My ISP is Cox, and they have one of those annoying custom error pages when there is a DNS error. When I use Connect-PnPOnline with -Credentials, I get a DTD error because of the custom error page. I blogged about this here. The error is thrown because the cmdlet tries to open msoid.tenantname.com.
The error looks something like this:
Connect-PnPOnline : For security reasons DTD is prohibited in this XML document. To enable
DTD processing set the DtdProcessing property on XmlReaderSettings to Parse and pass the
settings into XmlReader.Create method.
At line:3 char:1
Connect-PnPOnline -Url $adminSiteUrl -Credential sympmarc
<del>~~~~~~~~~~~</del>~~ CategoryInfo : NotSpecified: (:) [Connect-PnPOnline], XmlException
FullyQualifiedErrorId : System.Xml.XmlException,SharePointPnP.PowerShell.Commands.Bas
e.ConnectOnline
Because of this, I've been using -UseWebLogin. This causes other issues, but it generally gets the job done. Today I switched my DNS provider to Cloudflare which lets me use -Credentials again, so I'm happy.
The question is whether Connect-PnPOnline should be trying to hit the msoid.tenantname.com at all. At least one Microsoft article says msoid is obsolete and shouldn't be used. It's a "bug" in the sense that a crappy DNS provider can block connections. I'm not sure if there's an answer here, but it seemed worth reporting.
3.23.2007.1
@ToddKlindt @erwinvanhunen
If we can't change the behavior of Connect-PnPOnline querying for msoid... can we trap the error better and give the user feedback that it's a DNS error? It probably took Marc and I an hour to get to the bottom of this the first time he encountered it. I would imagine casual users of the PnP don't have the patience to spend that much time troubleshooting.
Most helpful comment
If we can't change the behavior of Connect-PnPOnline querying for msoid... can we trap the error better and give the user feedback that it's a DNS error? It probably took Marc and I an hour to get to the bottom of this the first time he encountered it. I would imagine casual users of the PnP don't have the patience to spend that much time troubleshooting.