We use the Microsoft Graph .NET SDK to authenticate users who use O365 and to work with the users' files and folders in OneDrive and SharePoint.
Today, some of our users started receiving this error message: "Unable to retrieve tenant service info". The error code is: "BadRequest", which doesn't seem to correspond to the message and thus might just be a catch-all error code. Except for the mentioned error code and message, no other information was provided in the error response from Graph.
After some debugging, I could verify that this problem was not related to OAuth or the users' access tokens, as the users are still able to authenticate and refresh their tokens via the API. The error is only thrown when our server attempts to access or modify the users' files/folders in either OneDrive or SharePoint.
We had been using the same code for a few months, and only started receiving this error today. I've tried looking up the error message in documentation, articles, blog posts, etc. but couldn't find anything.
Any help or suggestion would be greatly appreciated. Thank you in advance.
There was an incident/regression that caused failures when reading tenant service info between January 19 and January 21. This should no longer be happening.
Related
When interacting with the Google Vault API and specifically updating or creating Holds with accounts, I started getting a 400 Error with the message: "Users are not licensed". I have seen a similar error, specifically around Google Voice ("Users are not licensed for Voice"), but never for all services (Mail, Drive, Groups). I can add a specific use case to handle this error, but I have been unable to reproduce with an Google account that I control. How does a account get into a state where they are unable to be added to any holds like this?
When using the graph explorer I am able to get results from some of the API's. However not able to get when requesting for reports
For Example, this works perfectly fine;
https://graph.microsoft.com/v1.0/users
However, calling the below report related request results in an error "We do not recognize this tenant ID ... Please double-check the tenant ID and try again." I am facing this issue for any such call for reports.
https://graph.microsoft.com/v1.0/reports/getOffice365ActiveUserDetail(period='D90')
Is there some issue with App Registration which is causing this? The error message for checking the TenantID is totally misleading as the token is same in both the cases and I am not doing anything different between the two calls. Would appreciate any guidance.
Try checking these.
Try the request after giving some time like 48 hrs approximately as
it might take a little time for the tenant id to propagate across all
the instances and reflect in Microsoft graph api.
Check if you have given valid tenant ID
check tenant expiration (as admin account)
Else check if required permissions are set.
Reports.Read.All permission is needed to call this API.Refer Microsoft
Graph permissions
Please add the Delegated permisson /the Application permission and test it again. See Microsoft Graph v1.0 | Microsoft Docs
If that’s done already check if admin consent is provided .
( Reports.Read.All permission allows an app to read all service
usage reports without a signed-in user. Make sure to check if you
granted the permission(by clicking Grant Permissions from admin
account).
See reports-permissions
References:
Similar thread
concept-reporting-api
Update:
This error may occur when the usage report is not ready .Because if
the tenant is new , it might take sometime( upto 48 hours) for
the report service to pick it up and start generating reports.
You must be able to test it manually from O365 Admin
Portal.Portal.office.com -> Admin Tab -> Show all -> Reports ->
Usage
Other wise , you may contact support to raise a request.
I am using Microsoft Graph API to read emails (/users/{id | userPrincipalName}/messages) in the mailboxes of the users in my Azure active directory. I have noticed that for some users, I get this error:
HTTP error: 404
Error code: MailboxNotEnabledForRESTAPI or MailboxNotSupportedForRESTAPI
Error message: REST API is not yet supported for this mailbox.
Upon investigation, I found out that these users do not have a valid license and also don't have a mailbox attached to them. Ideally, I would like to only fetch the users that have a mailbox enabled. I tried checking the assignedLicenses property of each user and only fetch emails for those users that have a valid license assigned to them but, I'm not sure if this is a reliable method as users might have some other license and still not have a mailbox enabled.
Can someone please suggest a straightforward way to only fetch the users that have mailboxes attached? Any help or hint shall be highly appreciated.
I don't see much options from Microsoft Graph perspective. Definitely checking the license is one good way, but you may not have much options with that. Being said that i see the following options,
you may need to use mailboxsettings API call of the user. This way you can get and update the mailbox settings of the user.
Also you can use Get-mailbox Exchange Powershell cmdlet to validate the same as well.
Is there a way to configure custom error messages or maybe even a custom error page in Azure Active Directory to display when something goes wrong during sign in instead of the "Sorry, but we’re having trouble signing you in." text and error details?
I was not able to find any documentation on this but after further digging I found that there is a errorUrl parameter in the application (app registered in the AAD and used for sign in) manifest. My initial thought was that in case of an error MS/AAD would redirect to this url with the error codes but as far as I have tested this errorUrl url does not seem to be used at all.
What is the errorUrl parameter meant for and is there realy no way to specify/configure custom error messages?
No, there is no way to specify custom error messages or error pages.
In certain flows, in certain cases, the error message is passed back to your application (instead of being displayed in the Azure AD sign-in page) where you can deal with it as you see fit. (I don't believe there is any standard guidance on which error cases result in an error returned back to the app.)
If you want to custom error page, you can use custom policy in Azure AD B2C. For more details, please refer to the article
Ive been advised by Docusign to post here.
I have 4 clients who I've installed the Docusign for Salesforce App for. I've followed the installation instructions and every time I end up with the same error. When it comes to entering my Salesforce credentials it says they are wrong or I have not added the trusted network. I know the credentials are correct and I have entered the trusted network. I've tried various things like using security token in the password, configuring at the docusign end. Nothing works, Docusign don't know what the issue is, I've also raised a case with Salesforce and they can't help. I can't understand why an App on the app exchange can't get passed configuration and noone can help! Hopefully someone here can help. Thanks
The DocuSignAPI tag on Stack Overflow is used for api development and integration questions normally, however I will try to address your issue...
First off, if you could update your question with a screenshot of the error and screen you are on when you receive the error that would help isolate the issue.
With that in mind, what screen are you on? Are you on the screen that's titled "Connect DocuSign to Salesforce"? Even though you've mentioned I just want to double check that you are entering your Salesforce user credentials and not your DocuSign credentials.
Next, what environment are you selecting? And what type of DocuSign account do you have? You need to make sure that you are pointing to an environment where you have an existing account. For instance, if you have a DocuSign demo account but you are pointing to Production during the install, you might get that error.