403 Internal Server Error
Problem description
Users may report that they are seeing a 403 Internal Server Error. This typically appears for customers using Microsoft 365 during either of the following operations:
- When attempting to connect Evoko Home (v2.7.6) to Microsoft 365 for the first time.
- When trying to re-authenticate an existing Evoko Home instance with Microsoft in the Global Settings after updating to v2.7.6.
First Evoko Home connection
This is how the error appears when attempting to pass the Evoko Home Wizard during a first-time configuration:
M365 Credentials update
This is how the error appears when attempting to update the M365 Credentials in Evoko Home Global Settings.
Why does this happen?
In v2.7.6 of Evoko Home, the protocol for connection to Microsoft 365 changed to accommodate Role Base Application Control. This is commonly referred to as RBAC.
- This 403 error indicates the App Registration associated with the Tenant ID and Application ID is reporting a mismatch of the permissions that are needed when running v2.7.6 as compared to a previous version of Evoko Home.
- All versions of Evoko Home prior to v.2.7.6 required the App Registration in Entra to be slightly different and required protocols.
How do I fix this?
The following two-step process fixes both 403 error instance types:
Before following below the Step 2A-3 and Step 2A-4, we recommend you to creating new service account that explained here Step 2A-1 and make sure it has a valid license and mailbox. Open an incognito browser and navigate to https://www.office.com/. Once there, log into the newly created Service Account’s Mailbox. The reason behind creating new service account is if you had an older version of evoko home earlier with a service account that might be some conflict with Application Impersonation role.
- Check your App Registration matches this guide here in Step 2A-3. Application Registration and API Permissions
- Note: Do not confuse the Secret Value with the Secret ID. They are different. The Secret Value is the critical setting for fixing the 403 error.
- Complete the Power-shell commands from the prep guide here: Step 2A-4. Application Role-Based Access Control
Once the tasks have been completed above you can then attempt to either pass the Evoko Home Wizard again or update the credentials in Evoko Home Global Settings. If the above steps were completed correctly, you should get a message indicating successful credentials!
If you find yourself still having issues; please contact our support team for further help.