Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn a 50% discount on the DP-600 certification exam by completing the Fabric 30 Days to Learn It challenge.

Reply
Anonymous
Not applicable

Production Embedded Report Issue

Getting this message on an account;

 

{"error":"unauthorized_client","error_description":"AADSTS70002: Error validating credentials. AADSTS50053: You've tried to sign in too many times with an incorrect user ID or password.\r\nTrace ID: 6b4fa9ed-b473-4814-b3af-fda6a1da0900\r\nCorrelation ID: 88f09592-6d12-4e5d-b61d-11e34a412844\r\nTimestamp: 2018-06-14 14:49:57Z","error_codes":[70002,50053],"timestamp":"2018-06-14 14:49:57Z","trace_id":"6b4fa9ed-b473-4814-b3af-fda6a1da0900","correlation_id":"88f09592-6d12-4e5d-b61d-11e34a412844"}

 

The password or userID has not been changed, and the multiple attempt login issue is odd since when I login to the account on powerbi.com using same credentials, everything works fine.

 

This is now a problem on production.

21 REPLIES 21
Anonymous
Not applicable

Basically here a recap of what we have understood from MS.

 

There are 2 cases:

1. Your AAD is federated with AD

2. Your AAD is not federated

 

In both cases the app you need to create is of type native with PBI delegated permissions consented by an AAD admin. Web/Api Apps type seem not working anymore.

 

For case 1 there is no way to retrieve the token if you don't use the ADAL library or, if you can't use it and want/need to use the OATH2 password workflow you are forced to define a master account user that is of type AAD User and is not federated.

 

For case 2 if you do not use ADAL, running the scripts MS suggested and is reported in this thread solves the issue.

 

Hope this helps.

Anonymous
Not applicable

We had the same issue that started Thursday evening / Friday morning. There was an Azure AD setting Microsoft changed on their end that impacted this functionality. I don't have the powershell script but their support helped us re-enable this feature so that our embedded reports work correclty. We're also going to update the way we authenticate to Azure AD so that it's not impacted in the future.

 

Here's the powershell.

$spId = "GUID HERE" (It is the object ID of the Service Principal. You can find it within Azure Active Directory > Enterprise Applications > Application you’re looking for > Properties > ObjectID)

 

 

$policy = New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"AllowCloudPasswordValidation`":true}}") -DisplayName EnableDirectAuth -Type HomeRealmDiscoveryPolicy -IsOrganizationDefault $false

 

Add-AzureADServicePrincipalPolicy -Id $spId -RefObjectId $policy.Id

Anonymous
Not applicable

MS provided us the same powershell script reported by @Anonymous but in our case  unfortunately this didn't solve the issue.

 

Still waiting for MS support. Ticket still open.

Hi @Anonymous

 

I have tried with given script  in my PowerShell. It is showing error. Powershell.png

 

Do I need any other permission/ subscription/ additional script to run this script?

Could you help me to fix this issue.

 

By

Gnanasekar

Anonymous
Not applicable

Try the preview version for AzureAD. You may have to change this a little but this should do it. You may also have to uninstall the current module you have installed.

Install-Module -Name AzureADPreview

Thanks for information. It resolve the problem. Now all works fine.

We applied the script that you recommended All2Neat... solved our problem. We are back online.

 

Thank you so much for the heads up.

Thanks very much for sharing this. We are going to try it now. Will let you know.

 

Still not a word from anyone at PowerBi or Microsoft..... 

karelmous
New Member

Since Friday morning, we have been encountering the exact same problem with on of our app. Problem occured in every deployment environment, including production. Been chasing the problem for days, but all setting seemed correct. Morever the code and deployment was not updated.

 

Hope Microsoft sorts things out on their side soon.

Anonymous
Not applicable

Same issue here. DEV UAT PRD all affected.

 

Opened a MS ticket. Waiting for a response.

v-jiascu-msft
Employee
Employee

Hi All,

 

1. What's the scenario? App owns data or User owns data?

2. What's the type of your own app? Native app or web app? If you register it as a web app but you only use one account, it could be returns errors. 

Please refer to error-validating-credentials-aadsts50012-invalid-client-secret-is-provided and https://github.com/Azure/azure-keyvault-java/issues/5.

