May 10 2017 10:43 AM
I currently use the below script to connect to the S&C Center. This does not work with MFA.
I was wondering if there is an Updated Module that I could use that supports modern authentication?
$Credential = get-credential -Credential username.com
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid -Credential $Credential -Authentication Basic -AllowRedirection
Import-PSSession $Session -AllowClobber –DisableNameChecking
Oct 23 2017 04:45 PM
MFA seems to be working for other items, but when I try Security and Compliance, I'm getting a 500 error back from the server. See below.
PS C:\Users\Jeff> Connect-IPPSSession
WARNING: Your connection has been redirected to the following URI:
"https://nam02b.ps.compliance.protection.outlook.com/PowerShell-LiveId?BasicAuthToOAuthConversion=tru... "
New-ExoPSSession : Connecting to remote server nam02b.ps.compliance.protection.outlook.com failed with the following error message : <!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>500 - Internal server error.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>500 - Internal server error.</h2>
<h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3>
</fieldset></div>
</div>
</body>
</html>
For more information, see the about_Remote_Troubleshooting Help topic.
At C:\Users\Jeff\AppData\Local\Apps\2.0\ER689GCY.C50\E15M7H1X.VJ5\micr..tion_d8f8f667ee342b5c_0010.0000_46e6ccd01daac800\CreateExoPSSession.ps1:183 char:22
+ ... PSSession = New-ExoPSSession -UserPrincipalName $UserPrincipalName -C ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (:) [New-ExoPSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : System.Management.Automation.Remoting.PSRemotingDataStructureException,Microsoft.Exchange.Management.ExoPowershellSnapin.NewExoP
SSession
Oct 23 2017 11:41 PM
Yup, I get the same today. Let me ping some folks...
Oct 24 2017 11:07 AM
Thanks.
Oct 24 2017 11:18 PM
Well it took some time, but it seems to be working fine now.
Oct 30 2017 08:12 AM
i'm able to connect to exchange online by below method not security compliance center.
Oct 30 2017 10:25 PM
That method does not seem to work for connecting to the SCC.
Oct 31 2017 12:28 AM
Which method Paul?
Oct 31 2017 05:20 AM
The one Tony posted but using the SCC cmdlet instead of the EXO cmdlet.
Oct 31 2017 12:01 PM
You simply need to provide the SCC endpoint:
$session = New-ExoPSSession -ConnectionUri https://ps.compliance.protection.outlook.com/PowerShell-LiveId
Oct 31 2017 03:24 PM
Thanks folk for this thread, I was able to connect with Connect-IPPSession for MFA enabled account. I want to know is there a way I can check if a session to compliance center already exist. This way I can avoid authentication multiple times.
Thanks
Oct 31 2017 05:34 PM
This module gets better and better.
Nov 01 2017 12:03 AM
@Rahul Srivastav that depends on the method you used to connect. If it's be built-in method from the module, it will clear *any* existing sessions upon connect, including ExO/SCC ones, so there is no need to check. If you use a custom method, simply check via Get-PSSession, the SCC one has "compliance" in the connectionURI.
Nov 02 2017 07:07 PM
@Vasil Michev : Thanks for the explanation, I wasn't aware of this fact that it closes the earlier connected session.
Nov 06 2017 03:35 PM
Even I am getting this error, it worked fine last week and now it doesn't, almost like 2 days.
Connecting to remote server aus01b.ps.compliance.protection.outlook.com failed with the following error message : <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>500 - Internal server error.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>500 - Internal server error.</h2>
<h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3>
</fieldset></div>
</div>
</body>
</html>
Any idea?
Nov 06 2017 05:47 PM
Nov 06 2017 05:56 PM
@Andrew Hammond No, I am still struggling, I have raised the issue with MS, will keep you posted if I find any solution.
Nov 06 2017 11:07 PM
Works fine here folks. If you are still having issues, make sure to open a support case.
Apr 27 2018 10:49 AM
I am having a problem where I am connecting to Exchange Online, Compliance Center, Exchange On-Premises, and Active Directory PowerShell modules to run commands from each. But the Exchange On-Premises commands are clobbering the Exchange Online commands even though I add a prefix for Exchange On-Premises. To connect to Online modules with the following commands:
Connect-EXOPSSession -UserPrincipalName <UPN>
Connect-IPPSSession -UserPrincipalName <UPN>
For Exchange On-Premises I use:
$s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $ConnUri -Authentication Kerberos
$importresults = Import-PSSession $s -AllowClobber -Prefix EXOP
I can then use the Get-EXOPRecipient command (for Exchange On-Premises) but then I lose the Get-Mailbox (for Exchange Online). If I reconnect the Exchange Online and Compliance sessions, I get the reverse where I can run Get-Mailbox but lose Get-EXOPRecipient.
Does anyone know how to resolve this issue?
Apr 28 2018 11:17 AM
The problem is with the crappy logic used within the MFA-enabled ExO PowerShell module - there is a line there that will *remove* any other PSSessions. You need to edit the underlying script file manually. Line 175 if you are using the latest version.
Apr 30 2018 05:35 AM
I opened a ticket with Premier Support and I got it resolved. I discovered what was in conflict was that the "Connect-EXOPSSession" session was conflicting with the "Connect-IPPSSession" session; not the Exchange On-Premises session. So it is not possible use the Exchange Online PS commands and the Security & Compliance PS commands at the same time. But the Engineer pointed me to a O365 PS script that offers the code to connect to them.
https://gallery.technet.microsoft.com/Office-365-Connection-47e03052
So my function to connect to Exchange Online is:
function Connect-EXO
{
$ExoConnectionUri = "https://ps.outlook.com/powershell"
Import-Module $((Get-ChildItem -Path $($env:LOCALAPPDATA + "\Apps\2.0\") -Filter Microsoft.Exchange.Management.ExoPowershellModule.dll -Recurse).FullName | ?{ $_ -notmatch "_none_" } | select -First 1)
$EXOSession = New-ExoPSSession -Credential $EXOcreds
$ExoImportresults = Import-PSSession $ExoSession -AllowClobber -Prefix EXO
}
and then connect to SC:
function Connect-Compliance
{
$CompConnectionUri = "https://ps.compliance.protection.outlook.com/powershell-liveid/"
Import-Module $((Get-ChildItem -Path $($env:LOCALAPPDATA + "\Apps\2.0\") -Filter Microsoft.Exchange.Management.ExoPowershellModule.dll -Recurse).FullName | ?{ $_ -notmatch "_none_" } | select -First 1)
$Comp = New-EXOPSSession -ConnectionUri $CompConnectionUri -Credential $EXOcreds
$CompImportresults = Import-PSSession $Comp -AllowClobber
}
You will need to install the latest version of the Exchange Online Power Module for MFA though.