The Ivanti File Director 4.3 and above appliances feature the ability to connect into the 1TB of free storage provided by Microsoft with their Office 365 for Business plans, and leverage File Director features such as 'In-location Sync' to store the user's profile folders in OneDrive. This knowledge article is an accompaniment to the product documentation with a focus on troubleshooting.
For release-specific configuration information, including a video walkthrough, please refer to the help guide at https://help.ivanti.com / https://www.ivanti.com/support/product-documentation
Before configuring the feature, be sure that the following prerequisites are met:
- You must be an Office 365 administrator
- Your domain is replicated with Azure AD using 'Azure AD connect' (Users logon UPN must match the Azure AD, and passwords should be in sync)
- Users have a license assigned to them via the Office 365 Admin Center
- Users have their storage provisioned (either by them having logged into the web portal, or via a script - see How to pre-provision user sites in OneDrive for Business for further details)
Step1 - Creating the application in O365
The first step is to Add File Director as an application from within the Azure directory settings.
Choose add an application my organization is developing and enter a friendly name for it.
ensure the web application and/or web api radio button is selected
Configure the Sign-on and APP ID URL's. The Sign-on URL is the FQDN of the FD appliance or NLB VIP used by the clients. The App ID URl is a unique value appended to the end of the appliance/VIP path
eg; Sign-on URL: https://fd.mycompany.com
App ID URI: https://fd.mycompany.com/fddemo
Once the application has been added, configure it within the portal, and copy the 'client id' to a text editor for use in a later step.
Under the 'Permissions to other applications' section click add application
select Office 365 SharePoint Online and select all permissions. click save
Step 2 - Generate credential in File Director Admin Console
In the File Director Admin console, navigate to the OneDrive Registration section
In the Client ID section, enter the string you saved earlier
In the Tenant Name section, enter your O365 tenant name, eg companyname.onmicrosoft.com
Enter an expiry time for the manifest (at which time this process will need to be followed again to renew)
Copy the generated text to clipboard.
Step 3 - Upload Manifest to Azure AD
In Azure AD, for the File Director application created earlier, click manage manifest > download manifest
Open the manifest in a text editor and locate the keyCredentials class and paste the credential text from the File Director appliance between the square brackets.
Save the manifest file and then upload the saved manifest to O365
To complete setup, ensure that the Home Map Point Source is set to OneDrive, and that an Active Directory configuration has been setup in the appliance admin console.
Any issues arising when syncing to a OneDrive for Business map point are likely to fall into the following categories:
Service Availability - The reachability of the Azure / OD4B service from the appliance
Service Performance - The throughput and latency of file IO between the appliance and the OD4B service
Data character set / length / size support - OD4B supports a subset of the functionality offered by NTFS. Certain content will not sync if it is not supported by the OD4B back end
Symptoms - Map point offline for multiple users, file sync operations failing, SMB map points work correctly
1. Log into the web client as an affected user - is the Home map point accessible? If not, proceed to step 2
2. When troubleshooting Service Availability in the OneDrive for business connector, in most instances it's recommended to start by checking the service health at Microsoft to ensure there are no known issues within the Azure / OD4B service. This can be accomplished by logging in with the Office 365 administrative credentials at the following URL
3. If no outages have been reported, the next step is to check appliance logs. See Collecting Appliance logs for steps to retrieve appliance logs. View the orca_out.log for any errors
4. Under the guidance of Ivanti Technical Support, verbose connector transport logging can be enabled to a support-mode activated appliance by creating a new logger in /appliance/products/datanow/tomcat/webapps/api/WEB-INF/classes/log4j.xml
This will cause verbose connector transport logging to be output to the orca_out logs.
This may be useful for troubleshooting connectivity related issues.
We recommend the use of syslog to proactively monitor the state of the OD4B connector. Any operational failures between the appliance(s) and the OD4B storage will be logged here. Refer to Monitoring File Director with Splunk for further details.
Symptoms of poor OD4B throughput: Sync operations may take a long time to propagate, clients may go offline
1. Download appliance logs ( See Collecting Appliance logs for steps to retrieve appliance logs.) and review the perfmon logs. Check CLIENT_THREADS_BUSY for periods where the value is at 200. This implies that the demand from users for file access exceeds the available bandwidth (and thereby storage performance required to process) at a satisfactory rate, OR there are too many users per appliance in the case where the bottleneck is processing related. See File Director - Planning the number of appliances required
2. Review the OneDrive for business perfmon counters to establish whether there are any spikes in usage associated with the performance issues. An explanation of the counters is as follows:
The following performance counters are available in the perfmon logs (in the appliance diagnostic log bundle) for tracking OneDrive connector throughput, which are useful for diagnosing potential upstream or throughput (between File Director and OD4B) related issues
For each OneDrive operation two counters are logged :
AVG_RESP : average response time in milliseconds of the API call
COUNT – number of times called
Where applicable the following is logged:
AVG_PL – average payload in bytes.
Details of the counters found in the performance log are as follows:
Copy File / Folder
Delete File / Folder
File / Folder Meta
Move File / Folder
Uploads less than 4 MBytes
Start of upload
Upload Blocks (typically 10 Mbytes)
3. Seek assistance from customer's Network team to monitor internet bandwidth availability and consumption to see whether traffic is partitioned / rate limited appropriately to ensure user's sync traffic (especially downstream) is not being constrained by other sources
Data character set / length / size support
It is possible that a user may inadvertently rename content in their endpoint to contain characters not supported by OD4B.
A list of known limitations can be found in the following Microsoft KB: https://support.microsoft.com/en-gb/help/3125202/restrictions-and-limitations-when-you-sync-files-and-folders
In addition to these limitations, File director currently imposes a 2GB maximum file size. Files larger than this will not sync. If a file that previously synced grows to exceed 2 GB, the sync relationship will be broken until the copy is reduced in size.
The File Director 4.3 Windows client has enhanced error handling code to
1. Warn a user if content has been saved with incompatible characters (assuming user notifications are enabled)
2. Avoid retrying certain operations (for example, a file with an incompatible title that a user has elected to not rename). In this circumstance, the file will not sync until renamed.
To administratively track failed uploads, we recommend leveraging syslog to track endpoint sync status as well as any failed uploads.
OneDrive for Business Firewall Requirements
In order to facilitate communication between the File Director server and OneDrive, your perimeter firewall will need to allow communication to <instancename>-my.sharepoint.com on port 443 as well as the following Microsoft supplied URLs: