Troubleshooting SharePoint connectivity

This article contains information on all known connectivity problems related to SharePoint servers (both SharePoint Online and its on-premises version) as well as possible solutions.

Problems with configuring a connection to SharePoint Online

When configuring a connection to SharePoint Online, in the last step of the SharePoint Server connection wizard, CodeTwo Backup tries to enumerate SharePoint site collections and connect to one of them. The program also registers itself in Azure Active Directory of the tenant to which you are configuring the connection (applies only if you chose the Automatic registration option), attempts to authenticate itself with that Azure AD, and checks connections to Microsoft Graph API. If the program fails to perform any of these actions, it will display failure notifications (Fig. 1.).

Backup failed connection to SharePoint Online
Fig. 1. Failure notifications shown when configuring a connection to SharePoint Online.

Click the links below to learn about possible causes and solutions for each of these errors.

Failed to connect to SharePoint

Failed to connect to SharePoint using account '<admin_account>'. Make sure that you have entered the account credentials and server URLs correctly.

In case you get this message, double-check the details entered in the Server address and Admin's credentials steps of the connection wizard and try again. If multi-factor authentication is enabled for the provided admin account, make sure to use the app password instead of the regular Office 365 account password. Also, make sure that the admin account is assigned specific roles allowing access to SharePoint content (keep in mind that the propagation of admin rights in Office 365 usually takes some time). Finally, check your internet connection. 

It is also possible that the support for non-modern (legacy) authentication protocols is disabled in your tenant. Enabling it may also solve the problem. Read more below

Exception: For security reasons DTD is prohibited in this XML document.

This problem is most likely caused by the DNS assistance service (also known as DNS hijacking or DNS redirection) used by your Internet Service Provider (ISP). Suggestions on how to troubleshoot this problem can be found in this Knowledge Base article

The sign-in name or password does not match one in the Microsoft account system.

You will get this error if you have enabled multi-factor authentication (or Security defaults in the Azure Active Directory admin center) for the admin account used in the SharePoint Server connection wizard. To be able to use that account, you need to generate and use app password instead of a regular Office 365 password in the Admin credentials step of the wizard (or disable Security defaults).

Troubleshooting application registration

Failed to register 'CodeTwo Backup' with tenant '<TenantID>'.

If you see this error, it means that the account provided in the Application registration step of the connection wizard doesn't have enough permissions to register CodeTwo Backup in your Azure Active Directory. Close the SharePoint Server connection wizard, reopen it and use the account that is a global admin in the Office 365 tenant to which you want to connect.

Keep in mind that even if this step fails, the CodeTwo Backup SharePoint entry is created in your Azure AD. However, this application is missing the necessary permissions that only an Office 365 global admin can grant. Delete this entry by following these steps or grant the necessary admin consent in Azure Active Directory admin center and then configure the SharePoint server connection by following the manual registration path.

Troubleshooting application authentication

ClientId is not a Guid.

The Client ID entered in the Application details step is not valid. A valid GUID has the following form: 12345678-1234-1234-1234-1234567890AB. Double-check the entered Client ID and try again.

The operation was canceled.

This is a timeout error message that you will receive if the provided Client ID is not identified with any application registered in your Azure AD. Provide the correct ID or check if the application under that ID still exists in the Azure AD. 

Tenant '<Tenant ID'> not found.

Make sure you have entered a correct Tenant ID of your Office 365 tenant. The Tenant ID (or Directory ID) can be found in Azure Active Directory admin center – simply navigate to Azure Active Directory > Overview. The Tenant ID is visible under the name of your company.

The certificate used must have a key size of at least 2048 bits.

This error appears if you have registered CodeTwo Backup manually in your Azure AD and used a certificate that contains a key that is shorter than 2048 bits. Use a different certificate that uses the necessary key or generate a client secret instead. 

The wrong application (public or confidential) is being used with this authentication flow. 

You will get this error if you enter an incorrect Certificate thumbprint Client secret (app password) in the Application details step, if that certificate / client secret no longer exists in your Azure AD, or if it has expired.

You can also try the following solutions:

  • synchronize the time on the machine where CodeTwo Backup is installed with a time server,
  • use the Client secret credential instead of Certificate thumbprint in the case you registered the CodeTwo Backup application in Azure AD manually.

Troubleshooting Graph API connectivity

Code: Authorization_RequestDenied Message: Insufficient privileges to complete the operation.

CodeTwo Backup doesn't have the necessary permissions to perform that operation. Make sure to follow these steps in order to grant all the required permissions in your Azure AD.

The wrong application (public or confidential) is being used with this authentication flow.

You will get this error if you enter an incorrect Certificate thumbprint / Client secret (app password) in the Application details step, if that certificate / client secret no longer exists in your Azure AD, or if it has expired.

AADSTS700016: Application with identifier '<Client ID>' was not found in the directory '<Tenant ID>'.

