ERROR Failed to Sync-ContactList for [email protected] A constructor was not found. Cannot find an appropriate constructor for type Microsoft.Exchange.WebServices.Data.OAuthCredentials. about ews-office365-contact-sync HOT 11 CLOSED

I got the same issue, issue with modernauth.

if i disable modernauth it connects

!update!

It seems to be happening in:

$AADcredential = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserPasswordCredential" -ArgumentList $Credentials.UserName.ToString(), $Credentials.GetNetworkCredential().password.ToString()
$token = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContextIntegratedAuthExtensions]::AcquireTokenAsync($Context,"https://outlook.office365.com",$ClientId,$AADcredential).result
$service.Credentials = New-Object Microsoft.Exchange.WebServices.Data.OAuthCredentials($token.AccessToken)

I did notice that the exchange api is now missing in office 365, while this application is calling that api (outlook.office365.com) with guid d3590ed6-52b3-4102-aeff-aad2292ab01c

The strange thing is that negotiaite auth is still working, while i expect Microsoft to first end that type of authentication. before closing the exchange api and forcing us to Graph

from ews-office365-contact-sync.

ModernAuth still works in my environment just fine (Exchange Online). Unfortunately, I don't have the resources or time to test in other environments. Can you confirm that you followed the new README instructions and manually unblocked the included .dll files?

I am thinking of redesigning this script in Graph API, but just don't currently have the time.

from ews-office365-contact-sync.

I have the same issue.

ERROR Failed to Sync-ContactList for [email protected] Cannot convert argument "ctx", with value: "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext", for "AcquireTokenAsync" to type "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext": "Cannot convert the "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" value of type "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" to type "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext"."

The weird thing is that it worked fine a couple of days ago.

from ews-office365-contact-sync.

Any update on this ?

from ews-office365-contact-sync.

Hi Graham,
first, thanks for providing your work and your efforts!

I do have the same issue, that login to EWS via ModernAuth is failing.

Yes, I have read redme and unblocked the DLLs and exported the credentials of the service account to a xml.
the svc has got ApplicationImpersonation in Exchange.

I ran:
.\EWSContactSync.ps1 -FolderName 'testsync' -LogPath 'C:\temp\EWS-Office365-Contact-Sync' -MailboxList '[email protected]' -ClientID 'my-Azure-EWS-App-ID' -ModernAuth -ExcludeContactsWithoutPhoneNumber -ExcludeSharedMailboxContacts -CredentialPath "C:\temp\svc-acc.xml"

The first error I got was:
Failed to Sync-ContactList for [email protected] No constructor found. No suitable constructor can be found for the Microsoft.Exchange.WebServices.Data.OAuthCredentials type.
As I said, DLLs are unblocked.

I did some research and found this line in Connect-EXCExchange.ps1:
104: $service.Credentials = New-Object Microsoft.Exchange.WebServices.Data.OAuthCredentials($token.AccessToken)
I changed it to:
104: $service.Credentials = [Microsoft.Exchange.WebServices.Data.OAuthCredentials]$token.AccessToken
It was just a try, as I found this way in another script.

Then the error turned into:
ERROR Failed to Sync-ContactList for [email protected] Exception when calling "AutodiscoverUrl" with 2 argument(s): "Credentials are required to make a service request."

So this didn't work out.
I hope this helps in some way, and I hope you have a suggestions for me, what I can still try..?

Btw., you are checking for EWS dll files this way:
$EWSDLL = (($(Get-ItemProperty -ErrorAction SilentlyContinue -Path Registry::$(Get-ChildItem -ErrorAction SilentlyContinue -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Web Services'|Sort-Object Name -Descending| Select-Object -First 1 -ExpandProperty Name)).'Install Directory') + "Microsoft.Exchange.WebServices.dll")

This doesn't return a path, if you have installed the EWS API via "Install-Package Exchange.WebServices.Managed.Api -Version 2.2.1.2".
This way it does:
$EWSDLL = (Get-ChildItem -Path "$(split-path $((Get-Package -Name 'Exchange.WebServices.Managed.Api').Source) -Parent)\Microsoft.Exchange.WebServices.dll" -Recurse).FullName
Just for your information and for a future version. :)

Cheers, Csarly

from ews-office365-contact-sync.

@Csarly Can you try to bypass MFA via trusting the IP of the server you're running the script on, per the guide below? Let me know.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-adfs#trusted-ips-for-federated-users

from ews-office365-contact-sync.

Hi @grahamr975 ,
I was trying to use the script with cloud only users and mailboxes.
The admin account with ApplicationImpersonation permission in Exchange is not activated for MFA.
I was running the script from my notebook and desktop pc.
Was it intended to run on a on-premises member server?
Thanks, regards, Csarly

from ews-office365-contact-sync.

Hi @grahamr975 ,
I just discovered it was a layer8 issue ( me ;) ).
In the azure application, in the authentication screen,
Advanced settings -> Allow public client flows -> Enable the following mobile and desktop flows -> needs to be YES !

This wasn't mentioned here:
https://www.m365tech.nl/2020/08/unattended-powershell-scripts-using-modern-authentication-with-exchange-online/

Thanks Ryan!

from ews-office365-contact-sync.

Hi @grahamr975 , I just discovered it was a layer8 issue ( me ;) ). In the azure application, in the authentication screen, Advanced settings -> Allow public client flows -> Enable the following mobile and desktop flows -> needs to be YES !

This wasn't mentioned here: https://www.m365tech.nl/2020/08/unattended-powershell-scripts-using-modern-authentication-with-exchange-online/

Thanks Ryan!

Can you maybe write an little manual how to get it work with api connection?

For now its working for me onprem. But i want to deactivade basic auth. So want to use also the api connection.

How did you write your ps1 script can you share it?

from ews-office365-contact-sync.

hi @nldenic ,
I'm new to GitHub, I am trying to find my way around to provide you with my version...
Thanks for your patience.

from ews-office365-contact-sync.

Hello all,

I just wrote up a guide on how to apply certificate-based authentication to the script, which should resolve this error. See commit 9fcfe1f.

from ews-office365-contact-sync.