Skip to main content

 

Druva Documentation

Office 365 issues

Issue: Insufficient permissions to backup web files

After you start the backup of One Drive data, you might encounter a backup failed error for One Drive. In the Last Backup Status report, it displays the following error details:

Internal Error!! Please see logs for details.

This is an excerpt from the logs for this error:

Error <type 'exceptions.Exception'>:Could not download file. resourceid 01QIIFEDEHMKO3JE4HTJGY6424GT5QYRXO, path -, name -, user ernie@druva.com, error Error getting response. Server response - Unauthorized Access. Response Code:401 Text:{"error":{"code":"-2147024891, System.UnauthorizedAccessException","message":"Access denied. You do not have permission to perform this action or access this resource."}}.

Reason 

inSync displays this error due to insufficient permissions while accessing the following file types: .aspx, .master, .xap, .swf, .jar, .asmx, .ascx, .xsf, and .htc 

Workaround

Exclude the above mentioned file types from getting backed up so that inSync does not try to back up the these file types. To exclude the files types:

  1. On the inSync Management Console menu bar, click Profiles.
  2. Click the profile that is configured with cloud apps.
  3. Under the Cloud Apps tab, click Edit. The Edit Profile window appears.
  4. Under Office 365 tab, in the Exclude Files box, enter the following: *.aspx;*.master;*.xap;*.swf;*.jar;*.asmx;*.ascx;*.xsf;*.
    htc 
  5. Click Save.

Issue: One Drive/Exchange Online backup failing for users

One Drive/Exchange Online backups failing for users after 10 days of account configuration. When backups fail, the administrator receives an email with the subject "Cloud App status alert" with the following message:

Office 365 is not connected. Please re-configure Office 365.

Reason 

While creating an account for global administrators on Office 365, the StsRefreshTokensValidFrom attribute was not set by the APIs of the third party SSO tool.

Workaround

  1. Install Azure module using link:
    1. Download the Microsoft Online Services Sign-In Assistant for IT Professionals RTW from the Microsoft Download Center using this link and then install it.
    2. Download the Azure Active Directory Module for Windows PowerShell (64-bit version) installer package using this link and then click Run to run it.
  2. Connect to Azure AD:
    Run the cmdlet connect-msolservice command on the Windows PowerShell command prompt. You will then be prompted for your credentials. Enter your Azure AD (Global admin) credentials.
  3. Get StsRefreshTokensValidFrom attribute value of the global admin using the following command:
    $user = Get-MsolUser -UserPrincipalName ernie.carter@druva.com
    $user.StsRefreshTokensValidFrom

    where Ernie Carter is the global admin who is configuring the Office 365 app
  4. The following command will set current time as the value of StsRefreshTokensValidFrom attribute  for the global admin. Steps to set this value:
    $dt = Get-Date
    Set-MsolUser -UserPrincipalName ernie.carter@druva.com -StsRefreshTokensValidFrom 
    $dt.ToUniversalTime()
  5. Run step 3 again. This time you should see the current time (set in step 4). This is a verification step. 
  6. Re-configure inSync with Office 365 using the steps mentioned in the How to configure inSync with Office 365 topic.

Issue: One Drive backup failing for users

OneDrive backups fail for users, but Exchange Online gets backed up successfully. When the backup for OneDrive fails, the Status Details column on the Manage Cloud Apps > Office 365 page displays the following error message:

EUSERNOTFOUND

Reason 

inSync cannot connect to OneDrive when the Domain joined device conditional access is enabled to the Office 365 global administrator even if the affected user exists in inSync. 

Workaround

  1. From the Azure AD portal, disable the Domain joined device conditional access to the global administrator’s account. For more information, refer to Microsoft’s Office 365 documentation.
  2. Reconfigure your Office 365 after disabling the conditional access. To reconfigure your Office 365 see How to configure inSync with Office 365 topic.