Troubleshooting App Connector error messages

This article provides a list of API App connector error messages and resolution recommendations for each error.

Troubleshooting

App connector errors can be seen in the app connector dialog after attempting to connect a cloud app using the API App connector.

Error message Relevant app Description Resolution
HttpRequestFailure: Server returned: 500 Internal server error All apps There was an error in the app. Check the status of the app
Service timeout All apps A timeout was detected in the connection between Defender for Cloud Apps and the app. This could be due to a problem with the app. Try again later.
Get events: Request failed with status code 402. Payment Required. Audit Log Entitlement validation failed Atlassian The Atlassian subscription doesn't have 'Atlassian Access' plan which is required to monitor events. Please enable 'Atlassian Access' plan on your Atlassian subscription.
NullPointerException AWS Internal error Contact support
AuthFatalFailureException: com.box.boxjavalibv2.exceptions.BoxServerException: {"error":"invalid_grant","error_description":"Invalid refresh token"} Box The Box refresh token is not valid Follow the process to connect Box to Defender for Cloud Apps again.
BoxRestException: Failed to parse response. Box Internal error Click the Test now link again to test the connection to Box.
ContextManagerServiceException: com.adallom.adalib.httputils.exceptions.TokenRefreshException: {"error":"invalid_grant","error_description":"Invalid refresh token"}' Box The Box refresh token is not valid Follow the process to connect Box to Defender for Cloud Apps again.
BoxServerException: User cannot access this feature without having an enterprise Box The Box account is not an Enterprise account. Upgrade your Box license to the Enterprise version of Box and then follow the process to connect Box to Defender for Cloud Apps again.
BoxServerException: Unauthorized - Cannot authorize with this service Box The Box admin deleted the Defender for Cloud Apps application in Box. Follow the process to connect Box to Defender for Cloud Apps again.
HttpRequestFailure: Server returned: 401 Unauthorized Exchange Online User or password are incorrect Make sure the username and password are correct and Follow the process to connect Exchange Online to Defender for Cloud Apps again.
HttpRequestFailure: Server returned: 404 Not Found Exchange Online The user you are using to log into Exchange Online does not have a primary mailbox in Exchange Online (for example, a user who does not exist in Microsoft Entra ID or a user exists in Microsoft Entra ID, but does not have an Exchange Online license). Follow the process to connect Exchange Online to Defender for Cloud Apps again using a new admin account.
GoogleJsonResponseException: 401 Unauthorized Google Workspace Access denied. You are not authorized to read activity records. The user you log into Google Workspace with must be an admin user. Follow the process to connect Google Workspace to Defender for Cloud Apps again using an admin account.
GoogleJsonResponseException: 403 Forbidden Google Workspace Problem running the Google Workspace API. If you just deployed the Defender for Cloud Apps App Connector for Google Workspace, check the following: If you clicked Unlimited, make sure that your Google Workspace account is really unlimited. If it is not, run the App Connector again and un-select the option for an unlimited account. Check that the scopes you defined during setup are correct. If this is not a new deployment and you see this error, it may be that you reached the API limit for today and Google Workspace events will be renewed tomorrow.
TokenResponseException: 400 Bad Request Google Workspace Either the connection to Google Workspace did not complete or is expired. Follow the process to connect Google Workspace to Defender for Cloud Apps again.
HttpRequestFailure: Server returned: 401 Unauthorized Okta The Okta token is not valid. Follow the process to connect Okta to Defender for Cloud Apps again.
IOException: Okta Internal error Contact support
HttpRequestFailure: Server returned: 404 Not Found Okta Internal error Contact support
HttpRequestFailure: Server returned: 400 Bad Request: {"error":{"code":"AF20012","message":"Specified tenant ID (Tenant_ID goes here) is incorrectly configured in the system." Microsoft 365 No assigned Microsoft 365 licenses were found. Assign at least one Microsoft 365 license to your tenant.
Microsoft.Office.Compliance.Audit.DataServiceException: Tenant 998cea7e-35cd-46a5-ab3c-8ec88a45d7d5 does not exist or {"error":"code":"AF20023","message":"The subscription was disabled." Microsoft 365 Audit logging is not enabled in Microsoft 365 Enable audit logging in Microsoft 365. Learn more
HttpRequestFailure: Server returned: 401 Unauthorized Microsoft 365 Internal problem Click the Test now link again
TokenRefreshException: {"error":"invalid_grant","error_description":"AADSTS70002: Error validating credentials. AADSTS70008: The provided authorization code or refresh token is expired. Send a new interactive authorization request for this user and resource. Microsoft 365 Token expired Follow the process to connect Microsoft 365 to Defender for Cloud Apps again.
SocketTimeoutException: Read timed out Microsoft 365 Internal error Click the Test now link again
NullPointerException Microsoft 365 Internal error Contact support
IgniteException Microsoft 365 Domain or user are not valid Reset your settings and follow the process to connect Microsoft 365 to Defender for Cloud Apps again.
ContextManagerServiceException: com.adallom.adalib.httputils.exceptions.TokenRefreshException: {"error":"invalid_grant","error_description":"AADSTS70002: Error validating credentials. AADSTS70008: The provided authorization code or refresh token is expired. Send a new interactive authorization request for this user and resource. Microsoft 365 Domain or user are not valid Reset your settings and follow the process to connect Microsoft 365 to Defender for Cloud Apps again.
HttpRequestFailure: Server returned: 400 Bad Request Microsoft 365 Internal error Click the Test now link again in a few minutes, if it does not work, follow the process to connect Microsoft 365 to Defender for Cloud Apps again.
SocketTimeoutException: Read timed out Salesforce Internal error Click the Test now link again to test the connection to Salesforce.
HttpRequestFailure: Server returned: 400 Bad Request Salesforce Either the connection to Salesforce did not complete or is expired. Follow the process to connect Salesforce to Defender for Cloud Apps again.
Get Permissions: NoHttpResponseException: *******.salesforce.com:443 failed to respond Salesforce IP restriction on customer ENV. In the Salesforce portal, under Setup > Session Settings, clear the Lock sessions to the IP address from which they originated check box.
team_not_authorized Slack Slack Discovery API is not enabled. Contact Slack support and ask to enable Discovery API.
RuntimeException: com.adallom.adalib.httputils.exceptions.HttpRequestFailure: Server returned: 403 Forbidden ServiceNow Permissions are incorrect Follow the process to connect ServiceNow to Defender for Cloud Apps again using an admin account.
Get events: {"code":403,"serverResponse"
Get users: {"code":403,"serverResponse"

"body":"{"error":"permission denied"}"
Workday Insufficient permission to access audit logs and/or user endpoints Verify all permissions are in place. Learn more
"code":400,"serverResponse"

body":"{"error":"invalid_grant"}
Workday Authentication issue Account used to set up the instance may be locked or disabled. To verify, view the Workday account and select View Sign-on History. You may see an authentication failure message in the report specifying that the System Account is disabled. Learn more
"code":401,"serverResponse":

body":"{"error":"invalid_client"}"
Workday Client token validity issue OAuth 2.0 REST API Client token not valid. The token may have expired, or may be incorrect. Generate another token and assign it to the connected instance. Learn more
Get user: Success Get events: Request failed with status code 403 Zendesk The Zendesk user that is configuring the integration is no longer a Zendesk admin, or your Zendesk license is unsupported. Upgrade the Zendesk user who configured the connector to admin (from Zendesk admin portal), or check here to see if your Zendesk license is supported.

Next steps

If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.