1-800-691-1991 | 9am - 8pm ET
Contact Sales Downloads Support Forums
EN

BACK TO KB LIST

“For security reasons DTD is prohibited in this XML document” error in Veeam Backup for Microsoft Office 365

KB ID: 2821
Product: Veeam Backup for Microsoft Office 365
Veeam Backup for Microsoft Office 365 Community Edition
Version: 2.0
Published: 2018-12-11
Last Modified: 2020-08-13
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Policy.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please try again later.

Challenge

Any interactions with either SharePoint Online or OneDrive for Business within Veeam Backup for Microsoft Office 365 fail with “For security reasons DTD is prohibited in this XML document”

Cause

To communicate with SharePoint online Veeam Backup for Microsoft Office 365 uses Microsoft CSOM library.
When the library receives an authorization request it, among other things, tries to resolve and reach msoid.onmicrosoft.com and msoid.<your-organization-domain>.onmicrosoft.com.
Most internet service providers cannot resolve those names.
CSOM library can ignore those sites being unreachable and keep working on your request, but only if it has received an HTTP error code (e.g. 404, 500, 503 etc).
However, some ISPs redirect unresolved DNS calls to their own DNS helper page which then returns status code 200 OK.
The library tries to authenticate through this "helper" page and fails with error “For security reasons DTD is prohibited in this XML document”.

Solution

While the issue is out of Veeam’s support scope, there are a few workarounds you can try.
  1. Depending on your ISP you can request to have this DNS relay feature disabled.
  2. Add 2 records to C:\Windows\System32\drivers\etc\hosts binding msoid domain with localhost IP 127.0.0.1
    User-added image
  3. Add a CNAME record on your DNS server as seen below:
    User-added image
Click here to send feedback regarding this KB, or suggest content for a new KB.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Policy.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you for your interest in Veeam products!
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Start using Veeam:
Download the product
Activate the license key
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.