I ran into the exact same issue, what I ended up doing was enabling TLS 1.0 Access in Regedit (Client). (NOT SERVER)
Exchange Hybrid - OAuth - unable to create New-AuthServer
I am stuck on Step 1 of the "Configure OAuth authentication between Exchange and Exchange Online organizations" guide (https://learn.microsoft.com/en-us/exchange/configure-oauth-authentication-between-exchange-and-exchange-online-organizations-exchange-2013-help)
I have some Exchange 2013 servers configured in Hybrid mode with Exchange Online. The Hybrid Configuration Wizard was mostly successful, and in general things are working. However, the wizard did produce a warning:
HCW8064 The HCW has completed, but was not able to perform the OAuth portion of your Hybrid configuration. If you need features that rely on OAuth, you can try running the HCW again or manually configure OAuth using these manual steps.
I've run the Wizard at least three times now, and it produced this warning every time, so I'm trying the manual OAuth instructions. I try the very first step:
New-AuthServer -Name "WindowsAzureACS" -AuthMetadataUrl "https://accounts.accesscontrol.windows.net/unbc.ca/metadata/json/1"
And I receive this error:
Cannot acquire auth metadata document from 'https://accounts.accesscontrol.windows.net/unbc.ca/metadata/json/1'.
Error: An exception occurred during a WebClient request..
+ CategoryInfo : ResourceUnavailable: (:) [New-AuthServer], AuthMetadataClientException
I can manually load that URL in my browser, no problem. I've tried googling, and searching technet and answers.microsoft.com. Nothing helpful so far. Any tips/ideas?
Edit (Solution): This was finally solved by Microsoft, on our third support request. Putting the answer here, in case someone else happens to have the exact same weird issue. The problem was the InternetWebProxy value on our Exchange servers. It was set to an incorrect address, which was somehow not causing any other problems (that we were aware of). The fix was as easy as setting that value to $null on our Exchange servers.
foreach ($Server in (Get-ExchangeServer)){
Set-ExchangeServer -Identity $Server.Name -InternetWebProxy $null
}
After that, we were able to re-run the HCW and it completed successfully.
3 answers
Sort by: Newest
-
-
Jon Alfred Smith 541 Reputation points
2020-08-13T19:50:59.527+00:00 Are you on the latest CU? Or the one before?
https://learn.microsoft.com/en-us/exchange/new-features/build-numbers-and-release-dates?view=exchserver-2019 -
Joyce Shen - MSFT 16,646 Reputation points
2020-08-03T02:39:06.707+00:00 First make sure the account you run the command above has been assigned the right role/permission: Organization Client Access
The official document about the command: New-AuthServer gives the introduction that The AuthMetadataUrl parameter specifies the URL for the Microsoft 365 authorization server for your cloud-based organization.
Here is also a step-by-step guide configuring the Oauth authentication for your reference as well: Configure OAuth authentication between Exchange on-premises and Exchange Online organizations