Office 365 - tenant does not exist
Geoff Nordli
Hi.
I am getting a tenant doesn't exist error, but I can successfully
connect using a command line.
curl -i -X POST -H
"Content-Type:application/x-www-form-urlencoded" -d
"grant_type=client_credentials" -d "client_id=XXXXXX" -d
"scope=https://securitycenter.onmicrosoft.com/windowsatpservice/.default"
-d "client_secret=XXXX" "https://login.microsoftonline.com/30a6f90a-XXXXX/oauth2/v2.0/token"
-k
HTTP/1.1 200 OK
Here is the error I see when setting debug=2.
2023/07/20 08:46:53 wazuh-modulesd:office365[216158]
wm_office365.c:620 at wm_office365_manage_subscription(): DEBUG:
Error while managing subscription:
'{"error":{"code":"StartSubscription
[CorrId=1c70f423-2797-4993-bbdd-3a111d3ab9d2][TenantId=6f202184-xxxxxx,ContentType=Audit.General,ApplicationId=6f202184-xxxxxxx,PublisherId=00000000-0000-0000-0000-000000000000][AppId","message":"f202184-4785-47f7-b877-78ed821d1ef9]
failed. Exception:
Microsoft.Office.Compliance.Audit.DataServiceException: Tenant 30a6f90a-XXXXXXX
does not exist.\r\n at
Microsoft.Office.Compliance.Audit.API.AzureManager.<GetSubscriptionTableClientForTenantAsync>d__52.MoveNext()
in
k:\\dbs\\sh\\nibr\\0713_073411_2\\cmd\\6\\sources\\dev\\auditing\\src\\auditapiservice\\common\\AzureManager.cs:line
2113\r\n--- End of stack trace from previous location where
exception was thrown ---\r\n at
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n
at
Syystem.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)\r\n at
Microsoft.Office.Compliance.Audit.API.AzureManager.<GetAPISubscriptionAsync>d__22.MoveNext()
in
k:\\dbs\\sh\\nibr\\0713_073411_2\\cmd\\6\\sources\\dev\\auditing\\src\\auditapiservice\\common\\AzureManager.cs:line
549\r\n--- End of stack trace from previous location where
exception was thrown ---\r\n at
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n
at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)\r\n at
Microsoft.Office.Compliance.Audit.API.StartController.<StartSubscription>d__0.MoveNext()
in
k:\\dbs\\sh\\nibr\\0713_073411_2\\cmd\\o\\sources\\dev\\auditing\\src\\auditapiservice\\apifrontendservicerole\\Controllers\\StartController.cs:line
76"}}'
The values are correct as I copy/pasted them from the config file
into the command line to test.
Any thoughts?
thanks,
Geoff
Gastón Palomeque
Another user faced the same issue a couple of months ago here and it was related to office365 auditing being disabled. Here's an issue in the Microsoft Office 365 repository describing the same error.
Could you try switching on audit events and check if the issue has been resolved? It may take a couple of hours to take effect, as explained here.
If the issue persists, please take a look at our documentation for Using Wazuh to monitor Office 365 and verify that your configuration is correct.
Let me know if any of the above worked so I can further assist you in troubleshooting the problem.
Regards,
Gastón Palomeque
Geoff Nordli
Hi Gaston.
Yes, that is the same issue.
thanks!!
Geoff
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/04e5d598-e72f-414a-8216-a3c4319ef17dn%40googlegroups.com.