Error with AIP when running Start-AIPScannerDiagnostics

Question

Receive the following error when trying to run the Start-AIPScannerDiagnostics command in Powershell

PS C:\Windows\system32> Start-AIPScannerDiagnostics
Scanner information:
SQL server: DB1\SQLEXPRESS.
Cluster: Storage2 Test.
Scanner user: digitaldogdirec\aipscanner

Connectivity check for: https://login.windows.net/common completed successfully
Connectivity check for: https://dataservice.protection.outlook.com completed successfully
Connectivity check for: https://api.aadrm.com/ completed successfully
Database check completed successfully
Failed to send HTTP request Inner exception: [uri_exception: 'provided uri is invalid: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies/digitaldogdirec\aipscanner?supportedMaxVersion=1.0.50.0'], BadInputErro
r.Code=General, CorrelationId=65a0fa4d-9ce1-4cc1-a2cc-b4b2c8e9ad82, CorrelationId.Description=PolicyProfile, BadInputError.Code=General    at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.InformationProtection.Lib.Extensions.TaskExtensions.<TimeoutAfter>d__3`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.InformationProtection.Common.Bootstrapping.PolicyBootstrapper.<LoadEngineImpl>d__13.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.InformationProtection.Common.Bootstrapping.Bootstrapper`1.<LoadEngine>d__101.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.InformationProtection.Common.Bootstrapping.Bootstrapper`1.<Bootstrap>d__94.MoveNext()
Content scan job check skipped due to authentication error.
Logs exported to: C:\Users\aipscanner\AppData\Local\Microsoft\MSIP\DiagnosticsLogs.zip
PS C:\Windows\system32>

Answer 1

@Kevin Molloy ,

That error typically means that you don't have access to the URL https://dataservice.protection.outlook.com or how it is in the documentation: https://*.protection.outlook.com 

You will need to check that and make sure you have connectivity, so make sure that you have the required AIP URLs allowed in your firewall. If you have SSL inspection it could be for that reason.

These URLs need to be allowed over HTTPS (port 443):

• *.aadrm.com
• *.azurerms.com
• *.informationprotection.azure.com
• informationprotection.hosting.portal.azure.net
• *.aria.microsoft.com
• *.protection.outlook.com

In addition, I would recommend checking the AD application settings and validating if the API permissions are set correctly. https://learn.microsoft.com/en-us/azure/information-protection/rms-client/clientv2-admin-guide-powershell#create-and-configure-azure-ad-applications-for-set-aipauthentication

Can you confirm if you are running Windows Server 2022? I have seen some customers facing issues with Windows Server 2022. While it does support the AIP scanner, there could be a configuration that is different. I have seen some customers who were able to resolve that error by switching to Windows Server 2019 and updating the registry as described here , and this could be a way to isolate the issue.

If the information helped you, please Accept the answer. This will help us as well as others in the community who may have similar questions. Otherwise let me know if you have further questions.