Multiple unknown Failed Exchanges

I was looking through my logs and came across a continuous stream of Failed Exchanges that look like below.

I do not have a client/application with the client_id mentioned below.

It also seems to have empty user_name, connection_id, user_id and an unknown looking user_agent.

Does anyone have a clue why this would be? This log seems to appear every 1-2 hours.

  "date": "2020-10-24T11:04:14.462Z",
  "type": "feccft",
  "description": "Unauthorized",
  "connection_id": "",
  "client_id": "lTyXru5ToUyOCRh1VYdsTEf4wwbDbjMN",
  "client_name": null,
  "user_agent": "Other 0.0.0 / Other 0.0.0",
  "hostname": "",
  "user_id": "",
  "user_name": "",
  "audience": "",
  "scope": null,
  "log_id": "90020201024110418940000882424083607457228409502001266722",
  "_id": "90020201024110418940000882424083607457228409502001266722",
  "isMobile": false

If you perform a client credentials grant against your tenant and you incorrectly input the client identifier this will still generate a tenant log for that failed attempt. In other words, I can replicate a similar log event in my own tenant with that client identifier as well.

If the IP address associated with that tenant log is not one that you would consider associated to your system a possible explanation would be some incorrect configuration by another person that lead to using your tenant name instead of their. However, this would be an edge case so I would also check if you have any extensions installed in your tenant that may be trying to perform such exchange. When certain extensions are installed they may create a client application for this exact purpose; if this application is then deleted I believe you could create the conditions for this scenario.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.