Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to create EXO session - unexpected character encountered while parsing value: F. #5

Open
xathon opened this issue Apr 18, 2024 · 1 comment
Open

Failed to create EXO session - unexpected character encountered while parsing value: F. #5

xathon opened this issue Apr 18, 2024 · 1 comment
Assignees
@EmilienCourt
Labels
bug Something isn't working

Comments

@xathon
Copy link

xathon commented Apr 18, 2024
edited

The script Get-O365Light failed after authenticating, both from the Docker container and the Linux pwsh.

Output:

PS /mnt/host/output> Get-O365Light -StartDate $startdate -Enddate $enddate -Debug                                                                           

To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code DF[...]VZ to authenticate.
Get-O365Light: mail@example.com does not have the required permissions to get Office 365 Unified Audit Logs : doees not have the 'View-Only Audit Logs' role on https://admin.exchange.microsoft.com/. See https://learn.microsoft.com/en-us/purview/audit-log-search?view=o365-worldwide#before-you-search-the-audit-log. Cannot continue

And the logfile:

2024-04-18 13:02:50, INFO, Asking Oauth token for EXO
2024-04-18 13:03:37, INFO, Fetching all operations from the subset, this is the default configuration
2024-04-18 13:03:37, INFO, Asking Oauth silent token renewal for EXO
2024-04-18 13:03:37, INFO, Checking permissions for mail@example.com
2024-04-18 13:03:37, WARNING, Failed to create EXO session EXO_0f3b[...]834c - sleeping and retrying  - Unexpected character encountered while parsing value: F. Path '', line 1, position 1.
2024-04-18 13:04:37, WARNING, Failed to create EXO session EXO_0f3b[...]834c - sleeping and retrying  - Unexpected character encountered while parsing value: F. Path '', line 1, position 1.
2024-04-18 13:06:37, WARNING, Failed to create EXO session EXO_0f3b[...]834c - sleeping and retrying  - Unexpected character encountered while parsing value: F. Path '', line 1, position 1.
2024-04-18 13:09:38, WARNING, Failed to create EXO session EXO_0f3b[...]834c - sleeping and retrying  - Unexpected character encountered while parsing value: F. Path '', line 1, position 1.
2024-04-18 13:13:38, ERROR, Failed to create EXO session EXO_0f3b[...]834c 4 times - aborting
2024-04-18 13:13:38, ERROR, mail@example.com does not have the required permissions to get Office 365 Unified Audit Logs : doees not have the 'View-Only Audit Logs' role on https://admin.exchange.microsoft.com/. See https://learn.microsoft.com/en-us/purview/audit-log-search?view=o365-worldwide#before-you-search-the-audit-log. Cannot continue

The permissions in Entra / Exchange are definitely correct, since I was able to run the commands that the script runs on my own:

PS> Connect-ExchangeOnline -UserPrincipalName mail@example.com
(success)
PS> $sessionName  = [guid]::NewGuid().ToString() 
PS> $Alloperations= @() 
PS> $myObject = [PSCustomObject]@{    
>>         GroupName= "Exchange";                                                                                                                                                                                                                                                                                           
>>         Operations = '"Add-MailboxPermission", "AddFolderPermissions", "Add-RecipientPermission", "Remove-RecipientPermission", "New-InboxRule", "Set-InboxRule", "Set-TransportRule", "New-TransportRule", "Hard Delete user", "Remove-MailboxPermission", "RemoveFolderPermissions", "UpdateInboxRules", "Set-CASMailbox", "Set-Mailbox","SearchCreated", "SearchExported","MailboxLogin"'                                                                                                                                                                                                                                                         
>>         }
PS> $Alloperations += $myObject   
[do this for all the other objects]
PS> foreach ($operationsset in $Alloperations) {                                                                                                                                                                                                                                                                          
>>     Get-LargeUnifiedAuditLog -StartDate $startdate -EndDate $enddate -outputfile test2.txt -requesttype "Operations" -sessionName $sessionName -logfile test2.log -Operations $operationsset.Operations                                                                                                                      
>> } 
[this generates the correct output]

Unfortunately I wasn't able to find out what value:F was expected to be, or what the unexpected character was.
@EmilienCourt
Copy link
Contributor

Hi,

Sorry, I've missed this issue :-(.

I've investigated, and it turns out MFA App ID has been deprecated since the 03/31/2024. This was the method we used to connect to Exchange Online.

The new recommended method is to register an application into Entra ID. We are currently thinking of ways to implement that as smoothly as possible.

Thanks a lot for pointing this issue, I will keep you updated.

@EmilienCourt EmilienCourt added the bug Something isn't working label May 7, 2024
@EmilienCourt EmilienCourt self-assigned this May 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@EmilienCourt EmilienCourt

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@EmilienCourt @xathon