Share via

Test-OAuthConnectivity failt from On-premise to Office 365

Tanapong Jangjeanhut 21 Reputation points
2021-06-17T16:13:47.087+00:00

I have deployed Exchange 2016 Full Hybrid with Office 365 and I configure OAuth authentication between Exchange and Exchange Online organizations

When I verify on-premises Exchange organization connect to Exchange Online is not success.

Error:

RunspaceId : cbd88c2f-65ab-481f-8276-06797bd66f7e
Task : Checking EWS API Call Under Oauth
Detail : The configuration was last successfully loaded at 1/1/0001 12:00:00 AM UTC. This was 1062659013 minutes
ago.
The token cache is being cleared because "use cached token" was set to false.
Exchange Outbound Oauth Log:
Client request ID: 2cbe4fd0-ddf5-43ed-bc79-2f22ffc792b4
Information:[OAuthCredentials:Authenticate] entering
Information:[OAuthCredentials:Authenticate] challenge from
'https://outlook.office365.com/ews/Exchange.asmx' received: Bearer
client_id="00000002-0000-0ff1-ce00-000000000000",
trusted_issuers="00000001-0000-0000-c000-000000000000@", token_types="app_asserted_user_v1
service_asserted_app_v1", authorization_uri="https://login.windows.net/common/oauth2/authorize",Basic
Realm=""
Information:[OAuthCredentials:GetToken] client-id: '00000002-0000-0ff1-ce00-000000000000', realm: '',
trusted_issuer: '00000001-0000-0000-c000-000000000000@'
Information:[OAuthCredentials:GetToken] Start building a token using organizationId ''
Error:Missing signing certificate.

          Exchange Response Details:
          HTTP response message:
          Exception:
          System.Net.WebException: The request was aborted: The request was canceled. --->
          Microsoft.Exchange.Security.OAuth.OAuthTokenRequestFailedException: Missing signing certificate.
             at Microsoft.Exchange.Security.OAuth.TokenIssuerBase..ctor(ILocalConfiguration localConfiguration,
          String realm)
             at Microsoft.Exchange.Security.OAuth.OAuthTokenBuilder..ctor(String realm, String tenantId,
          ILocalConfiguration localConfiguration, String caller)
             at Microsoft.Exchange.Security.OAuth.OAuthCredentials.GetToken(WebRequest webRequest,
          HttpAuthenticationChallenge challengeObject)
             at Microsoft.Exchange.Security.OAuth.OAuthCredentials.Authenticate(String challengeString, WebRequest
          webRequest, Boolean preAuthenticate)
             at System.Net.AuthenticationManagerDefault.Authenticate(String challenge, WebRequest request,
          ICredentials credentials)
             at System.Net.AuthenticationState.AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials
          authInfo)
             at System.Net.HttpWebRequest.CheckResubmitForAuth()
             at System.Net.HttpWebRequest.CheckResubmit(Exception& e, Boolean& disableUpload)
             at System.Net.HttpWebRequest.DoSubmitRequestProcessing(Exception& exception)
             at System.Net.HttpWebRequest.ProcessResponse()
             at System.Net.HttpWebRequest.SetResponse(CoreResponseData coreResponseData)
             --- End of inner exception stack trace ---
             at System.Net.HttpWebRequest.GetResponse()
             at Microsoft.Exchange.Monitoring.TestOAuthConnectivityHelper.SendExchangeOAuthRequest(ADUser user,
          String orgDomain, Uri targetUri, String& diagnosticMessage, Boolean appOnly, Boolean useCachedToken,
          Boolean reloadConfig)

ResultType : Error
Identity : Microsoft.Exchange.Security.OAuth.ValidationResultNodeId
IsValid : True
ObjectState : New

And I verify Exchange Online connect to on-premises Exchange organization is success. Please advise me. Thank you.

Exchange | Hybrid management
0 comments
Accepted answer
  1. KyleXu-MSFT 26,396 Reputation points
    2021-06-18T02:20:29.623+00:00

    @Tanapong Jangjeanhut

    Use command below the check the status of Exchange Auth certificate: 

    Get-ExchangeCertificate (Get-AuthConfig).CurrentCertificateThumbprint |FL

    If this certificate is about to expire or has expired, please follow this article to renew it(Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.):

    Put the required information for the next command into variable 

    $thumb = "NewCertificateThumbprint"  
$date = get-date

    Run the following command to add the new certificate 

    Set-AuthConfig -NewCertificateThumbprint $thumb -NewCertificateEffectiveDate $date

    Publish the certificate to all servers 

    Set-AuthConfig -PublishCertificate

    Remove the old expired certificate from the configuration 

    Set-AuthConfig -ClearPreviousCertificate

    Rerun HCW to update hybrid configuration.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Tanapong Jangjeanhut 21 Reputation points
    2021-06-18T03:10:57.903+00:00

    Hi KyleXu-MSFT,

    Thank you for your reply.

    My problem is solved. following step as below.

    1. I run command to check Exchange Auth Certificate

    Get-ExchangeCertificate (Get-AuthConfig).CurrentCertificateThumbprint |FL

    1. In my case the Exchange Auth Certificate correctly,and I run command to clear old certificate.

    Set-AuthConfig -ClearPreviousCertificate

    1. I run command to Restart IIS Service.

    iisreset

    and I try to run command verify connection On-premise to Exchange Online , the ResultType status is Success.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.