Troubleshooting

Errors and solutions

1. Failed to add tenants. Check your client secret.
2. Unable to add tenants due to invalid client ID.
3. Invalid tenant name.
4. Insufficient privileges to audit Azure AD.
5. The Azure AD server is taking too long to respond. Check your network connectivity.
6. Unable to connect with the Azure AD server due to connection reset.
7. Unable to connect with the Azure AD server due to trust failure.
8. Certificate update in progress. Restart the ADAudit Plus service.
9. The sign-in logons require an Azure AD premium license.
10. Insufficient privileges when auditing via Office 365.
11. The configured proxy server is unreachable.
12. Network unreachable.
13. Unauthenticated proxy server configured.
14. Spike in Azure AD event requests.
15. The event collection is taking too long.
16. Insufficient privileges to carry out risk detection.
17. No data available.

1. Failed to add tenants. Check your client secret.

Issue: Unable to add tenants to configure Azure AD due to invalid client secret.

Solution:

Client secret values will be available only while it is generated. So, if you have a copy of your current client secret copied elsewhere, you can use it to compare to the value configured in ADAudit Plus. If not, you will have to create a new client secret.

Generate a new client secret by following the steps listed below:

1. Go to the Azure portal.
2. Select the Azure Active Directory service from the Azure services top pane.
3. Go to Manage > App Registrations. Select your application under Owned application.
4. Go to Manage > Certificates & secrets.
5. Click + New client secret.
6. Type in the description. Click Add.
7. Copy the client secret value (e.g., “14uCILxkHtIVGR3wkCq12341Nd5VtestkkWTyIPrrE=”)
   
8. Now open the ADAudit Plus console.
9. Navigate to Azure AD > Configuration > Cloud Directory.
   
10. Click + Add Tenant icon at the top-right corner.
11. Input the tenant name, client ID, and client secret value.
12. Click Save.

2. Unable to add tenants due to invalid client ID

Issue: Unable to add tenants to configure Azure AD due to invalid client ID.

Solution: Check if you have entered the correct client ID by following the steps listed below:

1. Go to the Azure portal.
2. Select the Azure Active Directory service from the Azure services top pane.
3. Go to Manage > App registrations. Select your application under Owned applications.
4. Navigate to Application (client ID) and click Copy to clipboard.
   
5. Now open the ADAudit Plus console.
6. Navigate to Azure AD > Configuration > Cloud Directory.
   
7. Click + Add Tenant icon at the top-right corner.
8. Input the tenant name, client ID, and client secret values.
9. Click Save.

3. Invalid tenant name

Issue: Unable to add tenant due to invalid tenant name.

Solution: Check if you have entered the correct tenant name by following the steps listed below:

1. Go to the Azure portal.
2. Select the Azure Active Directory service from the Azure services top pane.
3. Go to Overview in the left pane. Copy the tenant name.
4. Now open the ADAudit Plus console.
5. Navigate to Azure AD > Configuration > Cloud Directory.
6. Click +Add Tenant at the top-right corner.
7. Type in the correct tenant name, client ID, and client secret values.
8. Click Save.

4. Insufficient privileges to audit Azure AD

Issue: The application does not have the necessary privileges required to audit the cloud directory.

Solution: Grant the minimum required permissions for application created to audit Azure AD using the steps listed on this page.

5. The Azure AD server is taking too long to respond. Check your network connectivity

Issue: There is a connectivity issue between the ADAudit Plus server and Azure AD server.

Solution: Check if there is a stable and reliable internet connection with a speed of 20Mbps or over.

If there is proxy configured in the machine where ADAudit Plus is installed, then configure proxy setting in ADAudit Plus too, using these steps:

• In ADAudit Plus web console, go to Admin > Connection > Proxy.
• Check the Proxy Server Settings checkbox.
• Type in the proxy server details.
• Click Save.

6. Unable to connect with the Azure AD server due to connection reset.

Issue: A firewall could be restricting ADAudit Plus from connecting with the Azure AD server.

Solution: If you are using a firewall to secure your network, kindly ensure that the domains listed below are added to the exemption list.

https://login.microsoftonline.com
https://outlook.office365.com
https://graph.windows.net
https://graph.microsoft.com
https://manage.office.com

If you do not use a firewall, or if the issue persists even after upgrading to the latest build, contact support.

7. Unable to connect with the Azure AD server due to trust failure.

Issue: A firewall could be restricting ADAudit Plus from connecting with the Azure AD server.

Solution: If you are using a firewall to secure your network, kindly ensure that the domains listed below are added to the exemption list.

https://login.microsoftonline.com
https://outlook.office365.com
https://graph.windows.net
https://graph.microsoft.com
https://manage.office.com

If you do not use a firewall or if the issue persists even after upgrading to the latest build, contact support.

8. Certificate update in progress. Restart ADAudit Plus service

Issue: The updated Azure certificate is missing from the ADAudit Plus trust store.

Solution: Restart the ADAudit Plus service to reflect the already updated certificate in the ADAudit Plus trust store.

Note: The required certificate will be automatically updated to the ADAudit Plus trust store.

9. The sign-in logons require Azure AD premium license

Issue: Details of sign-ins can be obtained only if the tenant has an Azure Active Directory P1 or P2 license.

Solution: Upgrade your Azure license. For more details here.

10. Insufficient privileges when auditing via Office 365

Issue: The application configured for O365 API does not have the necessary privileges required to audit the cloud directory.

Solution: Grant the minimum required permissions for application created to audit Azure AD using the steps listed on this page.

11. The configured proxy server is unreachable

Issue: The configured proxy server is not running.

Solution: Check the proxy server's running status. If it's running, configure it in ADAudit Plus' proxy setting.

If the issue persists contact support.

12. Network unreachable

Issue: The server that ADAudit Plus is installed on can’t connect to the internet.

Solution: Check the server’s internet connection and provide internet connectivity if you haven’t done so already.

13. Unauthenticated proxy server configured

Issue: Although an authenticated proxy server is available, an unauthenticated setup is configured in the ADAudit Plus console.

Solution: Configure the right username and password on the ADAudit Plus proxy setting page, using these steps:

• In ADAudit Plus web console, go to Admin > Connection > Proxy.
• Check the Proxy Server Settings checkbox.
• Type in the proxy server details.
• Click Save.

14. Spike in Azure AD event requests

Issue: There is a sudden spike in the number of requests to Azure AD.

Solution: The issue will be fixed automatically when you upgrade to build 7080 or above.

Find the service pack to upgrade to build 7080 on this page.

15. The event collection is taking too long

Issue: The event fetch has been running for a long time.

Solution: Click run-now. If it keeps throwing the same error, contact support.

16. Insufficient privileges to carry out risk detection

Issue: The Azure AD premium license does not have the required privileges to analyze risky sign-in activities.

Solution: Find the minimum required permissions for application created to populate information about risky sign-in action in Azure AD using the steps listed on this page.

17. No data available

Issue: Data unavailable for the reports under Azure AD

Solution: This issue could stem from multiple factors. One of which is insufficient privileges, i.e., the account used to logon to ADAudit Plus does not have necessary privileges to audit Azure. In such cases, there will be an in-product notification as shown in the screenshot below.

To resolve this, check if the account you have used to logon has privileges to view Cloud Directory reports using the steps below:

• Open ADAudit Plus web console.
• Go to Admin > Technicians.
• Click the Modify icon under the Action column next to the name of the user account you have used to logon.
• Check Cloud Directory under Delegate Role to list.

Now verify if you can view the Azure AD reports by logging on using that user account.

If you have the necessary privileges and are still not able to populate any reports under the Cloud Directory, contact support.