search cancel

office365 monitoring errors


Article ID: 197620


Updated On:


DX Unified Infrastructure Management (Nimsoft / UIM)


We have setup office365 monitoring and run into issues. Getting error: office365 probe is unable to connect to the Microsoft servers.
Office365Monitoringapp is not responding (reason: Connection and/or inventory update failure) {Could not retrieve OAuth access token for client with details [email protected].

The probe deployed machine has internet and the profile state in admin console shows profile in pending state.


- permissions


Release : 9.0.2

Component : UIM - OFFICE365

office365 v1.03


Various errors:

Caused by: javax.naming.ServiceUnavailableException: Could not retrieve OAuth access token for client with details [email protected][scope=user_impersonation,grantType=authorization_code,clientId=0bbfa4c6-6385-406a-aa77-176802ec86f2,[email protected] L7BF3m}yG}fxH?M7,accessToken=<null>,refreshToken=<null>,username=,authorityUrl=,resourceServer=,resourcePath=/api/v1.0/021af73b-7bf8-4014-aa49-bcf05c8e29b1/ServiceComms/CurrentStatus?$select=Id%2CStatus%2CIncidentIds,expiresAfter=0] 
 at com.nimsoft.probe.application.office365.impl.Office365StatusService.getResponseFromAPI( 
 at com.nimsoft.probe.application.office365.impl.Office365StatusService.<init>( 
 at com.nimsoft.probe.application.office365.Office365Probe.getUpdatedInventory( 
 at com.nimsoft.probe.framework.genprobe.GenInventory.update( 
 ... 14 more 

 First review  the probe configuration in the Admin Console as per the help doc

Then follow these instructions:


Check the Supported platforms and then start at Prerequisites...

Run through the entire process including:

- Verify the Global Administrator Rights of the Office 365 User
- Register Office365 Application in the Azure Active Directory
- How to register an app with the v2.0 endpoint
- Integrating Application with Azure Active Directory
- Register your application with your Azure Active Directory tenant

As far as information transfer is concerned, the office365 probe hits the Microsoft URL's listed below to get the required data using HTTPS calls:

Also, please do make sure that the robot machine where the probe has been deployed is able to execute a telnet using the commands below:

  telnet 443

  telnet 443

  telnet 443


During connection validation, the probe runs the url below..,resourceServer=,resourcePath=/api/v1.0/021af73b-7bf8-4014-aa49-bcf05c8e29b1/ServiceComms/CurrentStatus?$select=Id

While in this case during update inventory, the probe uses the url below to collect the Monitoring info and fails with 401 unauthorized.

So it seems in this case, the user does not have the proper permission on this Resource.


You must verify the permission and also please try the above url with Powershell. 

If you get a 401 Unauthorized exception in Power Shell, e.g., This tenant doesn't have permission to access this resource

Then this needs to be checked by the office 365 admin/support team. 

Below is the raw command just as an example::

$ClientID = "0bbfa4c6-6385-406a-aa77-xxxxxxec86f2"
$ClientSecret = "uzwS9_-8hQE0Ixxxxxxxxxx_HrmPp72_Zq"
$loginURL = ""
$tenantdomain = ""
$TenantGUID = "021af73b-7bf8-xxx4-xxxx-bcf05c8e29b1"
$resource = ""
$body = @{grant_type="client_credentials";resource=$resource;client_id=$ClientID;client_secret=$ClientSecret}
$oauth = Invoke-RestMethod -Method Post -Uri $loginURL/$tenantdomain/oauth2/token?api-version=1.0 -Body $body
$headerParams = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"}
Invoke-WebRequest -Headers $headerParams -Uri "$resource/api/v1.0/$tenantGUID/ServiceComms/CurrentStatus?select=Id%2CStatus%2CIncidentIds"


In the office365 log, you may see an error such as:

{"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient privileges to complete the operation."},"requestId":"5fe53a7f-d456-4e85-9a04-58557a88207b","date":"2020-08-17T15:54:55"}}

Caused by: org.apache.http.client.HttpResponseException: Failed : HTTP error code : HTTP/1.1 403 Forbidden


The office 365 administrator should be able to check on this permissions error. You may find this url helpful:

To monitor Office365, global administrator permissions are required as per Microsoft documentation. User service accounts with limited permissions may not work.


If you see an error such as:

{"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient privileges to complete the operation."},"requestId":"869d87ef-11a5-4e0b-9706-f759bd1518a1","date":"2020-08-18T06:11:31"}} while accessing the resource "".


Please provide the permission for resource


Finally, enable:

a) read application permission for graph API,


b) delegate permission

Additional Information

Here is the list of supported metrics for the office365 probe.

Probe documentation:

Only the above metrics can be monitored.

You will need to enable the metrics & alarms as per your requirements.