OneDrive for Business 2013 client synchronize affected by web filtering software

You may have OneDrive for Business 2013 installed either of the Office 2013 suite or standalone.

Initial installation, sync new library, add the site, and then click on sync now, pops up the first dialog credentials of "Call us overprotective". Enter the email address and Sign In pops up. Enter the email address and password, click on Next:

 There is a problem with your account. Please try again later.

How was this resolved? We found that any type of web security product will block OneDrive for Business sync client URLs. 

For example, with Fiddler tracing, it was determined that third party such as WebSense, was configured to block certain host URLs. Because of the blocked host URLs, this was causing OneDrive for Business inability to authenticate.  WebSense was adjusted to include the clientconfig.microsoftonline-p.net and the fplist.xml so that authentication could continue without failing.

The host and URL that is being blocked. From the Fiddler trace:

 GET https://clientconfig.microsoftonline-p.net/fplist.xml HTTP/1.0

Accept: */*

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 6.1; WOW64; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; MS-RTC LM 8; MSOIDCRL 7.250.4556.0; App GROOVE.EXE, 15.0.4631.0, {9317BCB6-314B-442F-A5DA-9BC2BEBC271D})

Connection: Keep-Alive

Host: clientconfig.microsoftonline-p.net

HTTP/1.0 302 Moved

#ff0000">HTTP Error 403 - Forbidden</font></h1> <b>You do not have permission to access the document or program you requested. </b></center> </body></html>

 

The following is the Exceptions or whitelist or allow list would need the following adjustment and this is specific to OneDrive for Business (Sharepoint Online has a specific list, too):

  •  Odc.officeapps.live.com port443