In this article:  

• Issue description

• Prerequisites

• Possible cause

• Resolution

• Related topics and articles

• How to reach support

Issue description  

While ADAudit Plus is collecting logs from Entra ID modules, the following error occurs: Lifetime validation Failed- Token Expired.

Prerequisites  

• You must have access to the ADAudit Plus server.

• You need access to the ADAudit Plus UI.

• You need access to the Entra ID Portal.

• The following Microsoft Graph API application permissions are required:

• Application.Read.All

• AuditLog.Read.All

• Directory.Read.All

• IdentityRiskEvent.Read.All

• Group.Read.All

• User.Read.All

• DeviceManagementApps.Read.All

• DeviceManagementManagedDevices.Read.All

Possible Cause  

• The respective events are not being generated or are not present on the configured DC.

• Events are being overwritten before log collection can take place.

• There is an issue with log collection and log processing.

Resolution  

1. From the ADAudit Plus server, please ensure the following required Microsoft URLs are accessible:

• login.microsoftonline.com

• graph.microsoft.com

• graph.windows.net

• outlook.office.com

• compliance.microsoft.com

• manage.office.com

2. The "Lifetime validation failed, the token is expired" error typically occurs during the initial setup. When starting event collection from Entra ID, the process attempts to fetch events from the last 30 days. Due to the large volume of events, this collection can take longer than one hour, causing the access token to expire.

3. During the next fetch cycle, the token is automatically refreshed, and event collection resumes without any events being missed. This error should only occur during the initial collection and should not persist during normal operation.

Related topics and articles  

• Unable to add tenants due to invalid client ID

How to reach support