It seems that no matter what I do, PowerShell Universal will keep treating the ErrorActionPreference as Stop rather than Continue. This is preventing me from running almost any script that has an error message I’m supposed to ignore. Even if I try to change the Error Action from Continue to something else, and then back to “Error Action”, it still will treat the Error Action as Continue. Trying the ‘Invoke-PSUScript’ does not result in it properly working either. Both the returned log object from that cmdlet and the $ErrorActionPreference variables both will say “Continue” if that’s selected.
The offending module that this error happens with is MSAL.PS. Here’s the full error message:
[error] The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: Could not use the certificate for signing. See inner exception for details. Possible cause: this may be a known issue with apps build against .NET Desktop 4.6 or lower. Either target a higher version of .NET desktop - 4.6.1 and above, or use a different certificate type (non-CNG) or sign your own assertion as described at https://aka.ms/msal-net-signed-assertion.
I have found that (during successful executions) if the Error Action is set and treated as “Continue”, I would not run into an error.
I am using the PowerShell 5.1 environment, and the script is running as a non-default user. This situation occurs on both Microsoft Edge version 104.0.1293.63 and Chrome 104.0.5112.102. We are using the licensed version of PowerShell Universal.
I added the ErrorAction to the New-PSUScript function and checked that the ErrorAction on the script settings is set to Continue (using the browser editor). However, I’m still running into the same error message. To be clear, I do not want the ErrorAction to be set as Stop - I need it to be set to “Continue” in order for the script/module to work properly.
Sure! Here’s the basic structure of the script right now:
Import-Module MSAL.PS -ErrorAction 'Continue'
$TenantId = "00000000-0000-0000-0000-000000000000"
$ClientId = "00000000-0000-0000-0000-000000000000"
$ClientCert = Get-Item "Cert:\CurrentUser\my\0000000000000000000000000000000000000000"
# It will be at this point the error message will appear.
$MSToken = Get-MsalToken -ClientId $ClientId -TenantId $TenantId -ClientCertificate $ClientCert
# The script will not reach this next step.
Connect-MgGraph -AccessToken $MSToken.AccessToken