Archive for the ‘Two-Factor Authentication’ Category

Outlook not connecting after Office 365 Hybrid Migration

I don’t have screenshots of this, but I figured it is worth writing up because we couldn’t find any reference to this scenario. Hopefully it will help others.

The Problem

  1. We had an Office 365 portal for a while for Exchange Online Protection and a few other things.
  2. As a global admin, I had enabled Microsoft’s Two-Factor (or Two Step or Multifactor MFA) authentication to protect my account.  (This is what they call foreshadowing)
  3. We were running Exchange 2010 on-premise, but deployed an Exchange 2016 for the Hybrid connection.  Outlook 2016 was the only version of the client in use. We did not test with other versions of the client.
  4. We had migrated several mailboxes successfully and Outlook automatically reconfigured without issue.
  5. When my mailbox migrated I could access Outlook online (OWA) without issues but my Outlook client didn’t auto reconfigure as expected. I had the following symptoms:
    1. Outlook opened and prompted for login to Office 365 credentials as expected.  Sometimes it seemed to take a couple tries before it stopped prompting.
    2. Outlook showed as connected (unfortunately I cannot remember if it said Online or Connected)
    3. If I looked at my Connection Status  (hold Shift and right click on the Outlook icon in the Systray to get the below menu) it showed a connection to the on-premise Exchange 2010 server, but no connection to Office 365
    4. These symptoms persisted both inside our LAN and when working remotely from multiple machines.

There was no error we could find.  Testing the Email AutoConfiguration  showed the client successfully redirecting to Office 365’s autodiscover entry, but then a put on errors occurred.  The GetLastError of 2147954407 was the first. There was a second, but unfortunately I lost the screenshot. OutlookAutoConfigurationLog

The Fix

Eventually just as a test I disabled Two-Factor authentication for my office 365 account.  Outlook then immediately reconfigured as expected.   There was no article saying this was required. Outlook 2016 supports two-factor officially and I was able to re-enable after Outlook reconfigured itself.   Just one of those scenarios that wasn’t in the test case for Microsoft.