Maintain control of your Microsoft 365 data
Post Reply
Ruzaila
Influencer
Posts: 14
Liked: 2 times
Joined: Dec 21, 2016 7:49 am
Full Name: Rose HERDEN
Contact:

V2: Microsoft Graph question

Post by Ruzaila »

Hi,

I just upgraded and was wondering if anyone else came across the same issue I have.

I edited our Organization due to some Sharepoint issues and noticed that under the Office 365 connection settings, there is an option "Use custom Veeam application to connect to Microsoft Graph". I know the user guide recommends it but I just have a sandbox environment so I ignored it but it still attempted to Connect to Microsoft Graph which obviously failed with the below error:

Code: Select all

AADSTS70002: Error validating credentials. 
AADSTS50126: Invalid username or password 
Trace ID: 6b325af6-b90c-442a-af90-07f4dc220400 
Correlation ID: 8e94agd7-fc17-43f4-a394-19dfb587cagg 
Timestamp: 2018-07-30 
Response status code does not indicate success: 400 (8adRequest) 
{" error": "invalid_grant", " error_description "AADSTS7DD02: Error validating 
credentials. AADSTS50126: Invalid username or ID: 
Sb325afS-b90c-442a-af90-07f4dc220400VvrVvnCorreIation ID: 8e94agd7- 
2018-07-30 
" 700250126], "timestamp": "2018-07-30 
a3g-4-Igdfbi87cagg"}: Unknown error 
Please note that the "Connect to EWS" test was successful. We use 2FA and have used app passwords.

So then I thought, okay, I'll follow the instructions and attempted to follow the Veeam guide on "Connecting to Microsoft Graph": https://helpcenter.veeam.com/docs/vbo36 ... tml?ver=20

I can't see "Veeam Backup for Microsoft Office 365" under Enterprise or All Applications.

Other details that might be helpful:
• We use 2FA
• Exchange backups work, I've only had issues where I can't browse Sharepoint backups (Case # 03124075)
• Backups are still running successfully.
• We are located in Australia.
Mike Resseler
Product Manager
Posts: 8191
Liked: 1322 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: V2: Microsoft Graph question

Post by Mike Resseler »

Hi Rose,

2FA is under investigation at this moment. But it seems that it works for Exchange, but not for SharePoint (the user account + password that you are using need to authenticate against 2 different items, Exchange Online and SharePoint Online). From the logs it seems that the user + password is not able to successfully authenticating against SharePoint Online. It looks like it returns a bad request.

You have added a case ID, is that the one currently open for investigation or an old one? If it is an old one, please open a new support case here and add the case ID to this thread. This one specifically I want to follow as we are in progress of testing app passwords

Thanks
Mike
Ruzaila
Influencer
Posts: 14
Liked: 2 times
Joined: Dec 21, 2016 7:49 am
Full Name: Rose HERDEN
Contact:

Re: V2: Microsoft Graph question

Post by Ruzaila »

Hi Mike,

This is a newly created ticket. I was requested to send all logs to the support team which I've done.

Would it help the research team if I setup my logging level to 6? I can't see any Keys similar to VBR logging level on the registry but I am blind guessing that the fact it wanted me to install VBR 9.5 U3a it MAY be using some logging capabilities? I have no jobs on VBR so the logging will be mostly clean and mainly indicative of VBO.

Since I have a mixed environment, would it help to test a service account that does not have 2FA set on it as well?
Mike Resseler
Product Manager
Posts: 8191
Liked: 1322 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: V2: Microsoft Graph question

Post by Mike Resseler »

Rose,

It sure would help if you test with a service account without 2FA on it.

For the logging level, please wait until requested by the support team

Thanks
Mike
Ruzaila
Influencer
Posts: 14
Liked: 2 times
Joined: Dec 21, 2016 7:49 am
Full Name: Rose HERDEN
Contact:

Re: V2: Microsoft Graph question

Post by Ruzaila »

Good news! All config tests passed on the none 2FA account. Please note this is WITHOUT granting any app permissions for Graph. The admin roles assigned to this user are custom and are as follows:

• Dynamics 365 Service Administrator
• Exchange Administrator
• Message Center reader
• Power BI Service Administrator
• Reports reader
• Sharepoint Administrator
___________________________
The below tests succeeded:
Connect to EWS
Connect to Microsoft Graph
Connect to Powershell
Check View-Only Configuration role
Check View-Only Recipients role
Check ApplicationImpersonation role
Check SharePoint Online Administrator
___________________________
Actions performed after configuring this account:
• Backups taken and newly configured were successful.
• Still unable to browse SP backups since the database does not mount. This includes newly created jobs.
• No issues with Exchange restorations and configurations

I have noticed something, not sure if its worth mentioning. My routine Sharepoint backups work with no issue, however, when I attempt to run the backup manually and no changes are discovered, it displays a warning stating nothing to process.

Hope that helps!
Mike Resseler
Product Manager
Posts: 8191
Liked: 1322 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: V2: Microsoft Graph question

Post by Mike Resseler »

Good news, but it seems also bad news since your SP backups still not mount. So please continue to work with support to get that fixed!
MartijnT
Lurker
Posts: 2
Liked: never
Joined: Apr 06, 2018 8:17 am
Contact:

Re: V2: Microsoft Graph question

Post by MartijnT »

It looks like we're having the same issue.

