AIP insight plugin not able to decrypt files and generate incidents.

Customer configured AIP insight plugin using steps in document : Azure Information Protection Insight for Symantec Data Loss Prevention Deployment Guide.

However incidents do not generate for AIP encrypted files. and we could see below errors in ContentExtractionHost_FileReader Logs and MIP SDK Logs:

ContentExtractionHost_FileReader Logs:
 
File: EMAILVONILMSEML2B44\logs\debug\ContentExtractionHost_FileReader.log
Date: 7/16/2021 4:54:20 PM
Level: INFO
Source: MicrosoftInformationProtectionPlugin @
PID: 6864
Thread: 6664
Message:  failed to parse access token: invalid_client AADSTS7000215: Invalid client secret is provided.
 
File: EMAILVONILMSEML2B44\logs\debug\ContentExtractionHost_FileReader.log
Date: 7/16/2021 4:54:21 PM
Level: WARN
Source: MicrosoftInformationProtectionPlugin @  AbstractFileType.cpp (75)
PID: 6864
Thread: 6236
Message:  Exception during startExtractBase for tenant ACCOUNT_ID_DETECTOR_ID filename: input.rpmsg Error: unable to create file handler :Client application failed to provide authentication token for HTTP request., CorrelationId=3fd6ea26-22da-43c2-a767-4ce4f361f09b, CorrelationId.Description=ProtectionEngine, CorrelationId=6c858de9-40e3-4cee-9958-523302107b0b, CorrelationId.Description=FileEngine 
 
MIP SDK Logs:
 
Info 2021-07-16 16:54:20.518 http_director_impl.cpp:35 ceh (6864) "Received HTTP response: ID: e84fe9eb-aae5-4270-8d83-08b383c30f4d;7cd05eae-9abe-4730-8fdc-cfb17e88da01, Status: 401, Time: 2021-07-16T11:24:20Z, Body: 
Error 2021-07-16 16:54:21.487 http_director_impl.cpp:243 ceh (6864) "HTTP operation failed Failed with: [NoAuthTokenError: 'Client application failed to provide authentication token for HTTP request.']" mip::HttpDirectorImpl::OnHttpOperationFailed 6664
Error 2021-07-16 16:54:21.487 protection_engine_impl.cpp:654 ceh (6864) "Failed API call: protection_engine_create_consuming_protection_handler Failed with: [NoAuthTokenError: 'Client application failed to provide authentication token for HTTP request., CorrelationId=3fd6ea26-22da-43c2-a767-4ce4f361f09b, CorrelationId.Description=ProtectionEngine']" mip::ProtectionEngineImpl::CreateProtectionHandlerForConsumption 6664

15.7

Incorrect Client secret, Application (client) ID or Directory (tenant) ID

Perform below checks.

1. Check if unauthenticated access is enabled for all AIP URLs from proxy
   https://docs.microsoft.com/bs-latn-ba/Azure/azure-portal/azure-portal-safelist-urls?tabs=public-cloud
2. Check if Client secret, Application (client) ID and Directory (tenant) ID are correct and no extra characters are added while coping from a rich text document.