32 C
Dubai
Wednesday, May 7, 2025
Home Blog Page 47

The HTTP request was forbidden with client authentication scheme ‎’Negotiate‎’

Satheshwaran Manoharan
-
5
The HTTP request was forbidden with client authentication scheme ‎’Negotiate‎’

Exchange Server 2016 Hybrid Server , Hybrid remote move Migration Error.

image
Error: MigrationTransientException: The call to ?’https://mail.careexchange.in/EWS/mrsproxy.svc?’ failed. Error details: The HTTP request was forbidden with client authentication scheme ?’Negotiate?’. –> The remote server returned an error: ?(403)? Forbidden.. –> The call to ?’https://mail.careexchange.in/EWS/mrsproxy.svc?’ failed. Error details: The HTTP request was forbidden with client authentication scheme ?’Negotiate?’. –> The remote server returned an error: ?(403)? Forbidden.. –> The HTTP request was forbidden with client authentication scheme ?’Negotiate?’. –> The remote server returned an error: ?(403)? Forbidden.
Report: anon@careexchange.in

Make sure MRS Proxy is Enabled.

Get-WebServicesVirtualDirectory –identity SERVERNAME\EWS (Default Web Site) | FL MrsProxy*

image

To Enable

Set-WebServicesVirtualDirectory –identity SERVERNAME\EWS (Default Web Site)  -MRSProxyEnabled $true

To Disable

Set-WebServicesVirtualDirectory –identity SERVERNAME\EWS (Default Web Site)  -MRSProxyEnabled $false

In my case MRS Proxy is already Enabled. Enabling Basic Authentication on Web Services Virtual Directory resolved the issue.

Set-WebServicesVirtualDirectory –identity SERVERNAME\EWS (Default Web Site) -BasicAuthentication $TRUE

image

Outlook Web App X-OWA-Error ExAssertException

Satheshwaran Manoharan
-
9
Outlook Web App X-OWA-Error ExAssertException

Once installing Exchange 2016 Cu8 on Windows Server 2012 R2 gave error on OWA.

ECP will work if administrator doesn’t have a mailbox. else even ecp will throw the same error.

image

An unexpected error occurred and your request couldn’t be handled.
X-ClientId: F554643C29C44C22B59A1DF6E706EB91
request-id bd391bdf-5057-4d0e-8a4d-c5a4f42f22d2
X-OWA-Error Microsoft.Exchange.Diagnostics.ExAssertException
X-OWA-Version 15.1.1415.2
X-FEServer EXCH2016
X-BEServer EXCH2016

Search for Event 2004 to make sure you are having issues with the auth certificate-

Log Name:      Application
Source:        MSExchange OAuth
Event ID:      2004
Task Category: Configuration
Level:         Warning
Computer:      EXCH2016.careexchange.in
Description:
Unable to find the certificate with thumbprint A9BBA1727F285CD86EB5785DF47C0A19DA997280 in the current computer or the certificate is missing private key. The certificate is needed to sign the outgoing token.

Solution –

  • Creating a new Exch Auth Certificate.  Resolved the issue.

Ran below , Saw Auth certificate missing.

Get-ExchangeCertificate (Get-AuthConfig).CurrentCertificateThumbprint


Created a new certificate . Change to your default domain on the end of the command.

New-ExchangeCertificate -KeySize 2048 -PrivateKeyExportable $true -SubjectName "cn=Microsoft Exchange Server Auth Certificate" -FriendlyName "Microsoft Exchange Server Auth Certificate" -DomainName "careexchange.in"

Say no to Replace SMTP Certificate.

image

Run

Set-AuthConfig –PublishCertificate
Set-AuthConfig –ClearPreviousCertificate

Then run 

Get-ExchangeCertificate (Get-AuthConfig).CurrentCertificateThumbprint

verified auth certificate created successfully.  Do iis reset.  wait for few hours if its a large environment. it should resolve the same.

image

Run below if still issue persists.

