I had this little issue today when I tried to schedule the Microsoft Graph script to run as a service account on a certificate. To my surprise, even tho I had all permissions required, I was getting this error message: Connect-MgGraph: Keyset does not exist. Something that didn't show up for my user.
The message indicated my process has difficulty reaching the key of my chosen certificate. Trying to run the scheduled task with the highest privileges didn't change anything. Since Connect-MGGraph doesn't support PFX files, you must upload the certificate to the Local Machine store and refer to it via Thumbprint.
When using certificates as a standard user, I usually do it in the following way:
Connect-MgGraph -CertificateThumbprint '9135E5CF311C051A' -ClientId 'a7b8a419' -TenantId '5e94ad53'
The problem is – it only works for certificates in the user store. When you switch to Local Machine Store, Connect-MGGraph no longer sees the certificate, so you need to change to a different connection method.
$Thumbprint = '9135E5CF'
$LocalMachineCert = Get-ChildItem -Path Cert:\LocalMachine -Recurse | Where-Object { $_.Thumbprint -eq $Thumbprint }
Connect-MgGraph -ClientId 'a7b8a419' -TenantId '5e94ad53' -Certificate $LocalMachineCert
This way, we tell Connect-MgGaph to use the LocalMachine Certificate store, but while it worked for me when testing it using my account, things were not so great when trying it as a service account. Fortunately, there's an easy fix for that. We need to allow that particular service account access to private keys for that specific certificate.
Add a missing service account with proper permissions, and you're ready!
Of course, you need to do it on your proper certificate, not the Razer Chroma SDK certificate, as shown in the screenshot.
This post was last modified on June 8, 2025 19:04
Ever wondered how to run network diagnostics like Ping, Traceroute, or DNS queries from probes…
Are you tired of manually running network diagnostics like Ping, Traceroute, or DNS queries? The…
Discover new features in the PSWriteHTML PowerShell module – including New-HTMLInfoCard, improved layout controls with…
Security Identifier (SID) History is a useful mechanism in Active Directory (AD) migrations. It allows…
Today, I made the decision to upgrade my test environment and update the version of…
Have you ever looked at your Active Directory and wondered, "Why do I still have…
