|
| 1 | +--- |
| 2 | +title: Reasons for broken connections |
| 3 | +description: Learn how to troubleshoot and resolve broken connections. |
| 4 | +services: connectors |
| 5 | +ms.service: power-platform |
| 6 | +ms.workload: connectors |
| 7 | +author: nravindra-msft |
| 8 | +ms.author: nravindra |
| 9 | +ms.reviewer: angieandrews |
| 10 | +ms.topic: how-to |
| 11 | +ms.date: 01/16/2025 |
| 12 | +--- |
| 13 | +# Reasons for broken connections |
| 14 | + |
| 15 | +In this article, you will learn about the various reasons for broken connections and how to troubleshoot them effectively. We will cover common issues such as connection timeouts, Data Loss Prevention (DLP) blocks, invalid authenticated devices, and more. By understanding these reasons and following the provided troubleshooting steps, you can resolve connection problems and ensure a smoother experience with your applications and services. |
| 16 | + |
| 17 | +## Reason: Connection time out |
| 18 | + |
| 19 | +This occurs when a client (such as a web browser or an application) tries to establish a connection with a server, but the server does not respond within a specified time limit. This can happen for various reasons, such as the server being offline, network issues, or the server taking too long to process the request. When the connection times out, the client stops waiting for a response and terminates the connection attempt |
| 20 | + |
| 21 | +Possible error string seen by users </br> |
| 22 | +<i>- “The user could not be authenticated as the grant is expired. The user must sign in again.”</i> |
| 23 | + |
| 24 | +Troubleshoot </br> |
| 25 | +1. Check your internet connection: Ensure that the internet connection is stable and working properly.<br> |
| 26 | +2. Check the server status: Verify if the server you are trying to connect to is online and not experiencing any downtime.<br> |
| 27 | +3. Try increasing the timeout limit: Sometimes, increasing the timeout limit will help in getting the connection from the servers. |
| 28 | + |
| 29 | +## Reason: DLP block |
| 30 | +Reason: DLP block |
| 31 | +Data Loss Prevention (DLP) is a security measure that prevents sensitive information from being shared or transferred inappropriately. A DLP block occurs when a DLP policy detects that an action, such as sending an email or sharing a file, violates the organization's data protection rules. The DLP system then blocks the action to prevent potential data breaches or unauthorized access to sensitive information |
| 32 | + |
| 33 | +Possible error string seen by users |
| 34 | +- “Access has been blocked by Conditional Access policies. The access policy does not allow token issuance.” |
| 35 | +- “Device is not in required device state: domain_joined. Conditional Access policy requires a domain joined device, and the device is not domain joined.” |
| 36 | + |
| 37 | +Troubleshoot |
| 38 | +1. Review DLP policies: Check the DLP policies configured in the organization to understand what actions are being blocked and why. |
| 39 | +2. Consult with your admin: There might be a chance that the admin has blocked the particular connector or connection. It's a good idea to consult with them and discuss the issue to unblock it. |
| 40 | + |
| 41 | +## Reason: Invalid authenticated devices |
| 42 | +Reason: Invalid authenticated devices |
| 43 | +This refers to a situation where a user tries to authenticate using a device for multi-factor authentication (MFA), but the device has been disabled. This issue is not related to Power Automate but rather to the tenant's configuration at the administrative level. |
| 44 | + |
| 45 | +Possible error string seen by users |
| 46 | +- “Device object was not found in the tenant 'b880eeca-f1fb-4c91-bff6-82e84350a6e6' directory.” |
| 47 | +- “Device is not in required device state: compliant. Conditional Access policy requires a compliant device, and the device is not compliant. The user must enroll their device with an approved MDM provider like Intune.” |
| 48 | +- "Device used during the authentication is disabled.” |
| 49 | +- “Application needs to enforce Intune protection policies.” |
| 50 | + |
| 51 | +Troubleshoot |
| 52 | +1. Reach out to the tenant admin to understand why the device was disabled and to resolve the issue |
| 53 | +2. Try re-authorizing the connection |
| 54 | + |
| 55 | +## Reason: Due to inactivity for a very long duration |
| 56 | +Reason: Due to inactivity for a very long duration |
| 57 | +This refers to a situation where a connection becomes invalid because it has not been used for a specified period. For example, the SharePoint connector requires usage at least once every 90 days to remain active. If the connection is not used within this period, it will expire. The suggested troubleshooting method is to either create a new connection or reauthorize the existing one. |
| 58 | + |
| 59 | +Possible error string seen by users |
| 60 | +- “The refresh token has expired due to inactivity. The token was issued on 2024-03-17T12:07:02.0086301Z and was inactive for 90.00:00:00.” |