  • Locate bin folder and run updatecas.ps1 and updateConfigfile.ps1 resolved for few others.

image

Other things i have tried –

  • Took Backup – Tried Removing msExchCanaryData0/1/2. No luck

image

  • Uninstall and re install the server. No Luck

Outlook rules is Inbox Rules in Outlook Web App

Satheshwaran Manoharan
-
0
Outlook rules is Inbox Rules in Outlook Web App

How to find your Outlook Rules in the Outlook web app.

Login to https://outlook.office.com/

Settings – Search for Inbox Rules

image

image

Export and Import Transport Rules in Exchange Online

Satheshwaran Manoharan
-
1
Export and Import Transport Rules in Exchange Online

Lets see in a hybrid in Environment. We got to move the transport Rules from On-Premises Server to Office 365. So that transport rules will still work when mail flow hits the cloud for Mail processing.

Export XML file from On premises Server –

$file = Export-TransportRuleCollection
Set-Content -Path "C:\Scripts\Rules.xml" -Value $file.FileData -Encoding Byte

image

Connect to Exchange Online PowerShell –

$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session

Import XML file to Office 365  –

[Byte[]]$Data = Get-Content -Path "C:\Scripts\Rules.xml" -Encoding Byte -ReadCount 0
Import-TransportRuleCollection -FileData $Data

Note : Import from Exchange 2010 Server is not Supported.  Error : It cannot be used with a engine-based XML File is Datacenter Environment.

image

Dump All Proxy Address from Exchange Server

Satheshwaran Manoharan
-
2
Dump All Proxy Address from Exchange Server

Dump All Proxy Address/Email Addresses from Exchange Server using PowerShell.

Mailboxes –

Get-Mailbox -ResultSize Unlimited | Select-Object DisplayName,Servername,EmailAddressPolicyEnabled,PrimarysmtpAddress, @{Name="EmailAddresses";Expression={$_.EmailAddresses | Where-object {$_.PrefixString -ceq "smtp"} |Foreach-object {$_.SmtpAddress}}} | Export-Csv EmailAddresses_MBX_Dump.csv

Distribution Groups –

Get-DistributionGroup -ResultSize Unlimited | Select-Object DisplayName,Servername,EmailAddressPolicyEnabled,PrimarysmtpAddress, @{Name="EmailAddresses";Expression={$_.EmailAddresses | Where-object {$_.PrefixString -ceq "smtp"} |Foreach-object {$_.SmtpAddress}}} | Export-Csv EmailAddresses_DG_Dump.csv

Mail Contacts –

Get-MailContact -ResultSize Unlimited | Select-Object DisplayName,Servername,EmailAddressPolicyEnabled,PrimarysmtpAddress, @{Name="EmailAddresses";Expression={$_.EmailAddresses | Where-object {$_.PrefixString -ceq "smtp"} |Foreach-object {$_.SmtpAddress}}} | Export-Csv EmailAddresses_Contact_Dump.csv

you can create a CSV as below,

image

Enable Password Write back on existing Azure AD Connect

Satheshwaran Manoharan
-
0
Enable Password Write back on existing Azure AD Connect

By Default Azure AD Connect synchronizes password one way only , From On-Premises to Cloud and it won’t allow the user to reset the password on cloud.

To Enable the user to reset the password on Cloud , Password Write back as to be enabled.

It needs additional licenses  – License Required for Password Write back –

image

See below – if you don’t know where the Azure AD Connect server is deployed in the forest.

https://www.azure365pro.com/finding-the-azure-ad-connect-server-in-the-forest/

Run the Azure AD Connect setup. you can see password write back on optional features.

image

Check box on Password write back.

image

Wait for the Event 31005 to Appear. Which notifies the completion of the process.

image

Now Check on Outlook web Access –

Without  password Write back –

image

https://mail.office365.com –> My Account

image

After password Write back Enabled  –

image

1...464748...113Page 47 of 113

EDITOR PICKS

POPULAR POSTS

POPULAR CATEGORY

ABOUT ME

Satheshwaran Manoharan - Microsoft MVP - Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.

Contact : Info@Azure365Pro.com

FOLLOW US

© Azure365Pro.com

× How can I help you?