Connect-MgGraph fails: Access to the path \u0027Local\\GraphPowerShellProtectedFileProviderInit\u0027 is denied

[malauter]

Describe the bug

I am trying to run a PowerShell script as a scheduled task. The script first runs a Test-DscConfiguration with a MOF file generated by the Microsoft 365 DSC module. During this test a connection to graph is established and everything works fine. But if I try to connect to Graph after the Test-DscConfiguration has finished within the same script, the connection to Graph fails:

Connect-MgGraph : The type initializer for 'Microsoft.Graph.PowerShell.Authentication.Common.ProtectedFileProvider'
threw an exception.
Access to the path \u0027Local\GraphPowerShellProtectedFileProviderInit\u0027 is denied.

This only happen if I run the script as a scheduled task, it works fine if I run the script in an interactive PS session on the same machine.

Expected behavior

Connect-MgGraph should work after Test-DscConfiguration has finished, also in a scheduled task.

How to reproduce

Run this as a scheduled task:

$test = Test-DscConfiguration -ReferenceConfiguration <path to mof file generated by M365 DSC>
Connect-MgGraph -ClientId <client id> -TenantId <tenant id> -Environment Global -CertificateThumbprint <certificate thumbprint>

SDK Version

2.25.0

Latest version known to work for scenario above?

No response

Known Workarounds

No response

Debug output

Connect-MgGraph : The type initializer for 'Microsoft.Graph.PowerShell.Authentication.Common.ProtectedFileProvider'
threw an exception.
Access to the path \u0027Local\GraphPowerShellProtectedFileProviderInit\u0027 is denied.

Exception Details: [{ "TypeName": "Microsoft.Graph.PowerShell.Authentication.Common.ProtectedFileProvider", "Message": "The type initializer for \u0027Microsoft.Graph.PowerShell.Authentication.Common.ProtectedFileProvider\u0027 threw an exception.", "InnerException": { "Message": "Access to the path \u0027Local\\GraphPowerShellProtectedFileProviderInit\u0027 is denied.", "Data": "System.Collections.ListDictionaryInternal", "InnerException": null, "TargetSite": "Void WinIOError(Int32, System.String)", "StackTrace": " at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)\r\n at System.Threading.Mutex.MutexTryCodeHelper.MutexTryCode(Object userData)\r\n at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)\r\n at System.Threading.Mutex.CreateMutexWithGuaranteedCleanup(Boolean initiallyOwned, String name, Boolean\u0026 createdNew, SECURITY_ATTRIBUTES secAttrs)\r\n at System.Threading.Mutex..ctor(Boolean initiallyOwned, String name, Boolean\u0026 createdNew, MutexSecurity mutexSecurity)\r\n at System.Threading.Mutex..ctor(Boolean initiallyOwned, String name)\r\n at Microsoft.Graph.PowerShell.Authentication.Common.ProtectedFileProvider..cctor()", "HelpLink": null, "Source": "mscorlib", "HResult": -2147024891 }, "TargetSite": { "Name": "InitializeStream", "DeclaringType": "Microsoft.Graph.PowerShell.Authentication.Common.ProtectedFileProvider", "ReflectedType": "Microsoft.Graph.PowerShell.Authentication.Common.ProtectedFileProvider", "MemberType": 8, "MetadataToken": 100663699, "Module": "Microsoft.Graph.Authentication.dll", "IsSecurityCritical": true, "IsSecuritySafeCritical": false, "IsSecurityTransparent": false, "MethodHandle": "System.RuntimeMethodHandle", "Attributes": 452, "CallingConvention": 33, "ReturnType": "void", "ReturnTypeCustomAttributes": "Void ", "ReturnParameter": "Void ", "IsGenericMethod": false, "IsGenericMethodDefinition": false, "ContainsGenericParameters": false, "MethodImplementationFlags": 0, "IsPublic": false, "IsPrivate": false, "IsFamily": true, "IsAssembly": false, "IsFamilyAndAssembly": false, "IsFamilyOrAssembly": false, "IsStatic": false, "IsFinal": false, "IsVirtual": true, "IsHideBySig": true, "IsAbstract": false, "IsSpecialName": false, "IsConstructor": false, "CustomAttributes": "" }, "StackTrace": " at Microsoft.Graph.PowerShell.Authentication.Common.ProtectedFileProvider.InitializeStream()\r\n at Microsoft.Graph.PowerShell.Authentication.Common.ProtectedFileProvider.CreateReader()\r\n at Microsoft.Graph.PowerShell.Authentication.Common.GraphSettings.Load(IFileProvider fileProvider)\r\n at Microsoft.Graph.PowerShell.PSCmdletExtensions.GetContextSettings(PSCmdlet _)\r\n at Microsoft.Graph.PowerShell.Authentication.Cmdlets.ConnectMgGraph.BeginProcessing()\r\n at System.Management.Automation.Cmdlet.DoBeginProcessing()\r\n at System.Management.Automation.CommandProcessorBase.DoBegin()", "Source": "Microsoft.Graph.Authentication", "HResult": -2146233036 }]

Configuration

• OS: Win 11, Win Server 2019
• Architecture: x64

PSVersion 5.1.22621.4391
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.22621.4391
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1

Other information

No response

[ltussing]

I was also having the same issue on 2.25.0 running scheduled tasks on Windows Server 2022. I just upgraded the Microsoft.Graph module on our Windows Server 2022 system to 2.32.0 and I appear to no longer have the issue,