You are currently viewing “Failed to create Azure Active Directory application” when setting up VB365 Restore Portal

“Failed to create Azure Active Directory application” when setting up VB365 Restore Portal

  • Post author:
  • Post comments:1 Comment
  • Reading time:4 mins read

Found a perplexing issue when I was setting up VB365 the other day.  I was attempting to set up the Restore Portal in my multitenant environment using Jorge’s guide (for v6 mind you, but close enough) but when I was attempting to enable the Azure AD application, I was receiving a pretty non-descript error.

Veeam Error:  “Failed to create Azure Active Directory application.”

A bit of googling didn’t turn up much.  After a lot of troubleshooting, I did manage to get an error when attempting to use an existing Application ID that I had renamed/repurposed about an invalid name but wrote it off because it was a strange possible workaround.  I thought that perhaps it was a certificate issue, something wrong with the port I was using, REST API settings, etc.

So, like any reasonable person, I created a support ticket and gathered logs.  Props to support for isolating the issue on first try quickly with the logs provided.  And indeed, Azure AD was blocking the application due to an invalid name.  I attempted to manually register an application and was able to receive the same error, but a bit more descriptive.

Azure AD Error:  “Failed to create application.  Error Detail:  The name of your application is invalid.”

I looked in the logs that I had gathered after the fact and found in the Veeam.Archiver.Service log the below message:

Veeam.Archiver.Service log showing error “ProhibitedWordInDisplayName”

I’m not sure I got absolute results, but it was acting as if I couldn’t use the word “Microsoft” in the application name (“M365” worked instead of “Microsoft 365”) which seems like it would make sense.  I had a few other variations not seem to work as well but I’d say it was largely due to using Microsoft in the app name.

I also found during testing that if an application was previously created with the same name, but had been deleted but not removed from the deleted queue (Delete Permanently), that will cause a failure as well. 

And I wasn’t able to find any good documentation on what was and was not a valid Azure AD application name in Microsoft’s documentation, but if anyone else runs into this issue, make sure to check your App name, and when in doubt, you can try and register the app manually to get a more descriptive error, or if you know where to look, check the Veeam error logs. ​

Update

Special thanks to fellow Veeam Legend Marco Sorrentino for pointing me to this Microsoft article listing reserved resource names which includes “Microsoft” on the list.

What do you call a fish wearing a bowtie? (click to reveal the answer)
Sofishticated.
Tags: , , , ,

This Post Has One Comment

  1. Kody S. August 22, 2023 Reply

    I’m wondering if it’s security related – a lot of bad actors like to get access then register persistence with a “M1crosoft 365” application.

Leave a Reply