Backup Jobs with Public Folders fail

KB ID: 3093
Product: Veeam Backup for Microsoft 365 | Veeam Backup for Microsoft Office 365 5.0 | 6.0
Published: 2020-01-23
Last Modified: 2022-04-21
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please try again later.

Challenge

When backing up public folders using Veeam Backup for Microsoft 365 the following error occurs:
Processing mailbox PublicFolderMailbox@xxxxxxxx.onmicrosoft.com failed with error: 
Failed to synchronize item changes in folder: FOLDERNAME.. 
Access is denied. Check credentials and try again., ICS synchronization failed.
In addition, Veeam Explorer for Exchange may fail to show successfully backed-up public folders.
Log Example
Processing mailbox: PublicFolderMailbox@xxxxxxxx.onmicrosoft.com...
Syncing folder items: FOLDERNAME...
Exchange Web Services error code: ErrorAccessDenied
Error: Failed to synchronize item changes in folder: FOLDERNAME.
Type: Veeam.Ews.Internal.ExServerCodeException

Cause

Either of the following conditions may cause the error:

  • Public folders are not located under the IPM_SUBTREE folder.
  • The Veeam service account lacks permission to access public folders.

Solution

The Public Folder is not Located Under IPM_SUBTREE

Veeam Backup for Microsoft 365 only supports backing up public folders located under the IPM_SUBTREE folder. Other locations are not supported (e.g., NON_IPM_SUBTREE).

To check if the public folder is located under the IPM_SUBTREE folder, run the following cmdlet and specify credentials used in Veeam Backup for Microsoft 365.

$creds = Get-Credential
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $creds -Authentication Basic -AllowRedirection
Import-PSSession $Session
Get-PublicFolder -Identity \ -Recurse | Format-List Name
Remove-PSSession $session
An output similar to the following must be displayed:
Name : IPM_SUBTREE
Name : PublicFolderMailbox@*********.onmicrosoft.com
Name : FOLDERNAME
Name : Second Sub Folder
Name : Third Sub Folder
  • If the output shows that the public folder is located under the IPM_SUBTREE folder, no additional actions are needed.
  • If the output shows that the public folder is located under an unsupported folder, it must be to the IPM_SUBTREE.

Veeam Service Account Lacks Permissions

Veeam Backup for Microsoft 365 uses the Veeam service account to back up public folders. When a public folder is created, it automatically inherits permissions from its parent folder. Make sure to assign the Owner permissions to each of the public folders to the service account.

Check Public Folder Permissions

To see the accounts that have access to the public folders and their assigned permissions, use the following PowerShell script.
When prompted specify the credentials used in Veeam Backup for Microsoft 365.

$creds = Get-Credential
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $creds -Authentication Basic -AllowRedirection
Import-PSSession $Session
Get-PublicFolder \ -Recurse | 
    Get-PublicFolderClientPermission | 
    Select-Object Identity,@{Expression={$_.User};Label="User";},@{Expression={$_.AccessRights};Label="AccessRights";} | 
    Export-Csv C:\PublicFolderClientPermission.csv
Remove-PSSession $session
This script outputs the information about users and permissions to C:\PublicFolderClientPermission.csv
Screenshot of CSV output

Assign Service Account Permissions to Public Folders

To grant access, you will need to add your service account to public folders with the Owner permission. 

To assign permissions, run the following cmdlet and when prompted specify credentials used in Veeam Backup for Microsoft 365.

$creds = Get-Credential
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $creds -Authentication Basic -AllowRedirection
Import-PSSession $Session
$folders = get-publicfolder "\" -recurse
foreach($folder in $folders)
{
Add-PublicFolderClientPermission -Identity $folder.identity -user YourServiceAccount@*******.onmicrosoft.com -AccessRights Owner
}
Remove-PSSession $session

NOTE: It is recommended to use PowerShell to assign permissions to public folders.

The following table shows an example of users permissions after the cmdlet is executed:

Screenshot of output of permissions asignment script

More information

PowerShell Scripts

All PowerShell scripts provided above are intended to automatically retrieve and assign necessary permissions to ensure that no public folders are missed. 

Please be aware that the commands and parameters may be altered by Microsoft in the future, which may break these scripts.

No support is provided by Veeam for these scripts. Should they fail, we ask that you please get in touch with Microsoft support. 

These scripts may be updated periodically to reflect future changes in the Office 365 PowerShell Environment.

Click here to send feedback regarding this KB, or suggest content for a new KB.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please try again later.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please try again later.