Skip to main content

ENTRA004 - Microsoft Graph Connection Timed Out

Agent error code #ENTRA004 indicates that a request to login.microsoftonline.com or graph.microsoft.com did not complete within the agent's HTTP timeout (25 seconds).

This error is distinct from connection failures (#ENTRA000), which mean the connection never established at all. Error #ENTRA004 means the TCP connection succeeded but the HTTP response did not come back in time.

Common causes include:

  • Heavy packet loss or high latency between the agent and Microsoft's public endpoints
  • A slow forward proxy in the egress path
  • A transient performance issue at Microsoft. Check the Microsoft 365 Status page
  • The agent host is overloaded and TLS handshakes are starving

Steps to Resolve

Test Latency to Microsoft

  1. From the agent host, run: curl -w "%{time_total}\n" -o /dev/null -s https://graph.microsoft.com/v1.0/$metadata
  2. The expected total time is under 2 seconds. Sustained values over 10 seconds indicate a network problem

Check the Proxy Path

If HTTPS_PROXY is set in the agent environment, the proxy itself may be slow:

  1. Compare timings with and without the proxy where possible
  2. If the proxy is significantly slower, escalate to the network team

Retry After Investigating Microsoft Status

Transient timeouts during a Microsoft service incident usually resolve themselves. Confirm there is no current incident on Microsoft 365 Status before changing local configuration.

For the full setup, see the Microsoft Entra ID setup guide.

Still Having Issues?

We can help you out, contact us at support@knocknoc.io.

Back to top