Preface
The below table details errors you might have encounter at your SkyFormation Office 365 Cloud Connector , and for each error you will find a recommended remediation steps to take.
Prerequisites
Have the Office 365 endpoint error message you are looking to resolve.
Cloud Connector Errors by Endpoint
| Endpoint error message includes | Endpoint name | Potential Root cause | Recommended remediation action |
|---|---|---|---|
| "Failed all attempts to retrieve uri ... with last error message [java.lang.RuntimeException: {"Message":"Authorization has been denied for this request."}] | management-* | Missing permissions/grant to the SkyFormation Azure app | Validate all permissions are granted according to guide |
| "Failed all attempts to retrieve uri ... [https://graph.microsoft.com/beta/malwareRiskEvents] ..."AccessDenied", "message": "Your tenant is not licensed for Identity Risk Events data from AAD Identity Protection. Please upgrade your subscription to access these events.", "innerError": { "request-id": ..." | graph-identity-protection-* | Insufficient subscription level. Required E3/ATP subscription | Upgrade subscription or stop the endpoint |
| Missing required username & password in order to get Exchange reports | exchange-admin-reports-* | Credentials not provided to the account | Follow the guide steps regarding Exchange |
| Failed all attempts to retrieve uri [https://graph.microsoft.com/beta/anonymousIpRiskEvents] ..."BadRequest", "message": "The MIME type 'text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2' requires a '/' character between type and subtype, such as 'text/plain'.", "innerError": { | graph-identity-protection-* | Bug in SkyFormation. Fixed. | Upgrade SkyFormation instance |
| Failed all attempts to retrieve uri [https://graph.windows.net/.../audit] with last error message [java.lang.RuntimeException: { "error":{ "code":"Current user is not set.","message":"message:Current user is not set.\n client-request-id:... timestamp:..." } }] | audit-events | Missing permissions/grant to the SkyFormation Azure app | Validate all permissions are granted according to guide |
| Failed all attempts to retrieve uri [https://graph.microsoft.com/beta/anonymousIpRiskEvents] ..."AccessDenied", "message": "Your tenant is not licensed for Identity Risk Events data from AAD Identity Protection. Please upgrade your subscription to access these events."..." | graph-identity-protection-anomalous-ip | Insufficient subscription level. Requires Office365 E3 or above | Upgrade subscription or stop the endpoint |
| Invalid endpoint [exchange-admin-reports-url-trace] for Microsoft | exchange-admin-reports-url-trace | Endpoint was removed by Microsoft, and also removed in newer versions of SkyFormation | Either stop the endpoint or upgrade SkyFormation instance |
| Failed all attempts to retrieve uri [https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace] with last error message [Unauthorized] | exchange-admin-reports-* | Insufficient permissions to the provided username | Validate all permissions are granted according to MS guide (bottom row) |
| Failed all attempts to retrieve uri [https://graph.microsoft.com/beta/impossibleTravelRiskEvents] with last error message ..."innerError" | graph-identity-protection-impossible-travel | ||
| Failed to deserialize {"Organization":..." | exchange-admin-reports-mail-detail-dlp-policy | Parser error that was resolved in version 2.2.17 | Upgrade SkyFormation instance |
| Failed all attempts to retrieve uri [https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MailDetailDlpPolicy] ..."Resource not found for the segment 'MailDetailDlpPolicy'. | exchange-admin-reports-mail-detail-dlp-policy | Exchange Online subscription does not include DLP protection in the organization | Refer to this subscriptions table: https://docs.microsoft.com/en-us/office365/servicedescriptions/exchange-online-protection-service-description/messaging-policy-and-compliance-servicedesc |
| Failed all attempts to retrieve uri [https://graph.windows.net/.../activities/signinEvents] with last error message [{"odata.error":{"code":"Authentication_ApplicationBasedRequestFromNonPremiumTenant","message":{"lang":"en","value":"Application based api auth request from non premium tenant" |
signins-events
|
Insufficient subscription level. Requires ActiveDirectory Premium P2 or above | Upgrade subscription or stop the endpoint |
| Failed all attempts to retrieve uri [https://graph.windows.net/.../activities/audit] .."Unable to check Directory Read access for appId: ..."message:Unable to check Directory Read access for appId: |
audit-events,
signins-events
|
Missing permissions/grant to the SkyFormation Azure app - for Azure Active Directory's "Read directory data" | Validate all permissions are granted according to guide |
| Failed all attempts to retrieve uri [https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace] with last error message [{"odata.error":{"code":"InvalidQueryException","message":{"lang":"","value":"The query is invalid."}}}] |
exchange-admin-reports-*
|
Microsoft API error. Occurs intermittently | Nothing. It'll recover on its own |
| Failed all attempts to retrieve uri [https://manage.office.com/api/v1.0/.../activity/feed/subscriptions/content] with last error message [{"error":{"code":"AF10001","message":"The permission set () sent in the request does not include the expected permission."}}] | management-* | Missing permissions/grant to the SkyFormation Azure app | Validate all permissions are granted according to guide |
| Failed all attempts to retrieve uri...ProcessingException: java.net.SocketException: Connection reset | any | Firewall/Proxy blocking the traffic | Try to send an HTTPS post request to the connectors URLs as https://graph.windows.net and see if it is blocked/reset. If so ask the network admin to allow HTTPS communication from the SkyFormation app to the internet. |
Could not find the error or a remediation to use?
Please open a ticket at the SkyFormation support center at:
support@skyformation.com
Comments
0 comments
Please sign in to leave a comment.