One
of the easiest way to communicate to O365 and SharePoint Online is through CSOM
code as we described in previous blog. The code is extremely easy however some people
run into the following common error.
Unhandled
Exception: Microsoft.SharePoint.Client.IdcrlException: The sign-in name or
password does not match one in the Microsoft account system.
at Microsoft.SharePoint.Client.Idcrl.IdcrlAuth.GetServiceToken(String
securityXml, String serviceTarget, String servicePolicy)
at
Microsoft.SharePoint.Client.Idcrl.IdcrlAuth.GetServiceToken(String username,
String password, String serviceTarget, String servicePolicy)
at
Microsoft.SharePoint.Client.Idcrl.SharePointOnlineAuthenticationProvider.GetAuthenticationCookie(Uri
url, String username, SecureString password, Boolean alwaysThrowOnFailure,
EventHandler`1 exe
cutingWebRequest)
at Microsoft.SharePoint.Client.SharePointOnlineCredentials.GetAuthenticationCookie(Uri
url, Boolean refresh, Boolean alwaysThrowOnFailure)
at
Microsoft.SharePoint.Client.ClientRuntimeContext.SetupRequestCredential(ClientRuntimeContext
context, HttpWebRequest request)
at Microsoft.SharePoint.Client.SPWebRequestExecutor.GetRequestStream()
at
Microsoft.SharePoint.Client.ClientContext.GetFormDigestInfoPrivate()
at
Microsoft.SharePoint.Client.ClientContext.EnsureFormDigest()
at
Microsoft.SharePoint.Client.ClientContext.ExecuteQuery()
at CSOM.Example.Program.Main(String[] args)
This error may be inconsistent and you might have this issue when you are not on the corporate network like people reported here. After debugging this issue, there are several common areas you could check to resolve this quickly.
1. Verify
whether the user name and password directly from O365 UI. If this account has
been disabled or changed, you could verify immediately.
2. Verify
whether you have MFA enabled if using ADFS for this account. Normally we
enabled MFA for security reason and apply rule to be trigger if the request is
coming from non-trusted source like non company network. This might be the #1
reason why the same code is working when the machine is on the corporate network
and exception when undock the machine. You could refer Microsoft instruction to disable the account is the code need to be run off the corporate network.
3. Verify
you have latest SharePoint client dlls. SharePoint client libraries may change
based on different releases. You might need to upgrade the client library and here is the latest version.
4. Loopback enabled is common issue for WFC web service and you might need to disable it. Disabled the
loopback check entirely by creating REG_DWORD
DisableLoopbackCheck
at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
and setting value to Decimal 1.
This is the list of the most common configurations that might cause CSOM to communicate with O365/SharePoint online. The rest of the coding is straightforward.
I think that this is because of the issue with the generic lists in powershell. Livetiles
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteHi Harry,
ReplyDeleteThanks for listing out all the causes behind this issue. However I have tried all 4 things you listed in above blog. But still I am getting same error "The sign-in name or password does not match one in the Microsoft account system." I am getting same error from CSOM Powershell script and C# Client side object model when trying to access SharePoint Online admin site by using 'SharePointOnlineCredentials' class. I have also downloaded SharePoint Client dll's version - 16.1.7521.1200. And I have been tried onmicrosoft account with MFA disabled and were able to login with same username, pwd by using browser. I also disabled loopobackcheck.
I had the same issue but had to ask the system administrator to create rule to allow legacy authentication and it works. Hope it helps someone.
ReplyDeleteThis comment has been removed by the author.
DeleteHi Jorge,
Deletecan you share me the steps for the rule
This comment has been removed by the author.
ReplyDelete