→ 🚀What's New? Join Us for the Fall Product Launch! Register Now !

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Will
Engaged Sweeper II

Hello,

We are running the trial version.

I have been trying to get the Microsoft 365/Azure AD scanning (with PowerShell) to work. I followed these (1) (2) guides very closely, and I created a self-signed cert for PowerShell scanning. When attempting to scan either M365 or Azure, I get:

Certificate with Thumbprint {thumbprint} was not found or an error occurred while retrieving, check logging for more info.

I am not sure what logs it's referring to. I've checked both the "Program Files (x86)\Lansweeper\Service\Errorlog.txt" and Azure's audit/sign-in logs. Neither show any information related to this. I'm probably missing something simple, this is more technical than I expected, and now my brain is mush. Is there a built-in tool or something I can use to simply verify the cert actually exists?

Thanks,
Will

4 REPLIES 4
andejo55
Engaged Sweeper II

I have the same question as well on properly creating a cert for this to obtain thumbprint info.   Sure would be nice to have some instructions posted on this.   I see this same similar question was posted by another back in 2021 with no replies.

Will
Engaged Sweeper II

Not sure if you are still pursuing this, but I tried it again yesterday and it works now. It looks like the documentation was updated recently, so I thought I might have a different outcome. Here's the documentation I used to do it:

I had to add the IIS Manager role to the server to do the cert, and you have to export the key without the private key to get the proper file format to import into 365. When trying to add the Exchange PowerShell module, I got an error because of an issue with TLS, so I followed the steps in this article

It took about a half hour to scan our tenant using PowerShell (about 500 users), so YMMV.

Hope this helps!
Will

ErikT
Lansweeper Tech Support
Lansweeper Tech Support

Hello there! 

Our tech support team should be able to assist you with this: https://www.lansweeper.com/contact-support/

Will
Engaged Sweeper II

So I was able to verify the cert exists from the LS server using PowerShell, but I'm still getting the same error. I've triple-checked the permissions in both articles linked previously. The "logging" referred to in the error message is still unclear.

I can scan 365 accounts now (after recreating the app registration and cert from scratch), but am still unable to scan using PowerShell. Since I can scan 365 and view the thumbprint manually using PS, it doesn't appear to be a MS/Azure issue, but I'm stumped. Any suggestions?