Troubleshooting Office 365 connectivity

When you verify connection settings in the last step of the Exchange connection wizard, CodeTwo Backup performs the following actions: it registers itself in Azure Active Directory of the tenant to which you are configuring the connection (applies only if you chose the Automatic registration option), attempts to authenticate itself with that Azure AD, and checks connections to Exchange Web Services and Microsoft Graph API. If the program fails to perform any of these actions, it will display failure notifications (Fig. 1.).

Backup failed connection to Exchange Online
Fig. 1. Failure notifications shown when configuring a connection to Exchange Online.

Click the links below to learn about possible causes and solutions for each of these errors.

Troubleshooting application registration

Failed to register 'CodeTwo Backup' with tenant '<TenantID>'.

If you see this error, it means that the account provided in the Application registration step of the connection wizard doesn't have enough permissions to register CodeTwo Backup in your Azure Active Directory. Close the Exchange connection wizard, reopen it and use the account that is a global admin in the Office 365 tenant to which you want to connect.

Keep in mind that even if this step fails, the CodeTwo Backup Exchange entry is created in your Azure AD. However, this application is missing the necessary permissions that only an Office 365 global admin can grant. Delete this entry by following these steps or grant the necessary admin consent in Azure Active Directory admin center and then configure a connection to your Exchange server by following the manual registration path.

Troubleshooting application authentication

The SMTP address has no mailbox associated with it.

This error occurs if the email address provided in the Application details step of the server connection wizard is not mailbox-enabled (it is not assigned an Office 365 license that included the Exchange Online plan). You will also get this message if the provided email address is from a different Office 365 tenant than the one determined by the Tenant ID.

CodeTwo Backup uses Exchange Web Services (EWS) to access Exchange Online, list users/mailboxes and perform data backup and restore jobs. The requirement that the admin account used by the program needs to have a mailbox is enforced by EWS itself.

ClientId is not a Guid.

The Client ID entered in the Application details step is not valid. A valid GUID has the following form: 12345678-1234-1234-1234-1234567890AB. Double-check the entered Client ID and try again.

The operation was canceled.

This is a timeout error message that you will receive if the provided Client ID is not identified with any application registered in your Azure AD. Provide the correct ID or check if the application under that ID still exists in the Azure AD. 

Tenant '<Tenant ID'> not found.

Make sure you have entered a correct Tenant ID of your Office 365 tenant. The Tenant ID (or Directory ID) can be found in Azure Active Directory admin center – simply navigate to Azure Active Directory > Overview. The Tenant ID is visible under the name of your company.

The certificate used must have a key size of at least 2048 bits.

This error appears if you have registered CodeTwo Backup manually in your Azure AD and used a certificate that contains a key that is shorter than 2048 bits. Use a different certificate that uses the necessary key or generate a client secret instead. 

The wrong application (public or confidential) is being used with this authentication flow. 

You will get this error if you enter an incorrect Certificate thumbprint Client secret (app password) in the Application details step, if that certificate / client secret no longer exists in your Azure AD, or if it has expired.

Troubleshooting EWS connectivity

The request failed. The remote server returned an error: (401) Unauthorized.

There are three known reasons why this error may occur:

  • the CodeTwo Backup application registered with your Azure AD tenant is missing the full_access_as_app permission (find out how to assign it here),
  • the SMTP email address of the account used to register the application in Azure AD is different than its UPN (User Principal Name),
  • the application has just been registered, but not all changes have been propagated in your Azure AD. Wait awhile and try configuring the connection again. 
The SMTP address has no mailbox associated with it.

You will get this error if the email address provided in the Application details step of the server connection wizard is not mailbox-enabled (it is not assigned an Office 365 license that included the Exchange Online plan). You will also get this message if the provided email address is from a different Office 365 tenant than the one determined by the Tenant ID.

AADSTS700016: Application with identifier '<Client ID>' was not found in the directory '<Tenant ID>'.

This error occurs if:

  • CodeTwo Backup has been deleted from your Azure AD. If so, make sure to register it again (automatically or manually),
  • you have provided incorrect Client ID and/or Tenant ID in the Application details step of the server connection wizard. Make sure that you have provided correct registration details and try again.
  • the application has just been registered, but not all changes have been propagated in your Azure AD. Wait awhile and try configuring the connection again (in the server configuration wizard, click Back, then Next to return to the Configuration step and click Configure).

Troubleshooting Graph API connectivity

Code: Authorization_RequestDenied Message: Insufficient privileges to complete the operation.

CodeTwo Backup doesn't have the necessary permissions to perform that operation. Make sure to follow these steps in order to grant all the required permissions in your Azure AD.

The wrong application (public or confidential) is being used with this authentication flow.

You will get this error if you enter an incorrect Certificate thumbprint / Client secret (app password) in the Application details step, if that certificate / client secret no longer exists in your Azure AD, or if it has expired.

AADSTS700016: Application with identifier '<Client ID>' was not found in the directory '<Tenant ID>'.

This error occurs if:

  • CodeTwo Backup has been deleted from your Azure AD. If so, make sure to register it again (automatically or manually),
  • you have provided incorrect Client ID and/or Tenant ID in the Application details step of the server connection wizard. Make sure that you have provided correct registration details and try again.
  • the application has just been registered, but not all changes have been propagated in your Azure AD. Wait awhile and try configuring the connection again (in the server configuration wizard, click Back, then Next to return to the Configuration step and click Configure).

See also

Can't find the solution to your problem? Try searching our Knowledge Base.

Was this information useful?