Facing issues during the office365 fetcher configuration? In the table below we have discussed some of the frequently occurring issues and solutions.
First, make sure to open the following domains in the firewall:
- login.windows.net
- login.microsoftonline.com
- manage.office.com
| S.N. | Error Seen | Reason for the Error |
| 1 | error=Get Token request returned http error: 401 and server response: {"error":"invalid_client","error_description":"AADSTS70002: The request body must contain the following parameter: 'client_secret or client_assertion'.\r\nTrace ID: 52eb33f4-b7d8-4b20-a987-0921e5720700\r\nCorrelation ID: c90fc381-c8c9-49ae-b04b-1dd4234a6eed\r\nTimestamp: 2017-12-15 11:09:40Z","error_codes":"70002],"timestamp":"2017-12-15 11:09:40Z","trace_id":"52eb33f4-b7d8-4b20-a987-0921e5720700","correlation_id":"c90fc381-c8c9-49ae-b04b-1dd4234a6eed"} | Use of web application instead of native application |
| Set Default Client Type to Yes | ||
| Refer this | ||
| 2 | 2017-12-18_13:56:23.11898 WARNING: exception while running job {u'http_proxy': u'', u'routing_policy': u'default', u'_enrich_policy': u'None', u'client_id': u'c04a5a8e-e41f-4463-81b8-9763df8727f6', u'o365_user_name': u'logpoint', u'tenant_id': u'5fdc6ba4-b2e4-4467-a144-0f6fe370a517', u'device_ip': u'10.100.1.146', u'device_name': u'prsnfvllg0001', u'https_proxy': u'', u'normalizer': None, u'fetch_interval': 10800, u'timezone': u'UTC', u'o365_user_password': u'@gefos2015!', u'charset': u'utf-8'}, error=Server returned an unknown AccountType: unknown | Incorrect username(In this case it must have domain) |
| 3 | 2018-01-21_13:57:56.77092 WARNING: An exception occured for url. Retrying: https://manage.office.com/api/v1.0/e86f4c2e-cb7f-48a6-8295-30ebee2c0abf/activity/feed/audit/20180121133014619009373$20180121133014619009373$audit_azureactivedirectory$Audit_AzureActiveDirectory. Exception: HTTPSConnectionPool(host='manage.office.com', port=443): Max retries exceeded with url: /api/v1.0/e86f4c2e-cb7f-48a6-8295-30ebee2c0abf/activity/feed/audit/20180121133014619009373$20180121133014619009373$audit_azureactivedirectory$Audit_AzureActiveDirectory?PublisherIdentifier=e86f4c2e-cb7f-48a6-8295-30ebee2c0abf (Caused by <class 'socket.error'>: &Errno 110] Connection timed out) | Connection timed out |
| 2018-01-21_13:58:00.47220 ERROR: Error: sid=office365|fetcher@logpoint.com; error='NoneType' object has no attribute 'ok' | ||
| 4 | 2018-01-21_04:29:20.65699 WARNING: An exception occured for url. Retrying: https://manage.office.com/api/v1.0/e86f4c2e-cb7f-48a6-8295-30ebee2c0abf/activity/feed/audit/20180121033815495016684$20180121033815495016684$audit_azureactivedirectory$Audit_AzureActiveDirectory. Exception: HTTPSConnectionPool(host='manage.office.com', port=443): Read timed out. (read timeout=None) | Read Time Out |
| 2018-01-21_04:29:25.47278 ERROR: Error: sid=office365|fetcher@logpoint.com; error='NoneType' object has no attribute 'ok' | ||
| 2018-01-21_10:05:29.87411 WARNING: An exception occured for url. Retrying: https://manage.office.com/api/v1.0/e86f4c2e-cb7f-48a6-8295-30ebee2c0abf/activity/feed/audit/20180121093832305015413$20180121093832305015413$audit_azureactivedirectory$Audit_AzureActiveDirectory. Exception: HTTPSConnectionPool(host='manage.office.com', port=443): Read timed out. (read timeout=None) | ||
| 5 | ERROR: RequestException: sid=office365|fetcher@logpoint.com; error=HTTPSConnectionPool(host='manage.office.com', port=443): Max retries exceeded with url: /api/v1.0/e86f4c2e-cb7f-48a6-8295-30ebee2c0abf/activity/feed/subscriptions/content?contentType=Audit.Exchange&endTime=2018-01-25T01%3A40%3A09&startTime=2018-01-25T00%3A40%3A09&PublisherIdentifier=e86f4c2e-cb7f-48a6-8295-30ebee2c0abf (Caused by <class 'socket.error'>: &Errno 104] Connection reset by peer) | Connection reset by peer |
| 6 | ERROR: Office365Fetcher: sid=office365fetcher|e86f4c2e_cb7f_48a6_8295_30ebee2c0abf; adal_error=WS-Trust RST request returned http error: 500 and server response: <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing"><s:Header><a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action></s:Header><s:Body><s:Fault><s:Code><s:Value>s:Sender</s:Value><s:Subcode><s:Value xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</s:Value></s:Subcode></s:Code><s:Reason><s:Text xml:lang="da-DK">An error occurred when verifying security for the message.</s:Text></s:Reason></s:Fault></s:Body></s:Envelope> | Timezone mismatch between lp machine and AD machine while using federated ADFS |