All Apps and Add-ons

Splunk Add-on for Microsoft Cloud Services: "Invalid Inputs - Error Code ACTC001 - An error occurred while attempting to connect to Office 365"

childressj
Engager

I just installed the Add-on for Microsoft Cloud Services by following the installation guide and using Splunk Web. I was able to get the certificate uploaded and have gotten "Auto-generated and verified as valid" as the status. When I created the Input, everything seemed to go fine, but on the Troubleshooting dashboard I am showing 1 Invalid Input.

I am running an all-in-one enterprise Splunk instance (version 6.4.2).

When I click on the Invalid Input (red 1) it brings up a table of data with this information:

Error Code - ACTC001
Host - splunk
Forwarder - 
Problem - An error occurred while attempting to connect to Office 365.
Problem Detail - Current access token cannot be validated by Office 365 when attempting to collect data on the forwarder.
Possible Reason - The access token used on the forwarder might be broken or expired.  The forwarder may not have received the latest configuration or something might be wrong with the account used to refresh the latest access token.

When I click on the red triangle next to the Invalid Input (red 1), it pops up a window with this information:

[UNCSSPLUNKLDM] Failed to fetch REST endpoint uri=https://127.0.0.1:8089/servicesNS/nobody/Splunk_TA_microsoft-cloudservices/configs/conf-splunk_ta_ms_o365_server_management_api_inputs?count=0 from server=https://127.0.0.1:8089
[UNCSSPLUNKLDM] Unexpected status for to fetch REST endpoint uri=https://127.0.0.1:8089/servicesNS/nobody/Splunk_TA_microsoft-cloudservices/configs/conf-splunk_ta_ms_o365_server_management_api_inputs?count=0 from server=https://127.0.0.1:8089 - Not Found.

I have tried following the link in a web browser, and I get a certificate error. Once I click past the certificate error I am able to log on to the web page with my Splunk credentials. It then displays a page titled "Splunk Atom Feed:conf-splunk_ta_ms_o365_server_management_api_inputs".

Any suggestions on how to fix this?

-Thanks

catate
Engager

I was having the same problem and was able to resolve it by removing spaces in the Inputs and Account names.

mlevsh
Builder

Sorry, that I cannot answer your question. We are getting the same error, so I just wanted to follow up with you if you were able to resolved this issue?

0 Karma

childressj
Engager

No, unfortunately I was never able to get this app to work.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...