Problem Summary:
1. When your organisation blocks basic authentication for some or all of the Office365 services, continuous backup and restore job failures for Exchange Online, SharePoint Online, and OneDrive is observed
2. Office 365 backup and restore jobs fails if UDP is not set to use TLS 1.2.
Products Affected:
Arcserve UDP 7.0 Update 2;
Product Installation Instructions
:
You can apply the fix on UDP7 Update 2.
************************************************
Pre-requisites for this patch:
This patch requires the following:
1. PowerShell V 5.1 or higher:
Check the PowerShell version using the following command: Get-Host | Select-Object Version
To download PowerShell V 5.1, go to the Microsoft Download center https://www.microsoft.com/en-us/download/details.aspx?id=54616.
Note: This may require system reboot.
2. .Net Framework 4.7 or higher:
To download .Net 4.7, go to the Microsoft Download center, https://www.microsoft.com/en-us/download/details.aspx?id=56116
Note: This may require system reboot.
3. Assign the following roles to the account the you use to run this patch:
- Global Admin
- Compliance Administrator
- Company Administrator
a. To assign roles, log into theAzure portal.
b. Navigate to Azure Active Directory > Roles and Administrators > Your Role.
c. Click Add Assignments to add roles and role assignments such as Global Admin, Compliance Administrator (role), and Company Administrator (role assignments).
4. Add users to Exchange Online Discovery Management and assign ApplicationImpersonation role :
a. Go to https://outlook.office365.com/ecp, and then navigate to Permissions-->admin roles-->Discovery Management.
b. Add the role ApplicationImpersonation.
c. Add the user to the discovery management role group.
************************************************
Steps to Install the patch to support modern authentication:
1. Download the P00002119.zip file on the UDP console machine, and on one or more proxy machines.
2. On the console and all proxy machines, follow these steps:
a. Unzip the contents to a folder.
b. Using an administrator or equivalent account, run the ExtractModernAuthTool.ps1 PowerShell script. Note:
- During installation, to acknowledge and set the Script Execution Policy as RemoteSigned, type Y and press Enter when the prompt displays in the PowerShell console.
- During installation, a message displays on the PowerShell console that the source is untrusted. To add "Arcserve (USA) LLC" as a trusted source, on the PowerShell console, type R and press Enter when prompted.
c. Follow the instructions on the Arcserve Wizard to install the patch P00002119 using the 'Local install' UI option. Remote installation is not supported.
3. On the console machine, navigate to the following location:
C:\Program Files\Arcserve\Unified Data Protection\Management\BIN\ModernAuthentication\ModernAuthentication_Tool
4. Run Arcserve.Office365.ModernAuthentication.exe as an administrator or from an equivalent account to configure Modern Authentication settings.
5. Read the instructions on the wizard and finish the configuration.
6. If the backup proxy and UDP console are in different machines, follow these steps:
Note: Skip this step if the backup proxy and the UDP console are in the same machine.
On the console machine, navigate to the following location:
C:\Program Files\Arcserve\Unified Data Protection\Management\BIN\Office365
Copy the Certificate folder and the ModernAuthenticationConfiguration.xml file.
In one or multiple proxy machines, paste the copied folder and file in the following location:
C:\Program Files\Arcserve\Unified Data Protection\Engine\BIN\Office365
7. Update Office 365 Nodes in UDP Console with the registered username.
UDP is now set to use Modern Authentication.
************************************************
Steps to install the patch to support TLS 1.2:
1. Download the P00002119.zip file on one or multiple backup proxy machines.
2. Unzip the contents to a folder.
3. Run the ExtractModernAuthTool.ps1 PowerShell script using an administrator or equivalent account.
4. Follow the instructions on the Arcserve Wizard to install the patch P00002119 using the 'Local install' UI option. Remote installation is not supported.
************************************************
Steps to uninstall the patch:
1. Use PatchUninstall.exe in a command prompt located at "%Arcserve_Home%/APM/Uninstall"
2. Use the following command: PatchUninstall.exe /PU:P00002119
*************************************************
Related Fix List:
Fix (P00002119 for product: Arcserve UDP release: 7.0 Update 2) is available please click here to download
and apply.
Fix List in this version