- Flexera Community
- :
- FlexNet Manager
- :
- FlexNet Manager Forum
- :
- O365 errors
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Has anyone been experiencing issues connecting to O365 lately? My one customer keeps getting Inventory gathering failed. Error: The remote server returned an error: (403) Forbidden. I regenerated the token but keep getting a 403. I test the connection and it is showing success. Anyone else experiencing the same?
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- The adapter must be granted permissions to access the Microsoft data. The application requires read only access to this data.
- The change that Microsoft has announced requires that the individual account granting our adapter the read only access must now have an elevated privilege.
- This does not impact the application's read only permissions. We don't store the grantor's credentials either.
- Customers should follow Microsoft's guidance on the elevated privilege for the grantor and obtain a new refresh token from the elevated account for the adapter to continue functioning.
This thread has been automatically locked due to inactivity.
To continue the discussion, please start a new thread.
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I also want to add it is failing on Usage.
Failed to execute Reader 'Get Usage from Office 365 Exchange' from file C:\ProgramData\Flexera Software\Compliance\ImportProcedures\Inventory\Reader\microsoft 365\Usage.xml, at step line 1
Error: The remote server returned an error: (403) Forbidden.
2019-12-19 12:20:11,622 [INFO ] All retries have been attempted for Reader 'Get Usage from Office 365 Exchange'
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Steven,
Not completely sure, but I believe one of my customer got rid if this by removing existing connections and cretaing new ones.
It took some manual effort to then:
- remove the data related to the old connection(s) (ImportedSoftwareLicense, ImportedUser, ImportedSoftwareLicenseAllocation)
- relink the new ImportedSoftwareLicenses to existing SoftwareLicense
- remove SoftwareLicenses created by the new connection(s)
Best regards,
Markward
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This just started happening on Monday. This has been working great ever since they came out with the new connector. Now it stopped working. That may be a workaround, but that is unacceptable.
IT Software Asset Manager, Lead Sr.
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Mine also started Monday.
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We experienced the same errors and found the issue in the Graph API that it do a redirect to other URL's.
We used the proxy configuration in the Powershell GUI for the connector
In addition to that we added the following URL's
To read more have a look at
https://docs.microsoft.com/en-us/graph/api/reportroot-getoffice365activeuserdetail
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Same error here, also started on the morning of the 19th.
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes!!!
I'm using the new connector. I renewed my token (three times). And I keep getting the same error! I have a case open. 01962481
IT Software Asset Manager, Lead Sr.
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Checked my test environment. 403 since yesterday.
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To get things working until this is ultimatively resolved, I removed the Usage.xml line from the readerV3.config. No usage data, but the rest of the reader and complianc eimport is working again.
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ours stopped working as well - is there a hotfix on the way from Flexera?
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
All,
Is this on-prem or cloud implementations?
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@BradAkers I have a couple of cloud customers having this issue.
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@mfranz I remember that trick with the depreciated adapter.
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@mfranz for cloud do we have to copy the file and move it to the object adapter folder. I tried commenting the line out but it switched back.
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
All:
It looks like Microsoft has unexpectedly changed the Graph API that we use and in order to have access to the Software Usage report, accounts must now have a higher level of privilege, which is why your Office 365 connections are failing on the "gathering usage" step.
The following update was posted by Microsoft on December 17. Flexera will need to research this and determine the best way to remediate.
https://docs.microsoft.com/en-us/graph/reportroot-authorization
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- The adapter must be granted permissions to access the Microsoft data. The application requires read only access to this data.
- The change that Microsoft has announced requires that the individual account granting our adapter the read only access must now have an elevated privilege.
- This does not impact the application's read only permissions. We don't store the grantor's credentials either.
- Customers should follow Microsoft's guidance on the elevated privilege for the grantor and obtain a new refresh token from the elevated account for the adapter to continue functioning.
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When I look in Azure at Permissions & Consent for FlexNet Beacon I see that Microsoft Graph has the following:
API Name Type Permission Granted through
Microsoft Graph Delegated Read directory data Admin consent
Microsoft Graph Delegated Read all usage reports Admin consent
Microsoft Graph Delegated Maintain access to data you have given it access to Admin consent
Microsoft Graph Delegated Read directory data User consent
Microsoft Graph Delegated Read all usage reports User consent
Microsoft Graph Delegated Maintain access to data you have given it access to User consent
What am I missing? What else needs to happen? I'm not an Azure expert.
IT Software Asset Manager, Lead Sr.
