522 Bad Gateway Repeatedly Occurring After First Job Run

(0) Share

Report

Posted on by AC-27051446-0

I have a job that essentially takes my calendar events and dumps them to a json on my one drive. It runs every hour. The first run works but every run after that fails with 522. The only way I can get this to work is if I go into the edit flow and add a new connection. I'm assuming there is some type of token expiration happening? Has anyone found a way around this?

Categories:

Power Automate Desktop

I have the same question (0)

All responses (3)

Answers (0)

Sort by

Suggested answer

RaghavMishra 72 on at

Like (0)

Report
Copy link

Link copied!
Hi,

What you're seeing is consistent with a connection-token issue rather than a flow-logic problem. HTTP 522 from the connection layer typically means the connector couldn't successfully renew/refresh credentials between runs. A few things to check and try:

1. Confirm the connection's auth type

Office 365 Outlook / OneDrive connections use OAuth and refresh automatically — but the refresh token can become invalid if MFA/Conditional Access policies change, the password is rotated, or the session is revoked. See the Office 365 Outlook connector reference and OneDrive for Business connector reference.

2. Check the connection owner and sharing

Go to Power Automate → Data → Connections and confirm the connection isn't showing "Sign in required" or a yellow warning between runs.

If the flow is owned by you but run under a service principal or another identity, the auth flow can differ. See Manage connections in Power Automate.

3. Switch to a service-account / least-privilege identity

For unattended hourly automation, Microsoft recommends a dedicated account whose password and session policies are stable. See Best practices for using service accounts.

4. Add a retry policy as a safety net

On the failing action, set retry policy to exponential (4 retries, 7-second base). This will absorb transient 5xx returns.

5. Inspect detailed failure cause

Open the failing run → expand the action → check status, x-ms-failure-cause, and the error body. If it shows AuthenticationFailed or invalid_grant, it's definitively a token-refresh problem — see Fix a flow that has failed.

6. If MFA/Conditional Access is enforced

Confirm your tenant's sign-in policies don't require interactive re-auth at intervals shorter than the flow recurrence. Long-lived tokens on connectors depend on the tenant's session lifetime — see Authentication session management.

If after recreating the connection it fails again exactly N hours later, you're hitting a session-lifetime limit — moving to a service account usually resolves it permanently.

Found this helpful? Please mark ✅ "Does this answer your question?" so others searching for the same issue can find it quickly. A 👍 on "Was this reply helpful?" or a ♥ Like is also much appreciated!

Raghav Mishra — LinkedIn | PowerAI Labs

Was this reply helpful? Yes No
Suggested answer

Vish WR 3,446 on at

Like (1)

Report
Copy link

Link copied!

@AC-27051446-0

1. CHECK YOUR CONNECTION STATUS

   Go to Power Automate > Data > Connections and look at your Office 365 Outlook and OneDrive connections. If you see a "Sign in required" warning between runs, that confirms the token is expiring. Re-authenticating manually each time is just a workaround, not a fix.

2. ROOT CAUSE — TOKEN REFRESH BLOCKED

   This usually happens when:

   - Your tenant's Conditional Access or MFA policy requires re-authentication after a certain period

   - The account password was recently rotated or session was revoked

   - The flow connection was created under a personal account rather than a service account

3. RECOMMENDED FIX — USE A SERVICE ACCOUNT

   For unattended automation running on a schedule, always use a dedicated service account (shared mailbox or a dedicated M365 account) with:

   - No MFA or exempted from Conditional Access for automation scenarios

   - A stable password that doesn't expire

   This prevents the session lifetime issue entirely.

4. ADD A RETRY POLICY AS A SAFETY NET

   On the failing action, go to Settings and set Retry Policy to Exponential with 4 retries. This handles any transient failures while you fix the root cause.

5. CHECK THE DETAILED ERROR

   Open the failing run > expand the failed action > look for "x-ms-failure-cause" or "invalid_grant" in the error body. If you see AuthenticationFailed or invalid_grant, it confirms the token issue and moving to a service account will fix it permanently.

Hope this helps! Let me know if the error body shows something different and we can narrow it down further.

Was this reply helpful? Yes No
Vish WR 3,446 on at

Like (0)

Report
Copy link

Link copied!

@AC-27051446-0

Wanted to check if you are able to resolve your problem? Let me know if you need any clarification

When replying, please don't forget to mention my userid so that it will be notified

Vishnu WR

LinkedIn - My Tech Space

Please ✅ Does this answer your question if my post helped you solve your issue. This will help others find it more readily. It also closes the item. If the content was useful in other ways, please consider answering Yes to Was this reply helpful? or give it a Like ♥

Was this reply helpful? Yes No