Archive for the ‘Exchange’ Category

Outlook not connecting after Office 365 Hybrid Migration

I don’t have screenshots of this, but I figured it is worth writing up because we couldn’t find any reference to this scenario. Hopefully it will help others.

The Problem

  1. We had an Office 365 portal for a while for Exchange Online Protection and a few other things.
  2. As a global admin, I had enabled Microsoft’s Two-Factor (or Two Step or Multifactor MFA) authentication to protect my account.  (This is what they call foreshadowing)
  3. We were running Exchange 2010 on-premise, but deployed an Exchange 2016 for the Hybrid connection.  Outlook 2016 was the only version of the client in use. We did not test with other versions of the client.
  4. We had migrated several mailboxes successfully and Outlook automatically reconfigured without issue.
  5. When my mailbox migrated I could access Outlook online (OWA) without issues but my Outlook client didn’t auto reconfigure as expected. I had the following symptoms:
    1. Outlook opened and prompted for login to Office 365 credentials as expected.  Sometimes it seemed to take a couple tries before it stopped prompting.
    2. Outlook showed as connected (unfortunately I cannot remember if it said Online or Connected)
    3. If I looked at my Connection Status  (hold Shift and right click on the Outlook icon in the Systray to get the below menu) it showed a connection to the on-premise Exchange 2010 server, but no connection to Office 365
    4. These symptoms persisted both inside our LAN and when working remotely from multiple machines.

There was no error we could find.  Testing the Email AutoConfiguration  showed the client successfully redirecting to Office 365’s autodiscover entry, but then a put on errors occurred.  The GetLastError of 2147954407 was the first. There was a second, but unfortunately I lost the screenshot. OutlookAutoConfigurationLog

The Fix

Eventually just as a test I disabled Two-Factor authentication for my office 365 account.  Outlook then immediately reconfigured as expected.   There was no article saying this was required. Outlook 2016 supports two-factor officially and I was able to re-enable after Outlook reconfigured itself.   Just one of those scenarios that wasn’t in the test case for Microsoft.


Office 365 PowerShell Script to Set PasswordNeverExpires for All Members of Group

I had a need to set all members of a group so that their Office 365 (aka Microsoft Online) passwords never expire.  Didn’t take too long but I though it was worth sharing.  I also added output to show the setting was changed.  This could certainly be prettier but it is what it is.


  • This requires you to have the Office 365 Powershell cmdlets installed, which also required the Online Services Sign-in Agent to work. See this article for instructions.
  • You need admin credentials to your Office 365 account.
  • The script references the ObjectID of the Office 365 Group whose members you wish to change.  To get this you need to connect to Office 365 and use the Get-MsolGroup command. Below is a code snippet showing how.
import-module MSOnline

Output will look something like below.


The below would need to be saved as a .ps1 file.  The Object ID (shown in red #’s below) would need to be changed to match that of the desired group

import-module MSOnline
### Get All the Members of the Group
$agents=Get-MsolGroupMember -GroupObjectId  ########-####-####-####-############
### Set PasswordNeverExpires to true for all members of the group.
Foreach ($agent in $agents ) {
Set-MsolUser -ObjectID $agent.ObjectID -PasswordNeverExpires $true
$postChangeAgent = Get-MsolUser -ObjectID $agent.ObjectID
Write-Host “User: ” $postChangeAgent.UserPrincipalName “PasswordNeverExpires:” $postChangeAgent.PasswordNeverExpires

Note: The line beginning with “Write Host” wraps. The end of that line in your script is the $postChangeAgent.PasswordNeverExpires

Cudos and References

Thanks to JoshT_MSFT @ the Office365 Technical Blog for the following article which pointed me in the correct direction.

Exchange 2010 Missing Server Configuration in EMC

Just worked on a test(luckily) Exchange 2010 server with a customer.  When they opened the Exchange Management Console, the Server Configuration was missing and they couldn’t change the properties of any the mailboxes. When they opened the mailbox properties they saw these little lock symbols all over the place.

When they ran the command “Get-Mailbox” in the Exchange Management Shell, they only saw a single mailbox.

So we tried all sorts of things. Then they mentioned the installed Outlook on the server and set it up to access a mailbox. Just happened to be the   I tried deleting the mail profile, uninstalling Outlook, logging off and back in, no dice.  Then I found out that Windows caches credentials and you have to clear those out using the below procedure:

  1. Open a command prompt using “Run as Administrator”
  2. Run the command “control keymgr.dll”
  3. Click “Back up vault” and follow the prompts to back everything up.
  4. Find and remove all credentials that have to do with Exchange or the user setup for Outlook.

After that everything returned to normal.

So if you want Outlook on an Exchange server use OWA.