How to check logs of ADGroupResolver-OnSchedule Webjob

In the following article an example of how to investigate logs of ADGroupResolver-OnSchedule Webjob is provided. 

1. Login to https://portal.azure.com/

2. Go to Home > App Services.

3. Check that the correct Subscription is selected (LMS365 SaaS Production), click the App Service needed: in our example it is lms365-dirreader-prod-northeurope

screen_logs.png

4. Go to WebJobs.

5. In the WebJobs list select the ADGroupResolver-OnSchedule webjob which is responsible for synchronization with AD groups-> click Logs:

screen_logs2.png

6. Then click ADGroupResolver-OnSchedule webjob with 'Success' status:

screen_logs3.png

7. See Recent job runs and select one which has already been completed successfully:

screen_logs4.png

8. When logs are uploaded you can click 'download' to make a search easier:

screen_logs5.png

9. On the opened page you can search by TenantId: Ctrl + F5 - > insert TenantId. When finding it, you can see the process Id and follow it to check the actions referring to this process:

screen_logs6.png

When scrolling down and following process Id19, we found the following error:

ADAuthorizationException during resolve user by user identity:  Exc: System.AggregateException: One or more errors occurred. ---> System.Data.Services.Client.DataServiceQueryException: An error occurred while processing this request. ---> System.Data.Services.Client.DataServiceClientException: {"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient privileges to complete the operation."},"requestId":"11d47d46-47bf-4717-a178-1b234d83e08a","date":"2020-08-24T09:02:33"}}

screen_logs7.png

According to the 'Authorization_RequestDenied' error message, we can conclude that at the moment the application does not have enough permissions to access to customer's Azure AD. 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Please sign in to leave a comment.