Since this morning (Central European Time) my Azure integration in Visual Studio 2013 (Premium) has been broken.
When "Managing subscriptions", I now get the following error:
Unable to retrieve Web Apps from some subscriptions:
Subscription Microsoft Azure Enterprise: The remote server returned an
error: (403) Forbidden. The HTTP request was forbidden with client
authentication scheme 'Anonymous'.
And when I log in now, I get this error:
An error ocurred during the sign in process:
multiple_matching_tokens_detected: The cache contains multiple tokens
satisfying the requirements. Call AcquireToken again providing more
requirements (e.g. UserId)
Bonus info:
The email address for my Microsoft Account for my MSDN Subscription is the same as the email address for my O365-account, and when I now try to log into Azure thru Visual Studio, I am asked to federate against my company's O365 thing.
It has worked perfectly before - and latest last night.
Anyone know what has happened?
I've had the same error (the first one) today. I just switched from trial period to paid subscription. That might be the reason.
I've got rid of this error after signing off from Visual Studio and signing in again.
Although I haven't had the second one, it does say something about 'Cache containing multiple tokens'. Sounds like you've got multiple subscriptions too. Maybe clearing the cache somehow works?
Related
I get the error "OrganizationFromTenantGuidNotFound" while trying to access to my inbox messages.
To explain I am trying to develop an app and in this app I need to access my inbox e-mails.
So I try to use the Outlook API and for that I created an APP with all demanded permissions "Email.Read, Email.ReadBasics, Emails.ReadAll...". I have an Office 365 Family subscription, and an active paid azure subscription. My question is why getting my personal information works '/users/{user-id}' but when accessing to emails I got this error ? I read a lot of docs and never get an answer... Maybe my subscription does not get me access to Microsoft Exchange Online License, or due to my old microsoft address "...#live.com" maybe it is not compatible, I dont't know, if someone can help me to clear it out, would be great. Oh, and abviously my Office 365 and Azure account are the same.
I tried, with 'client credentials flow authentication' (which give me the error 'need more privileges'), went back to Authorization Code Flow Atuhentication but then I get the OrganizationFromTenantGuidNotFound error. But only on /messages endpoint, the endpoint users/{user-id} works. Obviously I tried all threads I found, even with an Office 365 Developer account but don't really see the correlation with my problem here.
We have a multitenant application that heavily relies on the Graph API. We access both mailboxes through Messages API and Sharepoint sites through Files API. Most clients use a very permissive access model to get more features available in our application. A few has strict demands on access and for those we are only allowed to access a specific sharepoint site. For this site we've registered another AppId to use Sites.Select permission where the clients Global Admin allow access to our application using PowerShell
This has worked fine until this morning, where all requests to the Files API are returning "403 Forbidden" and the C# SDK is returning "Access denied".
I've requested the clients to execute PowerShell command to verify if we still has access to their Sharepoint site:
Get-PnPAzureADAppSitePermission -AppId 'xxxxxxxxxxxx'
but they all get the same error message:
Get-PnPAzureADAppSitePermission: Operation Failed
The Pnp.PowerShell cmdlet used is 1.10
Anyone know why this happened to MS Graph or if the PS error is related to the Graph error?
Did Microsoft change something?
This has been acknowledged by MS as an unexpected service issue and can be tracked as SP381039
Title: Users may see 'Access Denied' errors when using Graph APIs for SharePoint Online
User Impact: Users may see 'Access Denied' errors when using Graph APIs for SharePoint Online.
Current status: We've identified that components of the authentication feature are unexpectedly not present in some users' environments thus resulting in the Graph API access requests to fail. We're redeploying the affected feature within impacted environments to remediate impact. In parallel, we're investigating recent feature changes to identity why the components are unexpectedly not present.
Next update by: Tuesday, May 17, 2022, at 5:00 PM UTC
Latest update from MS, received 17 May 16:45:
Current status: We've confirmed that a recent feature deployment misconfiguration has prevented components associated with the authentication feature from being available in a group of customer environments, which is producing 'Access Denied' errors when using Graph APIs for SharePoint Online. We've confirmed that our redeployment of the authentication feature to some impacted environments has resolved the impact. We're now redeploying the feature to all affected remaining environments, which is expected to remediate impact.
Scope of impact: This issue may potentially affect any of your users attempting to utilize Graph APIs for SharePoint Online.
Root cause: A recent feature deployment misconfiguration has prevented an authentication feature from being available in a group of customer environments, resulting in impact.
Next update by: Tuesday, May 17, 2022, at 9:30 PM UTC
Exactly the same issue Tuesday AM New Zealand time. Using C# code / Postman and PowerShell directly.
I've logged a ticket with Microsoft as my guess (no evenidence) is it is a code regression on PNP. I'll update here if I hear anything.
We have 2 apps (test and prod), both began failing Tuesday morning with 403 / access denied messages.
