Univention Bugzilla – Bug 56295
office365/state: MSGraphError: HTTP response status: 401 (https://login.microsoftonline.com/**/oauth)
Last modified: 2023-11-13 08:44:03 CET
Similar to Bug 56279 and Bug 56188, but different request Version: 5.0-2 errata425 Remark: Connection fails on o365 joining Error: Internal server error during "office365/state". Request: office365/state Traceback (most recent call last): File "%PY3%/univention/office365/microsoft/exceptions/core_exceptions.py", line 266, in inner return func(*args, **kwargs) File "%PY3%/univention/office365/microsoft/core.py", line 853, in _call_graph_api raise MSGraphError(response, expected_status=expected_status) univention.office365.microsoft.exceptions.core_exceptions.MSGraphError: HTTP response status: 401 HTTP response expected status: [200] > request url: https://login.microsoftonline.com/***/oaut[..] > request header: { "User-Agent": "Univention Microsoft 365 Connector", "Accept-Encoding": "gzip, deflate", "Accept": "*/*", "Connection": "keep-alive", "Content-Type": "application/x-www-form-urlencoded", "Content-Length": "1023" } > request body: client_id=***&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&client_assertion=***&grant_type=client_credentials&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default > response header: { "Cache-Control": "no-store, no-cache", "Pragma": "no-cache", "Content-Type": "application/json; charset=utf-8", "Expires": "-1", "Strict-Transport-Security": "max-age=31536000; includeSubDomains", "X-Content-Type-Options": "nosniff", "P3P": "CP=\"DSP CUR OTPi IND OTRi ONL FIN\"", "x-ms-request-id": "***", "x-ms-ests-server": "***", "X-XSS-Protection": "0", "Set-Cookie": "fpc=***; expires=Mon, 17-Oct-2022 23:31:02 GMT; path=/; secure; HttpOnly; SameSite=None, x-ms-gateway-slice=***; path=/; secure; samesite=none; httponly, stsservicecookie=***; path=/; secure; samesite=none; httponly", "Date": "Sat, 17 Sep 2022 23:31:01 GMT", "Content-Length": "1135" } > response body: { "error": "invalid_client", "error_description": "***: The certificate with identifier used to sign the client assertion is not registered on application. [Reason - The key was not found., Thumbprint of key used by client: '***', Please visit the Azure Portal, Graph Explorer or directly use MS Graph to see configured keys for app Id '***'. Review the documentation at https://docs.microsoft.com/en-us/graph/deployments to determine the corresponding service endpoint and https://docs.microsoft.com/en-us/graph/api/application-get?view=graph-rest-[..] to build a query request URL, such as 'https://graph.microsoft.com/beta/applications/***[..]'].\r\nTrace ID: ***\r\nCorrelation ID: ***\r\nTimestamp: 2022-09-17 23:31:02Z", "error_codes": [ 700027 ], "timestamp": "2022-09-17 23:31:02Z", "trace_id": "***", "correlation_id": "***", "error_uri": "https://login.microsoftonline.com/error?code=700027" } During handling of the above exception, another exception occurred: Traceback (most recent call last): File "%PY3%/univention/management/console/base.py", line 344, in __error_handling six.reraise(etype, exc, etraceback) File "%PY3%/six.py", line 693, in reraise raise value File "%PY3%/univention/management/console/base.py", line 247, in execute function.__func__(self, request, *args, **kwargs) File "%PY3%/univention/management/console/modules/decorators.py", line 321, in _response result = _multi_response(self, request) File "%PY3%/univention/management/console/modules/decorators.py", line 181, in _response return function(self, request) File "%PY3%/univention/management/console/modules/decorators.py", line 443, in _response return list(function(self, iterator, *nones)) File "%PY3%/univention/management/console/modules/decorators.py", line 289, in _fake_func yield function(self, *args) File "%PY3%/univention/management/console/modules/office365/__init__.py", line 205, in state core = MSGraphApiCore(account) File "%PY3%/univention/office365/microsoft/core.py", line 67, in __init__ response_handlers=response_handlers File "%PY3%/univention/office365/microsoft/core.py", line 105, in get_token response_handlers=response_handlers File "%PY3%/univention/office365/microsoft/exceptions/core_exceptions.py", line 272, in inner raise exception_class(e) univention.office365.microsoft.exceptions.core_exceptions.UnauthorizedError: Authorization failed HTTP response status: 401 HTTP response expected status: [200] > request url: https://login.microsoftonline.com/***/oaut[..] > request header: { "User-Agent": "Univention Microsoft 365 Connector", "Accept-Encoding": "gzip, deflate", "Accept": "*/*", "Connection": "keep-alive", "Content-Type": "application/x-www-form-urlencoded", "Content-Length": "1023" } > request body: client_id=***&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&client_assertion***&grant_type=client_credentials&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default > response header: { "Cache-Control": "no-store, no-cache", "Pragma": "no-cache", "Content-Type": "application/json; charset=utf-8", "Expires": "-1", "Strict-Transport-Security": "max-age=31536000; includeSubDomains", "X-Content-Type-Options": "nosniff", "P3P": "CP=\"DSP CUR OTPi IND OTRi ONL FIN\"", "x-ms-request-id": "***", "x-ms-ests-server": "2.1.13672.7 - NEULR2 ProdSlices", "X-XSS-Protection": "0", "Set-Cookie": "fpc=***; expires=Mon, 17-Oct-2022 23:31:02 GMT; path=/; secure; HttpOnly; SameSite=None, x-ms-gateway-slice=***; path=/; secure; samesite=none; httponly, stsservicecookie=***; path=/; secure; samesite=none; httponly", "Date": "Sat, 17 Sep 2022 23:31:01 GMT", "Content-Length": "1135" } > response body: { "error": "invalid_client", "error_description": "***: The certificate with identifier used to sign the client assertion is not registered on application. [Reason - The key was not found., Thumbprint of key used by client: '***', Please visit the Azure Portal, Graph Explorer or directly use MS Graph to see configured keys for app Id '***'. Review the documentation at https://docs.microsoft.com/en-us/graph/deployments to determine the corresponding service endpoint and https://docs.microsoft.com/en-us/graph/api/application-get?view=graph-rest-[..] to build a query request URL, such as 'https://graph.microsoft.com/beta/applications/***[..]'].\r\nTrace ID: ***\r\nCorrelation ID: ***\r\nTimestamp: 2022-09-17 23:31:02Z", "error_codes": [ 700027 ], "timestamp": "2022-09-17 23:31:02Z", "trace_id": "***", "correlation_id": "***", "error_uri": "https://login.microsoftonline.com/error?code=700027" } Role: domaincontroller_master