Pnp-powershell: Issue in Authenticating to SharePoint Online site using PnP PowerShell

Created on 15 May 2018  路  5Comments  路  Source: pnp/PnP-PowerShell

Notice: many issues / bugs reported are actually related to the PnP Core Library which is used behind the scenes. Consider carefully where to report an issue:

  1. Are you using Apply-SPOProvisioningTemplate or Get-SPOProvisioningTemplate? The issue is most likely related to the Provisioning Engine. The Provisioning engine is _not_ located in the PowerShell repo. Please report the issue here: https://github.com/officedev/PnP-Sites-Core/issues.
  2. Is the issue related to the cmdlet itself, its parameters, the syntax, or do you suspect it is the code of the cmdlet that is causing the issue? Then please continue reporting the issue in this repo.
  3. If you think that the functionality might be related to the underlying libraries that the cmdlet is calling (We realize that that might be difficult to determine), please first double check the code of the cmdlet, which can be found here: https://github.com/OfficeDev/PnP-PowerShell/tree/master/Commands. If related to the cmdlet, continue reporting the issue here, otherwise report the issue at https://github.com/officedev/PnP-Sites-Core/issues

Reporting an Issue or Missing Feature

Issue in authenticating to the SharePoint Site

Expected behavior

We are a tenant which uses Multi-factor authentication and PnP PowerShell Authentication used to be working as expected 3 weeks back. Now, we are having an issue and the error is

Connect-PnPOnline : The underlying connection was closed: An unexpected error occurred on a send.

We are using PnP PowerShell in unattended mode and now the complete process is in stand still mode. When we use the code, Connect-PnPOnline 鈥揢rl https://oursite.sharepoint.com/ -UseWebLogin it works as expected. But in our case, we cannot rely on that since we need have our packages executed in unattended mode.

Actual behavior

We should get the PnP PowerShell Module connected to SharePoint Site

Steps to reproduce behavior

when we execute Connect-PnPOnline 鈥揢rl https://oursite.sharepoint.com/subsite1 鈥揅redentials (Get-Credential) we are getting the error,

Connect-PnPOnline : The underlying connection was closed: An unexpected error occurred on a send.

Which version of the PnP-PowerShell Cmdlets are you using?

  • [ ] PnP PowerShell for SharePoint Online

What is the version of the Cmdlet module you are running?

(you can retrieve this by executing Get-Module -Name *pnppowershell* -ListAvailable)
ModuleType Version Name
---------- ------- ----
Binary 2.26.18... SharePointPnPPowerShellOnline

How did you install the PnP-PowerShell Cmdlets?

  • [ ] MSI Installed downloaded from GitHub

Most helpful comment

Found this Article. http://sharepointviews.com/the-underlying-connection-was-closed/

Basically, a mismatch in security protocol. Microsoft announced that they will be moving to TLS 1.2 for encryption on October 31, 2018 for Office 365. Here is a Microsoft support article Preparing for the mandatory use of TLS 1.2 in Office 365 explaining this.

Resolution:
Update your default security protocol to be TLS 1.2+. As an immediate fix you can add the below line to the top of your script:

All 5 comments

The only way around this is by using an app only approach. E.g. create either on SharePoint or Azure AD an app-only id and secret or certificate and use that to authenticate. Alternatively create a service account which does not require multi-factor authentication, but from a security standpoint this is maybe not the right approach.

We have not changed the connection approaches behind the scenes in PnP PowerShell or PnP Sites Core (which is the underlying library behind many of the PnP PowerShell Cmdlets), so it if worked until a few weeks ago I assume a change in the authentication process was made to your tenant.

Thank you @erwinvanhunen for the super quick response and the recommendation . Do you mind giving me a lead on app-only-id for authenticating a PowerShell authentication. We are a bit grey in that area on how to achieve that. Any links / articles which you are aware of; it would be great if you can share that.

Change in the tenant level authentication is what we are assuming and the concerned team is looking into that. What we wanted to make sure is to have any kind of modification done from the PowerShell standpoint in O365 level. That is the reason we had raised as an issue.

I have created a blog post where I have explained how to authenticate using the method recommended by Erwin. You can access it FROM HERE. Closing the issue which I had initiated

Found this Article. http://sharepointviews.com/the-underlying-connection-was-closed/

Basically, a mismatch in security protocol. Microsoft announced that they will be moving to TLS 1.2 for encryption on October 31, 2018 for Office 365. Here is a Microsoft support article Preparing for the mandatory use of TLS 1.2 in Office 365 explaining this.

Resolution:
Update your default security protocol to be TLS 1.2+. As an immediate fix you can add the below line to the top of your script:

I found via testing on another server that the new version of SharePointPNPPoerShellOnline module enables tls 1.2 by default when you run the Connect cmdlet. This was not happening for me; however, as I had a previous version of the module installed. I had to manually remove the current and previous versions of the module and reinstall the module via Install-Module cmdlet.

Now, my default setting still does not include tls 1.2 ([System.Net.ServicePointManager]::SecurityProtocol) until I run the connect cmdlet with the current version of the module installed.

Was this page helpful?
0 / 5 - 0 ratings