MIP synchronization fails with error "Failed to retrieve authentication token from Microsoft Azure AD."
search cancel

MIP synchronization fails with error "Failed to retrieve authentication token from Microsoft Azure AD."

book

Article ID: 389086

calendar_today

Updated On:

Products

Data Loss Prevention Core Package Data Loss Prevention Enforce

Issue/Introduction

DLP Enforce fails to obtain MIP labels and shows the below error in the tomcat logs:.

25 Feb 2025 00:00:02,056- Thread: 1606 SEVERE [com.microsoft.aad.msal4j.ConfidentialClientApplication] [Correlation ID: YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY] Execution of class com.microsoft.aad.msal4j.AcquireTokenByClientCredentialSupplier failed.Cause:
com.microsoft.aad.msal4j.MsalServiceException: AADSTS7000222: The provided client secret keys for app 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX' are expired. Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret, or consider using certificate credentials for added security: https://aka.ms/certCreds. Trace ID: ZZZZZZZZ-ZZZZ-ZZZZ-ZZZZ-ZZZZZZZZZZZZ Correlation ID: YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY Timestamp: 2025-02-24 23:00:01Zcom.microsoft.aad.msal4j.MsalServiceException: AADSTS7000222: The provided client secret keys for app 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX' are expired. Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret, or consider using certificate credentials for added security: https://aka.ms/certCreds. Trace ID: ZZZZZZZZ-ZZZZ-ZZZZ-ZZZZ-ZZZZZZZZZZZZ Correlation ID: YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY Timestamp: 2025-02-24 23:00:01Z

 
25 Feb 2025 00:00:02,063- Thread: 91 SEVERE [com.symantec.dlp.enforcedomainservices.aip.AIPClassificationService] Failed to Synchronize the AIP labels.
Cause:
com.symantec.dlp.util.aip.AIPAuthenticationException: Unknown Errorcom.symantec.dlp.util.aip.AIPAuthenticationException: Unknown Error
 at com.symantec.dlp.util.aip.AzureOAuthTokenUtility.getAccessTokenByClientCredentialGrant(AzureOAuthTokenUtility.java:300)
 at com.symantec.dlp.util.aip.AzureOAuthTokenUtility.getToken(AzureOAuthTokenUtility.java:99)

 at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
 at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
Caused by: java.util.concurrent.ExecutionException: com.microsoft.aad.msal4j.MsalServiceException: AADSTS7000222: The provided client secret keys for app 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX' are expired. Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret, or consider using certificate credentials for added security: https://aka.ms/certCreds. Trace ID: ZZZZZZZZ-ZZZZ-ZZZZ-ZZZZ-ZZZZZZZZZZZZ Correlation ID: YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY Timestamp: 2025-02-24 23:00:01Z
 at java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:357)
 at java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1908)
 at com.symantec.dlp.util.aip.AzureOAuthTokenUtility.getAccessTokenByClientCredentialGrant(AzureOAuthTokenUtility.java:264)
 ... 27 more
Caused by: com.microsoft.aad.msal4j.MsalServiceException: AADSTS7000222: The provided client secret keys for app 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX' are expired. Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret, or consider using certificate credentials for added security: https://aka.ms/certCreds. Trace ID: ZZZZZZZZ-ZZZZ-ZZZZ-ZZZZ-ZZZZZZZZZZZZ Correlation ID: YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY Timestamp: 2025-02-24 23:00:01Z


25 Feb 2025 00:00:02,086- Thread: 91 INFO [org.quartz.core.JobRunShell] Job AIP_TAXONOMY_SYNC_JOB_EXEC.AIP_TAXONOMY_SYNC_JOB threw a JobExecutionException: 
Cause:
org.quartz.JobExecutionException: com.symantec.dlp.util.aip.AIPAuthenticationException: Unknown Errororg.quartz.JobExecutionException: com.symantec.dlp.util.aip.AIPAuthenticationException: Unknown Error [See nested exception: com.symantec.dlp.util.aip.AIPAuthenticationException: Unknown Error]

Caused by: java.util.concurrent.ExecutionException: com.microsoft.aad.msal4j.MsalServiceException: AADSTS7000222: The provided client secret keys for app 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX' are expired. Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret, or consider using certificate credentials for added security: https://aka.ms/certCreds. Trace ID: ZZZZZZZZ-ZZZZ-ZZZZ-ZZZZ-ZZZZZZZZZZZZ Correlation ID: YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY Timestamp: 2025-02-24 23:00:01Z


Environment

DLP 16.1

Resolution

Create new Client Secrets on Azure portal and change it in MIP credential profile

Powered by Wolken Software