So my administrator account was enabled for MFA as a part of additional security and with the MFA enabled account, connection to the Skype for business online PowerShell module was failing with below error:
PS C:\WINDOWS\system32> $session = New-CsOnlineSession -Credential $cred -Verbose
VERBOSE: Determining domain to admin
VERBOSE: AdminDomain = ‘abc.onmicrosoft.com’
VERBOSE: Discovering PowerShell endpoint URI
VERBOSE: TargetUri = ‘https://adminxx.online.lync.com/OcsPowershellLiveId’
VERBOSE: Requesting authentication token
Get-CsWebTicket : Logon failed for the user ‘firstname.lastname@example.org’. Please create a new credential
object, making sure that you have used the correct user name and password.
At C:\Program Files\Common Files\Skype for Business
+ … webticket = Get-CsWebTicket -TargetServer $TargetServer -Credential $ …
+ CategoryInfo : NotSpecified: (:) [Get-CsWebTicket], CommonAuthException
+ FullyQualifiedErrorId : Microsoft.Rtc.Admin.Authentication.CommonAuthException,Microsoft.Rtc.Management.OnlineConnect
With the same credentials, i was able to login to the portal but following the error, i changed the password but got same error. So i logged a ticket with Microsoft and Nitin from Microsoft gave me a clue that worked.
Here’s how the issue got solved.
- Login to the O365 portal
- navigate to “View your account” and then “Security and Privacy”
- Click on “Additional Security verification”
- Now click on “Update your phone numbers used for account security”. A new window will open, taking you to https://account.activedirectory.windowsazure.com/ address.
- Navigate to “app passwords” tab
- Here’s the page where you can create application passwords. Create an app password, save it at secure place as the password is a random number and you do not have privilege to set password of your choice.
- With this password, you would be able to connect to the Skype for business online powershell.