I just upgraded 1.5 to 2.0 and now I get an AADSTS70002 error when trying to make backups or editing the organisation, failed to get Microsoft Graph resource ID.
We also use 2FA and I tried reinserting the app password.
Connecting to EWS is successful though.

We have a policy rule to enforce the whole organisation on 2FA. How can we still keep using of the APP?
Mike Resseler
Product Manager
Posts: 8191
Liked: 1322 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: V2: Microsoft Graph question

Post by Mike Resseler »

Martijn,

I assume you used an app password in 1.5 also? The problem seems to be within the SharePoint connection. I can't promise you we will be able to fix it but I would like to get your logs to our support teams (and from there to our DEV team to see what is going on). So please create a support call (and post the case ID here)
SalSolo
Enthusiast
Posts: 25
Liked: 9 times
Joined: May 05, 2010 10:03 am
Full Name: Henrik D. Mikkelsen
Contact:

Re: V2: Microsoft Graph question

Post by SalSolo »

Sorry for commenting on an old post but as it is still highly relevant I wanted to relate my point as well.
I came across the same issue when upgrading to 2.0 from 1.5 because of the 2FA and like Martijnt our company policy dictate 2FA and we see that trend with several of our customers.
For us it is paramount that the product will support 2FA as this will only be more and more widespread.
It is not an option just to say we need to run without 2FA.
I did create a support case but the only help they could offer was to downgrade to 1.5 to get it working again (case ID# 03125071). I really hope that the next version have support for 2FA.
Polina
Veeam Software
Posts: 3195
Liked: 774 times
Joined: Oct 21, 2011 11:22 am
Full Name: Polina Vasileva
Contact:

Re: V2: Microsoft Graph question

Post by Polina »

Henrik,

Thanks for the feedback. No promises yet on either MFA will be implemented in the next version, but we're currently working on it.
ortoscale
Service Provider
Posts: 252
Liked: 20 times
Joined: Aug 02, 2011 9:30 pm
Full Name: Matjaž Antloga
Location: Celje, Slovenia
Contact:

Re: V2: Microsoft Graph question

Post by ortoscale »

Error Connecting: AADSTS50126: Error validating credentials due to invalid username or password.

newest build v7

i don't want to mention how many troubles i went through to get to this error.
ms + veeam, what could possibly go wrong...
Mike Resseler
Product Manager
Posts: 8191
Liked: 1322 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: V2: Microsoft Graph question

Post by Mike Resseler »

@ortoscale I am not sure what you mean? This thread is over 4 years old. How are you connecting to M365? MFA or MFA + Legacy?
ortoscale
Service Provider
Posts: 252
Liked: 20 times
Joined: Aug 02, 2011 9:30 pm
Full Name: Matjaž Antloga
Location: Celje, Slovenia
Contact:

Re: V2: Microsoft Graph question

Post by ortoscale »

MFA + legacy. was hoping this is still the option, but it might not be anymore ?
Polina
Veeam Software
Posts: 3195
Liked: 774 times
Joined: Oct 21, 2011 11:22 am
Full Name: Polina Vasileva
Contact:

Re: V2: Microsoft Graph question

Post by Polina »

Hi Matjaž,

From what you posted it seems that you provided incorrect credentials for authentication, and this could happen regardless of the VB365 version.
If you share more details on the challenges you had it'd be easier to suggest you an easier/proper way to configure everything.

Thanks!
ortoscale
Service Provider
Posts: 252
Liked: 20 times
Joined: Aug 02, 2011 9:30 pm
Full Name: Matjaž Antloga
Location: Celje, Slovenia
Contact:

Re: V2: Microsoft Graph question

Post by ortoscale »

i'm definitely not entering the wrong creds. it's something else.

this article should be deleted or revised
https://www.veeam.com/blog/setup-multi- ... %20already
Polina
Veeam Software
Posts: 3195
Liked: 774 times
Joined: Oct 21, 2011 11:22 am
Full Name: Polina Vasileva
Contact:

Re: V2: Microsoft Graph question

Post by Polina »

This article is 4 years old already, and today modern app-only auth is the default and recommended way of authentication.
If you still prefer to use modern+legacy, make sure you have all the required permissions assigned to ]the app and user and follow the steps described in our HelpCenter.

Thanks!
ortoscale
Service Provider
Posts: 252
Liked: 20 times
Joined: Aug 02, 2011 9:30 pm
Full Name: Matjaž Antloga
Location: Celje, Slovenia
Contact:

Re: V2: Microsoft Graph question

Post by ortoscale » 1 person likes this post

to update, used self sign cert mfa and it worked like a charm. Thanks.
Polina
Veeam Software
Posts: 3195
Liked: 774 times
Joined: Oct 21, 2011 11:22 am
Full Name: Polina Vasileva
Contact:

Re: V2: Microsoft Graph question

Post by Polina »

Cool, congrats )
Post Reply

Who is online

Users browsing this forum: No registered users and 9 guests