SOLVED

Connect-PnPOnline -UseWebLogin fails, login window disappears

Brass Contributor

I downloaded the latest version of PnP PowerShell today but have had no success with Connect-PnPOnline (no problem using Connect-SPOService). I get the dreaded error "For security reasons DTD is prohibited in this XML document." I've researched this and tried all the fixes, like disabling IPv6 and pointing to Google DNS servers. I've also tried Windows and Generic Credentials, but these don't avoid the online authentication and get the same error.

 

The most promising work-around appeared to be the -UseWebLogin option, but the window disappears. It's only up for a fraction of a second, which isn't long enough for me to read the single line of text there.

 

Can anyone solve the case of the missing -UseWebLogin window? This is an Office 365 E3 tenant.

17 Replies
best response confirmed by KenStewart (Brass Contributor)
Solution
Have you tried amending your hosts file?

You're a lifesaver, @Deleted. I saw that fix from Paul Ryan online, but I neglected to try it. So in response to your post, I added this entry to my hosts file:

 

127.0.0.1 msoid.summitservices.us.com # fix PnP connect problem

 

where our domain is summitservices.us.com. I connected first time without an authentication dialog (since I'd already set up Windows Credentials). I ran a few other applets as a quick test, all successful.

 

You definitely solved my main problem, but I tried to connect again using -UseWebLogin with the same result: quickly disappearing window. The mystery remains.

Happy to help :)

When -UseWebLogin quickly disappears, could it be you are already authenticated.

If you run Get-PnPContext it should give you that info.

Looks like that's not exactly it, but there are more clues.

 

I opened a new PowerShell session and ran Get-PnPContext just to make sure there was no connection; returned an error saying I needed a connection first. I ran connect again with the web option, and the window still disappears. However, this time I asked for the context again and I was authenticated.

 

Apparently, something is bypassing a web dialog and trying a different authorization mechanism, which now succeeds because of the hosts configuration. To test this, I tried to connect to a different site that I hadn't configured with Credentials Manager; failed saying needed connection. Ran again with web option, window disappeared, but no error. Get-PnPContext then showed the new site.

 

Interesting, but still a little mystery? Isn't -UseWebLogin supposed to bring up a dialog to enter username and password?

It is, but it sounds like it already has authentication credentials.

Does it still happen after clearing all web cache, cookies etc?

Good thoughts, haven't tried yet. Need to get some work done for a while. Will try later and let you know.

 

Thanks again.

So, I may have taken a step backwards. After taking a break for a day, connecting no longer worked as smoothly as it did when I first modified the hosts file. I didn't change anything that I'm aware of, and I checked that hosts was the same. Long story short, I can connect but always have to add the -UseWebLogin parameter. Get-PnPConnection returns:

 

ConnectionType : O365
InitializationType : Unknown
MinimalHealthScore : -1
RetryCount : 10
RetryWait : 1
PSCredential :
TelemetryClient : Microsoft.ApplicationInsights.TelemetryClient
Url : https://summitservicesus.sharepoint.com/
TenantAdminUrl :
Context : OfficeDevPnP.Core.PnPClientContext

 

Note ConnectionType is O365 and PSCredential is null. When it was working smoothly, my recollection is that PSCredential was populated, though I don't remember the specifics. Regardless, I haven't been denied permission yet on any cmdlets I've run (mostly gets).

 

Following your suggestion, I did try clearing cache first then cookies and history. There was no apparent difference in behavior.

 

Interesting. Which version of the PnP cmdlets are you using?

Just downloaded 3.12.1908.1

When I say just, I mean just a few days ago. This is my first foray into SP online applets.

Are you still using the Google DNS?

Yes, I confirmed all the setting changes I'd made trying to fix the original problem (e.g., hosts, IPv6, Google DNS, Windows creds, etc.) are still in place.

@KenStewart did you ever get this working?  I tried, I think, as you said, I turned IPV6 off, I set Google 8.8.8.8 and 8.8.4.4 as my DNS and I logged on to my VPN (I work 100% remote), and all are doing exactly what you are having, my prompt for -UseWebLogin

Connect-PnPOnline -Url $SiteURL -UseWebLogin

Below is a screenshot from a video I took of it.  I tried to uninstall and install it again (PNP) as it happens on my user account and on another account that I tried (my admin account).

Just like you, the prompt comes up for a millisecond and then goes away.  I have put in my HOSTS file 

127.0.0.1 msoid.summitservices.us.com # fix PnP connect problem

and restarted as I tried right after putting that in.  I am on a Windows 10 system and I am running PowerShell v5.x as Admin.  I tried with PowerShell v7 as well.  All the same.

2021-01-05_11-01-23.jpg

PS C:\WINDOWS\system32> Get-PnPContext RetryCount : 10 Delay : 500 PropertyBag : {} Web : Microsoft.SharePoint.Client.Web Site : Microsoft.SharePoint.Client.Site RequestResources : Microsoft.SharePoint.Client.RequestResources FormDigestHandlingEnabled : True ServerVersion : Url : https://TENANTNAME-admin.sharepoint.com/ ApplicationName : SharePoint PnP PowerShell Library ClientTag : DisableReturnValueCache : True ValidateOnClient : True AuthenticationMode : Default FormsAuthenticationLoginInfo : Credentials : WebRequestExecutorFactory : Microsoft.SharePoint.Client.DefaultWebRequestExecutorFactory PendingRequest : Microsoft.SharePoint.Client.ClientRequest HasPendingRequest : True Tag : RequestTimeout : 180000 StaticObjects : {[SharePointPnP$Settings$ContextCloning, PnP.Framework.Utilities.Context.ClientContextSettings], [Microsoft$SharePoint$SPContext$Current, Microsoft.SharePoint.Client.RequestContext]} ServerSchemaVersion : ServerLibraryVersion : RequestSchemaVersion : 15.0.0.0 TraceCorrelationId : PS C:\WINDOWS\system32>

@Matthew Carter I never could get that to work and eventually took a different route using the SharePointOnlinePowerShell module. I was able to connect using an administrative account with Connect-SPOService -Url https://MYDOMAIN-admin.sharepoint.com. This brings up the web-based login window, which stays up.

 

I've been pressed on other projects since that limited success, so haven't pursued things further. I wanted to supply login credential in a script to avoid interactive logins, but never got that far. Let me know if you have any success along those lines.

@KenStewart I was having a similar issue but I deleted all the temp files and cookies in IE and then it started up. Hope it helps! 

@Joshua Bines thanks for the reply. That was one of my first steps based on earlier advice from another forum. It's plausible that the underlying code uses some of the old IE engine, or perhaps some of it's local data repository, but that didn't help in my case.

@Joshua Bines I will also say that clearing IE cache forced the login window to pop up again

1 best response

Accepted Solutions
best response confirmed by KenStewart (Brass Contributor)
Solution
Have you tried amending your hosts file?

View solution in original post