All Apps and Add-ons

MS Teams Add-On Graph subscription fails

hanselad
Explorer

Hello,

We're trying to use this add on to get MS Teams Call Quality data into Splunk. However, there is a persistent issue -- we're not able to subscribe to Graph change notifications. The error we get is 
2020-06-15 14:59:01,505 ERROR pid=13270 tid=MainThread file=base_modinput.py:log_error:309 | Could not create subscription: 400 Client Error: Bad Request for url: https://graph.microsoft.com/v1.0/subscriptions

When tried through Postman or curl, the error is 

{
  "error": {
    "code": "InvalidRequest",
    "message": "The underlying connection was closed: An unexpected error occurred on a send.",
    "innerError": {
      "date": "2020-06-15T15:08:45",
      "request-id": "bbd8c734-15e4-4439-b2bc-be49ba2a6335"
    }
  }
}
 

Anyone facing a similar error? 

@jconger 

Labels (1)
0 Karma
1 Solution

livehybrid
Contributor

Its funny you mention that because I've just done the exact same using AWS LB and ACM.

The logging out of Azure isnt particularly helpful. I also ran into the SSL issue - Azure doesnt allow for non-trusted certificate, there doesnt appear to be a flag to disable.

For anyone else running into this issue, ensure that you're webhook is publicly accessible with a  publicly trusted SSL Certificate and that your Azure application has the correct API permissions to configure. the subscription.

 

View solution in original post

0 Karma

livehybrid
Contributor

I ran in to the same problem with this - the webhook has to be externally accessible and must be https!

{
"notificationUrl": "http://myfqdn:4444",
"resource": "/communications/callRecords",
"changeType": "created, updated",
"expirationDateTime": "2020-06-18T21:36:38Z"
}

returns:

{
	"error": {
		"code": "InvalidRequest",
		"message": "NotificationUrl scheme='http' is not supported.",
		"innerError": {
			"date": "2020-06-16T21:36:39",
			"request-id": "50aa099c-21a1-4531-aeb8-f42596924e24"
		}
	}
}

 Azure must also be able to resolve the domain.

I hope this helps.

hanselad
Explorer

Hey @livehybrid  thanks for your response! Our webhook was on a HF in a DMZ, we made sure it was publicly accessible, tried https and http for the webhook but ran into similar errors.

We found the culprit this morning though -- It was a cert issue. Azure did not like what we had and the SSL termination process was not working correctly on our HF. To fix, we set up an ALB (AWS infra) and set up an HTTPS listener on it. This paired with the right cert from ACM fixed the issue for us. Hope this helps!

0 Karma

livehybrid
Contributor

Its funny you mention that because I've just done the exact same using AWS LB and ACM.

The logging out of Azure isnt particularly helpful. I also ran into the SSL issue - Azure doesnt allow for non-trusted certificate, there doesnt appear to be a flag to disable.

For anyone else running into this issue, ensure that you're webhook is publicly accessible with a  publicly trusted SSL Certificate and that your Azure application has the correct API permissions to configure. the subscription.

 

View solution in original post

0 Karma

hanselad
Explorer

Good to know we weren't the only ones with that issue. Thanks for chiming in!

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!