When I tried to check permissions and reset permissions using
get-PnPAzureADAppSitePermission
or
grant-PnPAzureADAppSitePermission
Powershell says : "Operation not supported"
Full text
Grant-PnPAzureADAppSitePermission : {"error":{"code":"notSupported","message":"Operation not supported","innerError":{"
date":"2022-05-16T23:39:16","request-id":"xxxx-azureappid-yyyy","client-request-id":"xxxx-azureappid-yyyy"}}}
At line:8 char:1
Grant-PnPAzureADAppSitePermission -AppId $appId -DisplayName 'TenantName...
+ CategoryInfo : NotSpecified: (:) [Grant-PnPAzureADAppSitePermission], HttpRequestException
+ FullyQualifiedErrorId : System.Net.Http.HttpRequestException,PnP.PowerShell.Commands.Apps.GrantPnPAzureADAppSite
Permission
This morning when I tested this, everything is back to the way it was on Friday New Zealand time.
I've heard from Microsoft via the ticket I logged, that the "PG team had reinstated an update from the backend". It didn't work last night, but this morning we're back up and running.
I hope your tenancies come back too. If not log a Microsoft ticket if you can. I do this via the https://admin.microsoft.com/Adminportal/Home?source=applauncher#/support/requests page using the "New service request" menu item. We have this feature due to our contract with Microsoft.
I am having problems publishing a web application from Visual Studio to Azure. I think that this might be something to do with the permissions on my account, as I have published using a different account (for a different company) from the same computer with no problem.
The error I get is:
I should make the following points:
We do have an Azure account that I use this Microsoft account to access and have permission to create resources on it. I was also logged into the Azure portal on this account when trying to publish.
I am signed into Visual Studio with this account.
When I click on 'Sign In', I am taken through a login procedure (account name and password) then dumped straight back on the same screen with no change shown and no message indicating what happened.
I get this error message when I click on finish
Could anyone please give me some idea what is failing here? In particular:
(1) Is this possibly because VS thinks I am not logged into an Azure account?
(2) Is the lack of any message on the sign-in procedure a bug?
(3) What exactly is 'publish profile' and why would it fail?
I should also point out that I have seen the similar stack overflow question at Unable to create publish profile - Azure but I found nothing useful there.
I am building an app for a client using the Microsoft Grap API and when I log in with a particular account I get this error:
Request Id: d300b62e-e0a5-4f62-9957-1cc10fd42800
Correlation Id: e1912683-45cb-459e-b631-9706f6cd2479
Timestamp: 2020-04-20T07:51:51Z
Message: AADSTS90033: A transient error has occurred. Please try again.
I have tried 2 other accounts and they work without an error.
Does anyone know how I can resolve this issue or how I can start to work out what the issue might be?
EDIT:
Example of the URL being used to authorise the user
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=<clientid>&response_type=code&redirect_uri=<local_uri>&response_mode=query&scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fuser.read&state=12345
Thanks,
Scott.
For those that come here in the future, the best place to check whether or not the issue is isolated to just you, or is part of a wider issue is the official Microsoft 365 Status Twitter account.
You can also check the Microsoft 365 Service health status page (but this only works if the Microsoft login services are working.) Documentation around how to check the service status is available as part of the official docs.
For Azure-related issues you can check the official Azure Support Twitter account or the Azure status page.
If the issue is localised - then you should raise a support ticket in Azure or Office 365, otherwise wait for a resolution from Microsoft.
Scenario
I'm trying to convert my Silverlight Business Application over to the cloud with the help of Azure. I have been following this link from Brad Abrams blog.
Both the links to Windows Azure and SQL Azure crash out in Google Chrome, they work in Internet Explorer, but it's literally one of the worst user experiences I've ever had.
The Problem
I'm asked to sign in to Microsoft connect with my Live ID.
I do so, I'm then asked to register; I do so.
I'm then sent a verification email which I verify.
I'm then signed out!
When I sign back in, it repeats the process....
Any suggestions for making this work?
Edit/Update:
Finally managed to get signed up/in to connect. From here I was able to get hold of an invitation code to Windows Azure. Now I need an invitation code for SQL Azure. I cannot see ANYWHERE that advertises a way of getting this SQL Azure code, the only thing that I have seen is some text saying that there "may be a delay" in receiving codes due to volume of interest, which quite frankly I find hard to believe.........
It's so far been 3 days now. This officially sucks!
If I have any more news I'll post back here.
I eventually gave up and emailed the support team moaning about the poor service, got an email invitation code about a day later :-D
Let me assure you that the Windows Azure Portal itself works fine under Chrome... Connect however doesn't.
I'm not sure at what point of the process you're getting stuck. Is it registering for Connect? Or have you gotten far enough that you're filling in a survey to get access to Windows Azure?
If it's as early as registering for Connect, I would contact Connect Support: https://connect.microsoft.com/Main/help/emailsupport.aspx?Category=3.
Thats funny. I have just received an SQL Azure October CTP invitation that doesn't work.
But after 3 weeks i still dont have a Windows Azure invitation code. From where Im standing, the Azure registration process appears to be a jumbled mess.
As of Jan 4th SQL Azure (as well as Windows Azure) is now open to all users to register and SQL Azure no longer require tokens. For more details on this please see the blog post.