Cloud-Delivered Web Security Services

 View Only

  • 1.  Unified Agent and Onedrive Error

    Posted Mar 11, 2019 06:08 PM

    Hi all,

    The UA is not serving up a username when connecting to Onedrive (per screenshot info) and therefore is unable to check if the user is in our policy group, causing denial. This is only occuring with Onedrive and no other websites that I'm aware of. The policy blocking Onedrive is by the File Storage/Sharing Category.

    For a little more info on our Policy, we have one setup to allow all File Storage/Sharing sites, and when I add a user to this group, all websites work just fine with the exception of Onedrive. 

    This is occuring on all OS, fresh UA installs, different browers, etc... Any suggestions would be greatly appreciated.

    Regards,

    Tyler



  • 2.  RE: Unified Agent and Onedrive Error

    Posted Mar 13, 2019 03:44 AM

    Hi Tyler,

     

                    Is this happening when you are using browser also ? There is chance that, you are bypassing authentication for One Drive along with the parent suite of O365. Unified agent don't sent the user information with every request. When it connects for the first time, it shares the user information to our data pod. A user to the NAT IP mapping will be made at the Data Pod side. The only chance of a user or group based rule not getting hit is due to authentication bypass. You may want to check this.



  • 3.  RE: Unified Agent and Onedrive Error

    Posted Mar 14, 2019 04:38 PM

    Hi Aravind,

    I removed all O365 IPs from our Bypass list, but to no avail. I believe the issue is that the group rule is getting hit, but when the proxy checks to validate if the user is in the group or not, it doesn't have a username to compare with and therefore denies.

    Thanks for the tip,

    Tyler



  • 4.  RE: Unified Agent and Onedrive Error

    Posted Mar 16, 2019 11:14 PM

    Hi Tyler,

     

                     If your rule is with Group and is not matching, you may want to test by using your username in a test rule made similar to the group based rule. If the access is working with this username based rule, we can confirm that the issue is not due to authentication but authorization. For UA access, authorization needs the Auth Connector to connect to respective Data Pod's auth pod. If this is broken or not allowed, you will face with such an issue. I would preffer a TAC case as the Auth Connector troubleshooting needs debug to be collected.



  • 5.  RE: Unified Agent and Onedrive Error

    Posted Apr 21, 2019 05:42 PM

    we experienced the same symptoms (one drive app sign in problem + opening SharePoint files in ms Office fails with errors).

    we added Auth exemption rule from "äny" to ö365 Sharepoint" OR "ö365 OneDrive" and the issue was solved.for the SharePoint problem, also check the site that's being blocked, it would probably match ÿourtenant-my.sharepoint.com, yourtenant.sharepoint.com.

    add those URLs to the appropriate rule (ABOVE the file sharing category) and it will work.

    hope that helps.