36 C
Dubai
Tuesday, May 6, 2025
Home Blog Page 31

Migration Endpoint Fails with Connection Exception

Satheshwaran Manoharan
-
0
Migration Endpoint Fails with Connection Exception 

Test-MigrationServerAvailability -ExchangeRemoteMove -Credentials $Cred -RemoteServer email.azure365pro.com

RunspaceId : 32ada2be-f815-4072-975c-dcbed5c09054
Result : Failed
Message : The connection to the server 'email.azure365pro.com' could not be completed.
ConnectionSettings :
SupportsCutover : False
ErrorDetail : Microsoft.Exchange.Migration.MigrationServerConnectionFailedException: The connection to the
server 'email.azure365pro.com' could not be completed. --->
Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The Mailbox Replication
Service was unable to connect to the remote server using the credentials provided. Please check
the credentials and try again. The call to 'https://email.azure365pro.com/EWS/mrsproxy.svc'
failed. Error details: The HTTP request is unauthorized with client authentication scheme
'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM,Basic
realm="email.azure365pro.com"'. --> The remote server returned an error: (401) Unauthorized.. -->
The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The
authentication header received from the server was 'Negotiate,NTLM,Basic
realm="email.azure365pro.com"'. --> The remote server returned an error: (401) Unauthorized. --->
Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The call to
'https://email.azure365pro.com/EWS/mrsproxy.svc' failed. Error details: The HTTP request is
unauthorized with client authentication scheme 'Negotiate'. The authentication header received
from the server was 'Negotiate,NTLM,Basic realm="email.azure365pro.com"'. --> The remote server
returned an error: (401) Unauthorized.. --->
Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The HTTP request is
unauthorized with client authentication scheme 'Negotiate'. The authentication header received
from the server was 'Negotiate,NTLM,Basic realm="email.azure365pro.com"'. --->
Microsoft.Exchange.MailboxReplicationService.RemotePermanentException: The remote server returned
an error: (401) Unauthorized.
--- End of inner exception stack trace ---
--- End of inner exception stack trace ---
--- End of inner exception stack trace ---
at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.<>c__DisplayClas
s97_0.<ReconstructAndThrow>b__0()
at Microsoft.Exchange.MailboxReplicationService.ExecutionContext.Execute(Action operation)
at Microsoft.Exchange.MailboxReplicationService.MailboxReplicationServiceFault.ReconstructAndTh
row(String serverName, VersionInformation serverVersion)
at Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.<>c__DisplayClass7
_0.<CallService>b__0()
at Microsoft.Exchange.Net.WcfClientBase`1.CallService(Action serviceCall, String context)
at
Microsoft.Exchange.MailboxReplicationService.WcfClientWithFaultHandling`2.CallService(Action
serviceCall, String context)
at Microsoft.Exchange.Migration.MigrationExchangeProxyRpcClient.CanConnectToMrsProxy(Fqdn
serverName, Guid mbxGuid, NetworkCredential credentials, LocalizedException& error)
--- End of inner exception stack trace ---
at Microsoft.Exchange.Migration.DataAccessLayer.ExchangeRemoteMoveEndpoint.VerifyConnectivity()
at Microsoft.Exchange.Management.Migration.MigrationService.Endpoint.TestMigrationServerAvailab
ility.InternalProcessEndpoint(Boolean fromAutoDiscover)
IsValid : True
Identity :
ObjectState : New

Solution – 

  • Make sure Outlook Anywhere succeeds with test account.
  • Make sure you enter the credentials with domain\username in all locations while creating endpoint.
  • Make sure internal and External host name is in the certificate (In a strange case user ad multi domain wild card cert were we move internal and external hostname to the primary FQDN of the cert)
  • Make sure HTTP redirect is not set EWS virtual directories.

  • Make sure Basic and Windows auth is enabled on EWS virtual directory.

Office 365 Branding

Satheshwaran Manoharan
-
1
Office 365 Branding

Office 365 Branding is the first thing i do on most of the Office 365 projects. as it gives a amazing look and feel for users also its quick and easy without any crazy config files in the past. Also it can be updated in the breeze. Always when the business logo is white i go for the task page going white so that the logo blends into the task pane. Below are two locations where Office 365 allows to customize. for task pane logo if you have a designer with get an .svg file so that it expands and displays in azure portal perfectly.

If you have a Office 365 subscription and you didn’t apply branding you are missing something which you paying for. Also when there is phishing link of Microsoft page. user is get used to login page with branding which help in certain cases.

Admin Panel / User Panel

https://admin.microsoft.com/Adminportal/Home#/Settings/OrganizationProfile

  • 200 x 30px
  • 1366 x 50px

Login Background Page and Panel

https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/LoginTenantBranding

  • 280x60px
  • 1920×1080

Power BI Data Gateway with Active Directory

Satheshwaran Manoharan
-
0
Power BI Data Gateway with Active Directory

You can create amazing reports with Active directory information with live refresh . It saves tons of hours rather than digging into SCCM for some useful data.
Anyone with very basic power bi knowledge can do these reports . As you know it requires power bi pro license to create and do data refresh periodically. In Medium and large size enterprises these reports can really help to solve compliance as there is more usage with custom attributes in several environments that if domain is = A use custom attribute 1 and have more that 20 domains with several attributes. you can create conditional columns as well to see the data visually . Also you can create data alerts if required. The possibilities are limit less.

Once you have the report ready and published . You need to map the data set with the data source and enable schedule refresh So that the data is is active and gets refreshed periodically.

