Overview
The backups of SaaS applications can potentially encounter problems due to various factors. In these scenarios, the backups will either fail or complete with errors.
The SaaS applications covered in this article is the following.
· Microsoft 365 Platforms:
o Exchange Online
o OneDrive
o Microsoft 365 Groups
o Public Folders
o SharePoint Online
o Microsoft Teams
The statuses reported by the inSync console in these cases are the following.
· Backup Failed
· Backed Up With Errors
When backups have a status of “Backup Failed” or “Backed Up With Errors”, the “Status Details” column can be used to gather more information about the issue on a per-user/resource basis.
For all the error messages that can potentially be present under the “Status Details” column, please reference the link https://help.druva.com/en/articles/8368045-cloud-apps-integration-error-messages.
The possible errors that can be found for the various Microsoft 365 platforms can be found here: https://help.druva.com/en/articles/8368048-microsoft-365-errors.
Troubleshooting & Analysis:
Microsoft 365 Platforms:
For user-based SaaS applications, the inSync console provides the ability to download the debug logs for all the resources associated with an individual user.
For resources that are not user-based, such as SharePoint Online, the individual logs are also available for download from the inSync console.
The steps to download the debug logs for a user and non-user based SaaS applications can be found here. The steps are located under the “Overview” section of the article.
To easily identify errors in the debug logs, the log file(s) can be searched for the text string [ERROR].
Enterprise Application Status Verification For Microsoft 365 Platforms:
The inSync platform utilizes enterprise applications to be able to establish a connection with Microsoft Entra ID and Microsoft 365 to back up SaaS applications.
To ensure that there is no connection issue, we can utilize the “Summary” section of the inSync console's 'Overview' page for Microsoft 365 to check on the status of the deployment applications.
The “App Configuration” section displayed in the image below will show when an application is in an unhealthy state.
The status of the deployed enterprise applications can also be viewed through the “Manage Apps” window displayed below. To access this window, click on the “Manage Apps” button in the top, right-hand corner of the Microsoft 365 Overview page.
NOTE: The deployment status of auxiliary applications can only be viewed within the inSync console through an aggregated view displaying the installed application count and whether they are enabled or not.
From the “Overview” page for Microsoft 365 the inSync console also provides the ability to verify the functionality of the deployed enterprise application. The “Verify” option can be accessed as follows:
NOTE: The verification option is also relevant to evaluating the status of backup issues associated with a specific resource(s).
1. While on the “Overview” page for Microsoft 365, please click on the button with the three vertical dots located to the immediate right of the “Manage Apps” button.
2. Click on the “Verify” link.
3. Within the “Verify Configuration” window, begin by selecting the relevant enterprise application from the “Select app to verify” drop-down menu.
4. In the “Select a User” field, please enter an email address of a Microsoft 365/Azure Active Directory user to begin the verification process for Exchange Online and OneDrive platforms.
5. For Microsoft 365 groups, Public Folders, SharePoint Online sites or Microsoft Teams resources, enter the name of the relevant resource(s) to begin the verification process.
Within Microsoft Entra ID, we can also gather information about the health and status of an enterprise application utilized by the inSync platform.
We can verify the following items related to the state of an enterprise application. The steps to check each item are listed below.
1. The permission set defined is correct.
2. Admin consent has been granted for the required permissions.
3. User sign-in is enabled in the properties of the enterprise application.
4. Status & configuration of conditional access policies.
The Microsoft Entra ID portal also contains sign-in logs, which can be helpful when troubleshooting problems related to sign-in failures and authentication-related failures due to conditional access policies.
The following Microsoft article provides more details related to accessing the logs within Microsoft Entra ID as well as conditional access policies.
To access the sign-in logs within the Microsoft Entra ID portal, the following steps can be followed.
1. Log in to the Microsoft Entra ID portal.
2. From the home page of the Microsoft Entra ID portal, please click on the “Microsoft Entra ID” link located under the “Azure Services” section.
3. Expand the “Manage” menu located on the left-hand side of the page and click on the “Enterprise applications” link.
4. Utilize the search bar to locate the “Microsoft 365 Basic” or “Microsoft 365 Advanced” application.
5. After locating the relevant application, click on the name of the application to open the “Overview” page for the specific application.
6. Expand the 'Activity' drop-down menu located on the left-hand side of the page and click on the “Sign-in logs” link.
7. After the “Sign-in logs” page loads, click on the “User sign-ins (non-interactive) tab.
8. By default, the results will be displayed for the last 7 days. The time frame of the results can be adjusted to either the last day or last month.
9. Click on the “Add filters” link to filter the log results by the “Failure” status. A menu will appear after clicking on the “Add filters” link where the “Status” column can be selected.
10. After selecting the “Status” column, click the 'Apply' button.
11. The 'Status' filter will be displayed in the list of filters afterwards and will display “None Selected”. Click on the “Status” filter, select “Failure” and “Interrupted” from the menu, then click on the “Apply” button to filter the results.
12. When locating an event in the log results that require additional investigation, the event can be expanded. When you click on a specific event line item after it has been expanded, an “Activity Details: Sign-ins” window will appear on the right-hand side of the page.
13. The sections helpful for troubleshooting within the “Activity Details: Sign-ins” window for each event include the date and time of the event, the “Authentication requirement”, “Additional Details” and “Troubleshoot Event” sections.
The relevant user associated with the event and the corresponding resource will also be displayed.
Troubleshooting Reference Links – Common Issues & Troubleshooting Steps:
Issue-Specific Reference Links: