cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
ChadVKealey
Level 10

Office 365 Outlook Send Mail: 'Failed to refresh access token for service: office365certificate.'

We have a Flow that's connected to/triggered from a PowerApp. Students use the App to submit proposals for review and approval. Last Fall was our first term using the App and students had zero problems. However, this term, so far two students (who submitted successfully in the Fall) have had the Flow fail when trying to send them an email using the Office 365 Outlook Send Mail action. The exact error message text is: 

Error from token exchange: Runtime call was blocked because connection has error status: Enabled| Error, and office365 is in the block list. Connection errors: [ParameterName: token, Error: Code: Unauthorized, Message: 'Failed to refresh access token for service: office365certificate. Correlation Id=606df5da-5e8a-4b1a-bb4c-c99955c87bfa, UTC TimeStamp=1/17/2019 3:07:11 AM, Error: Failed to acquire token from AAD: AADSTS70002: Error validating credentials. AADSTS700082: The refresh token has expired due to inactivity. The token was issued on 2018-10-12T18:34:05.7604799Z and was inactive for 90.00:00:00.
Trace ID: 7bc450f9-9af8-4a13-8fa5-b4e799960700
Correlation ID: 3ab34416-61f3-4402-bf67-5a09e719d668
Timestamp: 2019-01-17 03:07:11Z']

What appears to be happening is that the connection token (which they "allowed" when running the App back in the Fall) expired/timed out and did not refresh when they ran the App this term. This has only happened to two students thus far. Dozens of others have used the App/Flow and submitted proposals without error. 

 

For the time being, I added another action (the generic "Mail" one that sends from MS's service account) that runs only if the O365 Outlook Send Mail fails. In that message, I direct them to check their Connections in Flow (which seemed to fix the issue for the first student, still waiting to hear back from the second one).

5 REPLIES 5
ChadVKealey
Level 10

Re: Office 365 Outlook Send Mail: 'Failed to refresh access token for service: office365certificate.

For what it's worth, I did read through https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-... to learn about token lifetimes and such, but it's not entirely clear to me how this applies to Connections in Flow and PowerApps. 

 

Is there a document or website that specifically addresses this issue? We are likely going to end up with a large number of Apps and Flow that users will interact with infrequently (less often than every 90 days). For example, request forms that are only filled out once or twice a year by a particular person. Should the App or Flow not automatically refresh the token the first time it's used after expiring (assuming the user's account is still active)?

 

If our global admins need to change something in the token lifetime policy to alleviate this problem, I need to start making a business case for it. 

Super User
Super User

Re: Office 365 Outlook Send Mail: 'Failed to refresh access token for service: office365certificate.

We have the same issue with the connection between Flow and SharePoint which breaks every hour and then affects any Office 365 emails going out from the flow, so I can sympathise with your situation. We have raised a Premier support ticket with Microsoft but 3 weeks on it is not yet resolved. I'll feed back any news I get about the solution.

 

Rob

ChadVKealey
Level 10

Re: Office 365 Outlook Send Mail: 'Failed to refresh access token for service: office365certificate.

Thanks, @RobElliott. I put a ticket in with our tenant admins so they can open a ticket with MS. The real head-scratcher in all of this is that when the users go to view their Connections, it shows that the Office 365 Outlook connector is just fine. Well, one person had the "fix this" link, but they said that they'd changed their password since using the App last (so I kind of understand why they'd need to re-authenticate). So, it seems like their just accessing the Flow site causes the token to refresh? I really wish MS had some better documentation on how Connections actually work.

Highlighted
Toasteroven
Level: Powered On

Re: Office 365 Outlook Send Mail: 'Failed to refresh access token for service: office365certificate.

Please keep us updated with the status of your ticket. The same thing is happening to me where if a user does not use a flow for 90 days their token expires.

Super User
Super User

Re: Office 365 Outlook Send Mail: 'Failed to refresh access token for service: office365certificate.

Our issue has now been resolved. I went into the backend of PowerApps last Sunday to look at something else and decided to switch account. I only have one Microsoft account so I selected it to refresh the account and that solved it, no more disconnections in Flow.

 

So it seems that when I updated my Office 365 password I needed to refresh the connections in Flow AND do a refresh in PowerApps. I didn't think of that as Flow and PowerApps use the same connections and have the same screen. But it does seem to be necessary. Even Microsoft's engineers didn't suggest that and assumed it was a token refresh time issue which it wasn't. My flows have now been working perfectly all week and not a single disconnection.

Helpful resources

Announcements
firstImage

Power Platform Online Conference

Join us for the first ever Power Platform Online Conference!

firstImage

Coming Soon: T-shirt Design Contest

Keep your eyes open for our upcoming T-shirt design contest!

firstImage

Incoming: New and improved badges!

Look out for new contribution recognition badges coming SOON!

firstImage

New & Improved Power Automate Community Cookbook

We've updated and improved the layout and uploading format of the Power Automate Cookbook!

thirdimage

Power Automate Community User Group Member Badge

Fill out a quick form to claim your user group badge now!

sixthImage

Power Platform World Tour

Find out where you can attend!

Users online (5,947)