Troubleshooting: Agent cannot connect to Graph API

Description

When performing an operation against the Graph API, the operation fails due to a connectivity issue.

Symptom

Operations against the Graph API fail due to a connectivity issue.

Resolution

The following PowerShell can be used to ensure the service can be accessed.

In the following command, replace {tenantDomain} with the tenant domain as configured in the agent. This should be executed on the server on which Identity Broker is installed.

Invoke-WebRequest -Uri "https://graph.windows.net/{tenantDomain}/users?api-version=1.6"

If the service is accessible from the execution location Invoke-WebRequest should return an error from the service indicating a connection was successfully made without the correct authentication information.

Invoke-WebRequest : {"odata.error":{"code":"Authentication_MissingOrMalformed","message":{"lang":"en","value":"Access Token missing or malformed."},"values":null}}
At line:1 char:1
+ Invoke-WebRequest -Uri "https://graph.windows.net/{tenantDomain} ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc
   eption
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

Any other response indicates a networking/firewall issue. Ensure that the UNIFYBroker service has HTTPS access to the graph.windows.net domain and is not being blocked or filtered.

Previous article: UNIFYBroker/Microsoft Office Enterprise Release Notes

Next article: UNIFYBroker/Microsoft SharePoint Prerequisites

This article was helpful for 1 person. Is this article helpful for you?

Replies 0
Oldest first
- Newest first
- Oldest first

Customer support service by UserEcho