cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Get-PnPSiteTemplate : Attempted to perform an unauthorized operation and ACS token missing

RSCA
Copper Contributor

‎Aug 10 2021 01:47 AM

‎Aug 10 2021 01:47 AM

Get-PnPSiteTemplate : Attempted to perform an unauthorized operation and ACS token missing

I am trying to export a design template for a site that I am in the Owners group for, and I have Share Point Administrator role activated.  I am running the Powershell ISE as ADMIN 

 

When I run the following 2 powershell commands

  1. Connect-PnPOnline -Url https://MyDomain.sharepoint.com/sites/MySite/ -Interactive -ForceAuthentication
  2. Get-PnPSiteTemplate -Out C:\Folder\Design.xml

 

It starts running and the thermometer bar, reads 'Site Security' and then fails immediately with the following error

Get-PnPSiteTemplate : Attempted to perform an unauthorized operation.

At line:1 char:1

+ Get-PnPSiteTemplate -Out C:\Folder\Design.xml

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : WriteError: (:) [Get-PnPSiteTemplate], ServerUnauthorizedAccessException

    + FullyQualifiedErrorId : EXCEPTION,PnP.PowerShell.Commands.Provisioning.Site.GetSiteTemplate

 

When I run the following 2 powershell commands

  1. Connect-PnPOnline -Url https://MyDomain.sharepoint.com/sites/MySite/ -useWebLogin
  2. Get-PnPSiteTemplate -Out C:\Folder\Design.xml

The connect-pnponline command suggests I use the -Interactive flag, but it starts running, and gets further and the thermometer bar goes through 'Site Security', 'Audit', 'Fields', 'Content Types' and starts on 'List Instances' and starts to list the lists, and fails on the first one, which is called 'Confidential files'  with the following error : 

Get-PnPSiteTemplate : GetAccessTokenAsync() called without an ACS token generator. Specify in AuthenticationManager

 

No Output is saved

Powershell is version 5.1.18362.1593

 

Any ideas on how to fix this, or even to get more information on what unauthorised operation is running, or how to force the ACS Token wen I am querying lists 

 

Thanks - Richard 

 

 

 

 

 

29K Views
0 Likes
2 Replies
Reply
2 Replies
Joel Rodrigues

‎Aug 10 2021 02:28 AM

‎Aug 10 2021 02:28 AM

Re: Get-PnPSiteTemplate : Attempted to perform an unauthorized operation and ACS token missing

I would suggest that you try using the new version of PnP PowerShell within PowerShell core: https://pnp.github.io/powershell/articles/installation.html

When you connect using -UseWebLogin, you get an ACS generated token, which will not work for things like exporting the site headed and footer as it won't be able to acquire an access token for Graph, which is why it's recommended to use -Interactive.
I have done this multiple times recently and can confirm that it works fine with PnP.PowerShell in PowerShell core.
When you use -Interactive, you will be using the PnP Management Shell Azure app registration to connect as delegated permissions, so ensure that the app is granted permissions (should have requested you to approve the first time using an admin account) and also ensure that the user account has the required permissions on the site.
1 Like
Reply
RSCA

‎Aug 11 2021 03:11 AM

‎Aug 11 2021 03:11 AM

Re: Get-PnPSiteTemplate : Attempted to perform an unauthorized operation and ACS token missing

Our Admins found that the current PnP Management Shell screen in Portal.Azure.Com appeared to have changed from when they had originally granted permissions to the app. They noted that the list of potential permissions applicable to PnP Management Shell had increased. We can only surmise that this change had left a number of these ‘new’ permissions in an ‘ungranted’ state, and this is what caused the unauthorisation error.

The problem was fixed by regranting the permissions through the new interface.
0 Likes
Reply