Knowledgebase
User synchronization with Office 365 fails suddenly
Posted by Philip Schaffrath on 26 Feb 2018 09:17


Symptom/Problem:

During user synchronization appears the error message:
Requesting Microsoft Graph API token failed: AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided.


Root Cause:

A "Service Principal" is required to synchronize users from the Office 365 Azure Active Directory with MailStore.
In case the password of the "Service Principal" has expired the mentioned error message appears.


Solution:

Please check with the "Get-MsolServicePrincipalCredential" PowerShell command if the password of the "Service Principal" has expired:
https://docs.microsoft.com/en-us/powershell/module/msonline/get-msolserviceprincipalcredential

Use the name of the "Service Principal" that is configured in MailStore to check the password.

Example:


Connect-MsolService

Get-MsolServicePrincipalCredential -ReturnKeyValues 1 -ServicePrincipalName "MailStoreSP/tenant-domain"




You can use the "New-​Msol​Service​Principal​Credential" PowerShell command to create a new Password for the current "Service Principal":
https://docs.microsoft.com/en-us/powershell/module/msonline/new-msolserviceprincipalcredential

Replace the Value 'Pa$$w0rd' with your own password.

Example:


Connect-MsolService

New-MsolServicePrincipalCredential -ServicePrincipalName "MailStoreSP/tenant-domain" -Type Password -Value 'Pa$$w0rd'




Article-ID: KB20171123-0-EN (Deutsche Version)

(1 vote(s))
Helpful
Not helpful

Navigation
Remote Support

Please download this TeamViewer client in order to allow the MailStore support team a one-time only access to your system.

Got Premium Support?

If your MailStore Server license includes Premium Support or you are using the MailStore Service Provider Edition, you are entitled to get in touch with our support team directly via phone.

International

+49 2162-5029912

Phone (USA)

800-747-2915