Share
Report
4Flows working fine. Added Conditional Access to require MFA and failures started the next morning.
Flows are created using a Premium License - users have regular licenses.
- User MFA's to SharePoint site
- Accesses Power App to start the flow
- First failure is at action "SharePoint Get Item"
- Same user submits another request - will succeed at "Get Item" but fail at "Outlook Send Mail"
Doesn't happen for every user. Trying to address this before larger scale rollout of the Conditional Access policy. Below is the failure on Get Items - the Outlook error is the same except it references 0365 in the block list.
Error:
{
"statusCode": 401,
"headers": {
"x-ms-failure-cause": "apihub-token-exchange",
"x-ms-apihub-obo": "false",
"x-ms-apihub-cached-response": "false",
"Date": "Thu, 01 Aug 2024 19:08:02 GMT",
"Content-Length": "1451",
"Content-Type": "application/json"
},
"body": {
"status": 401,
"source": "https://power-te-westus-3.azurewebsites.net:443/tokens/msmanaged-na/sharepointonline/c49631cb29684065bea5ad0a87cef990/exchange",
"message": "Error from token exchange: Runtime call was blocked because connection has error status: Enabled| Error, and sharepointonline is in the block list. Connection errors: [ParameterName: token, Error: Code: Unauthorized, Message: 'Failed to refresh access token for service: sharepointonlinecertificatev2. Correlation Id=61815f98-ecf8-4853-8a72-307657d913f7, UTC TimeStamp=8/1/2024 7:08:01 PM, Error: Failed to acquire token from AAD: {\"error\":\"interaction_required\",\"error_description\":\"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'. Trace ID: af2794b2-a615-4072-86b4-5ec8f3a80400 Correlation ID: ce9cfc38-e930-4b59-ab65-c059688eb639 Timestamp: 2024-08-01 19:08:01Z\",\"error_codes\":[50076],\"timestamp\":\"2024-08-01 19:08:01Z\",\"trace_id\":\"af2794b2-a615-4072-86b4-5ec8f3a80400\",\"correlation_id\":\"ce9cfc38-e930-4b59-ab65-c059688eb639\",\"error_uri\":\"https://login.windows.net/error?code=50076\",\"suberror\":\"basic_action\",\"claims\":\"{\\\"access_token\\\":{\\\"capolids\\\":{\\\"essential\\\":true,\\\"values\\\":[\\\"d2bbccbb-213a-4b45-8422-7b366363d8d4\\\",\\\"a03b209c-0ca4-40ba-859c-d1329a741f1c\\\"]}}}\"}']"
}
}
"statusCode": 401,
"headers": {
"x-ms-failure-cause": "apihub-token-exchange",
"x-ms-apihub-obo": "false",
"x-ms-apihub-cached-response": "false",
"Date": "Thu, 01 Aug 2024 19:08:02 GMT",
"Content-Length": "1451",
"Content-Type": "application/json"
},
"body": {
"status": 401,
"source": "https://power-te-westus-3.azurewebsites.net:443/tokens/msmanaged-na/sharepointonline/c49631cb29684065bea5ad0a87cef990/exchange",
"message": "Error from token exchange: Runtime call was blocked because connection has error status: Enabled| Error, and sharepointonline is in the block list. Connection errors: [ParameterName: token, Error: Code: Unauthorized, Message: 'Failed to refresh access token for service: sharepointonlinecertificatev2. Correlation Id=61815f98-ecf8-4853-8a72-307657d913f7, UTC TimeStamp=8/1/2024 7:08:01 PM, Error: Failed to acquire token from AAD: {\"error\":\"interaction_required\",\"error_description\":\"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'. Trace ID: af2794b2-a615-4072-86b4-5ec8f3a80400 Correlation ID: ce9cfc38-e930-4b59-ab65-c059688eb639 Timestamp: 2024-08-01 19:08:01Z\",\"error_codes\":[50076],\"timestamp\":\"2024-08-01 19:08:01Z\",\"trace_id\":\"af2794b2-a615-4072-86b4-5ec8f3a80400\",\"correlation_id\":\"ce9cfc38-e930-4b59-ab65-c059688eb639\",\"error_uri\":\"https://login.windows.net/error?code=50076\",\"suberror\":\"basic_action\",\"claims\":\"{\\\"access_token\\\":{\\\"capolids\\\":{\\\"essential\\\":true,\\\"values\\\":[\\\"d2bbccbb-213a-4b45-8422-7b366363d8d4\\\",\\\"a03b209c-0ca4-40ba-859c-d1329a741f1c\\\"]}}}\"}']"
}
}
The MS suggestion to have the user log into Power Automate to fix the connection isn't a solution since the second time they submit a request - it passes the Get Item action so it isn't the connection.
Help!
Categories:
I have the same question (0)
All responses (
Answers (
