Troubleshooting

The WorkZone Active Directory Connector window prints all log on its screen. All issues are printed in red color (see the screenshot below for an example). Some error messages contain detailed information. To make the error message more readable, you can copy the error message and paste it in your preferred text editor.

Common configuration errors

Below you can see a list of common errors that may occur during configuration, and how you can solve them.

AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app '<ClientID>'

If you get this message, check that the specified client secret is correct and that it has not expired.

 

AADSTS7000229: The client application <ClientID> is missing service principal in the tenant <TenantId>. See instructions here: https://go.microsoft.com/fwlink/?linkid=2225119

Make sure that the ClientID and Client Secret that you have specified are registered in the tenant with the specified ID <TenantId>.

 

Exception running Active Directory replication: Unauthorized

This error occurs because OData can't authorize the access token from from Entra. The reason may be that the tenant that provided the token is not known by WorkZone OData.

To fix this issue, make sure that the app is registered in the correct tenant. It should be the same tenant that runs WorkZone OData authorization.

 

Exception running Active Directory replication: Forbidden

This error occurs because the Service Principal (Enterprise Application) Object ID is not set in the SJADREPLICATORUSER oid column.

To fix this issue, run the following command on the WorkZone database:

update users set oid='<Enterprise Application Object Id>' where user_name = 'SJADREPLICATORUSER';

commit;