Page 1 of 2
Microsoft O365 Wizard
Posted: Thu Sep 30, 2021 3:13 pm
by rferebee
Hello Nagios team,
We're attempting to use the O365 wizard in XI for the first time after setting up the API access according to the following documentation:
https://support.nagios.com/kb/article/m ... s-881.html
I'm fairly certain we have everything configured correctly in the Azure/O365 dashboard.
Whenever I step through the wizard it's unable to discover any account information for Mailbox Activity, Mailbox Usage, etc. The drop down simply displays 'No matches...'.
We setup the API access on the 28th, so if there's any sort of sync period we should be past that.
I'm unsure of what to look at next and your assistance is greatly appreciated.
Thank you.
Re: Microsoft O365 Wizard
Posted: Thu Sep 30, 2021 4:00 pm
by rferebee
Update: Tried adding just the 'Mailbox Count' check from the wizard and we're getting the following error message.
"CRITICAL: Error querying endpoint. HTTP error [403] message [Forbidden]. Graph error [UnknownError] message [{"error":{"code":"S2SUnauthorized","message":"Invalid permission."}}]"
That looks to me like our API permissions are incorrect.
Re: Microsoft O365 Wizard
Posted: Fri Oct 01, 2021 12:38 pm
by kfanselow
Hi rferebee,
Just wanted to check on your status. Were you able to sort out the API permissions ?
Re: Microsoft O365 Wizard
Posted: Fri Oct 01, 2021 1:24 pm
by rferebee
No unfortunately, it's still not working. We've gone over the permissions several times and do not see anything that looks wrong according to the KB article for this wizard.
Re: Microsoft O365 Wizard
Posted: Mon Oct 04, 2021 4:36 pm
by kfanselow
Re: Microsoft O365 Wizard
Posted: Tue Oct 05, 2021 12:57 pm
by rferebee
Yes, the API permissions are configured correctly. We've successfully deployed over 20 of these API connectors, so we're pretty confident everything is good on the Azure/O365 side.
Is there anything else we can look at?
Re: Microsoft O365 Wizard
Posted: Tue Oct 05, 2021 2:59 pm
by kfanselow
Try running the plugin from the CLI on your nagios server using the -v flag - that should provide you with a little more information. You can add up to three v's for full verbosity ( -vvv ).
Code: Select all
/usr/local/nagios/libexec/check_microsoft_365.php --tenant 'directory id' --appid 'application id' --secret 'secret' --warning '0' --critical '1' --mode 'userslist' -v
Re: Microsoft O365 Wizard
Posted: Wed Oct 06, 2021 7:00 pm
by rferebee
Ok, here's the error that we're seeing from the verbose output:
Code: Select all
DEBUG: [BaseRequest::queryEndpoint] self::limit [] ###
(2995)
INFO: [BaseRequest::queryEndpoint] FATAL ERROR: array (
'http_code' => 403,
'http_msg' => 'Forbidden',
'error_code' => 'Authorization_RequestDenied',
'status_msg' => 'Insufficient privileges to complete the operation.',
'total_time' => 0.136923,
) (3004)
DEBUG: [nagios_exit] (3804)
CRITICAL: Error querying endpoint. HTTP error [403] message [Forbidden]. Graph error [Authorization_RequestDenied] message [Insufficient privileges to complete the operation.]
Unfortunately, we're having trouble identifying where we're lacking in our set permissions. As far as we're concerned we've set everything up correctly per the instructions.
Could we perhaps turn this into a formal ticket so we can setup a screen share?
Re: Microsoft O365 Wizard
Posted: Thu Oct 07, 2021 4:25 pm
by kfanselow
Hi rferebee ,
Thank you for your patience. You are welcome to open a ticket however based upon the information provided it might be a better use of your time to work with Microsoft on the permissions issue. The data you've provided indicates that it is an issue on the Office 365 side of the equation and they would have more visibility and depth of knowledge to solve the problem. We believe this will be the fastest way to resolution due to the complexity of the environment and help determine what is causing the error message the plugin is returning:
Insufficient privileges to complete the operation
Re: Microsoft O365 Wizard
Posted: Tue Oct 12, 2021 1:15 pm
by rferebee
I know you recommended we reach out to Microsoft, but I wanted to show you a screenshot from the logs in our Azure portal.
You can see the Nagios API is successfully connecting every 15 minutes. We're still not sure it's a permissions issue despite the message in the XI portal.