Skip to main content
Nintex Community Menu Bar

We are running K2 5.6 FP29 and have followed the Manually Setting AAD for login and also the identity sync article.  Logging into using AAD works but the identity synch fails with the below error.  We followed the same steps in our dev and qa environment and the sync works.  Does anyone know how to fix a missing or malformed token?
 

Error - {"odata.error":{"code":"Authentication_MissingOrMalformed","codeForMetrics":"Authentication_MissingOrMalformed","message":{"lang":"en","value":"Access Token missing or malformed."},"values":null}}
   at SourceCode.Sync.Providers.AAD.Net.AadHttpClient.<ValidateResponseAsync>d__21.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at SourceCode.Sync.Providers.AAD.Net.AadHttpClient.<GetStreamAsync>d__20.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at SourceCode.Sync.Providers.AAD.Net.AadHttpClient.<>c__DisplayClass19_0.<<QueryAsync>b__0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at SourceCode.Sync.Providers.AAD.Elephant.RetryPrimitive.<ExecuteActionAsync>d__9`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at SourceCode.Sync.Providers.AAD.Net.AadHttpClient.<QueryAsync>d__19.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at SourceCode.Sync.Providers.AAD.AadSyncClient.<ExecuteDifferentialQueryAsync>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at SourceCode.Sync.Providers.AAD.AadIdentityProvider.<SyncAsync>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at SourceCode.Sync.SyncEngine.<InvokeAsync>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at SourceCode.Sync.SyncEngine.<StartProviderSyncAsync>d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
   at SourceCode.Sync.Runtime.SyncLocalClient.<>c__DisplayClass20_0.<RunSyncJob>b__0()
   at SourceCode.Sync.Runtime.Extensions.<>c__DisplayClass2_0.<LogMethodExecution>b__0()
   at SourceCode.Sync.Runtime.Extensions.LogMethodExecution>T](ILogger logger, Func`1 methodFunc, String source, Boolean throwException, String methodName)
Inner - 

We are facing the exact same issue, but we are on Nintex Automation K2 (5.8) FP10 and enabled the new Idendity Service.

Have you been able to solve the issue meanwhile?

I would appreciate, if you could give us some hints.

You may be seeing the issue highlighted in the .docx file from the following post:

 

Specifically, this section:

After one of the cumulative updates mentioned in the K2 migration to Microsoft Graph article is installed on your system, you must run the following script for the Sync Service to work with AAD. The script works by changing the AAD provider Type to Graph and registering an oAuthResourceId for Graph in the Sync Engine.

This script assumes that the provider name and your security label name are AAD, if not, edit the script to reflect your environment. Contact support if you are not sure what values to change.

DECLARE @ProviderTypeID AS int
SELECT @ProviderTypeID =ID
FROM DSyncEngine].SProviderType]
WHERE Type = 'MSGraph'

UPDATE bSyncEngine].SProvider]
SET ProviderTypeID = @ProviderTypeID
WHERE Name = 'AAD'

DECLARE @ProviderInstanceID AS int

SELECT @ProviderInstanceID = ID
FROM DSyncEngine].SProviderInstance]
Where ProviderID = (SELECT ID
FROM DSyncEngine].SProvider]
WHERE Name = 'AAD')

DECLARE @ProviderInstanceIDGuid AS nvarchar(max)

SELECT @ProviderInstanceIDGuid = AuthInit.value('(/AuthInit/OAuthResourceID/node())c1]','nvarchar(max)')
FROM )HostServer].HSecurityLabel]
Where SecurityLabelName = 'AAD'

Insert into ISyncEngine].SProviderInstanceRuntimeConfig](tProviderInstanceID],IConfigKey],[ConfigValue])
VALUES (@ProviderInstanceID,'msgraph.oAuthResourceId',@ProviderInstanceIDGuid)

 

You can try backing up the K2 database, running this script, and retesting the AAD sync.  If the issue is not resolved, restore the backup and logging a Support Case may be necessary.

Hi Tintex,

Thanks a lot for your valuable hint.

The sync issue is fixed.

Reply


Sidebar Buttons
Nintex Community Home Contact Nintex Support Email Nintex Community Check Nintex Status
Terms & ConditionsCookie Settings