question

TanapongJangjeanhut-9587 avatar image
0 Votes"
TanapongJangjeanhut-9587 asked TanapongJangjeanhut-9587 answered

Test-OAuthConnectivity failt from On-premise to Office 365

I have deployed Exchange 2016 Full Hybrid with Office 365 and I configure OAuth authentication between Exchange and Exchange Online organizations

When I verify on-premises Exchange organization connect to Exchange Online is not success.

Error:

RunspaceId : cbd88c2f-65ab-481f-8276-06797bd66f7e
Task : Checking EWS API Call Under Oauth
Detail : The configuration was last successfully loaded at 1/1/0001 12:00:00 AM UTC. This was 1062659013 minutes
ago.
The token cache is being cleared because "use cached token" was set to false.
Exchange Outbound Oauth Log:
Client request ID: 2cbe4fd0-ddf5-43ed-bc79-2f22ffc792b4
Information:[OAuthCredentials:Authenticate] entering
Information:[OAuthCredentials:Authenticate] challenge from
'https://outlook.office365.com/ews/Exchange.asmx' received: Bearer
client_id="00000002-0000-0ff1-ce00-000000000000",
trusted_issuers="00000001-0000-0000-c000-000000000000@", token_types="app_asserted_user_v1
service_asserted_app_v1", authorization_uri="https://login.windows.net/common/oauth2/authorize",Basic
Realm=""
Information:[OAuthCredentials:GetToken] client-id: '00000002-0000-0ff1-ce00-000000000000', realm: '',
trusted_issuer: '00000001-0000-0000-c000-000000000000@
'
Information:[OAuthCredentials:GetToken] Start building a token using organizationId ''
Error:Missing signing certificate.

           Exchange Response Details:
           HTTP response message:
           Exception:
           System.Net.WebException: The request was aborted: The request was canceled. --->
           Microsoft.Exchange.Security.OAuth.OAuthTokenRequestFailedException: Missing signing certificate.
              at Microsoft.Exchange.Security.OAuth.TokenIssuerBase..ctor(ILocalConfiguration localConfiguration,
           String realm)
              at Microsoft.Exchange.Security.OAuth.OAuthTokenBuilder..ctor(String realm, String tenantId,
           ILocalConfiguration localConfiguration, String caller)
              at Microsoft.Exchange.Security.OAuth.OAuthCredentials.GetToken(WebRequest webRequest,
           HttpAuthenticationChallenge challengeObject)
              at Microsoft.Exchange.Security.OAuth.OAuthCredentials.Authenticate(String challengeString, WebRequest
           webRequest, Boolean preAuthenticate)
              at System.Net.AuthenticationManagerDefault.Authenticate(String challenge, WebRequest request,
           ICredentials credentials)
              at System.Net.AuthenticationState.AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials
           authInfo)
              at System.Net.HttpWebRequest.CheckResubmitForAuth()
              at System.Net.HttpWebRequest.CheckResubmit(Exception& e, Boolean& disableUpload)
              at System.Net.HttpWebRequest.DoSubmitRequestProcessing(Exception& exception)
              at System.Net.HttpWebRequest.ProcessResponse()
              at System.Net.HttpWebRequest.SetResponse(CoreResponseData coreResponseData)
              --- End of inner exception stack trace ---
              at System.Net.HttpWebRequest.GetResponse()
              at Microsoft.Exchange.Monitoring.TestOAuthConnectivityHelper.SendExchangeOAuthRequest(ADUser user,
           String orgDomain, Uri targetUri, String& diagnosticMessage, Boolean appOnly, Boolean useCachedToken,
           Boolean reloadConfig)

ResultType : Error
Identity : Microsoft.Exchange.Security.OAuth.ValidationResultNodeId
IsValid : True
ObjectState : New


And I verify Exchange Online connect to on-premises Exchange organization is success. Please advise me. Thank you.




office-exchange-hybrid-itpro
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

KyleXu-MSFT avatar image
0 Votes"
KyleXu-MSFT answered

@TanapongJangjeanhut-9587

Use command below the check the status of Exchange Auth certificate:

 Get-ExchangeCertificate (Get-AuthConfig).CurrentCertificateThumbprint |FL

If this certificate is about to expire or has expired, please follow this article to renew it(Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.):

Put the required information for the next command into variable

 $thumb = "NewCertificateThumbprint"
 $date = get-date

Run the following command to add the new certificate

 Set-AuthConfig -NewCertificateThumbprint $thumb -NewCertificateEffectiveDate $date

Publish the certificate to all servers

 Set-AuthConfig -PublishCertificate

Remove the old expired certificate from the configuration

 Set-AuthConfig -ClearPreviousCertificate

Rerun HCW to update hybrid configuration.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TanapongJangjeanhut-9587 avatar image
0 Votes"
TanapongJangjeanhut-9587 answered

Hi KyleXu-MSFT,

Thank you for your reply.


My problem is solved. following step as below.

  1. I run command to check Exchange Auth Certificate

Get-ExchangeCertificate (Get-AuthConfig).CurrentCertificateThumbprint |FL

  1. In my case the Exchange Auth Certificate correctly,and I run command to clear old certificate.

Set-AuthConfig -ClearPreviousCertificate

  1. I run command to Restart IIS Service.

iisreset


and I try to run command verify connection On-premise to Exchange Online , the ResultType status is Success.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.