ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

DLP Fails to Obtain MIP Labels from Azure

book

Article ID: 226166

calendar_today

Updated On:

Products

Data Loss Prevention Enterprise Suite Data Loss Prevention

Issue/Introduction

You want to know how to troubleshoot why DLP fails to obtain MIP labels from Azure.

You have MIP profile successfully created but it never actually obtains the data classification labels from Azure RM so they are always blank when trying to create an MIP policy.

When creating a MIP profile it appears to immediately check that it can cannot to Azure RM using the tenantID etc and at that point in time and sometime in the next 4 hours it should try to download the MIP labels. 

Cause

You can find a log file on the enforce server which may be of use from:

D:\Symantec\DataLossPrevention\EnforceServer\15.8.00000\Protect\bin\mip_data\mip\logs\

You will see a log file mip_sdk.miplog.

In the following example an attempt is made to connect to https://dataservice.protection.outlook.com/* and failed,

Info 2021-09-15 00:00:00.884 http_director_impl.cpp:123 java (6696) "Sending HTTP request: ID: {<ID #>}, Type: GET, Url: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies?supportedMaxVersion=1.0.48.0, Body Size: 0, Headers['ClientInfo'] = 'mip_ver=1.7.133;os_name=win;os_ver=6-3-9600;runtime=msvc-1916;arch=x64', Headers['Content-Type'] = 'application/xml;charset=utf-8', Headers['Authorization'] = 'UOID:<UOID#>;Tenant:<tenant ID>;Audience:https://*r.o365syncservice.com;Roles:UnifiedPolicy.Tenant.Read;'" mipns::HttpDirectorImpl::DoSendHttp 7696

Look for an error message.

Error 2021-09-15 00:00:00.947 http_director_impl.cpp:249 java (6696) "HTTP operation failed Failed with: [OperationCancelledError: 'HTTP operation cancelled']" mipns::HttpDirectorImpl::OnHttpOperationFailed 7696

Environment

Release : 15.8

Resolution

Double check if there are any internal blockage to any of three possible url's,

And, make sure these are whitelisted for port 443 with either firewall or proxy severs.