This error occurs if:

  • CodeTwo Backup has been deleted from your Azure AD. If so, make sure to register it again (automatically or manually),
  • you have provided incorrect Client ID and/or Tenant ID in the Application details step of the server connection wizard. Make sure that you have provided correct registration details and try again.
  • the application has just been registered, but not all changes have been propagated in your Azure AD. Wait awhile and try configuring the connection again (in the server configuration wizard, click Back, then Next to return to the Configuration step and click Configure).
User '<admin_account>' could not be found on the server. Make sure to register CodeTwo Backup in Azure Active Directory of the same tenant as provided on the 'Server address' page of this connection wizard.

You will get this error if SharePoint server URL provided in the Server address step points to a different Office 365 tenant than the credentials used in the Application registration (automatic registration) or Application details (manual registration) step. 

Problems with configuring a connection to on-premises SharePoint server

When configuring a connection to the on-premises SharePoint server, in the last step of the SharePoint Server connection wizard the program tries to enumerate site collections with PowerShell and connect to any SharePoint site collections and Admin service. If the program fails to perform any of these actions, it will display failure notifications, as shown in Fig. 2. below:

Backup failed connection to on-prem SharePoint
Fig. 2. Failure notifications shown when configuring a connection to the on-premises SharePoint server.

The examples below show the most common error messages:

Failed to connect to SharePoint using account '<admin_account>'. Make sure you have entered the account credentials and server URLs correctly.

In case you get this message, double-check the details entered in the Server address and Admin's credentials steps of the connection wizard and try again. Also, make sure that the admin account has all the necessary roles and permissions assigned. Finally, check your internet connection. 

Failed to connect to Central Administration service. Make sure that you have entered its URL correctly.

Go back to the Server address step of the wizard and check if the URL address entered in the Central Administration URL field is correct. Keep in mind that it is filled automatically based on the entered SharePoint Server URL; however, you need to provide the port number manually. 

Other known SharePoint connectivity problems

Below are some of the most common error that may appear when configuring various jobs in CodeTwo Backup. 

The term 'Get-UnifiedGroup' is not recognized as the name of a cmdlet, function, script file, or operable program.

You may get this error while configuring a SharePoint backup job and trying to list team sites. Try to reconfigure your connection to SharePoint Online. Also, make sure that the admin account used to connect to your SharePoint server is assigned at least the SharePoint administrator role (learn more).

Important

Keep in mind that the propagation of admin rights in Office 365 usually takes some time. The attempt to list SharePoint sites immediately after assigning the appropriate role may fail (you’ll get the same error message). Try configuring a backup job later.

Cannot contact web site '<site URL>' or the web site does not support SharePoint Online credentials.

You may receive this error in the SharePoint restore job wizard while attempting to create a new site collection or map users, groups, or permission levels. This happens when the use of non-modern (legacy) authentication protocols in disabled in your SharePoint Online environment. When disabled, the -Credential parameter used by CodeTwo Backup to connect to SharePoint Online via PowerShell is blocked. To fix this, you need to enable the support for non-modern authentication protocols either by using:

Warning

It may take up to 24 hours for changes to take effect.

Enabling support for non-modern authentication protocols using PowerShell

  1. Open the ps SharePoint Online Management Shell command prompt.
  2. Connect to your SharePoint Online by using the following command:
    Connect-SPOService -Url https://<organization>-admin.sharepoint.com
    where <organization> is the organization (tenant) name set in Office 365.
  3. Run the following cmdlet:
    Set-SPOTenant -LegacyAuthProtocolsEnabled $True​

Enabling support for non-modern authentication protocols in SharePoint Online Management Shell

  1. Log in to Office 365 and click Admin to open Microsoft 365 admin center (Office 365 admin center).
  2. In the left pane, expand Admin centers and click SharePoint (Fig. 3.).

Opening the SharePoint admin center.
Fig. 3. Opening the SharePoint admin center.

  1. In the SharePoint admin center, click access control from the menu on the left, and under Apps that don't use modern authentication settings select Allow (Fig. 4.).

    Backup O365 enabling non-modern auth protocols
    Fig. 4. Enabling non-modern authentication protocols.

  2. Click OK to save changes.
Failed to list <SharePoint object> from the target server. Make sure that you properly defined the SharePoint connection and that the administrator's account used in the connection has sufficient access rights.

The <SharePoint object> may refer to site collections, team sites, or OneDrive for Business sites. This error usually appears when listing SharePoint objects in the backup or restore jobs. Try reconfiguring the connection to your SharePoint server.

Double-check also if the admin account used to establish the connection to your SharePoint server has all the necessary roles and permissions assigned.

Access denied. You do not have permission to perform this action or access this resource.

This error may occur while restoring SharePoint lists to SharePoint Online. To fix this problem, you need to allow custom script in your SharePoint Online tenant. Find out how to do so here.

Problem not solved?

If you can't find the solution to your problem, try searching our Knowledge Base.

If you still need help, contact our Customer Service. We know our products inside out.

Was this information useful?