This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

→ 🚀What's New? Join Us for the Fall Product Launch! Register Now !

Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Issues Scanning Microsoft 365/Azure AD

Will
Engaged Sweeper II

‎12-28-2022 05:09 PM - last edited on ‎04-01-2024 02:16 PM by Community Manager

Hello,

We are running the trial version.

I have been trying to get the Microsoft 365/Azure AD scanning (with PowerShell) to work. I followed these (1) (2) guides very closely, and I created a self-signed cert for PowerShell scanning. When attempting to scan either M365 or Azure, I get:

Certificate with Thumbprint {thumbprint} was not found or an error occurred while retrieving, check logging for more info.

I am not sure what logs it's referring to. I've checked both the "Program Files (x86)\Lansweeper\Service\Errorlog.txt" and Azure's audit/sign-in logs. Neither show any information related to this. I'm probably missing something simple, this is more technical than I expected, and now my brain is mush. Is there a built-in tool or something I can use to simply verify the cert actually exists?

Thanks,
Will

Labels:
0 Kudos
4 REPLIES 4
andejo55
Engaged Sweeper II

‎02-01-2023 04:38 PM

I have the same question as well on properly creating a cert for this to obtain thumbprint info.   Sure would be nice to have some instructions posted on this.   I see this same similar question was posted by another back in 2021 with no replies.

0 Kudos
Will
Engaged Sweeper II
In response to andejo55

‎07-21-2023 03:08 PM

Not sure if you are still pursuing this, but I tried it again yesterday and it works now. It looks like the documentation was updated recently, so I thought I might have a different outcome. Here's the documentation I used to do it:

I had to add the IIS Manager role to the server to do the cert, and you have to export the key without the private key to get the proper file format to import into 365. When trying to add the Exchange PowerShell module, I got an error because of an issue with TLS, so I followed the steps in this article

It took about a half hour to scan our tenant using PowerShell (about 500 users), so YMMV.

Hope this helps!
Will

ErikT
Lansweeper Tech Support
Lansweeper Tech Support
In response to andejo55

‎05-17-2023 09:47 PM

Hello there! 

Our tech support team should be able to assist you with this: https://www.lansweeper.com/contact-support/

0 Kudos
Will
Engaged Sweeper II

‎01-16-2023 06:48 PM

So I was able to verify the cert exists from the LS server using PowerShell, but I'm still getting the same error. I've triple-checked the permissions in both articles linked previously. The "logging" referred to in the error message is still unclear.

I can scan 365 accounts now (after recreating the app registration and cert from scratch), but am still unable to scan using PowerShell. Since I can scan 365 and view the thumbprint manually using PS, it doesn't appear to be a MS/Azure issue, but I'm stumped. Any suggestions?

0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now