Test-OAuthConnectivity shows Error when using a Mailbox without Archive
Hi All,
Recenty i stumbled across something very odd in Exchange Hybrid.
I am running Exchange Hybrid:
- Exchange Server 2019 CU14 Apr24HU (published to the Internet via https://mail.icewolf.ch)
- Exchange Server 2016 CU23 Apr24HU
- Hybrid Wizard has no issues
- Free/Busy works
- Test-OAuthConnectivity shows error when using Mailbox with no Archive
Hybrid Wizard
After running the Exchange Hybrid Wizard - witch has been run without any Problems
Errors in Test-OAuthConnectivity
I had an Error when testing OAuth from Exchange Online to OnPrem.
If there is something wrong with OAuth i always refer to the following Article
Test-OAuthConnectivity -Service EWS -TargetUri "https://mail.icewolf.ch/metadata/json/1" -Mailbox a.bohren@icewolf.ch
Error Message:
Exchange Response Details:
HTTP response message:
Exception:
System.Net.WebException: The remote server returned an error: (500) Internal Server Error.
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.Exchange.Monitoring.TestOAuthConnectivityHelper.SendExchangeOAuthRequest(ADUser user,
String orgDomain, Uri targetUri, String& diagnosticMessage, Boolean appOnly, Boolean useCachedToken,
Boolean reloadConfig)
The crazy thing is, when using another Exchange Online Mailbox it indicated sucess
Test-OAuthConnectivity -Service EWS -TargetUri "https://mail.icewolf.ch/metadata/json/1" -Mailbox m.muster@icewolf.ch
The OAuth Test from OnPrem to Exchange Online works fine
Test-OAuthConnectivity -Service EWS -TargetUri https://outlook.office365.com/ews/exchange.asmx -Mailbox a.bolika@icewolf.ch
I found an old Article that refers to that Issue but is for old Exchange 2016 CU8
Exchange OnPrem
Get-ExchangeServer | Format-Table Name, ServerRole, Edition, AdminDisplayVersion
Note: Here’se a reminder that you can’t trust the AdminDisplay Version
Exchange Server 2019 CU14 Apr24HU
Get-Command Exsetup.exe | ForEach {$_.FileVersionInfo}
Exchange Server 2016 CU23 Apr24HU
Get-Command Exsetup.exe | ForEach {$_.FileVersionInfo}
Exchange Online
The diffrence between the two Mailboxes in Exchange online that one Mailbox has an Archive
Get-Mailbox -Identity m.muster@icewolf.ch
Get-Mailbox -Identity m.muster@icewolf.ch -Archive
Get-Mailbox -Identity a.bohren@icewolf.ch
Get-Mailbox -Identity a.bohren@icewolf.ch -Archive
Remote connectivity Analyzer
I’ve get an error with the Source Mailbox without an Archive
It works with the Source Mailbox that has an Archive
OnPrem Mailbox Target
The Mailbox for the Test is located on the Exchange 2019 Server witch serves the https://mail.icewolf.ch/ews requests.
Get-Mailbox -Identity a.bolika@icewolf.ch
Free/Busy (Availability Service)
Free/Busy (or Availability Service in EWS) did always work.
Resolution
Turns out there is some type of corruption on that Mailbox.
Get-RemoteMailbox -identity a.bohren@icewolf.ch
WARNING: The object corp.icewolf.ch/Icewolf Users/Bohren, Andres has been corrupted or isn't compatible with Microsoft support
requirements, and it's in an inconsistent state. The following validation errors happened:
WARNING: Could not convert property AuditStorageState to type AuditStorageState. Error while converting string 'EA45' to result
type Microsoft.Exchange.Data.Directory.Recipient.AuditStorageState: Conversion failed due to invalid enumeration value. Please
specify one of the following enumeration values and try again. The possible enumeration values are "None, Online, Offline".
Same Error is also shown in the OnPrem Exchange Admin Center
Seems to coming from the msExchExtensionAttribute45. I’ve cleared both the Exchange Attributes because i knew i don’t need those.
Finally the Object has no corruption anymore
After waiting for a Entra Connect sync cycle and testing again - getting success again
Test-OAuthConnectivity -Service EWS -TargetUri "https://mail.icewolf.ch/metadata/json/1" -Mailbox m.muster@icewolf.ch
Don’t know how this has happen. I am pretty sure i didn’t mess with those Attributes.
Regards
Andres Bohren