[Bug]: Unable to execute a vanilla run of Invoke-Monkey365 with SPO workload
Closed this issue · 11 comments
What happened?
Error occurred while running the Invoke-Monkey365 cmdlet with Cert based auth on a Service principal with the required graph permissions:
`
Exception calling "ToBase64String" with "1" argument(s): "Value cannot be null.
Parameter name: inArray"
At line:13260 char:16
return [Convert]::ToBase64String($profilePhoto)
- CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : ArgumentNullException
`
WARNING: [20:07:40:683] - [Invoke-ClientRequest] - [ServiceUnavailable] https://demo.sharepoint.com/_vti_bin/client.sv
c/ProcessQuery - info - EXCALIBUR -
New-SideBar : Cannot bind argument to parameter 'items' because it is null.
At line:6850 char:39
-
$sidebar = New-SideBar -items $matched -
~~~~~~~~- CategoryInfo : InvalidData: (:) [New-SideBar], ParameterBindingValidationException
- FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,New-SideBar
How to reproduce it
Steps to reproduce the behavior:
-
Invoke-Monkey365 -Instance 'Microsoft365' -Analysis 'SharePointOnline' -TenantId 'xxxx-xxxx-xxxx-xxxx-xxxx' -ExportTo 'HTML' -Certificate $certificate -CertFilePassword $CertFilePassword -ClientId 'xxxx-xxxx-xxxx-xxxxx-xxxx'
-
See error
Expected behavior
A clear and concise description of what you expected to happen.
An HTML File is generated with the list of recommendations and checks performed on the current config
Please, complete the following information:
- Resource: Workstation
- OS: Windows
- PowerShell Version : 5.1.22621.1778
- Monkey365 Version: 0.8.5-beta
- Others:
Certificate Based Authentication is being used
Additional context
We faced the same issue in Powershell 7.3.7 as well
Hi @bhavinvadalia, I can see that you're using an old version of Monkey365. Could you please check it again with the latest version? Latest versions contains a lot of improvements for SharePoint, as well as for others workloads.
Cheers
I tried with the latest version as well:
Invoke-Monkey365 -ClientId 'xxxxxx-xxxxx-xxxxxxx-xxxx' -tenantID '0000-0000-00000-000' -Instance 'Microsoft365' -Analysis 'SharePointOnline' -certificate $certificate -CertFilePassword $CertFilePassword -ExportTo HTML -Verbose
MethodInvocationException: Exception calling "ToBase64String" with "1" argument(s): "Value cannot be null.
Parameter name: inArray"
New-SideBar: Cannot bind argument to parameter 'items' because it is null.
InvalidOperation: The variable '$sidebar' cannot be retrieved because it has not been set.
InvalidOperation: The variable '$new_chartCard' cannot be retrieved because it has not been set.
InvalidOperation: The variable '$new_chartCard' cannot be retrieved because it has not been set.
MethodInvocationException: Exception calling "AppendChild" with "1" argument(s): "Unable to cast object of type 'System.Management.Automation.PSObject' to type 'System.Xml.XmlNode'."
MethodInvocationException: Exception calling "AppendChild" with "1" argument(s): "Unable to cast object of type 'System.Management.Automation.PSObject' to type 'System.Xml.XmlNode'."
New-SideBar: Cannot bind argument to parameter 'items' because it is null.
InvalidOperation: The variable '$sidebar' cannot be retrieved because it has not been set.
InvalidOperation: The variable '$sidebar' cannot be retrieved because it has not been set.
=========VERSION================
"title": "Monkey 365 Config File",
"version": {
"Monkey365Version": "0.91.1-beta"
},
Thanks for confirming! Do you know which permissions have you granted to your application? It seems that permissions for Microsoft Graph were not granted.
P.D I'll add the bug tag to investigate it as Monkey365 must stop generating reports when no data is available.
Thanks
I have granted Read permissions for every resource using Microsoft Graph Application Permission Model
The above 3 permissions seem relevant which are already granted.
In addition, I have also granted the Service Principal with Global Reader, Sharepoint Admin and Security Reader roles
That's really strange ant appears a cascade error.
Have you also granted to the application app-only permissions for SharePoint?
Thanks
I tried this on Exchange as well but still facing a different error despite granting graph read permissions with cert based auth:
WARNING: [13:25:01:320] - [Invoke-ClientRequest] - [NotFound] https://outlook.office365.com/adminapi/beta/776ec094-e9c9-4cc7-a0b6-a374ba61c340/User('SecurityReaders_-1499877458')?PropertySet=All - info --
Do you happen to have a successful run walkthrough in the form of a video or document for me to refer?
Unfortunately not yet. I'm the only developer for this tool and there are a lot of stuff in the TO-DO list. Having said that, I can reproduce your issue, and it seems that is an incorrect permission grant within the application.
Please, note that Monkey365 is not relying on Microsoft Graph for workloads such as SharePoint Online or Exchange Online, but as today, some Graph permissions are needed in order to get basic information from tenant.
The following are the minimum permissions to get information from SharePoint:
- Directory.Read.All
- Policy.Read.All
- Sites.FullControl.All
For Exchange Online, you should add the full_access_as_app permission, as explained here.
As previously mentioned I will keep this issue open, as the connection flow, as well as documentation regarding certificate credential's permission need further improvements.
Thanks!
Hi @bhavinvadalia,
Just to mention that I have a working patch for this issue. Expectation is to update the codebase on this week.
Cheers,
Fixed in main branch.
Cheers,
Thanks a lot!!
My pleasure!