Forum Discussion
pazzoide76
Aug 13, 2020Copper Contributor
outlook 2010 and 2013 continually asks for password in hybrid environment
Hello, I have implemented a full hybrid solution with an exchange 2016 cu17 server. I created the migexchange.it domain on o365 and synchronized the AD users via AAD connect. The autodiscover reco...
- Aug 19, 2020
pazzoide76 So it all came down to MFA via Security Defaults? That's not the first time I've heard it as I now recall another conversation with a similar issue, not identical, where I actually suggested that. It didn't struck me as a solution this time and I can only blame my six weeks vacation..
harveer singh Good job!
pazzoide76 Please mark the above reply with the solution as "Best response" for future reference.
pazzoide76
Aug 13, 2020Copper Contributor
Hello,
I entered the registry key but the problem persists.
I did an email autoconfiguration test with outlook and the result is autoconfiguration was unable to determine your settings!
Any other ideas?
Thank you
DeepakRandhawa
Aug 17, 2020Iron Contributor
Hello pazzoide76
The registry entry article I shared was specifically for Outlook 2013 and not for Outlook 2010, hope you have tested on a Outlook 2013 machine.
Run below command for your tenant and check the status of OAuth :-
Get-OrganizationConfig | Format-Table Name,OAuth* -Auto
The registry entry article I shared was specifically for Outlook 2013 and not for Outlook 2010, hope you have tested on a Outlook 2013 machine.
Run below command for your tenant and check the status of OAuth :-
Get-OrganizationConfig | Format-Table Name,OAuth* -Auto
- pazzoide76Aug 17, 2020Copper Contributor
Yes, I tried the registry key obviously with outlook 2013.
This weekend I reproduced an identical environment in the laboratory (which works with outlook 2010 and 2013)
The difference is that in the environment that does not work is that I have enabled https://docs.microsoft.com/en-us/exchange/configure-oauth-authentication-between-exchange-and-exchange-online-organizations-exchange-2013-help?redirectedfrom= MSDN it as HCW reported this warning:
warning HCW8064 The HCW has completed, but was not able to perform the OAuth portion of your Hybrid configuration. If you need features that rely on OAuth, you can try running the HCW again or manually configure OAuth using these manual steps
In the test infrastructure I have not implemented that functionality and both outlook 2010 and 2013 works.By running the Get-OrganizationConfig | ft name, * OAuth * both on premises and on exchange online I get (the results are the same on both the test environment that works and the environment that doesn't work)
[PS] C:\Windows\system32>Get-OrganizationConfig | ft name, *OAuth*
Name OAuth2ClientProfileEnabled
---- --------------------------
First Organization Falsementre sull’exchange online è abilitata
PS C:\Users\challancin> Get-OrganizationConfig | ft name, *OAuth*
Name OAuth2ClientProfileEnabled
---- --------------------------
migexchange.onmicrosoft.com TrueSo I'm pretty sure the problem is https://docs.microsoft.com/en-us/exchange/configure-oauth-authentication-between-exchange-and-exchange-online-organizations-exchange-2013-help?redirectedfrom= MSDN
At this point I would like to understand how to disable it but I have not found any article.
I have already tried this article https://docs.microsoft.com/it-it/microsoft-365/enterprise/remove-or-disable-hybrid-modern-authentication-from-skype-for-business-and-excha? view = o365-worldwide without success.Thanks
Regards
- DeepakRandhawaAug 17, 2020Iron Contributorpazzoide76
Try disabling modern authentication in cloud :-
Set-OrganizationConfig -OAuth2ClientProfileEnabled $False
Give it couple of hours or so, as it is a tenant wide setting it takes time to replicate.
Also Consider upgrading outlook clients as MS has it on its agenda to disable basic authentication in office 365.- pazzoide76Aug 18, 2020Copper Contributor
Thanks for the reply
As previously written, I had already done that test (and it had given a negative result) however I made the change I waited 4 hours but the problem persists.
The weird thing as I wrote earlier that in a mirrored test environment (the only difference is that OAuth authentication between Exchange and Exchange Online organizations has not been enabled)
The speech of updating the Outlook clients is correct however 2010 and 2013 are supported until October and in the test environment they work ....Thank you
Regards