In M365 Developer Program, when I try to activate my sandbox and goes in the Add phone number for security, I enter my mobile number but it's showing this error: We can't continue with the signup process for the following reasons: Your phone number did not pass security checks. MS-CorrelationID: c29365c7-696f-4d8f-94c8-9b262c3106eb
Code: 40321
The number entered is valid for receiving msg from MS account.
Any solution to pass security checks when activating my sandbox?
Related
I have set up DDI numbers for my organization to receive inbound and outbound calls through MS Teams using a telephone number. I bought this from a telecom provider.
First I opened active directory and added the telephone number to the Telephone Number field and Added name "Team" to the pager section.
Then, wait couple of hours to sync the system.
I opened PowerShell and logged in to teams via PowerShell.
Then I entered below commands;
Set-CsUser -Identity '<EMAIL_ADDRESS>' -EnterpriseVoiceEnabled $true -HostedVoiceMail $true -OnPremLineURI 'tel:+6XXXXXXXXX'
Grant-CsTenantDialPlan -PolicyName <POLICY_NAME> -Identity '<EMAIL_ADDRESS>'
Grant-CsTeamsCallingPolicy -PolicyName AllowCalling -Identity '<EMAIL_ADDRESS>'
Grant-CsOnlineVoiceRoutingPolicy -PolicyName '<POLICY_NAME_2>' -Identity '<EMAIL_ADDRESS>'
I waited another 3,4 hours to sync and update group policies on devices using gpupdate
Now I can take call to outside using dial pad. But I am not receiving any calls from out side. When I tried, there is a recording going on. It says "The number you have called is not currently active or is invalid. Please check the number and dial again". The number is working number.
Seeking advice from experts. Thank you.
Looks like this is Direct Routing and using old instructions. This is the current one Enable users for Direct Routing - Microsoft Teams | Microsoft Docs.
There are some troubleshooting tips here Monitor and troubleshoot Direct Routing - Microsoft Teams | Microsoft Docs including a diag tool that checks if the user is properly configured.
Since this is Direct Routing and inbound to Teams, the audio message can come from multiple components, i.e. carrier or us or somewhere a long the way.You can check your SBC to see if the call reaches it and if it does, check what error message Direct Routing is returning. The best approach is to open a Microsoft support case and provide the tenant information, call time, phone number etc and support can check Direct Routing traces etc.
I found the answer for this after investigating with Network team. There were 2 issues.
The Telephone Number field in the user profile on AD, we need to put the number as normal. Not as E. 164 standard. As an example: The number should be 0229188884 not like +64229188884
otherPager attribute field in the user profile on AD, We need to add as "teams" (LOWERCASE). I have added as "Teams".
I made those changes and wait for sync. Then trid to call to that number. It worked.
Thank you #Sayali-MSFT for your support. I found some clues and got a clear path to investigate becasue of your guidance.
I’m trying to access active directory in our server using Kerberos(GSSAPI).
Firstly try current windows user, if refused, user can input new one.
Most of the documents mentioned Kerberos can authorize without password (current user),but little about login with a new user.
In other soft (e.g. IE) When current user is not accepted, they request me to input a new user/pass. But I got few information about how to imply that.
In Kerberos ,What is the difference between “new user login with password” and “share authority between two links” ?
My goal is to let user input username/password and login AD with Kerberos, if current user is not accepted.(in c++)
The linkage between SSPI and GSSAPI seems to be a huge problem , I searched stackoverflow/google and got about 5-8 quistions/docs ,but none of them seems to help.(I will put links later)
here:ldap_sasl_bind_s(GSSAPI) - What should be provided in the credentials BERVAL structure
What I have tried:
About logging with new user/pass, I got no directions.
About logging with current user (through SSPI), I blocked in the last step - return the 4 byte auth-Id. No idea what to return.
Trying to write 0 or other random number, encrypted and send to server, it just refused.
When trying to login into gmail Couldn't sign you in error is displaying in automation
Scenario: I have a automation test case which performs login to gmail and read email content present in inbox.
From last one week this test case getting failed due to Couldn't sign you in error
Full error message:
You're using a browser that Google doesn't recognize or that's set up in a way we don't support.
To keep your Google Account secure, sign in on another browser or change your browser's settings. Learn more
Error page link
Note: This work's in local machine but failing in AWS EC2 server
As per this link google restricts automation but for me its working in local machine!
Need help to resolve this!
Try the following Steps:
First Enter emailid using SendKeys, than Inside the Email text box SendKeys (Keys.Enter) rather than clicking next button.
Same goes for Password field.
I am trying to learn BDD cucumber and i am trying to write a feature file for login scenario with valid and invalid usernames.
For valid user will be logged and will logout however for invalid username, the user will be asked to go to login page again and asked to write correct credentials.
I would like to ask, can we have both positive and negative scenarios in "Scenario Outline"?
Could you please help me in writing perfect feature file for this simple scenario?
Take a look at my feature file code ( PS, I am a beginner :))
Feature: Login Action
Description: This feature will test a LogIn and LogOut functionality
Scenario Outline: Login with valid and Invalid Credentials
Given User is on Home Page
When User navigate to Login Page
Then User enters "<username>" and "<password>"
And Keeping case as Valid
Then User should get logged in
And Message displayed Login Successfully
Then User enters "<username>" and "<password>"
And Keeping case as InValid
Then user will be asked to go back to login page
And Provide correct credentials
Examples:
|username|password|Case|
|abc#gmail.com|12345|Valid|
|abc1#gmail.com|dfsd2|InValid|
Scenario: Successful logout from application
When user logs out from application
Then Message displayed Logout successfully
And Browser quit by driver
'Perfect' - Ain't no such thing...
