Connect-MicrosoftTeams -CertificateThumbprint not working PSS, works in PS ISE

This forum can be browsed by the general public. Posting is limited to current SAPIEN license holders with active maintenance and does not offer a response time guarantee.
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 1 year and 1 month old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
DarusDP
Posts: 43
Last visit: Fri Feb 09, 2024 1:02 pm
Been upvoted: 1 time

Connect-MicrosoftTeams -CertificateThumbprint not working PSS, works in PS ISE

Post by DarusDP »

Product: PowerShell Studio 2023 (64 Bit)
Build: v5.8.217
OS: Windows 10 Enterprise (64 Bit)
Build: v10.0.19044.0

This code works in PS ISE but not PSS. PSS gives error of 'Keyset does not exist'.

Code: Select all

Import-Module MicrosoftTeams
#All the variables are set here. I removed since they contain credential type info
try
{
	$script:msteamsSession = Connect-MicrosoftTeams -CertificateThumbprint $global:GRUITOpsM365CertThumb -ApplicationId $global:GRUITOpsM365AppId -TenantId $global:TenantId -ErrorAction Stop
	DisconnectMSTeams
}
catch
{
	Write-Host $error[0].Exception.Innerexception
}
exit
Here is output of Write-Host
>> Debugging (TeamsConnect.ps1) Script...
>> Platform: V5 64Bit (STA)
System.Security.Cryptography.CryptographicException: Keyset does not exist

at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
at System.Security.Cryptography.X509Certificates.RSACertificateExtensions.GetRSAPrivateKey(X509Certificate2 certificate)
at Microsoft.Identity.Client.PlatformsCommon.Shared.CryptographyManager.SignWithCertificate(String message, X509Certificate2 certificate)
at Microsoft.Identity.Client.Internal.JsonWebToken.Sign(ClientCredentialWrapper credential, Boolean sendCertificate)
at Microsoft.Identity.Client.Internal.Requests.ClientCredentialHelper.CreateClientCredentialBodyParameters(ICoreLogger logger, ICryptographyManager cryptographyManager, ClientCredentialWrapper clientCredential, String clientId, AuthorityEndpoints endpoints, Boolean sendX5C)
at Microsoft.Identity.Client.OAuth2.TokenClient.AddBodyParamsAndHeaders(IDictionary`2 additionalBodyParameters, String scopes)
at Microsoft.Identity.Client.OAuth2.TokenClient.<SendTokenRequestAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<SendTokenRequestAsync>d__20.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.ClientCredentialRequest.<FetchNewAccessTokenAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.ClientCredentialRequest.<ExecuteAsync>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__13.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.ApiConfig.Executors.ConfidentialClientExecutor.<ExecuteAsync>d__3.MoveNext()
DarusDP
Posts: 43
Last visit: Fri Feb 09, 2024 1:02 pm
Been upvoted: 1 time

Re: Connect-MicrosoftTeams -CertificateThumbprint not working PSS, works in PS ISE

Post by DarusDP »

Works if PSStudio ran as an administrator. Which I think points to some permission issue with the certificate. I'm investigating further and will post an answer for others if/when I resolve problem.
DarusDP
Posts: 43
Last visit: Fri Feb 09, 2024 1:02 pm
Been upvoted: 1 time

Re: Connect-MicrosoftTeams -CertificateThumbprint not working PSS, works in PS ISE

Post by DarusDP »

For those who have similar issues, here is my solution. Since the certificate was a machine certificate, I needed to grant my user account permission to its private key. That is found via MMC (Microsoft Management Console), Certificates, locate the certificate, right-click, All Tasks, Manage Private Keys. The standard Windows Security dialog is present and I granted my non-administrator user account permission.
This topic is 1 year and 1 month old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.