Fix “Cannot contact web site ‘https://tenant-admin.sharepoint.com/’ or the web site does not support SharePoint Online credentials. The response status code is ‘Unauthorized'” Error
Problem: When trying to connect to SharePoint Online through PowerShell script, I got this error message “Cannot contact web site ‘https://crescent-admin.sharepoint.com/’ or the web site does not support SharePoint Online credentials. The response status code is ‘Unauthorized'”
I tried running a CSOM script and got an error: “Exception calling “ExecuteQuery” with “0” argument(s): “Cannot contact web site ‘https://crescent.sharepoint.com/’ or the web site does not support SharePoint Online credentials. The response status code is ‘Unauthorized’. “
#Load SharePoint CSOM Assemblies
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.dll"
Add-Type -Path "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\ISAPI\Microsoft.SharePoint.Client.Runtime.dll"
#Set Variables
$SiteURL = "https://crescent.sharepoint.com"
$ListName = "Documents"
$NewListName = "Team Documents"
#Get Credentials to connect
$Cred= Get-Credential
$Credentials = New-Object Microsoft.SharePoint.Client.SharePointOnlineCredentials($Cred.Username, $Cred.Password)
#Setup the context
$Ctx = New-Object Microsoft.SharePoint.Client.ClientContext($SiteURL)
$Ctx.Credentials = $Credentials
#Get the List
$List=$Ctx.Web.Lists.GetByTitle($ListName)
$List.Title = $NewListName
$List.Update()
$Ctx.ExecuteQuery()
Root Cause:
This error occurs if the legacy authentication protocol setting is disabled in your SharePoint Online Tenant. You must enable legacy authentication protocols in your tenant in order to connect to your SharePoint Online site. By default, this value is set to $True, to allow all CSOM code, including PowerShell scripts, Office clients, and 3rd party applications, to connect to SharePoint Online using non-modern authentication protocols.
Solution:
Enable Legacy authentication protocols. To enable legacy authentication, Go to SharePoint Online Admin Center >> Click on “Access control” from left navigation >> Click on “Apps that don’t use modern authentication” and set it to the “Allow Access” option. Click on “Save”
You can check the current status of the legacy authentication using PowerShell, as:
#Connect to SharePoint Online
Connect-SPOService "https://crescent-admin.sharepoint.com"
#Get Legacy Authentication Protocols status
(Get-SPOTenant).LegacyAuthProtocolsEnabled
To enable legacy authentication protocols, run the following PowerShell script on your SharePoint Online tenant:
#Connect to SharePoint Online
Connect-SPOService "https://crescent-admin.sharepoint.com"
#Enable Legacy Authentication Protocols
Set-SPOTenant -LegacyAuthProtocolsEnabled $True
and we got to wait for 24 hours for this change to take effect!
What if you don’t want to enable legacy protocols? Well, in our environment, the “LegacyAuthProtocolsEnabled” flag is set to $False to prevent brute force password attacks in our ADFS server for Office 365! If legacy protocols setting is turned off, you are left with using modern authentication methods:
- Leave the -Credentials parameter when you use “Connect-SPService” cmdlet. You’ll get an authentication prompt!
- Use PnP PowerShell either with -Interactive parameter or using ClientId and ClientSecret methods to connect. This method helps when you don’t want to get the credentials prompt.
This was a very helpful article! Thank you, Salaudeen!