Microsoft Graph module not loading

Product: PowerShell Universal
Version: 2.9.2

Getting an error when running scripts with the Microsoft.Graph.Reports module. The module is installed on the machine, I created a new environment based on Powershell 5.1 with that specifically in it, I have it being imported within the script. When the Connect-MgGraph command is run this error appears

[error] The system cannot find the file specified.

Here is how I am calling it.

import-module Microsoft.Graph.Reports

$ClientIDURL = 'Password Manager URL'
$ClientID = Invoke-Restmethod -Method GET -Uri $ClientIDURL -UseDefaultCredentials
$tenantID = "Azure Tenant ID"
$certThumbprintURL = $ClientIDURL = 'Password Manager URL'
$certThumbprint = Invoke-Restmethod -Method GET -Uri $certThumbprintURL -UseDefaultCredentials


Connect-MgGraph -ClientID $ClientID.password -TenantId $tenantID -CertificateThumbprint $certThumbprint.password

Right after the connect command I get the error message and it never connects

When I run it manually from VSCode running on 7.x or Powershell ISE running on 5.1 it works fine.

This happens on 2.8.2 as well in any environment. I can run this script inside VSCode on 7.1.5 and Powershell ISE on 5.1 and it works correctly. I cannot run it as part of an automation inside of Universal.

I checked the modules page and verified the paths. The psd1 is in the correct location

image1251×271 10 KB

Notice there was a new version of the graph module available. Updated it, restarted Universal, and re-ran the script. Same issue happens. I grabbed the log for the last job I ran with this in it

@adam

Any idea’s on this? Looking like I’ll have to rewrite the script to use the REST API directly and work around throttling issues the module handles on it’s own.

If I run it manually in VSCode Powershell 7.1.5 it works, same with 5.1 in ISE. It’s only when run from Universal it gives this error.

Can you try capturing the stack trace? It might help isolate the problem. If the MgGraph module is open source we might be able to find the line that’s causing this issue.

try {
Connect-MgGraph
}
catch {
$_.Exception.StackTrace
}

Had to edit this a bit. It wasn’t catching the error so I did

Connect-MgGraph -ClientID $ClientID.password -TenantId $tenantID -CertificateThumbprint $certThumbprint.password

$error[0] | select exception | out-file C:\Scripts\error.txt

and got this

System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
                        
at Microsoft.Graph.PowerShell.Authentication.Cmdlets.ConnectMgGraph.ProcessRecordAsync>__56.MoveNext()

Are you hosting in IIS? I ask because I found this thread about similar errors when hosting in IIS.

https://social.msdn.microsoft.com/Forums/vstudio/en-US/7ea48fd0-8d6b-43ed-b272-1a0249ae490f/systemsecuritycryptographycryptographicexception-the-system-cannot-find-the-file-specified

This was the solution for that thread.

Hello,
In case you are working with the IIS 7, the solution for me was to change application pool’s settings to load its identity profile. The command that does this is as follows:

appcmd set apppool “AppPoolName” -processModel.loadUserProfile:true

I had a problem with gaining access to certificate's private key under the account of the application pool in the context of a web service execution. The certificate was to be acquired from application pool's user personal certificate store.

Nope, running in the built in Kestrel instance.

I opened an issue for this so I can try to spin up the graph module to try and reproduce. I image its some weird environment\privilege\user thing.

Can you find the actual certificate matching that thumbprint in the cert store?

Get-ChildItem -Path Cert:currentuser\MY | Select-Object FriendlyName, Thumbprint

I’m asking because the Graph module only looks for certs in the user store - if you run PSU as System you might run into that issue.

Well I feel like an idiot. I had the cert in my account’s cert store, and the machine store, but not in the cert store of the user account the script was running as.

imported the cert there and I can now connect to graph.

Glad I could help.
The error message is soooo unintuitive. Same goes for the Exchange module if you do anything wrong there.