The ScenarioOutline you have written is very confusing and possibly a wrong interpretation of how scenariooutline works. Basically you are logging in twice with each row of the examples table ie. same username and password (line 3 and 7 in the SO). In a scenariooutline all the steps will be repeated with each row of data that u provide in examples. Refer to multiple tutorials available.
Why mix up valid and invalid logins? Keep them in separate scenarios. Easy to follow.
Move the logout to a separate feature file.
Then you can move the first 3 steps of the login scenario into a background. Reduces repetition.
You are going to have a problem with checking login functionality for the valid case for multiple data. Once a valid user logs in then most web applications store the login credentials in a cookie etc etc. So when a new request is made for login page it might just skip the login page and land up in maybe lets say home page. Then you will get the NoSuchElementException when the selenium code looks for the userid input box. So for valid cases you need to have a logout too.
#Login
Scenario Outline: Login with valid and Invalid Credentials
Given User is on Home Page
....
....
#Valid
Examples:
|username|password|Case|
|abc#gmail.com|12345|Valid|
#InValid
Examples:
|username|password|Case|
|abc#gmail.com|12345|Valid|
To run the Valid Login cases use the tags option in runner as {"#Login","#Valid"} or if on cucumber 2 #Login and #Valid. For Invalid one replace with #InValid.
As pointed out here in an excellent answer - each scenario is essentially one test case and must therefore be clearly separated.
Nevertheless, it's critical to understand that Given/When/Then (in their most basic essence) are equivalent to the traditional three stages of a system test: Arrange/Act/Assert, therefore:
Given: Arrange the system in a known state
When: Command the system (what you want to test)
Then: Assert that the outcome was what you expected.
That's it! (of course there's a lot more to BDD than that - but these are the basics of an executable specification)
Given User is on Home Page is not arranging the system in a known state, but Given I am registered is. Though it might not be enough to state just this, because as soon as you go through the whys and whats of the scenario you'll quickly realize that you're missing something more concrete as an example.
To paraphrase the previous answer:
Given I am registered -> set up the user (but does it matter who?) as being registered in the system (database entry?), registered for what? does it matter to the outcome?
When I sign in -> Give the system the command to sign-in (who?) - this might be done via a web form or via an API (or over the phone?). Does it matter what time you sign in, can you sign in immediately?
Then I should be signed in -> Check response from web app, database, session? cookie?
Saying that, logging in scenarios are probably not worth using BDD to tackle since they are as well defined as CRUD - there's almost no need for analysis.
Scenario: Good sign in
Given I am registered
When I sign in
Then I should be signed in
Scenario: Not registered sign in
Given I am not registered
When I sign
Then I should not be signed in
And ...
Scenario: Registered with wrong password
Given I am registered
When I sign in with a bad password
Then I should not be signed in
And ...
Tips:
Keep things simple
Don't use outlines
Keep details of HOW you do things out of scenarios
Have one scenario for each path
10 simple scenarios are better than one complex one.
You can see details of how to write scenarios like this (in Ruby) at https://github.com/diabolo/cuke_up/tree/master/features.
Caveats:
this is just one persons opinion
you need to be able to write code to work this way (as you push all the details of how things are done out of cucumber and into helper code).
registration is a pre-requisite to sign in
building a server for an app and one of the steps of the registration in the app is to enter a phone number verification code. The verification code will be sent to the phone through sms and the verification code needs to be entered to continue the registration
The app will send a request to the server and is it possible for someone to find out the url and keep sending fake phone verification code requests to the server? How do you prevent the attack?
I assume you are doing this to confirm that the phone number that is being registered is real and belongs to the person who is registering.
Scenario 1:
-Legit user registers
-Legit user receives an sms
-Legit user sends the verification code to server
If code matches the one that was sent then activate the user
Scenario 2:
-Attacker registers
-Attacker does not receive an SMS because he entered a phone number that is not his.
-Random person receives the SMS
-Attacker starts DoS against verification server and tries to guess the code.
The DoS problem in this case can be solved with simple block after X failed attempts. For example, store each failed verification attempt into a table and when there are 5 failed attempts for an account, block the verification for X minutes. This is similar to failing to login with username and password several times. The verification code must have enough possible combinations so that a brute force attack is not viable.
The other problem is that your service could be used to spam random people with the verification SMS. You'd have to limit registrations per IP per X time interval or something similar. You could also use captcha to prevent automated registrations.
Scenario 3:
-Attacker registers
-Attacker entered fake phone number so nobody receives the SMS
-Your SMS server get's delivery failure of SMS so nothing really happens. The verification code that was used to send the SMS is invalidated.
I hope this was somewhat helpful and I understood your intentions correctly.
Use a CAPTCHA to prevent automation.
Limit frequency verification requests for a single number, ideally using exponential backoff.
Don't forget that the verification endpoint also needs securing; you must limit the number of attempts for a given verification code or use a long enough verification code such that it doesn't matter.