Troubleshooting SCOM 2022 Teams Integration

Written By Charlotte Wyld

When we were setting SCOM 2022 Teams integration in our environment these are some of the issues and fixes we discovered. For the full setup guide for SCOM 2022, or if you are looking for integrations for older versions of SCOM (2012 R2+) or more functionality, such as bi-directional sync, check out our blog on ‘How does SCOM 2022’s native Microsoft Teams Integration Work?

Troubleshooting Tip & Fixes

“Failed to send notification using server/device” alerts because of permissions

1.       If you fail to ‘Grant Admin consent’ for the Microsoft Graph permissions you add to your Azure AD App, you will see ‘Failed to send notification using server/device’ alerts in SCOM with a description like this:

Notification subsystem failed to send notification using device/server 'Primary' over 'teams' protocol to 'https://teams.microsoft.com/l/channel/<ChannelID>thread.skype/General?groupId=<GUID>&tenantId=<GUID><GUID> &tenantId=<GUID>'. Microsoft.Graph.ServiceException: UsernamePasswordCredential authentication failed: AADSTS65001: The user or administrator has not consented to use the application with ID '<GUID>' named 'SCOM 2022 Teams App'. Send an interactive authorization request for this user and resource.

Trace ID: <GUID>
Correlation ID: <GUID>
Timestamp: 2022-03-11 14:10:37Z

See the troubleshooting guide for more information:
https://aka.ms/azsdk/net/identity/usernamepasswordcredential/troubleshoot

2.       To fix this issue go into Azure AD > App registrations > your SCOM 2022 Teams application then check the permissions match the below then click ‘Grant Admin consent’ then hit ‘Yes’

3.       You should see a confirmation message, like the below if the grant has been successful.

“Failed to send notification using server/device” alert because your account requires multi factor auth

Make sure the account does not require two factor authentication, if you use an account requiring two factor auth you will see this alert:

Its full description reads:

“Notification subsystem failed to send notification using device/server 'Primary' over 'teams' protocol to 'https://teams.microsoft.com/l/channel/<ChannelID>thread.skype/General?groupId=<GUID> &tenantId=<GUID>&tenantId=<GUID>'. Microsoft.Graph.ServiceException: UsernamePasswordCredential authentication failed: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'.
Trace ID: 21f64e9c-f50a-4636-ae02-362826670900
Correlation ID: 325fa81f-e5a8-4179-9b8e-8127a9b9cfe0
Timestamp: 2022-03-11 08:11:49Z

See the troubleshooting guide for more information: https://aka.ms/azsdk/net/identity/usernamepasswordcredential/troubleshoot

To turn off multi factor auth for a single user account:

1.     Login to admin.microsoft.com (requires M365 admin credentials).

2.     Navigate to Users >Active Users and select the user account you want to turn multi factor auth off for.

3.     Select ‘Manage multi factor authentication’.

Charlotte Wyld
Next

How does SCOM 2022’s Native Microsoft Teams Integration Work?