 

Best Regards,

Dale

Community Support Team _ Dale
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Anonymous
Not applicable

1. How do I tell who owns the data? We have created it as an app, but the user itself holds the dataset.

2. It's a wep app and only one account has access / is the owner.

 

We changed it to a native app. Same issue.

Hi All,

 

Did you assign the App workspace to a capacity? It could be running out of resources without capacity. Please refer to embed-sample-for-customers#move-to-production.

 

Best Regards,

Dale

Community Support Team _ Dale
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Hi There

 

We are experiencing exactly the same scenrio since last Thursday evening. Can access the reports etc on regular power bi portal.. but get the have tried to log in too many times with incorrect user name / password error when trying to receive a token. The user name and password have not changed, are correct and even when changing them and knowing that azure AD has synced, still same problem.

 

 

Where does the count for number of incorrect logins sit and where can it be reset? Have tried with two domain accounts that are both active and both get the same message..

 

Also trying the same via Postman and getting same result.

 

I notice two other organisations / users getting same issue since Thursday last week. and I saw a vague one liner from power bi that users may not be able to access their reports and an update would be communicated on Monday evening.. that was last night... We are still down.

 

I suspect something has changed on the back end side of Azure AD. ...

 

Surely there must be some way you can check  what process is giving the too many times tried response...???

The same as you say.

We also still down.

Was tried recreate AD application and user grant permissions, but not work. Something happend on Azure side.

 

Maybe some inaccuracy was deployed with:

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/whats-new 

see May 2018

Sounds very similar to us, we have a ticket open and are currently awaiting a further response.

 

Something must have changed backend.  This has been happening since Friday AM at least.

Just to add, we are experiencing the exact same issue, also affecting Production.

 

We have a ticket opened also.

 

We can also login with the same credentials via the PowerBI portal and nothing has changed code wise for several months.

 

This has let to 3 days downtime so far.

Hi,

 

1. Scenario: App owns data 

2. We use Native App.

 

Also we grant all permissions for application.

 

I would suggest you file a support ticket here.

create ATicket

 

Best Regards,

Dale

Community Support Team _ Dale
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Hi.

 

1. Scenario: App owns data 

2. Type of app: Native

 

Our code.

private async Task<AccessToken> GetAccessToken()
{
List<KeyValuePair<string, string>> formData = new List<KeyValuePair<string, string>>();
formData.Add(new KeyValuePair<string, string>("grant_type", "password"));
formData.Add(new KeyValuePair<string, string>("resource", this.powerBiConfiguration.ResourceUrl));
formData.Add(new KeyValuePair<string, string>("client_id", this.powerBiConfiguration.AppClientId));
formData.Add(new KeyValuePair<string, string>("username", this.powerBiConfiguration.UsernName));
formData.Add(new KeyValuePair<string, string>("password", this.powerBiConfiguration.Password.Trim()));

string oauthProviderUrl = this.powerBiConfiguration.OauthProviderUrl;
HttpClient httpClient = new HttpClient();
HttpContent content = new FormUrlEncodedContent(formData);
HttpResponseMessage responseMessage = await httpClient.PostAsync(oauthProviderUrl, content);

string responseData = string.Empty;

Stream data = await responseMessage.Content.ReadAsStreamAsync();
using (StreamReader reader = new StreamReader(data, Encoding.UTF8))
{
responseData = reader.ReadToEnd();
}

if (responseMessage.IsSuccessStatusCode)
{
return JsonConvert.DeserializeObject<AccessToken>(responseData);
}
else
{
string errorMessage = $"Access token for PowerBI was not received. Response: {responseData}";
this.logger.Error(errorMessage);
throw new Exception(errorMessage);
}
}

 

 

"PowerBiConfiguration": {
"ResourceUrl": "https://analysis.windows.net/powerbi/api",
"AppClientId": "12345678-9814-42fe-123456789",
"UsernName": "hiddenuser@organization.com",
"Password": "123123",
"GroupId": "12345678-d8b6-4af9-b607-123456789",
"OauthProviderUrl": "https://login.windows.net/common/oauth2/token"
},

Helpful resources

Announcements
LearnSurvey

Fabric certifications survey

Certification feedback opportunity for the community.