| 61 | +- “The provided authorization code or refresh token has expired due to inactivity. Send a new interactive authorization request for this user and resource.” |
| 62 | + |
| 63 | +Troubleshoot |
| 64 | +1. To troubleshoot, user must create a new connection or reauthorize the existing one. |
| 65 | + |
| 66 | +## Reason: Connection issue related to attended mode |
| 67 | +Reason: Connection issue related to attended mode |
| 68 | + |
| 69 | +This refers to problems that occur when a user tries to use features that require a license for unattended mode but does not have the necessary license. In attended mode, the user must be present and interact with the system, whereas unattended mode allows for fully automated processes without user interaction. If a user without the appropriate license attempts to use unattended mode, the connection will fail. |
| 70 | +Learn more about Attended and unattended scenarios here: Attended and unattended scenarios for process automation - Power Automate | Microsoft Learn |
| 71 | + |
| 72 | +Troubleshoot |
| 73 | +1. The user must have the correct license to interact with the system as required in attended mode. |
| 74 | + |
| 75 | +## Reason: Password modification by the user |
| 76 | +Reason: Password modification by the user |
| 77 | +This occurs when the account password you have added to create the connection is deleted or changed or expired. Since account verification is a crucial part of authentication whenever a connection is triggered, the connection will break if new password is not updated. To avoid this, use services like Microsoft Entra ID, learn more about it here |
| 78 | + |
| 79 | +Possible error string seen by users |
| 80 | +- “The provided grant has expired due to it being revoked, a fresh auth token is needed. The user might have changed or reset their password. The grant was issued on '2022-07-06T08:47:42.5388987Z' and the TokensValidFrom date (before which tokens are not valid) for this user is '2024-08-01T12:39:32.0000000Z'.” |
| 81 | + |
| 82 | +Troubleshoot |
| 83 | +1. Every time user update your password, the existing connections with those passwords would become invalid, so user must create a new connection for each of those connectors or edit the existing connection |
| 84 | + |
| 85 | +## Reason: AAD configuration change |
| 86 | +Reason: AAD configuration change |
| 87 | +This refers to modifications made at the Azure Active Directory (AAD) level that affect user identities or access policies. These changes can include moving to a new location, altering user roles, or updating security settings. Such changes can invalidate existing tokens and require users to reauthenticate. |
| 88 | + |
| 89 | +Possible error string seen by users |
| 90 | +- “Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'.” |
| 91 | + |
| 92 | +Troubleshoot |
| 93 | +1. User must reach out to the tenant admin to understand the specific changes and reauthorize the connection if necessary |
| 94 | + |
| 95 | +## Reason: Connection owner account is deleted/disabled |
| 96 | +Reason: Connection owner account is deleted/disabled |
| 97 | +This refers to a situation where the account that created a connection is either removed or disabled in the directory. This results in the invalidation of the connection, affecting all users who shared the connection. |
| 98 | + |
| 99 | +Possible error string seen by users |
| 100 | +- “The user account {EUII Hidden} has been deleted from the 1a188ae6-a002-4149-8234-e47371d17cce directory. To sign into this application, the account must be added to the directory.” |
| 101 | +- " The user account is disabled.” |
| 102 | +- “The user account {EUII Hidden} does not exist in the 66dc1f77-2e0d-4d13-b961-7c2e63aa376b directory. To sign into this application, the account must be added to the directory.” |
| 103 | + |
| 104 | +Troubleshoot |
| 105 | +1. To resolve this, another user with access can reauthorize the connection, thereby updating the ownership and restoring functionalities for all users. |
| 106 | + |
| 107 | +## Reason: Tenant admin disabled the app |
| 108 | +Reason: Tenant admin disabled the app |
| 109 | +This means that the administrator of the tenant has deactivated an application registered in Azure Active Directory (AAD). This action invalidates any service principal connections associated with the app, as the app can no longer issue tokens. To resolve this, the tenant admin needs to re-enable the app or create a new service principal connection. |
| 110 | + |
| 111 | +Possible error string seen by users |
| 112 | +- “The service principal for resource '00000003-0000-0ff1-ce00-000000000000' is disabled. This indicate that a subscription within the tenant has lapsed, or that the administrator for this tenant has disabled the application, preventing tokens from being issued for it.” |
| 113 | + |
| 114 | +Troubleshoot |
| 115 | +1. To resolve this, the tenant admin needs to re-enable the app or create a new service principal connection. |
0 commit comments