correctly because the it should use basic Auth. if you type de cmdlet manually like this
get-pssession
|
remove-pssession
Import-Module
SkypeOnlineConnector
$sfbsession=new-CsOnlineSession
-OverrideAdminDomain
« tenantname.onmicrosoft.com »
Import-PSSession
$sfbsession
you will be prompted for an authentication windows Dialog. Modern authentication will be invoked and the connection will be successful. Because the account used here is a federated account. The problem could be linked to ADFS and the Basic authentication process.
Regards
Laurent TERUIN