Sharepoint online vermeer packet calls failing against sharepoint online
I am troubleshooting a very old sharepoint integration program we have. We make calls against sharepoint to place documents in it. And we use a very old sharepoint api (Vermeer packets)
This is using some very old code that was originally for on-prem sharepoint but which we have patched over the years to work with sharepoint online. We're finding that with one particular customer that we're getting 500 errors along with the text "Operation is not valid due to the current state of the object." when making calls like I'll show below the break.
Now this all works in dozens of other customer installs (yes even sharepoint 365 ones). I'm wondering if there are any sharepoint settings anyone knows about that might cause issues like this. Some type of security hardening switch that may have been flipped to dissallow calls like this? It may very well be that MS doesn't allow calls like this anymore in newer environments but that the older ones are grandfathered in. I'd love to see some type of documentation about something like that, but have found none so far.
Below is the call and response I'm getting
We make the http call
POST https://CUSTOMER.sharepoint.com/_vti_bin/shtml.dll/_vti_rpc HTTP/1.1
Content-Type: application/x-www-form-urlencoded
X-Vermeer-Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; windows NT; MS Search 6.0 Robot)
Host: esrtcloud.sharepoint.com
Content-Length: 46
Cache-Control: no-cache
method=url+to+web+url:6.0.2.5420&url=/&flags=0
And get the response back
HTTP/1.1 500 Internal Server Error
Content-Length: 62
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-NetworkStatistics: 1,525568,0,3568,358383,0,228305,6
IsOCDI: 0
X-DataBoundary: NONE
X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/
X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/
SPRequestGuid: 96d380a1-00cc-8000-1d92-1db10c88e0c6
request-id: 96d380a1-00cc-8000-1d92-1db10c88e0c6
MS-CV: oYDTlswAAIAdkh2xDIjgxg.0
Alt-Svc: h3=":443";ma=86400
Report-To: {"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=00000000-0000-0000-0000-000000000000&destinationEndpoint=Edge-Prod-EWR31r5b&frontEnd=AFD&RemoteIP=64.20.162.0"}]}
NEL: {"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0}
Strict-Transport-Security: max-age=31536000
X-FRAME-OPTIONS: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com teams.cloud.microsoft *.office365.com goals.cloud.microsoft *.powerapps.com *.powerbi.com *.yammer.com engage.cloud.microsoft word.cloud.microsoft excel.cloud.microsoft powerpoint.cloud.microsoft *.officeapps.live.com *.office.com *.microsoft365.com m365.cloud.microsoft *.cloud.microsoft *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com http://onedrive.live.com *.onedrive.live.com securebroker.sharepointonline.com;
SPRequestDuration: 11
SPIisLatency: 1
X-Powered-By: http://ASP.NET
MicrosoftSharePointTeamServices: 16.0.0.25722
X-Content-Type-Options: nosniff
X-MS-InvokeApp: 1; RequireReadOnly
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 203E3FC24FC84560B6FBE9F468E72B68 Ref B: EWR311000104035 Ref C: 2025-02-12T16:44:53Z
Date: Wed, 12 Feb 2025 16:44:52 GMT
Operation is not valid due to the current state of the object.
For comparison, a successful response to the call looks like this
HTTP/1.1 200 OK
Server: Microsoft-IIS/10.0
Date: Wed, 12 Feb 2025 20:45:51 GMT
Connection: close
Content-type: text/html; charset=utf-8
<html><head><title>vermeer RPC packet</title></head>
<body>
<p>method=url to web url:6.0.2.5420
<p>webUrl=/
<p>fileUrl=
</body>
</html>
The reason for the "Operation is not valid due to the current state of the object" is that for some reason, the SPOIDCRL cookies obtained from the claims based logging is not attached as a header to the request.
I don't know WHY it's not getting attached, as I see there is code elsewhere that does that. But I can reproduce the exact error message in house, if I just remove the code that attaches the cookie below. So that's the base cause.
I have some work to do now to figure out why that's happening.
- Math.Sin() gives incorrect value
- How to run my python script when the sunOS is start booting
- Express-session: not resetting cookie expiration on each request
- Getting a stack overflow exception when normalizing a vector
- Edit default summary function in R gives error for multiple variables
- What was a For loop? Why isn't it needed in R?
- How to use download button in shiny and save results in various formats (csv, texte, pdf, spss...)?
- Why are there two assignment operators, `<-` and `->` in R?
- lm()$assign: what is it?
- How to get the value of list(...) in R and S functions
- Design matrix for MLM from library(lme4) with fixed and random effects
- how to generate elements not included in my sample
- Create a matrix with gradually changing values without a for loop
- Emacs ESS and S-plus ( S+ ) 8.1 compatability
- How to lag date-index in a time-series in R?
- Nonlinear regression in R / S
- Calling R from S-Plus?