Solved: Re: New Office 365 failed with error (400) Bad Request

EHacking · ‎Jul 11, 2019

We have upgraded our Office 365 connector to the new connector, and have been running it successfully for two months now. All of a sudden it started to fail with an error: Inventory gathering failed. Error: The remote server returned an error: (400) Bad Request.

In the log we get the following: 2019-07-10 00:00:57,702 [INFO ] Failed to execute Reader 'Get Users from Office 365' from file C:\ProgramData\Flexera Software\Compliance\ImportProcedures\Inventory\Reader\microsoft 365\User.xml, at step line 1 Error: The remote server returned an error: (400) Bad Request.

Erick Hacking, CSAM, CHAMP
IT Software Asset Manager, Lead Sr.

EHacking · ‎Jul 11, 2019

I thought I would post my troubleshooting steps to resolution here so that others might benefit.

Alspesh at Flexera suggested I do the following:

Logon to this site using the account you have used to configure the new O365 connection --> https://developer.microsoft.com/en-us/graph/

Go to the Graph Explore page and on the GET field at the top of the page, you will see a graph api call. Copy this line in there --> https://graph.microsoft.com/v1.0/users/ and then click 'Run Query'

I received a "Success - Status Code 200" message, so the actual query that the script runs is working out on Microsoft's site, so I decided to check the connection again on the Beacon.

Edited the connection on the Beacon. Tested the connection and received the same Error 400 Bad Request.

There is an option to Refresh Token, so I clicked on Generate. I received a notification that the MSAUTH site it was trying to go to was not a trusted site, so I added the site to the list of trusted sites on the Beacon, ran the Generate again and this time it asked me to log onto the Microsoft Authentication site. I did so using the correct ID, then generated the token again. Saved it. Tested the connection and this time it succeeded. I saved the connection and executed. This time it runs successfully.

Hope this helps others in their troubleshooting.

Erick

Erick Hacking, CSAM, CHAMP
IT Software Asset Manager, Lead Sr.

View solution in original post

EHacking · ‎Jul 11, 2019

I thought I would post my troubleshooting steps to resolution here so that others might benefit.

Alspesh at Flexera suggested I do the following:

Logon to this site using the account you have used to configure the new O365 connection --> https://developer.microsoft.com/en-us/graph/

Go to the Graph Explore page and on the GET field at the top of the page, you will see a graph api call. Copy this line in there --> https://graph.microsoft.com/v1.0/users/ and then click 'Run Query'

I received a "Success - Status Code 200" message, so the actual query that the script runs is working out on Microsoft's site, so I decided to check the connection again on the Beacon.

Edited the connection on the Beacon. Tested the connection and received the same Error 400 Bad Request.

There is an option to Refresh Token, so I clicked on Generate. I received a notification that the MSAUTH site it was trying to go to was not a trusted site, so I added the site to the list of trusted sites on the Beacon, ran the Generate again and this time it asked me to log onto the Microsoft Authentication site. I did so using the correct ID, then generated the token again. Saved it. Tested the connection and this time it succeeded. I saved the connection and executed. This time it runs successfully.

Hope this helps others in their troubleshooting.

Erick

Erick Hacking, CSAM, CHAMP
IT Software Asset Manager, Lead Sr.

Alpesh · ‎Jul 11, 2019

Hi Erick,

I am glad that the suggestion helped you in resolving the issue.

Thanks!

usman_javaid · ‎Nov 03, 2019

Hi, I am receiving exact error message in my Flexera Production instance. But I don't see any option to "refresh" token. Could you please advise.

EHacking · ‎Nov 04, 2019

Usman, this is on the beacon in the actual connector.

Erick Hacking, CSAM, CHAMP
IT Software Asset Manager, Lead Sr.

anttimustonen · ‎Nov 18, 2019

Hi,

I've experienced the same issue. Initially it works but, after some time the token gets "stale" on the Beacon and I get 400 Bad Request when testing connection. I've checked that M365 Azure App Permissions are etc. are the same as before. So it sound like a bug on the Beacon.

If the only way to circumnvent this is to re-generate token, it's administration overhead as we do not have sufficient privileges to generate tokens for our custoemrs and we need to ask their Cloud App admin to do this and possibly repeat this after x number of days.

BR, Antti

winvarma · ‎Nov 25, 2019

Hi ,

Currently we are also facing this issue and i too don't have sufficient privileges for the Azure and i do remember that there is no tenure scheduled for the Auth codes while configuring this. Even if we have refresh the token the request should be approved by the Azure cloud app admin which is a tedious job and lot of process. wondering if there is any other way to troubleshoot this issue instead of directly refreshing the token.

regards,

Varma

kstaude · ‎Apr 29, 2020

I'm still seeing this also pretty sporadically with several customers as well. Has anyone found any other fixes or notes about a resolution for this? My thought is that the O365 connector just needs some better error handling/retry on the O365/Azure API.

Alpesh · ‎Apr 29, 2020

Have you tried to use the 'Test Connection' button on the O365 connector? If the test fails, then it is highly likely that there is a problem with the RefreshToken. But if the test is successful and the adapter fails with the 400 error, then it is something you can work with our Support team to investigate.