bed428
commented
1 week ago Did the app reg secret/cert expire?
Open medhajeff opened 1 week ago
bed428
commented
1 week ago Did the app reg secret/cert expire?
medhajeff
commented
6 days ago no, it is valid. the access denied issue is intermittent. Why does it need to call Entra CP on page load ? I have not even reached to the people picker yet.
bed428
commented
6 days ago Intermittent as in just a few users experience it 100% of the time? Or like 100% of users get it 20% of the time? (Wondering if they have >200 groups associated with them.)
medhajeff
commented
6 days ago Random user get intermittent access denied. maybe 1% of users is what I have observed so far. Any suggestions ?
Yvand
commented
6 days ago @medhajeff EntraCP is called when users sign-in if augmentation is enabled, to get the group membership of the user and include it in their token. A common reason for such a random timeout is the CRL verification of Entra ID certificates randomly fails. On the SharePoint front-end, can you enabled the CAPI2 log in the event viewer, and check if it records errors at the same time as the random timeouts?
Hello, Random users are getting access denied to our SP 2019 On-premise environment with Azure AD Trust. The ULS logs reports
EntraCP Augmentation 1337 Unexpected [EntraCP] Unexpected error while getting groups for user 'username@domain.com' from tenant 'subdomain.onmicrosoft.com': The task likely exceeded the timeout of 15000 ms and was canceled: TaskCanceledException: A task was canceled.
SharePoint Foundation Monitoring b4ly High Leaving Monitored Scope: ([EntraCP] Get groups of user "username@domain.com" from tenant "subdomain.onmicrosoft.com") Execution Time=14999.029247503; CPU Milliseconds=0; SQL Query Count=0; Parent=[EntraCP] Augmentation for user "username@domain.com
EntraCP Augmentation 1337 Medium [EntraCP] Got no group in 14999 ms for user 'username@domain.com'