Getting Data In

Microsoft Azure Add on for Splunk (TS-MS-AAD v 3.1.1) error:309 | _Splunk_ Unable to obtain access token

Azeemering
Builder

Hello I am installing a fresh new install of this app to replace our old version (1.2.4)

I am using the same credentials as the old working version (client id, secret and tenant)

With the new app I get the error:

 

2021-03-30 09:17:26,598 ERROR pid=109928 tid=MainThread file=base_modinput.py:log_error:309 | _Splunk_ Unable to obtain access token
2021-03-30 09:17:26,596 DEBUG pid=109928 tid=MainThread file=connectionpool.py:_make_request:437 | https://login.microsoftonline.com:443 "POST /27776982-d882-41b2-95ac-322f28d5a2ce/oauth2/v2.0/token HTTP/1.1" 401 471
2021-03-30 09:17:26,372 DEBUG pid=109928 tid=MainThread file=connectionpool.py:_new_conn:959 | Starting new HTTPS connection (1): login.microsoftonline.com:443

 

When reverting to the old app it works fine and I am able to collect data.
We checked all the permissions and Azure settings. What else do we need to do to get this working with the new version.

Labels (1)
0 Karma

Vardhan
Contributor

Hi @Azeemering ,

In the new Azure Addon version, the interface and settings have been changed. So if you are trying with the old local config like Passwords.conf&ta_ms_aad_settings.conf it will not work in the new version.

Try to do a fresh config and erase all the old configs.

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...