Urgent - Error (error code 50158) from token exchange:... Error, and office365 is in the block list

(0) Share

Report

Posted on by WBADAM03

179

I have a flow that starts in powerapps. The user presses a button and it passes some information to a flow, the flow then does some processing and sends an email out to external users with a service account connection.

This worked flawlessly for some time. My organization recently mandated 2FA for all accounts and I had to reset all connections (remake all connections) in the power platform.

My flow now fails 80% of the time, with 20% of the time it seems to work perfect.

My error message is: Error from token exchange: Runtime call was blocked because connection has error status: Enabled| Error, and office365 is in the block list. External security challenge not satisfied. User will be redirected to another page or authentication provider to satisfy additional authentication challenges.

The error code is 50158.

I need this to work ASAP but I have 0 idea what is wrong. I remade the connection again, resubmitted the error'd out flow, etc. Nothing works.

Please help me

Categories:

Building flows

I have the same question (0)

All responses (5)

Answers (0)

Suggested answer

AnthonyAmador 2,553 Moderator on at

Like (1)

Report

Hi,

Did you reset all the connections in the Power App and publish it again? Make sure the powerapps connections are also refreshed, you can remove it, add it again and publish the changes.

Have you checked if the issue is happening with only specific users?

Anthony.

Was this reply helpful? Yes No
WBADAM03 179 on at

Like (0)

Report

Edit: Yes, powerapps has the connections reset and are all connected.

It works with about 20% of users, a handful of end users have been able to use the power app, click the button, and the flow will send the email in about 20% of cases (even as we speak). For about 80% of users, it results in the 50158 error.

One user said they got a notification about DUO (our 2FA), but even after using it, still had this error. I don't have permission to view anything about DUO logs or implementation, so I don't know if it's on the flow/connections end or the 2FA implementation.

Was this reply helpful? Yes No
Suggested answer

AnthonyAmador 2,553 Moderator on at

Like (1)

Report

Is the error in the flow run the same? It’s definitely something related to the app connections. My suggestion is to remove all the connections of the app, including the flow, save the app and close the designer, then open the designer again, add the connections and the flow again. Save and publish the app. The users should get a popup to authenticate the connections when they open the app for the first time once you do this.

If this doesn’t work, I definitely suggest opening a ticket with Microsoft Support so they can take a deeper look into this problem. Here is the documentation on how to do it: https://learn.microsoft.com/en-us/power-platform/admin/get-help-support

Hope this helps.

Anthony.

Was this reply helpful? Yes No
WBADAM03 179 on at

Like (1)

Report

I broke my flow when troubleshooting and I put the archive flow back in the power app and everything worked again. So the app was instead going to the archive and not the production flow.

I don't know how it worked, but it seems to have solved the issue.

Was this reply helpful? Yes No
PH-20082155-0 4 on at

Like (1)

Report
We have a similar issue. Flows working fine. Added Conditional Access to require MFA and failures started the next morning.

User MFA's to site

Flow starts in PowerApps

First failure is at action "SharePoint Get Item"

Same user submits another request - will succeed at "Get Item" but fail at "Outlook Send Mail"

Doesn't happen for every user. Trying to address this before larger scale rollout of the Conditional Access policy.

Error:

{
"statusCode": 401,
"headers": {
"x-ms-failure-cause": "apihub-token-exchange",
"x-ms-apihub-obo": "false",
"x-ms-apihub-cached-response": "false",
"Date": "Thu, 01 Aug 2024 19:08:02 GMT",
"Content-Length": "1451",
"Content-Type": "application/json"
},
"body": {
"status": 401,
"source": "https://power-te-westus-3.azurewebsites.net:443/tokens/msmanaged-na/sharepointonline/c49631cb29684065bea5ad0a87cef990/exchange",
"message": "Error from token exchange: Runtime call was blocked because connection has error status: Enabled| Error, and sharepointonline is in the block list. Connection errors: [ParameterName: token, Error: Code: Unauthorized, Message: 'Failed to refresh access token for service: sharepointonlinecertificatev2. Correlation Id=61815f98-ecf8-4853-8a72-307657d913f7, UTC TimeStamp=8/1/2024 7:08:01 PM, Error: Failed to acquire token from AAD: {\"error\":\"interaction_required\",\"error_description\":\"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'. Trace ID: af2794b2-a615-4072-86b4-5ec8f3a80400 Correlation ID: ce9cfc38-e930-4b59-ab65-c059688eb639 Timestamp: 2024-08-01 19:08:01Z\",\"error_codes\":[50076],\"timestamp\":\"2024-08-01 19:08:01Z\",\"trace_id\":\"af2794b2-a615-4072-86b4-5ec8f3a80400\",\"correlation_id\":\"ce9cfc38-e930-4b59-ab65-c059688eb639\",\"error_uri\":\"https://login.windows.net/error?code=50076\",\"suberror\":\"basic_action\",\"claims\":\"{\\\"access_token\\\":{\\\"capolids\\\":{\\\"essential\\\":true,\\\"values\\\":[\\\"d2bbccbb-213a-4b45-8422-7b366363d8d4\\\",\\\"a03b209c-0ca4-40ba-859c-d1329a741f1c\\\"]}}}\"}']"
}
}

Was this reply helpful? Yes No