Today I was configuring server to server authentication between SharePoint 2013 Azure and SharePoint Online. I was following the steps from this MSDN URL -
https://technet.microsoft.com/en-us/library/dn197169.aspx
Everything went on fine until I executed following commands -
$msp = Get-MsolServicePrincipal -AppPrincipalId $spoappid
$spns = $msp.ServicePrincipalNames
$spns.Add("$spoappid/$spcn")
Set-MsolServicePrincipal -AppPrincipalId $spoappid -ServicePrincipalNames $spns
I got following error in the last command -
Set-MsolServicePrincipal : Uniqueness violation. Property: ServicePrincipalNames.
At line:1 char:1
+ Set-MsolServicePrincipal -AppPrincipalId $spoappid -ServicePrincipalNames $spns
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Set-MsolServicePrincipal], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.UniquenessValidationException,Microsoft.Onlin
e.Administration.Automation.SetServicePrincipal
$msp = Get-MsolServicePrincipal -AppPrincipalId $spoappid
$spns = $msp.ServicePrincipalNames
$spns
$msp = Get-MsolServicePrincipal -AppPrincipalId $spoappid
$spns = $msp.ServicePrincipalNames
$spns.Remove("$spoappid/$spcn")
Set-MsolServicePrincipal -AppPrincipalId $spoappid -ServicePrincipalNames $spns
https://technet.microsoft.com/en-us/library/dn197169.aspx
Everything went on fine until I executed following commands -
$msp = Get-MsolServicePrincipal -AppPrincipalId $spoappid
$spns = $msp.ServicePrincipalNames
$spns.Add("$spoappid/$spcn")
Set-MsolServicePrincipal -AppPrincipalId $spoappid -ServicePrincipalNames $spns
I got following error in the last command -
Set-MsolServicePrincipal : Uniqueness violation. Property: ServicePrincipalNames.
At line:1 char:1
+ Set-MsolServicePrincipal -AppPrincipalId $spoappid -ServicePrincipalNames $spns
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Set-MsolServicePrincipal], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.UniquenessValidationException,Microsoft.Onlin
e.Administration.Automation.SetServicePrincipal
I checked the values of existing Msol Service Principal with the help of following commands -
$msp = Get-MsolServicePrincipal -AppPrincipalId $spoappid
$spns = $msp.ServicePrincipalNames
$spns
The output was in this format -
00000003-0000-0ff1-ce00-000000000000/*.mydomain.com
00000003-0000-0ff1-ce00-000000000000/*.sharepoint.com
00000003-0000-0ff1-ce00-000000000000
00000003-0000-0ff1-ce00-000000000000/*.sharepoint.com
00000003-0000-0ff1-ce00-000000000000
I immediately found the problem. I was trying to add "*.mydomain.com" again to the service principal and it was already existing. I realized that I had added it earlier on a different server using a different certificate. But since that certificate was no longer valid, I have to re-register it with a new certificate but with same domain name.
Searched a lot on internet but was not able to find how to remove a service principal name from a service principal.
Finally I found the solution in my original commands.
$msp = Get-MsolServicePrincipal -AppPrincipalId $spoappid
$spns = $msp.ServicePrincipalNames
$spns.Add("$spoappid/$spcn")
Set-MsolServicePrincipal -AppPrincipalId $spoappid -ServicePrincipalNames $spns
If you see these commands, I am adding my service principal name in service principal using
$spns.Add("$spoappid/$spcn")
$spns = $msp.ServicePrincipalNames
$spns.Add("$spoappid/$spcn")
Set-MsolServicePrincipal -AppPrincipalId $spoappid -ServicePrincipalNames $spns
If you see these commands, I am adding my service principal name in service principal using
$spns.Add("$spoappid/$spcn")
Since this is a generic list, all I have to do is remove the same service principal name from generic list and again update the service principal.
$msp = Get-MsolServicePrincipal -AppPrincipalId $spoappid
$spns = $msp.ServicePrincipalNames
$spns.Remove("$spoappid/$spcn")
Set-MsolServicePrincipal -AppPrincipalId $spoappid -ServicePrincipalNames $spns
That's it. Simple and elegant solution. But spent quite some time figuring it out.
No comments:
Post a Comment