Error when synchronising MIP labels on DLP using a proxy: Could not connect to Microsoft Azure AD or Microsoft 365 Security 5502
search cancel

Error when synchronising MIP labels on DLP using a proxy: Could not connect to Microsoft Azure AD or Microsoft 365 Security 5502

book

Article ID: 279473

calendar_today

Updated On:

Products

Data Loss Prevention Core Package Data Loss Prevention

Issue/Introduction

You have configured MIP integration as per Configuring Proxy Server Details for the Symantec Integration with MIP for DLP on Detection Servers

But you receive the error: MIP classification sync failed. Could not connect to Microsoft Azure AD or Microsoft 365 Security 5502

In the tomcat/localhost logs on the Enforce Server under ...\ProgramData\Symantec\DataLossPrevention\EnforceServer\<version>\logs, you see entries such as: 

Level: SEVERE

Source: com.symantec.dlp.enforcedomainservices.aip.AIPClassificationService

Message: Failed to Synchronize the AIP labels.

Cause:

com.symantec.dlp.enforcedomainservices.aip.AIPSynchronizationException: java.lang.Exception: NetworkError##Policy sync failed, NetworkError.Category=FailureResponseCode, HttpRequest.SanitizedUrl=https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies, HttpRequest.Id={4758EBB4-08C5-483E-8958-2EE9E0D6A555}, HttpResponse.StatusCode=403com.symantec.dlp.enforcedomainservices.aip.AIPSynchronizationException: java.lang.Exception: NetworkError##Policy sync failed...

Environment

16.x, Proxy, On-premise detection servers. 

Cause

Additional paths to the Microsoft cloud need to be opened in the proxy.

Resolution

The domains below were allowed on the proxy and resolved the problem in this instance: 

.login.microsoftonline.com

.dataservice.protection.outlook.com

.api.aadrm.com

.substrate.office.com
Powered by Wolken Software