It saves millions of hours for any  administrator as we don’t need to jump in every time to some get some real data.

I have created numerous reports am not going to detail all the steps but you can get some idea on what you can get out of it.

  • Data with Department Attribute
  • Data with Company Attribute

 

  • Utilizing Operating System Attribute

  • User Logon timestamp Attribute

  • Utilizing Operating System Attribute with delimiters to extract only windows 10 version ( )

 

Sample Conditional Column for one of the reports. If you are into power shell or any language . supporting these if statements are nice and cool.which takes the reports to next level.
Power Bi has amazing features and most of the environment will remain hybrid. its going to take some years where machines moving to azure ad join. there report will help to keep the environment safe and removing legacy operating systems seamlessly. Also keeps the active directory super clean with out inactive old objects.


if [mailRecipient.mail] = "azure365pro.com" and [msExchCustomAttributes.extensionAttribute10] = "AZURE365PRO"
then "TRUE"
else
if [mailRecipient.mail] = "a.com" and [msExchCustomAttributes.extensionAttribute10] = "A"
then "TRUE"
else
if [mailRecipient.mail] = "b.com" and [msExchCustomAttributes.extensionAttribute10] = "B"
then "TRUE"
else
if [mailRecipient.mail] = "c.com" and [msExchCustomAttributes.extensionAttribute10] = "C" or [msExchCustomAttributes.extensionAttribute10] = "CCC"
then "TRUE"
else
if [mailRecipient.mail] = "d.com" and [msExchCustomAttributes.extensionAttribute10] = "d"
then "TRUE"
else "FALSE"

Connecting Azure Express Route with Multiple Virtual Networks

Satheshwaran Manoharan
-
7
Connecting Azure Express Route with Multiple Virtual Networks

Unlike a traditional hub and spoke when you have site to site VPN with azure with multiple virtual networks. Azure Express route gives you an additional option to create up-to to 10 connections directly with the express route circuit. Where the virtual network can be from different subscriptions. It makes life much easier when you have multiple business units within Azure with different subscriptions. Once you have the express route circuit provisioned and available you can start creating authorizations and connections. VNET peerings and virtual network gateways have their own costs per region. In this architecture no peering is made unless there is a requirement between spokes as the express route will act kind of a hub in this architecture.

Open the express route circuit is up and ready and create an authorization and get the authorization key and the resource ID. It will change to status Available once you create it.

Create a Virtual Network Gateway – where you need a gateway to create a connection between express route circuit and gateway to have virtual resources within the gateway.

Once you have the gateway choose the gateway and redeem the connection with the Keys captured above

Good to have for naming conventions –

  • Connection
  • Address space
  • Subnets
  • Virtual Network Gateway
  • Virtual Network
  • Virtual Network Gateway Public IP Name
  • Resource groups
  • Boot Diagnostics
  • Network Security Groups
  • Subscriptions
  • Test Server Name
  • Test Server IP

Virtual Network Gateway Peering Cost with Express Route –

Hub and Spoke without Express Route Examples – Thanks to the internet for below images

 

Spoke 1 to Spoke 2 Connectivity with Hub.

Sample Image for Virtual Network planning –

Azure AD Connect Breaks with Conditional Access

Satheshwaran Manoharan
-
0
Azure AD Connect Breaks with Conditional Access

An error occurred executing Configuring AAD Sync task: System.InvalidOperationException: Showing a modal dialog box or form when the application is not running in UserInteractive mode is not a valid operation. Specify the ServiceNotification or DefaultDesktopOnly Style to display a notification fro a service application.

Enabling Conditional Access for all users breaks azure ad sync connect as the service account used by the application couldn’t authenticate with Multi factor authentication.

usually the default service account starts with Sync_Servername_

Excluded the specified Azure AD Connect service account from Conditional Access.

Replacing Send Connector Certificate

Satheshwaran Manoharan
-
40
Replacing Send Connector Certificate

A particular Rpc error occurs on server EXCH1: These certificates are tagged with Send Connectors: Outbound to Office 365. Removing and replacing certificates from Send Connector would break the mail flow. If you still want to proceed, then replace or remove these certificates from Send Connector and then try this command.

$cert = Get-ExchangeCertificate -Thumbprint XXXXXX 
$tlscertificatename = "&lt;i&gt;$($cert.Issuer)&lt;s&gt;$($cert.Subject)"

To Replace Send Connector –

Set-SendConnector "Outbound to Office 365" -TlsCertificateName $tlscertificatename

To Replace Receive Connector –

Set-ReceiveConnector "EX2016Server\Client Frontend EX2016Server" -TlsCertificateName $tlscertificatename

if you don’t update receive connector, you can see hybrid mail flow stops with TLS error

Reason: [{LED=450 4.4.317 Cannot connect to remote server [Message=451 5.7.3 STARTTLS is required to send mail] [LastAttemptedServerName=83.0.59.81] [LastAttemptedIP=83.0.59.81:25] [DX2ARE01FT002.eop-are01.prod.protection.outlook.com]};{MSG=451 5.7.3 STARTTLS is required to send mail};{FQDN=83.0.59.81};{IP=83.0.59.81};. OutboundProxyTargetIP: 83.0.59.81.

1...303132...113Page 31 of 113

EDITOR PICKS

POPULAR POSTS

POPULAR CATEGORY

ABOUT ME

Satheshwaran Manoharan - Microsoft MVP - Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.

Contact : Info@Azure365Pro.com

FOLLOW US

© Azure365Pro.com

× How can I help you?