Configuring and Troubleshooting File director OneDrive for Business (OD4B) connector

Version 10

    Verified Product Versions

    File Director 4.3File Director 4.4


    The Ivanti File Director 4.3 and above appliances feature the ability to connect into the 1TB of free storage provided by Microsoft with their Office 365 for Business plans, and leverage File Director features such as 'In-location Sync' to store the user's profile folders in OneDrive. This knowledge article is an accompaniment to the product documentation with a focus on troubleshooting.



    For release-specific configuration information, including a video walkthrough, please refer to the help guide at /


    Before configuring the feature, be sure that the following prerequisites are met:


    - You must be an Office 365 administrator

    - Your domain is replicated with Azure AD using 'Azure AD connect' (Users logon UPN must match the Azure AD, and passwords should be  in sync)

    - Users have a license assigned to them via the Office 365 Admin Center

    - Users have their storage provisioned (either by them having logged into the web portal, or via a script - see How to pre-provision user sites in OneDrive for Business for further details)




    Step1 - Creating the application in O365


    The first step is to Add File Director as an application from within the Azure directory settings.

    Choose add an application my organization is developing and enter a friendly name for it.

    ensure the web application and/or web api radio button is selected


    Configure the Sign-on and APP ID URL's. The Sign-on URL is the FQDN of the FD appliance or NLB VIP used by the clients. The App ID URl is a unique value appended to the end of the appliance/VIP path

    eg; Sign-on URL:

    App ID URI:


    Once the application has been added, configure it within the portal, and copy the 'client id' to a text editor for use in a later step.


    Under the 'Permissions to other applications' section click add application

    select Office 365 SharePoint Online and select all permissions. click save


    Step 2 - Generate credential in File Director Admin Console


    In the File Director Admin console, navigate to the OneDrive Registration section


    In the Client ID section, enter the string you saved earlier

    In the Tenant Name section, enter your O365 tenant name, eg

    Enter an expiry time for the manifest (at which time this process will need to be followed again to renew)

    Copy the generated text to clipboard.


    Step 3 - Upload Manifest to Azure AD


    In Azure AD, for the File Director application created earlier, click manage manifest > download manifest

    Open the manifest in a text editor and locate the keyCredentials class and paste the credential text from the File Director appliance between the square brackets.

    Save the manifest file and then upload the saved manifest to O365


    To complete setup, ensure that the Home Map Point Source is set to OneDrive, and that an Active Directory configuration has been setup in the appliance admin console.




    Any issues arising when syncing to a OneDrive for Business map point are likely to fall into the following categories:


    Service Availability - The reachability of the Azure / OD4B service from the appliance

    Service Performance - The throughput and latency of file IO between the appliance and the OD4B service

    Data character set / length / size support - OD4B supports a subset of the functionality offered by NTFS. Certain content will not sync if it is not supported by the OD4B back end


    Service Availability


    Symptoms - Map point offline for multiple users, file sync operations failing, SMB map points work correctly


    Troubleshooting steps:


    1. Log into the web client as an affected user - is the Home map point accessible? If not, proceed to step 2


    2. When troubleshooting Service Availability in the OneDrive for business connector, in most instances it's recommended to start by checking the service health at Microsoft to ensure there are no known issues within the Azure / OD4B service. This can be accomplished by logging in with the Office 365 administrative credentials at the following URL

    Office 365 Service Status


    3. If no outages have been reported, the next step is to check appliance logs. See Collecting File Director Appliance logs for steps to retrieve appliance logs. View the orca_out.log for any errors


    4. Under the guidance of Ivanti Technical Support, verbose connector transport logging can be enabled to a support-mode activated appliance by creating a new logger in /appliance/products/datanow/tomcat/webapps/api/WEB-INF/classes/log4j.xml


    <logger name="org.apache.http">

            <level value="DEBUG"/>



    Screen Shot 2017-07-03 at 12.11.52.jpg


    This will cause verbose connector transport logging to be output to the orca_out logs.

    This may be useful for troubleshooting connectivity related issues.


    We recommend the use of syslog to proactively monitor the state of the OD4B connector. Any operational failures between the appliance(s) and the OD4B storage will be logged here. Refer to Monitoring File Director with Splunk  for further details.


    Service Performance


    Symptoms of poor OD4B throughput: Sync operations may take a long time to propagate, clients may go offline


    Troubleshooting steps:


    1. Download appliance logs ( See Collecting File Director Appliance logs for steps to retrieve appliance logs.) and review the perfmon logs. Check CLIENT_THREADS_BUSY for periods where the value is at 200. This implies that the demand from users for file access exceeds the available bandwidth (and thereby storage performance required to process) at a satisfactory rate, OR there are too many users per appliance in the case where the bottleneck is processing related. See File Director - Planning the number of appliances required


    2. Review the OneDrive for business perfmon counters to establish whether there are any spikes in usage associated with the performance issues. An explanation of the counters is as follows:


    The following performance counters are available in the perfmon logs (in the appliance diagnostic log bundle) for tracking OneDrive connector throughput, which are useful for diagnosing potential upstream or throughput (between File Director and OD4B) related issues


    For each OneDrive operation two counters are logged :

    AVG_RESP : average response time in milliseconds of the API call

    COUNT – number of times called

    Where applicable the following is logged:

    AVG_PL – average payload in bytes.


    Details of the counters found in the performance log are as follows:


    Copy File / Folder




    Create Folder




    Delete File / Folder




    Download File





    Folder Listing





    File / Folder Meta




    Drive Usage




    Move File / Folder




    Uploads less than 4 MBytes





    Large Uploads

    Start of upload




    Upload Blocks (typically 10 Mbytes)





    3. Seek assistance from customer's Network team to monitor internet bandwidth availability and consumption to see whether traffic is partitioned / rate limited appropriately to ensure user's sync traffic (especially downstream) is not being constrained by other sources



    Data character set / length / size support


    It is possible that a user may inadvertently rename content in their endpoint to contain characters not supported by OD4B.


    A list of known limitations can be found in the following Microsoft KB:


    In addition to these limitations, File director currently imposes a 2GB maximum file size. Files larger than this will not sync. If a file that previously synced grows to exceed 2 GB, the sync relationship will be broken until the copy is reduced in size.


    The File Director 4.3 Windows client has enhanced error handling code to

    1. Warn a user if content has been saved with incompatible characters (assuming user notifications are enabled)

    2. Avoid retrying certain operations (for example, a file with an incompatible title that a user has elected to not rename). In this circumstance, the file will not sync until renamed.


    To administratively track failed uploads, we recommend leveraging syslog to track endpoint sync status as well as any failed uploads.


    OneDrive for Business Firewall Requirements


    In order to facilitate communication between the File Director server and OneDrive, your perimeter firewall will need to allow communication to <instancename> on port 443 as well as the following Microsoft supplied URLs:

    Required URLs and ports for OneDrive - OneDrive