Share via

Suddenly getting non-interactive sign-in error 7000222 for a service principal, but I can't find any related registered apps with expired secrets

Michael Mattox 25 Reputation points
2025-03-02T19:09:14.7333333+00:00

We are integrated with Canvas, and we suddenly had an issue where users could not access their OneDrive from within Canvas, being given an authentication error. While digging to figure out the issue, I found a Service Principal named "Office365 LTI Prod IAD". Knowing we have a Microsoft 365 LTI connection with Canvas, I look into the sing-in logs. All of the interactive sign-ins are working as expected, but all of the non-interactive have suddenly started failing across the board, giving the 7000222 error, with a description saying the client secret keys are expired. The timing of these errors makes it plausible it's related to the OneDrive connection issues in Canvas. I started looking through all of our registered apps, but there is nothing that looks related that I can tell, and nothing that has a secret that would have expired in this time frame. And obviously the Service Principal itself doesn't have a secret.

It's all very confusing. As far as I know, there wouldn't be a secret associated with the LTI connection. The only thing that was changed in that time frame was turning the conditional access policy to deny legacy authentication from Read-only to On. The first thing we did when we encountered this error was return that rule to Report-Only, which didn't resolve anything. And the logs I was looking at in the Service Principal don't even make it to the Conditional Access step. Would appreciate any guidance, Canvas has been less-than-helpful so far.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,753 questions
Accepted answer
  1. Kancharla Saiteja 1,820 Reputation points Microsoft External Staff
    2025-03-06T03:54:36.16+00:00

    Hello @Michael Mattox ,

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

    Issue: Suddenly getting non-interactive sign-in error 7000222 for a service principal, but I can't find any related registered apps with expired secrets

    Solution: Resolved by @Michael Mattox

    "Turns out this problem was indeed on the Canvas side, and they have finally said as much"

    If you have any other questions or are still running into more issues, please let me know. Thank you again for your time and patience throughout this issue.

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.