Cybersecurity
DevOps Cloud
IT Operations Cloud
OpenText product name changes coming to the community soon! Learn more.
Retain 24.1
The Test Connection button within the O365 Retain Module returns the following results:
SUCCESS: Connected to Office 365 Graph API FAILURE: Could not connect to Office 365 EWS using OAuth2 authentication. No Server version found, result is null. Please ensure that application permissions have been granted to EWS.
Archiving by Distribution Lists does not work. The users within a Distribution List are not discovered. The RetainWorker log shows the following when attempting to archive by Distribution Lists:
[DATE] [RTWQuartzScheduler_Archive_Worker-7] [DEBUG] EWSUserSelection: [include] Expand Exchange Group: [DATE] [RTWQuartzScheduler_Archive_Worker-7] [DEBUG] EWSUserSelection: Resolving group belonging to , using impersonation email: janedoe@xyz.com [DATE] [RTWQuartzScheduler_Archive_Worker-7] [DEBUG] ExchangeUser: this is office365/hosted exchange job, calling autodiscoverEndpointURLOffice365 [DATE] [RTWQuartzScheduler_Archive_Worker-7] [INFO ] ExchangeUser: Started autodiscoverEndpointURLOffice365 for user janedoe@xyz.com [DATE] [RTWQuartzScheduler_Archive_Worker-7] [INFO ] ExchangeUser: trying Autodiscover V2... [DATE] [RTWQuartzScheduler_Archive_Worker-7] [INFO ] ExchangeUser: Autodiscover V2... discovered: https://outlook.office365.com/EWS/Exchange.asmx [DATE] [RTWQuartzScheduler_Archive_Worker-7] [INFO ] ExchangeUser: Completed autodiscoverEndpointURLOffice365 for user janedoe@xyz.com [DATE] [RTWQuartzScheduler_Archive_Worker-7] [INFO ] ExchangeAuthenticator: Using OAuth2 Authentication for EWS [DATE] [RTWQuartzScheduler_Archive_Worker-7] [DEBUG] GraphTokenManager: authToken has been expired, calling setAuthToken for tokenKey 1470785763 [DATE] [RTWQuartzScheduler_Archive_Worker-7] [DEBUG] ExchangeArchiveFactory: check supported Server version for: null/null/janedoe@xyz.com [DATE] [RTWQuartzScheduler_Archive_Worker-7] [ERROR] ExchangeArchiveFactory: com.sun.xml.ws.fault.ServerSOAPFaultException: Client received SOAP Fault from server: The impersonation principal name is invalid. Please see the server log to find more detail regarding exact cause of the failure.
The above log example uses "janedoe@xyz.com" as the example account which Retain chose for the Auto Discovery. In your log, the account will be some random account within your organization.
Retain picks an Azure/Entra ID account to verify if the Entra Autodiscovery works. The Retain administrator doesn't get to choose which user is picked for this task. The same user is chosen every attempt. This Auto Discovery attempt is made when doing a Test Connection or when looking up the contents of a Distribution List. If that account is not valid, then Test Connection will fail and Distribution Lists membership look up will fail. The steps listed in the Resolution section shows how to choose which account is used for the discovery.
Provide a known valid email address to be the impersonation account.