Cannot contact web site 'https://xxxxxx-admin.sharepoint.com/' or the web site does not support SharePoint Online credential when Service Account tries to Provisiong OneDrive

Issue

We have seen the above error when a user does not have OneDrive provisioned. The Service account tries to do this during a migration task. The account has the appropiate permssions (SharePoint admin etc..). Servcie is able to login via browser. No MFA is configured and bypasses all MFA.

Cause

This can be caused if the tenant has the following Access Control policy setting in SharePoint Admin:

Access Control

Change the "Apps that don't use modern authentication" to Allow Access. OR the Set-SPOTenant -LegacyAuthProtocolsEnabled has been set. 

More Info: https://learn.microsoft.com/en-us/powershell/module/sharepoint-online/set-spotenant?view=sharepoint-ps

This example enables legacy authentication protocols on the tenant. This can help to enable login in situations where the admin users get an error like "Cannot contact web site 'contoso-admin.sharepoint.com/' or the web site does not support SharePoint Online credentials. The response status code is 'Unauthorized'.", and the underlying error is "Access denied. Before opening files in this location, you must first browse to the web site and select the option to login automatically."

Resolution

Option 1 - Set the Options above to allow.

Option 2 - Pre-Provision users OneDriveAs Per MS KB https://learn.microsoft.com/en-us/sharepoint/pre-provision-accounts 

1. Connect-SPOService -Url yourdomain-admin.sharepoint.com
2. #Copy users UPN to users.txt file
3. $users = Get-Content -path .\Users.txt
4. Request-SPOPersonalSite -UserEmails $users

Re-Run OneDrive Migration task(s)

  • Mark, thank you for sharing this information with the community!  We have created a Quest KB to help other users find this resolution if they encounter this error in the future, and we will update our user guides to list this as a pre-requisite when using ODM to pre-provision OneDrives.