Challenge
Any interactions with either SharePoint Online or OneDrive for Business within Veeam Backup for Microsoft Office 365 fail with “For security reasons DTD is prohibited in this XML document”
Cause
To communicate with SharePoint online Veeam Backup for Microsoft Office 365 uses Microsoft CSOM library.
When the library receives an authorization request it, among other things, tries to resolve and reach msoid.onmicrosoft.com and msoid.<your-organization-domain>.onmicrosoft.com.
Most internet service providers cannot resolve those names.
CSOM library can ignore those sites being unreachable and keep working on your request, but only if it has received an HTTP error code (e.g. 404, 500, 503 etc).
However, some ISPs redirect unresolved DNS calls to their own DNS helper page which then returns status code 200 OK.
The library tries to authenticate through this "helper" page and fails with error “For security reasons DTD is prohibited in this XML document”.
Solution
While the issue is out of Veeam’s support scope, there are a few workarounds you can try.
- Depending on your ISP you can request to have this DNS relay feature disabled.
- Add 2 records to C:\Windows\System32\drivers\etc\hosts binding msoid domain with localhost IP 127.0.0.1
- Add a CNAME record on your DNS server as seen below: