Customer facing a problem with Azure endpoint accounts after upgrading from 14.4 CP1 to 14.4 CP1 CHF2.

Endpoint 'AzureEndpoint' modification failed: Connector Server Add failed: code 50 (INSUFFICIENT_ACCESS_RIGHTS): failed to add entry eTDYNDirectoryName=AzureEndpoint,eTNamespaceName=AzureNamespace,dc=im,dc=etasa:
JCS@Hostname: AzureRest: Unauthorized, Detailed Error: {"error":{"code":"InvalidAuthenticationToken","message":"Access token validation failure. Invalid audience.","innerError":{"date":"2022-09-07T09:53:24","request-id":"Request ID number","client-request-id":"Client Request ID"}}} (ldaps://xx.xxx.xx.xx:20411),

:ETA_E_0020<RAC>, User Account 'xxxx.xxxx@xxxx' on 'Azure' read failed: Connector Server Add failed: code 19 (CONSTRAINT_VIOLATION): failed to add entry eTDYNDirectoryName=AzureEndpoint,eTNamespaceName=AzureNamespace,dc=im,dc=etasa: JCS@Hostname: AzureRest: Bad Request, Detailed Error: {"odata.error":{"code":"Request_DataContractVersionMissing","message":{"lang":"en","value":"The specified api-version is in invalid. The value must exactly match a supported version."}}} (ldaps://xx.xxx.xx.xx:20411)

Release : 14.4

Component : CA Identity Suite Virtual Appliance

Tokens can only have one audience, which controls which API they grant access to. The token for your app/API cannot be used for Graph.

Please check with your Azure team to get an updated OAuth string.