#1 Global Leader in Data Resilience

Backup Jobs with Public Folders Fail

KB ID: 3093
Product: Veeam Backup for Microsoft 365 | 7.0 | 7a | 8
Published: 2020-01-23
Last Modified: 2024-09-11
mailbox
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please, try again later.

Challenge

When backing up public folders using Veeam Backup for Microsoft 365 the following error occurs:

Processing mailbox PublicFolderMailbox@xxxxxxxx.onmicrosoft.com failed with error:
Failed to synchronize item changes in folder: FOLDERNAME..
Access is denied. Check credentials and try again., ICS synchronization failed.
In addition, Veeam Explorer for Exchange may fail to show successfully backed-up public folders.

Log Example:

Processing mailbox: PublicFolderMailbox@xxxxxxxx.onmicrosoft.com...
Syncing folder items: FOLDERNAME...
Exchange Web Services error code: ErrorAccessDenied
Error: Failed to synchronize item changes in folder: FOLDERNAME.
Type: Veeam.Ews.Internal.ExServerCodeException

Cause

Either of the following conditions may cause the error:

  • Public folders are not located under the IPM_SUBTREE folder.
  • The Veeam service account lacks permission to access public folders.

Solution

Confirm Public Folder is Located Under IPM_SUBTREE

Veeam Backup for Microsoft 365 only supports backing up public folders located under the IPM_SUBTREE folder. Other locations are not supported (e.g., NON_IPM_SUBTREE).

To check if the public folder is located under the IPM_SUBTREE folder, run the following cmdlet and specify credentials used in Veeam Backup for Microsoft 365.

Connect-ExchangeOnline
Get-PublicFolder -Identity \ -Recurse | Format-List Name
Disconnect-ExchangeOnline -Confirm:$false

An output similar to the following must be displayed:

Name : IPM_SUBTREE
Name : PublicFolderMailbox@*********.onmicrosoft.com
Name : FOLDERNAME
Name : Second Sub Folder
Name : Third Sub Folder
  • If the output shows that the public folder is located under the IPM_SUBTREE folder, no additional actions are needed.
  • If the output shows that the public folder is located under an unsupported folder, it must moved be to the IPM_SUBTREE.

Confirm Veeam Service Account Has Permissions

Veeam Backup for Microsoft 365 uses the Veeam service account to back up public folders. When a public folder is created, it automatically inherits permissions from its parent folder.

Check Public Folder Permissions

Use the following PowerShell script to see the accounts with access to the public folders and their assigned permissions.

When prompted, specify the credentials used in Veeam Backup for Microsoft 365.

Connect-ExchangeOnline

Get-PublicFolder -Recurse |
Get-PublicFolderClientPermission |
Select-Object Identity, @{Expression={$_.User}; Label="User"}, @{Expression={$_.AccessRights}; Label="AccessRights"} |
Export-Csv C:\PublicFolderClientPermission.csv -NoTypeInformation

Disconnect-ExchangeOnline -Confirm:$false
This script outputs the information about users and permissions to C:\PublicFolderClientPermission.csv
Screenshot of CSV output
Assign Service Account Permissions to Public Folders

To grant access, you will need to add your service account to public folders with the Owner permission. 

To assign permissions, update the $user variable in the following script and run the script.

When prompted, specify credentials used in Veeam Backup for Microsoft 365.

# Set $user to the Veeam Backup for Microsoft 365 Service Account
$user = "VB365-Service-Account@yourdomain.onmicrosoft.com"

# Connect to Exchange Online
Connect-ExchangeOnline

# Get all public folders recursively
$folders = Get-PublicFolder -Recurse

# Loop through each public folder and add the specified user with Owner access rights
foreach ($folder in $folders) {
Add-PublicFolderClientPermission -Identity $folder.Identity -User $user -AccessRights Owner
}

# Disconnect from Exchange Online without confirmation prompt
Disconnect-ExchangeOnline -Confirm:$false

NOTE: It is recommended that PowerShell be used to assign permissions to public folders.

The following table shows an example of user permissions after the cmdlet is executed:

Screenshot of output of permissions asignment script

More Information

PowerShell Scripts

All PowerShell scripts provided above are intended to automatically retrieve and assign necessary permissions to ensure that no public folders are missed. 

Please be aware that the commands and parameters may be altered by Microsoft in the future, which may break these scripts.

No support is provided by Veeam for these scripts. Should they fail, we ask that you please get in touch with Microsoft support. 

These scripts may be updated periodically to reflect future changes in the Microsoft 365 PowerShell Environment.

To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please, try again later.

You have selected too large block!

Please try select less.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case

By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply except as noted in our Privacy Policy.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please, try again later.